What do do with Amazon hosted spammers

klappa · March 5, 2019

I regularly get spam from spammers using third party e-mail providers like Outlook then using redirect links to Amazon hosted adult sex dating domains. What can i do in this instance? Despite creating case after case on Amazon they replied at first promising they would look into this situation but haven't done anything since i keep getting the spam.

Obviously Amazon isn't kicking the customer out because I think Amazon don't they have anything to do with it when there aren't anything in the e-mail linking to them except when clicking the the link in the spam.

This is very frustrating!

MIG · March 5, 2019

36 minutes ago, klappa said:

What can i do in this instance?

Hey klappa,

It is frustrating.

With all spam I get I forward the actual mail to 3 regulatrory authorities (not sure this does anything tangible other than build up their databases), however & also, with Amazon I always forward to them, they respond with a request for more information, which I provide and within 48 hrs, 99% of the time they have actioned, with followup advice to me to report back if the issue continues for the specified "offender". I track very carefully, I've only had to revert 7 times out of 150 events.

I never "create case on Amazon".

Just out of curiosity, are you able to provide a SpamCop Report URL please?

Cheers!

Edited March 5, 2019 by MIG
Spelling, not a grasshoppers strong suit :)

Lking · March 5, 2019

6 hours ago, klappa said:

using redirect links to Amazon hosted adult sex dating domains

Grrrrrrr! Maybe if you include a note to Amazon along with the spam Report about the redirect.

klappa · March 7, 2019

On 3/5/2019 at 12:20 PM, MIG said:

Hey klappa,

It is frustrating.

With all spam I get I forward the actual mail to 3 regulatrory authorities (not sure this does anything tangible other than build up their databases), however & also, with Amazon I always forward to them, they respond with a request for more information, which I provide and within 48 hrs, 99% of the time they have actioned, with followup advice to me to report back if the issue continues for the specified "offender". I track very carefully, I've only had to revert 7 times out of 150 events.

I never "create case on Amazon".

Just out of curiosity, are you able to provide a SpamCop Report URL please?

Cheers!

Which three regulatory authorities? I often find them doing nothing except maybe if it's phishing spam perhaps but that doesn't help much either as the phishers just compromise a new server to send phishing mail from. Does it really help? As said in the original post there's nothing in the spam that links to Amazon except when clicking that link which redirects to the spammers Amazon hosted servers. It goes though several Amazon domains a long the way but the first one is always hosted on another host provider or using short URL services. That makes the spam reports meaningless and Amazon another excuse not to look into it. They did according to their corresponding e-mails but i keep getting them so obviously the did nothing on their part.

On 3/5/2019 at 6:06 PM, Lking said:

Grrrrrrr! Maybe if you include a note to Amazon along with the spam Report about the redirect.

Any idea how i can formulate it? "That link leads to one of your domains"? Would they even care?

They stopped responding to my Cases for a time now. It's damn frustrating how they can host spammers hosting their damn adult sex domains which obviously are a scam all together. I am so frustratingly mad!

Edited March 7, 2019 by klappa

Lking · March 7, 2019

3 hours ago, klappa said:

Any idea how i can formulate it? "That link leads to one of your domains"?

Maybe include the link that redirects to them.

3 hours ago, klappa said:

Would they even care?

We can always be hopeful.

petzl · March 7, 2019

1 hour ago, Lking said:

We can always be hopeful.

Hello, 

This case has been investigated and resolved by the Amazon EC2 Abuse Team. If you believe this case to be unresolved, please either respond to this email with detailed logs or file another case with detailed logs to that end.

Thank you for your attention in this matter.

Regards, 
Amazon EC2 Abuse Team

klappa · March 8, 2019

16 hours ago, Lking said:

Maybe include the link that redirects to them.

We can always be hopeful.

That didn't help. See post below.

14 hours ago, petzl said:


Hello, 

This case has been investigated and resolved by the Amazon EC2 Abuse Team. If you believe this case to be unresolved, please either respond to this email with detailed logs or file another case with detailed logs to that end.

Thank you for your attention in this matter.

Regards, 
Amazon EC2 Abuse Team

Yes! I got an even worse answer. And it's usually this type of response that i get from Amazon. I don't know how many cases i must create to make them listen than just providing autoreplies.

Quote

Based on this information... we determined this is not hosted on the AWS network... give us more additional information.

