amazon.comからのメール

yyamano2010-03-10


amazon.comから商品のキャンセルのお知らせメールが来た。最近、いくつか注文したので何か間違った操作をしたかなと思ったのだけど、オーダIDが見慣れない感じで怪しい。本文はこんな感じ。

Dear Customer,

Your order has been successfully canceled. For your reference, here`s a summary of your order:

You just canceled order #4965-8201435-544121

Status: CANCELED

_____________________________________________________________________

ORDER INFORMATION
Sold by: Amazon.com, LLC

_____________________________________________________________________

Because you only pay for items when we ship them to you, you won`t be charged for any items that you cancel.

Thank you for visiting Amazon.com!

                                                                                                                                        • -

Amazon.com
Earth`s Biggest Selection
http://www.amazon.com

                                                                                                                                        • -

ORDER INFORMATION の部分のリンクはspeedealonline.comを指している。メールヘッダはこんな感じで本当のamazon.comからのメールに似ている。Receivedヘッダにあらわれている91.121.122.184を逆引きするとamazon.comドメインではない。

Received: from [91.121.122.184] ([91.121.122.184]) 
          by mail.example.com ([192.0.32.10]) 
          with ESMTP id 2010030903:17:19:271289.28192.2827287472
          for ; 
          Tue, 09 Mar 2010 03:17:18 +0900 (JST) 
Message-ID: <95863.811140049554787616.JavaMail.correios@na-mm-relay.amazon.com>
MIME-Version: 1.0
X-AMAZON-CLIENT-HOST: online-gp-25s05.iad2.amazon.com
X-AMAZON-MAIL-RELAY-TYPE: notification
X-AMAZON-RTE-VERSION: 2.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Amazon.com - Your Cancellation (9209-5506716-147848)
From: "order-update@amazon.com" 
To: 
Date: Mon, 8 Mar 2010 19:20:00 -0600 (UTC)
Bounces-to: 201065edd0692e58df528de03332be0dbf80d762c79@bounces.amazon.com

http://google.com/safebrowsing/diagnostic?site=speedealonline.com/&hl=en によると、

What happened when Google visited this site?

    Of the 108 pages we tested on the site over the past 90 days, 12 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-03-08, and the last time suspicious content was found on this site was on 2010-02-07.

    Malicious software includes 33 scripting exploit(s).

    Malicious software is hosted on 5 domain(s), including hindger.com/, apomith.com/, adult14.ru/.

    1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including hindger.com/.

    This site was hosted on 1 network(s) including AS16557 (COLOSOLUTIONS).

ぼんやりしてると騙されそうだ。