Overly Worried – An Amazon.com.au Story

I’d ordered some stuff from Amazon. I wanted to check my shipping status as I need to both be here when it comes and be out doing stuff otherwise.

A quick DuckDuckGo search had found the login for Amazon before, so… I typed, a page that was very familiar opened. I logged in to my account. “No Orders!” in the last 6 months. “No Gift Card Balance!”. WT?

It looked smelled and tasted like Amazon. On a quick read of the URL it looked about right. Yet it both knew me and didn’t now about me. Paranoia begins to set it. Well, actually, it’s always set at “You are the Systems Admin! They are ALWAYS out to get you!” because they are. Capture accounts of the guy with root access, you capture it all; so I’m used to being the prime target. Was this a bogus web site, designed to look like Amazon and via some small typo pop up a login window that looks good, only to capture your Username and Password? Had I been phished and pwned?

I immediately logged out, hit my history listing for a link where I knew I was just looking at products and clicked it. Logged in again as me. There was my order history, my $5 or so of gift card balance. All was good, increasing the odds the “other login” was bogus. I immediately changed my password (so that anyone who captured it now had a useless thing and could not change it locking me out while they “loaded up my card” with goodies.

Well, the account only points at a Walmart reloadable debit card that typically has $20 on it at any one time, so not a high risk in any case; but still; pwned (owned by a hack) is pwned and you don’t want to be that. Smug that I’d reacted in a minute or maybe less, I proceeded with the “must do” spousal requests.

Now, a couple of hours later, I got to do a more detailed look at just who was a what. Inspecting my browser history and CLOSELY comparing the URLs showed that the “quasi bogus” one was NOT amazon.com it was amazon.com.au and an Australian site. A series of web searches turned up pages saying there WAS NO Amazon.com.au… but might be one soon. Unfortunately, many had no date or updates. So was it real or bogus? Has “will be” aged into “has been for a while”?

Turning to the terminal:

I did an “nslookup” and “whois” on Amazon and on it.

EMs-MacBook-Air:Downloads chiefio$ nslookup amazon.com
Server:		176.103.130.130
Address:	176.103.130.130#53

Non-authoritative answer:
Name:	amazon.com
Address: 176.32.98.166
Name:	amazon.com
Address: 176.32.103.205
Name:	amazon.com
Address: 205.251.242.103

EMs-MacBook-Air: chiefio$ whois amazon.com
   Domain Name: AMAZON.COM
   Registry Domain ID: 281209_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.markmonitor.com
   Registrar URL: http://www.markmonitor.com
   Updated Date: 2014-04-30T19:24:35Z
   Creation Date: 1994-11-01T05:00:00Z
   Registry Expiry Date: 2022-10-31T04:00:00Z
   Registrar: MarkMonitor Inc.
   Registrar IANA ID: 292
   Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
   Registrar Abuse Contact Phone: +1.2083895740
   Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
   Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
   Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
   Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
   Name Server: NS1.P31.DYNECT.NET
   Name Server: NS2.P31.DYNECT.NET
   Name Server: NS3.P31.DYNECT.NET
   Name Server: NS4.P31.DYNECT.NET
   Name Server: PDNS1.ULTRADNS.NET
   Name Server: PDNS6.ULTRADNS.CO.UK
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2018-03-28T15:28:08Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

So Amazon.com is registered via an intermediary of MarkMonitor Inc. OK…

EMs-MacBook-Air: chiefio$ whois amazon.com.au
Domain Name:                     amazon.com.au
Last Modified:                   07-Nov-2016 10:19:54 UTC
Status:                          clientDeleteProhibited
Status:                          clientUpdateProhibited
Status:                          serverDeleteProhibited (Protected by .auLOCKDOWN)
Status:                          serverUpdateProhibited (Protected by .auLOCKDOWN)
Registrar Name:                  MarkMonitor Inc.

Registrant:                      Amazon Corporate Services Pty Ltd
Registrant ID:                   ACN 082 931 600
Eligibility Type:                Company
Eligibility Name:                Amazon Corporate Services Pty Ltd

Registrant Contact ID:           MMR-138740
Registrant Contact Name:         Amazon Hostmaster
Registrant Contact Email:        Visit whois.ausregistry.com.au for Web based WhoIs

Tech Contact ID:                 MMR-28993
Tech Contact Name:               Hostmaster, Amazon Legal Dept.
Tech Contact Email:              Visit whois.ausregistry.com.au for Web based WhoIs

Name Server:                     pdns1.ultradns.net
Name Server:                     pdns2.ultradns.net
Name Server:                     pdns3.ultradns.org
Name Server:                     pdns4.ultradns.org
Name Server:                     pdns5.ultradns.info
Name Server:                     pdns6.ultradns.co.uk
Name Server:                     ns1.p31.dynect.net
Name Server:                     ns2.p31.dynect.net
Name Server:                     ns3.p31.dynect.net
Name Server:                     ns4.p31.dynect.net
DNSSEC:                          unsigned

OK, it is looking legit.

So most likely I just didn’t notice the appended .au in the URL and got logged into the Australian site. It knew about my login, but not about my USA order history.

So is this a new service and I’ve “stepped in it” prior to full launch? Is it a new service that is up and running but doesn’t share actual order and shipping data across continents? Is it a “dummy” being tested? I have no idea.

