Jump to content
MDMesser001

Any point in reporting spam from AMAZONAWS?

Recommended Posts

12 minutes ago, petzl said:

1. Check how much info it leaks https://ipleak.net
2. Disabling  IPv6 

Hey Petzl,

1. Do you mean G🦗H or everybody if they use a browser inbuilt VPN?

2. Disabling  IPv6 - yes for xp & anything prehistoric, otherwise disabling W/IPv6 results in connection issues.

I'm not a big fan of VPNs, installed or browser, but, they're useful for testing, doing remote in actual locations and of course save a bucket load of 💰when G🦗H yearns for a 🌍😎 and no ✈️lag.

😉🦗🙏

 

Share this post


Link to post
Share on other sites
21 minutes ago, MIG said:

Hey Petzl,

1. Do you mean G🦗H or everybody if they use a browser inbuilt VPN?

2. Disabling  IPv6 - yes for xp & anything prehistoric, otherwise disabling W/IPv6 results in connection issues.

I'm not a big fan of VPNs, installed or browser, but, they're useful for testing, doing remote in actual locations and of course save a bucket load of 💰when G🦗H yearns for a 🌍😎 and no ✈️lag.

😉🦗🙏

 

1. Everybody shows what those that look at connected IP's  can see
2 WIN10 64 bit had it disabled for years so far no issues

Share this post


Link to post
Share on other sites
Posted (edited)
27 minutes ago, petzl said:

1. Everybody
2 WIN10 64 bit had it disabled for years so far no issues

1. Cool

2. I'm not disagreeing, just "discussing" industry advice.

(your ref) https://www.privateinternetaccess.com/helpdesk/kb/articles/do-i-need-disable-ipv6-traffic-on-my-windows-computer - Kaneesha D. 2019-05-08 -The latest client (v1.0 and up) enables IPv6 leak protection automatically and does not need to be disabled.

3. 🦗 specifically, doesn't use an LAC.

Cheers!

🦗🙏

Edited by MIG

Share this post


Link to post
Share on other sites
1 hour ago, MIG said:

1. Cool

2. I'm not disagreeing, just "discussing" industry advice.

(your ref) https://www.privateinternetaccess.com/helpdesk/kb/articles/do-i-need-disable-ipv6-traffic-on-my-windows-computer - Kaneesha D. 2019-05-08 -The latest client (v1.0 and up) enables IPv6 leak protection automatically and does not need to be disabled.

3. 🦗 specifically, doesn't use an LAC.

Cheers!

🦗🙏

Would take a minute to enable

Share this post


Link to post
Share on other sites
9 minutes ago, petzl said:

Would take a minute to enable

Can't enable what doesn't exist. If it did, why, it's not used?

Cheers!

🦗🙏

Share this post


Link to post
Share on other sites
1 minute ago, MIG said:

Can't enable what doesn't exist. If it did, why, it's not used?

Cheers!

🦗🙏

To disable or enable IPV6 just requires checking or un-checking a box
just enabled it now and my Ipv6  stands out clear sisabled it again, I use PIA

Share this post


Link to post
Share on other sites
Posted (edited)
4 minutes ago, petzl said:

To disable or enable IPV6 just requires checking or un-checking

I don't have an Local Area Connection.

If I did I would disable it. 

😵

Edited by MIG

Share this post


Link to post
Share on other sites
Posted (edited)
9 minutes ago, MIG said:

I don't have an Local Area Connection.

If I did I would disable it. 

😵


My computer all 3 are Win10
mine came up with IPV6  when enabled
2001:8003:c109:ee01:d058:e4d1:68c0:316c

Edited by petzl

Share this post


Link to post
Share on other sites
Posted (edited)
2 hours ago, petzl said:

3 computer x Win10
mine came up with IPV6  when enabled

No LAC Petzl, 'aint got it, don't want it....

no lac.jpg

Edited by MIG

Share this post


Link to post
Share on other sites
Posted (edited)
12 minutes ago, MIG said:

No LAC Petzl, 'aint got it, don't want it....

So what did the leak check tell you?
Also right click with mouse your WiFi and select properties that is where IPv6 is turned on or off

Edited by petzl

Share this post


Link to post
Share on other sites
Posted (edited)
29 minutes ago, petzl said:

WiFi/IPv6

 is unselected & always has been.