Really what more information? I forwarded the whole spam e-mail. Nothing in it connects to Amazon until i click on that spam link in the e-mail then it goes through several domains (HTTP/1.1 302 Found URL redirection) hosted by Amazon until it lands on the destination domain also hosted by them.

Edited March 8, 2019 by klappa

petzl · March 8, 2019

2 hours ago, klappa said:

Yes! I got an even worse answer. And it's usually this type of response that i get from Amazon. I don't know how many cases i must create to make them listen than just providing autoreplies.

They are into "list washing" when they are hosting pedophilia and I tell them I think they get worried!

klappa · March 8, 2019

1 hour ago, petzl said:

They are into "list washing" when they are hosting pedophilia and I tell them I think they get worried!

They are? I know the sex dating domains they host is a scam, sites which are using bots but I didn't know they also contained pedophilia. You think they would listen and take action? I am just afraid they would say they haven't found any evidence containing pedophilia and just happily go on pretending they are not following the spammers errands. This is common among these type of spammers. The visible domain seen in the spam link is using a completely different host to hide from spam reports and while that host may take action Amazon might not for there's no evidence showing them being involved. I made a case to them telling them that the destination domain are hosted by Amazon but according to them that content is not being hosted on the AWS network.

Here's the Spamcop report so you see for yourself.

https://www.spamcop.net/sc?id=z6528085723z327e3c5c23bd63746d9270f0d3a08dd6z

Are there any instances i can turn to when feeling helpless or should i just give up and pretending Amazon not having anything to do with it?

Edited March 8, 2019 by klappa

petzl · March 8, 2019

9 hours ago, klappa said:

They are? I know the sex dating domains they host is a scam, sites which are using bots but I didn't know they also contained pedophilia.

You a pediatrician? Any lewd site is supposed to have by law .on site proof of age, without this it you don't know!
in notes with sex sites I send this. I don't want it and never subscribe for perverted rubbish.
It's pedophilia as far as I and the law is concerned!
A Forrest Gump moment for me was when Trump had the FBI seize "Backpage" for that exact reason
Hope Amazon AWS have the same fate!

Child porn spammer 
pictures under 18 or made to look under 18
NO PROOF OF AGE available! 
SENT TO MINORS



>

Edited March 8, 2019 by petzl

klappa · March 9, 2019

2 hours ago, petzl said:
You a pediatrician? Any lewd site is supposed to have by law .on site proof of age, without this it you don't know!
in notes with sex sites I send this. I don't want it and never subscribe for perverted rubbish.
It's pedophilia as far as I and the law is concerned!
A Forrest Gump moment for me was when Trump had the FBI seize "Backpage" for that exact reason
Hope Amazon AWS have the same fate!
Child porn spammer 
pictures under 18 or made to look under 18
NO PROOF OF AGE available! 
SENT TO MINORS



>

They just dismiss my complaints. They send a reply saying the sender IP belonging to Microsoft together with a whois lookup. Well doh they are using Outlook to send their spam. They just don't get it. Do they really think i am stupid. And at the same time saying they can understand my frustration.

I don't know what to say. I didn't know the Amazon abuse helpdesk were so dumb.

Edited March 9, 2019 by klappa

petzl · March 9, 2019

19 minutes ago, klappa said:

I don't know what to say. I didn't know the Amazon abuse helpdesk were so dumb.

They are trying to be "clever" I'm doing all I can to do what happened to the Backpage operator he went from a multimillionaire to skidrow.
You have to put full directions in your notes Amazon will only look at copy and pasted headers with notes
Example my Russian cyber-criminals "notes"

Criminal  phishing, bogus reply address, bogus unsubscribe
This/my email address I believe sold to this Russian (?) Crime gang by FaceBook
..
email source
94.100.177.97   abuse@corp.mail.ru

URL in spam link obfuscation  
https://www.google.com/#btnI=ixyvb-ddvef-rgcse&q=jiofdahiugfhajpsdh.ru

Resolves to 64.233.191.105
network-abuse@google.com phishing-report@us-cert.gov

redirects through
http://jiofdahiugfhajpsdh.ru
185.26.122.56 
abuse-c@hostland.ru


Redirection ends
https://appteslerapp.com/?click=39192426&mode=optin&api_url=%2F%2Fgotrack.static500.com%2Fapi%2Fv1
188.166.113.230
abuse@digitalocean.com phishing-report@us-cert.gov


offending email (eml) forwarded also, 
can be read as text attachment with a text/ASCII editor like notepad or eml text reader