I’ve not gone back to explore it.

So why mention all this? Well, first, because it illustrates the kind of vigilance and awareness everyone ought to have. If something “isn’t quite right” you don’t ignore it, you react fast and block a potential attack. Secondly, it could illustrate how perfectly normal things can look suspicious especially if a bug (or just mis-feature) makes it possible to log into a remote account in a country other than yours, but not see your actual account data.

And of course, finally, so you can have a bit of a chuckle at my foibles while hopefully appreciating that yes, it can be a bit paranoid, but it’s still a good idea to react first, then research at leisure.

If anyone “down under” happens to know the status of Amazon.com.au (i.e. is it live and working) that would be interesting to know as a clarification point. I’m a bit too busy today to chase that down right now.

Subscribe to feed

Advertisements

About E.M.Smith

A technical managerial sort interested in things from Stonehenge to computer science. My present "hot buttons' are the mythology of Climate Change and ancient metrology; but things change...
This entry was posted in Human Interest, Tech Bits and tagged , , , , , . Bookmark the permalink.

12 Responses to Overly Worried – An Amazon.com.au Story

  1. Trent Drake says:

    Yes Amazon Australia is up and running and it’s so annoying. My login is the same for the .com.au site but is has no record of anything from the US site. I had freaked out because all it looked like my orders and Amazon credit had vanished.

    And Amazon provide no way to switch between US and AU sites. In fact they make it very difficult with their, “you’ve gone to a product link on the US site but we can see your IP address is from Australia so we’ll bounce you to the AU site and the give you a 404 error because that product doesn’t exist for you there.”

    I have to use a VPN that exits in the US so I can access my profile on the US site.”

    Fortunately the iPhone app doesn’t care I’m in Australia so I generally just use that now to instead.

  2. wyzelli says:

    Same, its a real thing thing – and my amazon.com will no longer sell me e-books – they all have to come from amazon.com.au which is also slowly adding all the other products. They do share login but not a lot of other stuff yet.

  3. hillrj says:

    Agree with Trent. It is highly annoying. I used Amazon USA from Australia to get books unavailable locally. Now I am forced to use the .au site, and I find the books I want missing there.

  4. E.M.Smith says:

    Well, it’s nice to know I figured it out. Sorry to hear it’s being a pain to folks down under. Wondering how many “like me” will do a web search on “Amazon login” and end up there instead of the USA and be baffled. Progress, gotta love it… /sarc;

  5. Soronel Haetir says:

    This is one area where text-to-speech actually aids detection, eyes can kind of ‘skip over’ stuff you expect to be present but when listening you pretty much have to hear it all.

  6. Graeme No.3 says:

    I have ben using Amazon.com.au for some time (although it isn’t my first choice for books). No problem seeing them available in the USA.
    I think the change came as a result of the Australian government trying to tax overseas purchases, so Amazon forced people to use the Australian portal without warning. Great public relations I don’t think.

  7. Apart from the confusion between National Amazon sites, the company has a problem with its promotion of Amazon Prime. We accepted an offer of a “free trial”, and a month later when we checked our credit card statement saw a charge of some $70 (Canadian) from Amazon. It turned out that they had debited our card IMMEDIATLY with the fee, as if we had already committed to become a permanent subscriber to the Prime service. As it happened, we did not use the service, and were able to get the transaction reversed. It seems that if we had ever used the service AT ALL, the refund would have not been available. Some “trial” – if you use it, it is not free. Very odd behaviour..

    Tony.

  8. H.R. says:

    I’ll tuck this away on the odd chance that I’ll ever buy something online. Unlikely, but it could happen.
    😁

  9. Sandy MCCLINTOCK says:

    I live in Australia. I too got conned by the Amazon Prime free offer. I cancelled the deal when I discovered I was paying full USA price and getting a crippled Australian version with few videos and no free deliveries. I was refunded a fraction of the free fee. To my annoyance it seems the full fee was charged again the following month despite the cancellation.
    I was amused to see an item that costs $300 here (including postage) can be bought for about the same from Amazon.com.AU, but the postage was about $350 (Sorry it has to come from the USA)

  10. philjourdan says:

    You must have been doing something in Oz. And it assumed you were there?

    When using VPN, I often get strange “assumptions” on the part of sites.

  11. JoNova says:

    Yes, Amazon.com.au is annoying. No wish list available, so I have to go back to the US site just to keep a copy of interesting potentials.

    But to go from .au to .com I just deleted the .au characters from the url. Bizarrely, this worked. Often works on ebay.com.au too.

  12. E.M.Smith says:

    @PhilJourdan:

    I’d done a web search for “Amazon Login” and may have typed something more like folks in Oz type ;-)

    @JoNova:

    From the stories above: It sounds like it was something that had to be slapped together in a hurry to dodge some $Millions of taxes; and had a lot of loose ends when first brought up.

    Hopefully they’ll get it smoothing integrated soon enough. (Or politicians will realize that such greed doesn’t work and just stop being stupid… when unicorns dance in the street ;-)

    Yes, pruning the URL works. You are removing the country high level qualifier and the rest of the name matches the generic name. Many companies just append a country qualifier for special cases, so that’s a generic tool / skill.

    Take what pleasure you can from knowing your politicians are just as stupid and greedy as those in the rest of the world…

Comments are closed.