🦗

Edited by MIG

Share this post


Link to post
Share on other sites

Keep in mind that Amazon owns 65% of the server resources on the entire internet.  You cannot do anything on the internet hardly without being impacted by Amazon.   A recent book tells of the author who attempted to completely block Amazon, Google and Apple from the "connected" world and could not do it. (Recent show on public TV)

However, yes, I do believe it helps to report it.   It helps even more to make memes of the logistics and tweet them @amazon #amazoncybercrime

Share this post


Link to post
Share on other sites

I report spam directly on the SpamCop site (pasting plain text into the form) and for Amazon reports:

1) SpamCop almost always says “Using abuse#amazonaws.com@devnull.spamcop.net for statistical tracking”

2) Rarely, but occasionally, I find SpamCop decides to send a report to ipmanagement@amazon.com

3) Now, if the source IP in the spam email headers is at Amazon, I send the report to three addresses. I always include the time the email was received (and time zone). Just occasionally they mess up the conversion to UTC and ask about the time again.

ipmanagement@amazon.com because it seems to respond sometimes 

ec2-abuse@amazon.com because sometimes it is those guys responsible for the sending IP apparently 

abuse@amazonaws.com because that’s what SpamCop was going to send to

 

I also report any spam image content links I find in the emails. Pinterest is a pain to deal with, but Imgur and others have been very responsive. So much so that the spammer now puts “if the images are not shown below click here” - LOL!! 

If only they stopped sending me their crap, they would have more success with their intended victims.

Edited by Hanco
Added image references

Share this post


Link to post
Share on other sites
5 hours ago, Hanco said:

If only they stopped sending me their crap, they would have more success with their intended victims.

I refer you to Rule #3 In particular Spinosa's Corollary.

Share this post


Link to post
Share on other sites
2 hours ago, Hanco said:

Amazon again just now... from Amazon IP 52.36.85.88

Looks to me like Amazon abuse desk is behind and protect
Criminal  phishing, bogus reply address, bogus unsubscribe
Be very wary about giving Amazon credit card information they will have bogus charges appearing on it,
Some bogus charges on my credit card for kindle books I noticed, recommend canceling accounts/credit cards they have access to.
26/07/2019    Amazon Australia Servi Melbourne Au 
Entertainment & Recreation    $13.99    
26/09/2019    10:44    Amazon Australia ServiMELBOURNE AU    $13.99    

Although after spotting this I rang and they refunded the money I believe misappropriated
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99

Edited by petzl

Share this post


Link to post
Share on other sites
On 9/28/2019 at 12:12 AM, petzl said:

Looks to me like Amazon abuse desk is behind and protect
Criminal  phishing, bogus reply address, bogus unsubscribe
Be very wary about giving Amazon credit card information they will have bogus charges appearing on it,
Some bogus charges on my credit card for kindle books I noticed, recommend canceling accounts/credit cards they have access to.
26/07/2019    Amazon Australia Servi Melbourne Au 
Entertainment & Recreation    $13.99    
26/09/2019    10:44    Amazon Australia ServiMELBOURNE AU    $13.99    

Although after spotting this I rang and they refunded the money I believe misappropriated
27/09/2019    Amazon Australia Servi Melbourne Au
Deposits        $13.99...

Wow, that’s not good. Credit card provider would likely have reversed all those if Amazon didn’t I guess.

Meanwhile here, Amazon IPs are the source of regular spams by the same criminal group now, every day for:

bulkoffers.win / australy.win / australy.bid

I wonder how many times it takes reporting these through SpamCop before we finally see them go on SURBL or similar...

Share this post


Link to post
Share on other sites

55 spam emails from Amazon IPs in the past 2-3 days... all designed to push traffic to one of three domains. All of no interest to me on topics from Gutter Guards, Home Warranty, some miracle instant translator device, some cure for a nerve condition, a flashlight, how stainless steel reverses diabetes, boosting testosterone, dating is easy with their Asian ladies, anthropomorphic renovation, CBD oil and miracle pain cures, dating for people much (much) older than me, and mortgages.