>

klappa · March 9, 2019

16 minutes ago, petzl said:

They are trying to be "clever" I'm doing all I can to do what happened to the Backpage operator he went from a multimillionaire to skidrow.
You have to put full directions in your notes Amazon will only look at copy and pasted headers with notes
Example my Russian cyber-criminals "notes"


Criminal  phishing, bogus reply address, bogus unsubscribe
This/my email address I believe sold to this Russian (?) Crime gang by FaceBook
..
email source
94.100.177.97   abuse@corp.mail.ru

URL in spam link obfuscation  
https://www.google.com/#btnI=ixyvb-ddvef-rgcse&q=jiofdahiugfhajpsdh.ru

Resolves to 64.233.191.105
network-abuse@google.com phishing-report@us-cert.gov

redirects through
http://jiofdahiugfhajpsdh.ru
185.26.122.56 
abuse-c@hostland.ru


Redirection ends
https://appteslerapp.com/?click=39192426&mode=optin&api_url=%2F%2Fgotrack.static500.com%2Fapi%2Fv1
188.166.113.230
abuse@digitalocean.com phishing-report@us-cert.gov


offending email (eml) forwarded also, 
can be read as text attachment with a text/ASCII editor like notepad or eml text reader

>

Thank you! That will help a lot. With this i can improve my reporting even more.

Amazon promised to take action now in the last second when i threatened to report them to the government authorities. Now i see that the redirect URL service unfortunately didn't show the destination domain which was hosted by another domain host entirely from Amazon. These spammers are clever. IT's really a pain in the ass. It is also unfortunate that Spamcop isn't that much of a help when they are constantly changing from where they send the spam from and hosts their obfuscated domains. Spamcop will only report the responsible parties in the spam.

I really do hope Spamcop does something though even if you have to dig further than what Spamcop does.

Edited March 9, 2019 by klappa

RobiBue · March 9, 2019

5 hours ago, klappa said:

Thank you! That will help a lot. With this i can improve my reporting even more.

Amazon promised to take action now in the last second when i threatened to report them to the government authorities. Now i see that the redirect URL service unfortunately didn't show the destination domain which was hosted by another domain host entirely from Amazon. These spammers are clever. IT's really a pain in the ass. It is also unfortunate that Spamcop isn't that much of a help when they are constantly changing from where they send the spam from and hosts their obfuscated domains. Spamcop will only report the responsible parties in the spam.

I really do hope Spamcop does something though even if you have to dig further than what Spamcop does.

to Amazon I would writethe following (adding the spam at the end):

you are harboring a spamvertised porn site:

spamvertised link:

http://se2. mogenromance-svenska. club/

redirects as follows:

HTTP/1.1 302 Found =>
Server => nginx
Date => Sat, 09 Mar 2019 07:04:17 GMT
Content-Type => text/html; charset=utf-8
Content-Length => 75
Connection => close
Location => https:// crazytrackings. com/ ?a=100225&c=102723&s1=232
X-Served-By => Namecheap URL Forward

HTTP/1.0 302 Found =>
Cache-Control => private
Content-Length => 226
Content-Type => text/html; charset=utf-8
Date => Sat, 09 Mar 2019 07:04:42 GMT
Location => https:// cyberblueberry. com/ ?a=100225&c=102723&s1=232&ckmguid=5eaf0d44-97f6-419a-bf50-4dc7daa946ba

HTTP/1.0 302 Found =>
Cache-Control => private
Content-Length => 250
Content-Type => text/html; charset=utf-8
Date => Sat, 09 Mar 2019 07:05:03 GMT
Location => https:// kewkr. girlstofu**. net/ c/da57dc555e50572d?s1=12951&s2=153430&s3=100225&s5=&click_id=22381729&j1=1&j3=1
P3p => CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie => c100916=B0u1wB9CbYmmbLsSFz+i2AKhvFRakvmMJc94KAGrH+9633KgqJ4kxg==; domain=.cyberblueberry.com; expires=Mon, 08-Apr-2019 07:05:04 GMT; path=/; HttpOnly

HTTP/1.1 200 OK =>
Server => nginx
Date => Sat, 09 Mar 2019 07:05:24 GMT
Content-Type => text/html; charset=UTF-8
Content-Length => 12475
Connection => close
Set-Cookie => scriptHash=49415_12951_153430; expires=Mon, 08-Apr-2019 07:05:24 GMT; Max-Age=2592000; path=/; HttpOnly
X-Powered-By => PHP/7.0.32

and this last redirect is on IP address
Host kewkr. girlstofu**. net (checking ip) = 34.194.20.115

whois -h whois.arin.net 34.194.20.115 ...

