Amazon.Com spoofed

Example of Amazon Spoofing

Here is how it all started: Email to my account

Only a fool or a scam collaborator allow such systems on the net for more than 10 minutes:

Cyber bandits want to get your email address

their "password assistance"

When hovering cursor with your mouse above links pay attention to the bottom line which shows real URL: (http:...)

Server interacts with you to collect any of your email address should you choose to give it to them

Interestingly, this server acts as a proxy connecting with real Amazon servers providing search service, including returning results to you:

More "help with search"

Let's search on the proxy server itself:

Here is what we see in return:

We get their index, so they are not too smart

Notice a dot in .amazon.com which makes it "invisible" to careless system administrator.

What's this db file?

Linux system reports:

file Thumbs.db
Thumbs.db: Microsoft Office Document

Further investigation yields the following:

index.html in http://database.eng.kps.ku.ac.th/.amazon.com returns:

Look at index again:

Let's see what they are doing; raw page source code here:

Index frame source