A surge recently in volume of this crap and a significant fall (to zero) in the Canada Pharma sh**e, and the “you’ve got to send me your personal details so you can get $1m that is yours”. Also not had the emails from my close friends by name with “saw this and you should look” links (typically link to a site domains created with Namecheap less than 24 hours ago, and always under 3 days ago)

It seems really clear this spam bot group is pushing all content through Amazon, and Amazon is either powerless, or doesn’t want to actually stop it.

Rarely will SpamCop offer reporting to Amazon, instead doing the abuse#amazon thing.

Should we send direct to Amazon or not? Which is likely to cause maximum potential nuisance to the spammer and reduce volume longer term?

Share this post


Link to post
Share on other sites
2 hours ago, Hanco said:

Should we send direct to Amazon or not? Which is likely to cause maximum potential nuisance to the spammer and reduce volume longer term?

Forward it to Amazonaws, phishing-repor#tus-cert.#gov.
include phishing above IP source

Criminal  phishing, bogus reply address, bogus unsubscribe
IP 34.231.112.26 
include headers and body
https://www.spamcop.net/sc?id=z6578747355z158aa4a26f6a31f2cd5a61872902c2b9z

Share this post


Link to post
Share on other sites

I've also been getting amazonaws spam. It seems another IP address is included in the spam. It's 143.220.15.131 and registered to the Association of Medical Colleges (AAMC). I have tried reporting the IP address via SC to AAMC to both the dns AT aamc DOT org (which the SC parser forwards to postmaster AT aamc DOT org) and the postmaster address postmaster AT aamc DOT org on several occasions. with no response/effect. I was almost tempted a few times to write a letter and send it to them asking why their IP address appears in AmazonAWS spam. It's also ALWAYS the same content with the SAME links that aren't valid such as {spam link removed} (which the parser doesn't pick up. It only detects t.co/bit.ly links which even those get redirected and dev/nulled to twitterdoesntcareaboutspamreports@devnull.spamcop.net) or in the case of bit.ly links, sent to abuse AT bitly DOT com. Previous emails were coming from Parsec Cloud, Inc. Citrix is now being used as the bottom of the emails. Here's the original tracking url: https://www.spamcop.net/sc?id=z6585617008z355af39de650b47648e218409deb1a46z

{Quote of spam Deleted} -- To view the deleted material follow the tracking URL above.
Here's the parsing results for the AAMC IP address and the tracking URL: https://www.spamcop.net/sc?id=z6585618727zdf96eb88f2edb7ba97b2dad603fed48ez
 
Tracking message source: 143.220.15.131:

Routing details for 143.220.15.131
[refresh/show] Cached whois for 143.220.15.131 : dnsadministrator@aamc.org
Using abuse net on dnsadministrator@aamc.org
No abuse net record for aamc.org
Using default postmaster contacts postmaster@aamc.org

 

Clicking on the calendly link results in this:

 

Quote

 

Event Temple Demo
No openings at the moment.

If you are the owner of this account, you can log in to find out more.

 

with the links being reported to abuse AT cloudflare DOT com. Not that CF can do anything to take down the link.

 

 

Steve

Share this post


Link to post
Share on other sites

It's increasingly clear that amazonaws(dot)com is not simply incompetent. It's evil.

The internet was the most important advance in human communication since the invention of the printing press. It's hijacked by spammers, phishers, massive money-grubbing corporate interests, governments that leverage it to keep us stupid and scared, and related nightmares.

Every email I receive with amazonaws(dot)com anywhere in the full header is spam. Every single byte. All attempts to stop this online rape have failed. Repeated attempts to contact amazonaws "support" have failed. I repeat: Amazonaws(dot)com is not simply incompetent. It's evil. 

A long time ago, I thought reporting amazonaws(dot)com spam via spamcop might help stop the assault. Stupid me.

Share this post


Link to post
Share on other sites

I have reported 14 abuse emails to them today since this morning alone. I’ve just about had enough and canceling prime and avoiding shopping with them at all is increasingly likely what is going to happen.

I am coming to the same conclusion as you. Totally a waste of time. I don’t know if there is an email client for my Pixel phone and iPhone which allows blocking by IP ranges but that’s what I’d really like to get!!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×