[...]

NetRange:       34.192.0.0 - 34.255.255.255
CIDR:           34.192.0.0/10
NetName:        AT-88-Z
NetHandle:      NET-34-192-0-0-1
Parent:         NET34 (NET-34-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Amazon Technologies Inc. (AT-88-Z)
RegDate:        2016-09-12

[...]

OrgAbuseHandle: AEA8-ARIN
OrgAbuseName:   Amazon EC2 Abuse
OrgAbusePhone:  +1-206-266-4064 
OrgAbuseEmail:  abuse@amazonaws.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/AEA8-ARIN

[...]

I believe this is your IP space.

please enforce your AUP.

offending message with munged headers follows (and I always munge the headers with my name and address since I send it from a dedicated spam reporting email address which is in name and address different from any other)

and see if they say that it's not their IP space

klappa · March 9, 2019

5 hours ago, RobiBue said:
to Amazon I would writethe following (adding the spam at the end):

you are harboring a spamvertised porn site:

spamvertised link:

http://se2. mogenromance-svenska. club/

redirects as follows:

HTTP/1.1 302 Found =>
Server => nginx
Date => Sat, 09 Mar 2019 07:04:17 GMT
Content-Type => text/html; charset=utf-8
Content-Length => 75
Connection => close
Location => https:// crazytrackings. com/ ?a=100225&c=102723&s1=232
X-Served-By => Namecheap URL Forward

HTTP/1.0 302 Found =>
Cache-Control => private
Content-Length => 226
Content-Type => text/html; charset=utf-8
Date => Sat, 09 Mar 2019 07:04:42 GMT
Location => https:// cyberblueberry. com/ ?a=100225&c=102723&s1=232&ckmguid=5eaf0d44-97f6-419a-bf50-4dc7daa946ba

HTTP/1.0 302 Found =>
Cache-Control => private
Content-Length => 250
Content-Type => text/html; charset=utf-8
Date => Sat, 09 Mar 2019 07:05:03 GMT
Location => https:// kewkr. girlstofu**. net/ c/da57dc555e50572d?s1=12951&s2=153430&s3=100225&s5=&click_id=22381729&j1=1&j3=1
P3p => CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie => c100916=B0u1wB9CbYmmbLsSFz+i2AKhvFRakvmMJc94KAGrH+9633KgqJ4kxg==; domain=.cyberblueberry.com; expires=Mon, 08-Apr-2019 07:05:04 GMT; path=/; HttpOnly

HTTP/1.1 200 OK =>
Server => nginx
Date => Sat, 09 Mar 2019 07:05:24 GMT
Content-Type => text/html; charset=UTF-8
Content-Length => 12475
Connection => close
Set-Cookie => scriptHash=49415_12951_153430; expires=Mon, 08-Apr-2019 07:05:24 GMT; Max-Age=2592000; path=/; HttpOnly
X-Powered-By => PHP/7.0.32

and this last redirect is on IP address
Host kewkr. girlstofu**. net (checking ip) = 34.194.20.115
whois -h whois.arin.net 34.194.20.115 ...

[...]

NetRange:       34.192.0.0 - 34.255.255.255
CIDR:           34.192.0.0/10
NetName:        AT-88-Z
NetHandle:      NET-34-192-0-0-1
Parent:         NET34 (NET-34-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       
Organization:   Amazon Technologies Inc. (AT-88-Z)
RegDate:        2016-09-12

[...]

OrgAbuseHandle: AEA8-ARIN
OrgAbuseName:   Amazon EC2 Abuse
OrgAbusePhone:  +1-206-266-4064 
OrgAbuseEmail:  abuse@amazonaws.com
OrgAbuseRef:    https://rdap.arin.net/registry/entity/AEA8-ARIN

[...]
I believe this is your IP space.

please enforce your AUP.

offending message with munged headers follows (and I always munge the headers with my name and address since I send it from a dedicated spam reporting email address which is in name and address different from any other)

and see if they say that it's not their IP space

Thank you!

