More Amazon Typos
In this post, I will present a few more Amazon typos. The trick with these is that the cunning typosquatter is not typosquatting around the Amazon domain. Instead, the fraudster squats on typos of other top internet retailers, surely redirecting them to Amazon for the probabilty of a conversion is that much higher (or perhaps because other merchants are better at detecting what this guy is up to).
The fraudster knows he is up to no good, hence the JS redirect from www.take-overs.com/rdiph2.htm. He does this to mask the true source of the traffic. Amazon probably won’t pay him for illegally profiting from a typo, so he scrubs the referring url with something a little more benign. Note the referrer header in the request to Amazon — with this referrer alone it is very difficult to know the true source of the traffic:
GET http://www. amazon.com/gp/search?ie=...&tag=2ndstore08-20... Accept: text/html, application/xhtml+xml, */* Referer: http://www.take-overs.com/rdiph2.htm Accept-Language: en-US Accept-Encoding: gzip, deflate Host: www.amazon.com
With regards to rating this chap, a slightly more cunning fraudster would redirect to more applicable Amazon targets depending on the geolocation of the source IP address. For example, if I entered this typo from a UK address, the fraudster should have sent me to amazon.co.uk. This fraudster does nothing of the sort.
Furthermore, he doesn’t track who he has redirected, making it easy to reproduce this attack time and time again.
So we start with 1/10 for a fairly lame typosquatting attack. Add another point for targeting a merchant other than the source of the typosquatted domain. Ah yes, a bonus point to this fraudster for targeting other domains as well: zwappos.com and za0ppos.com both redirect through to Amazon using the same process described above.
A whopping 3/10 to this fraudster. Well done. Well done indeed!« PPV Advertiser Targets AmazonFraudster on the Roof »