What do you mean by offending message with munged headers follows? How do you mung the headers with your name and address?

However the destination domain was hosted by either Key-Systems, RRProxy or Google i am not sure which is hosting which. I don't want to type down the domain as it would be traceable by the spammer. There's no trace routes services or functions i know of that would've showed the destination domain.

The domains you listed are hosted by Amazon and lies between the domain link found in the spam and the destination domain. I don't know their purpose though.

Edited March 9, 2019 by klappa

RobiBue · March 9, 2019

2 hours ago, klappa said:

Thank you!

What do you mean by offending message with munged headers follows? How do you mung the headers with your name and address?

However the destination domain was hosted by either Key-Systems, RRProxy or Google i am not sure which is hosting which. I don't want to type down the domain as it would be traceable by the spammer. There's no trace routes services or functions i know of that would've showed the destination domain.

The domains you listed are hosted by Amazon and lies between the domain link found in the spam and the destination domain. I don't know their purpose though.

Hi klappa,

1) munged headers means that I copy the raw spam (with headers) into notepad (on win) or your editor of choice and change all entries of my email address or part thereof as well as my name into a fake email address and fake name:

X-Apparently-To: me@example.com; Sat, 02 Mar 2019 18:48:09 +0000
Received: by mail-it1-f193.google.com with SMTP id d125so1436534ith.1
        for <me@example.com>; Sat, 02 Mar 2019 10:48:08 -0800 (PST)
To: me@example.com
Subject: MY NAME: $15,000 Loan - Pay Back in 3 Years

hello MY NAME,
we have a loan for you with exorbitant interest. pay it back in three years and we will only charge you 115% interest

Turns into:

X-Apparently-To: x-x-x-x-x-x@x-xmail.com; Sat, 02 Mar 2019 18:48:09 +0000
Received: by mail-it1-f193.google.com with SMTP id d125so1436534ith.1
        for <x-x-x-x-x-x@x-xmail.com>; Sat, 02 Mar 2019 10:48:08 -0800 (PST)
To: me@example.com
Subject: x-x-x-x-x-x: $15,000 Loan - Pay Back in 3 Years

hello x-x-x-x-x-x,
we have a loan for you with exorbitant interest. pay it back in three years and we will only charge you 115% interest

And then I add the following at the top of the headers:

Comments: The recipient of the email wishes to stay anonymous and therefore
        has munged his name and/or address for privacy reasons to strings like "x-x-x" or "x".
        Please respect his privacy.

That’s “munging”.

2) alas it’s true that certain links can be “traced” by spammers, the link I started with, had no traceable info.

http://se2. mogenromance-svenska. club/ is not traceable

let me rephrase that before I get in trouble for making false statements

ok, every link you click on, gives the host your IP address, therefore (per se) traceable, but what I mean, is, that it doesn’t give the spammer any clue of your e-mail address.

Traceable links, the way I mean it, can be, for instance:

http://www.example.com/907743add1337 <- this hex string could be your encoded address
http://www.example.com/illgetyou?a=encodedaddresshere

If the link already starts like that, then caution is warranted.

Since the redirects originated from a “safe” link, the information passed has nothing to do with your info.

The links in between can be either reported at the same time or at a later point in time when the spammer is scrambling to get his new site redirected

Sometimes I complain to the registrar as well in the hopes that someone there is witty enough to catch the pattern and MO of the spammer.

klappa · March 9, 2019

4 hours ago, RobiBue said:
Hi klappa,

1) munged headers means that I copy the raw spam (with headers) into notepad (on win) or your editor of choice and change all entries of my email address or part thereof as well as my name into a fake email address and fake name:
X-Apparently-To: me@example.com; Sat, 02 Mar 2019 18:48:09 +0000
Received: by mail-it1-f193.google.com with SMTP id d125so1436534ith.1
        for <me@example.com>; Sat, 02 Mar 2019 10:48:08 -0800 (PST)
To: me@example.com
Subject: MY NAME: $15,000 Loan - Pay Back in 3 Years
          
hello MY NAME,
we have a loan for you with exorbitant interest. pay it back in three years and we will only charge you 115% interest
Turns into:
X-Apparently-To: x-x-x-x-x-x@x-xmail.com; Sat, 02 Mar 2019 18:48:09 +0000
Received: by mail-it1-f193.google.com with SMTP id d125so1436534ith.1
        for <x-x-x-x-x-x@x-xmail.com>; Sat, 02 Mar 2019 10:48:08 -0800 (PST)
To: me@example.com
Subject: x-x-x-x-x-x: $15,000 Loan - Pay Back in 3 Years
          
hello x-x-x-x-x-x,
we have a loan for you with exorbitant interest. pay it back in three years and we will only charge you 115% interest
And then I add the following at the top of the headers:
Comments: The recipient of the email wishes to stay anonymous and therefore
        has munged his name and/or address for privacy reasons to strings like "x-x-x" or "x".
        Please respect his privacy.
That’s “munging”.

2) alas it’s true that certain links can be “traced” by spammers, the link I started with, had no traceable info.

http://se2. mogenromance-svenska. club/ is not traceable

let me rephrase that before I get in trouble for making false statements

ok, every link you click on, gives the host your IP address, therefore (per se) traceable, but what I mean, is, that it doesn’t give the spammer any clue of your e-mail address.

Traceable links, the way I mean it, can be, for instance:
http://www.example.com/907743add1337 <- this hex string could be your encoded address
http://www.example.com/illgetyou?a=encodedaddresshere
If the link already starts like that, then caution is warranted.

Since the redirects originated from a “safe” link, the information passed has nothing to do with your info.

The links in between can be either reported at the same time or at a later point in time when the spammer is scrambling to get his new site redirected

Sometimes I complain to the registrar as well in the hopes that someone there is witty enough to catch the pattern and MO of the spammer.

Now i follow. Although i can't be bothered munging my e-mail anymore. It's to late for that. I guess you do it manually every time?

Yes that one isn't traceable but sometimes my e-mail is in the spam link often with the word campaign to lure the unsuspected user even more into clicking it. But since the spammer already have my e-mail it doesn't. Never seen that string before though. The sex dating dating domains are all scam through and through. Spammers use bots to lure the user into believing they are real people and make them throw up their credit card which essentially make the spammers into phishers in the end. The pictures of the girls/boys are stolen and have an unverified age.

RobiBue · March 9, 2019

44 minutes ago, klappa said:

Now i follow. Although i can't be bothered munging my e-mail anymore. It's to late for that. I guess you do it manually every time?

Yes that one isn't traceable but sometimes my e-mail is in the spam link often with the word campaign to lure the unsuspected user even more into clicking it. But since the spammer already have my e-mail it doesn't. Never seen that string before though. The sex dating dating domains are all scam through and through. Spammers use bots to lure the user into believing they are real people and make them throw up their credit card which essentially make the spammers into phishers in the end. The pictures of the girls/boys are stolen and have an unverified age.

although they have your email, doesn't mean that if you report to their ISP that they know whodunit if you munge the name and address. of course, you'd also have to munge the message ID and a few other non-ISP headers that would/could reveal your info...

Re: porn spam, amazon has AFAIU pretty strict guidelines and do not tolerate offenders.

klappa · March 9, 2019

28 minutes ago, RobiBue said:

although they have your email, doesn't mean that if you report to their ISP that they know whodunit if you munge the name and address. of course, you'd also have to munge the message ID and a few other non-ISP headers that would/could reveal your info...

Re: porn spam, amazon has AFAIU pretty strict guidelines and do not tolerate offenders.

Yes that's true. But munging the Message ID and non-ISP headers is not recommended. They need all the details I can give them and those might be valuable. If Spamcop doesn't do it except the e-mail address I won't either. My e-mail is a lost cause. It's more a throwaway account for reporting spam nowadays.

Edited March 9, 2019 by klappa

petzl · March 9, 2019

4 hours ago, klappa said:

Now i follow. Although i can't be bothered munging my e-mail anymore. It's to late for that.

Yes spammer already has your email.
Got one from these scum this morning here are the notes

54.213.31.253 (Administrator of network where email originates)
abuse@amazonaws.com phishing-report@us-cert.gov

https://bit.ly/2EPC64E?1819469901?DL4B7Sr6I8Unq8090859
67.199.248.10 abuse@bitly.com

redirects
https://mmwaq.slutsnearby.com/c/1f0a2cb367c37dee?s1=25218&s2=158751&j1=1&j3=1&s3=17004&s5=432018&click_id=nthml5c841f5915e67849990878

URL IP
34.194.20.115 abuse@amazonaws.com phishing-report@us-cert.gov

Edited March 10, 2019 by petzl

RobiBue · March 9, 2019

3 minutes ago, klappa said:

Yes that's true. But munging the Message ID and non-ISP headers is not recommended. They need all the details I can give them and those might be valuable. If Spamcop doesn't do it except the e-mail address I won't either. My e-mail is a lost cause. It's more a throwaway account for reporting spam nowadays.

SC munges the headers (unless it's a ISP that requires full headers) for me when I report the message.

usually the message ID looks something like this:

Message-Id: <wecW_______________________________________________upLM@vevida.net>

the underscore line is placed there by SC.

and non-ISP headers are often used by the spammer to trace reported spam and retaliate... that's why I tend to do that.

if the ISP wants more info, they can ask for it

RobiBue · March 9, 2019

5 minutes ago, petzl said:

Yes spammer already has your email.
Got one from these scum this morning here are the notes


54.213.31.253 (Administrator of network where email originates)
abuse@amazonaws.com phishing-report@us-cert.gov

https://bit.ly/2EPC64E?1819469901?DL4B7Sr6I8Unq8090859
67.199.248.10 abuse@bitly.com

redirects
https://mmwaq.slutsnearby.com/c/1f0a2cb367c37dee?s1=25218&s2=158751&j1=1&j3=1&s3=17004&s5=432018&click_id=nthml5c841f5915e67849990878

URL IP
34.194.20.115 abuse@amazonaws.com phishing-report@us-cert.gov

the info behind the ? in the links is what gives the spammer your info. those are the ones I don't add in the reports ...

btw, got the same one today too... recognize the identical bit.ly address...

klappa · March 9, 2019

1 hour ago, petzl said:

Yes spammer already has your email.
Got one from these scum this morning here are the notes


54.213.31.253 (Administrator of network where email originates)
abuse@amazonaws.com phishing-report@us-cert.gov

https://bit.ly/2EPC64E?1819469901?DL4B7Sr6I8Unq8090859
67.199.248.10 abuse@bitly.com

redirects
https://mmwaq.slutsnearby.com/c/1f0a2cb367c37dee?s1=25218&s2=158751&j1=1&j3=1&s3=17004&s5=432018&click_id=nthml5c841f5915e67849990878

URL IP
34.194.20.115 abuse@amazonaws.com phishing-report@us-cert.gov

Was it a phishing mail? Amazon doesn't seem to take it serious if it isn't a phishing mail.

1 hour ago, RobiBue said:

SC munges the headers (unless it's a ISP that requires full headers) for me when I report the message.

usually the message ID looks something like this:

Message-Id: <wecW_______________________________________________upLM@vevida.net>

the underscore line is placed there by SC.

and non-ISP headers are often used by the spammer to trace reported spam and retaliate... that's why I tend to do that.

if the ISP wants more info, they can ask for it

Well retaliate how? I am sure Amazon doesn't provide or give away that info to the spammer if there's serious claims behind it. How would they trace the reported spam unless Amazon directly provide the spammer with the headers and body? And i can't be bothered to manually change every header, it's too much work.

1 hour ago, RobiBue said:

the info behind the ? in the links is what gives the spammer your info. those are the ones I don't add in the reports ...

btw, got the same one today too... recognize the identical bit.ly address...

Well it doesn't matter. The spammer is too stupid knowing they send sex spam with underage women and sooner rather than later be put behind bars.

Edited March 10, 2019 by klappa

petzl · March 10, 2019

1 hour ago, klappa said:

Was it a phishing mail? Amazon doesn't seem to take it serious if it isn't a phishing mail.

Yes definitely criminal phishing offering prizes to get your email address and other info

Edited March 10, 2019 by petzl

petzl · March 10, 2019

1 hour ago, klappa said:

I am sure Amazon doesn't provide or give away that info to the spammer

They do, most certainly and they state so in their reply!
They have a abuse website?
https://aws.amazon.com/forms/report-abuse
but run by the same morons, but they do have a email to their legal "subpoena-criminal[x]amazon.cxm."
pay to advise them that the moronic abuse team is putting Amazon itself at risk! Offering FREE websites for pedophiles?

Edited March 10, 2019 by petzl

What do do with Amazon hosted spammers

Recommended Posts

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation