HeatherReid43 Posted July 25, 2019 Share Posted July 25, 2019 i am trying to report continuous voluminous spam originating from AWS and the reports i have been sending are not being acted upon. ie the spam is still continuing and i would like to include the CERT or FIRST authorities in USA I did find an email address info{AT}us-cert.gov and phishing-report{AT}us-cert.gov but i want to be doubly sure that this is the correct email address to send the report to. can anyone please suggest the correct reporting email address to the proper authorities ? Quote Link to comment Share on other sites More sharing options...
Steve Posted August 5, 2019 Share Posted August 5, 2019 What address are you sending Amazon abuse reports to? abuse@amazonaws.com/ec2-abuse@amazon.com? If you do it through SC, they devnull the report as that address (abuse@amazonaws.com) is disabled for reports, but manually reporting it to abuse@amazonaws.com/ec2-abuse@amazon.com generates a confirmation email. Steve Quote Link to comment Share on other sites More sharing options...
petzl Posted August 6, 2019 Share Posted August 6, 2019 On 8/5/2019 at 11:10 AM, Steve said: What address are you sending Amazon abuse reports to? abusexamazonaws.com/ec2-abusexamazon.com? If you do it through SC, they devnull the report as that address (abusexamazonaws.com) is disabled for reports, but manually reporting it to abusexamazonaws.com/ec2-abusexamazon.com generates a confirmation email Steve I only got action by sending abuse reports to Amazons sales department. Explaining that abusexamazonaws.com have gone rouge! Remove all @ symbols from email addies as spammer scan here for valid addresses (best is to use [AT]. I just put x over it) Quote Link to comment Share on other sites More sharing options...
Lking Posted August 6, 2019 Share Posted August 6, 2019 18 minutes ago, petzl said: Remove all @ symbols from email addies as spammer scan Thanks [petzl. I was in a rush this morning.. Quote Link to comment Share on other sites More sharing options...
petzl Posted August 9, 2019 Share Posted August 9, 2019 On 8/6/2019 at 11:27 AM, petzl said: I only got action by sending abuse reports to Amazons sales department. Explaining that abusexamazonaws.com have gone rouge! Remove all @ symbols from email addies as spammer scan here for valid addresses (best is to use [AT]. I just put x over it) Found another address for AWS spoofing[AT]amazon[DOT]com they want phishing message sent as attachmenthttps://www.amazon.co.uk/gp/help/customer/display.html?nodeId=201489190 Got a phishing spam that is using AWS URL's email address probably sold by Facebookhttps://www.spamcop.net/sc?id=z6564692784zcf8bc46efe5fe75fafde0e89a94da795z Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted August 14, 2019 Share Posted August 14, 2019 On 7/24/2019 at 8:41 PM, HeatherReid43 said: I did find an email address info{AT}us-cert.gov and phishing-report{AT}us-cert.gov but i want to be doubly sure that this is the correct email address to send the report to. Though, I believe you have some good addresses, I am not sure it will help. After me seeing the joke of the do not call list for the past decade (more than the current administration), I would suspect that amazon.AWS thinks these addresses would be nothing more than an external rating system. I do not believe they would actually stop the spam. I use the SpamCop blocking list for that. Each time you report, it feeds the algorithm behind the block list. Quote Link to comment Share on other sites More sharing options...
petzl Posted August 15, 2019 Share Posted August 15, 2019 (edited) 13 hours ago, gnarlymarley said: Though, I believe you have some good addresses, I am not sure it will help. After me seeing the joke of the do not call list for the past decade (more than the current administration), I would suspect that amazon.AWS thinks these addresses would be nothing more than an external rating system. I do not believe they would actually stop the spam. I use the SpamCop blocking list for that. Each time you report, it feeds the algorithm behind the block list. AWS has a crime problem starting at it's abuse address, they seem in on it! try here for latest abuse addresshttps://aws.amazon.com/security/report-suspicious-emails/ Edited August 15, 2019 by petzl Quote Link to comment Share on other sites More sharing options...
HeatherReid43 Posted October 4, 2019 Author Share Posted October 4, 2019 I hope I am not bringing out a thread from back from the grave today i have received multiple instances of spam originating from AWS here are today's pickings which were a bit slim but you will get an idea. https://www.spamcop.net/sc?id=z6578131058z038800e35b2aceab343c4f604c4b0ec0z https://www.spamcop.net/sc?id=z6578130863z7a4f36a23541fc3be43687bb4bff14cdz https://www.spamcop.net/sc?id=z6577994490z50b76841e430101536d9bd8d71243fd2z https://www.spamcop.net/sc?id=z6577984845z687e0d01a34a061585e573d5db505768z https://www.spamcop.net/sc?id=z6577984835z393f8b1753d370ebedf7279c94ddd40dz https://www.spamcop.net/sc?id=z6577984776z1d59efddc0b237a94bcde315cc4181bdz https://www.spamcop.net/sc?id=z6577984735za80bb81f9d84975eecef1a3cfab72314z https://www.spamcop.net/sc?id=z6577984681zf6cb4301fe59144094bccbe9af780894z https://www.spamcop.net/sc?id=z6577984644za5a34099ad9c92d90b2080544c1c46b1z https://www.spamcop.net/sc?id=z6577984543z95efe8ce27031c21e8c2cf9113d6cd40z any idea how to stop this onslaught ? Quote Link to comment Share on other sites More sharing options...
RobiBue Posted October 4, 2019 Share Posted October 4, 2019 Many times I have had these, it usually would stop if I didn’t report the links. And many times, reporting manually to amazon (since these seem to go to /dev/null ) other than that, ride it out... Quote Link to comment Share on other sites More sharing options...
Hanco Posted October 8, 2019 Share Posted October 8, 2019 On 10/4/2019 at 4:47 AM, HeatherReid43 said: I hope I am not bringing out a thread from back from the grave today i have received multiple instances of spam originating from AWS ... any idea how to stop this onslaught ? I’m sending mine to: abuse@amazonaws.com, abuse@amazon.com, ec2-abuse@amazon.com, ipmanagement@amazon.com That seems to be working. Were your target sites hosted by Lithuania outfit vpsnet? All mine were (australy.win, australy.bid, bulkoffers.win) The target site australy.bid went onto SURBL Phishing blacklist Sunday/yesterday. Not sure why/how, but the good news is that Nanecheap finally deleted the registration for the domain. That is something they refused to do several times (on February 6 and Feb 8 this year for example) despite emails for “number 1 milf site” etc!! My level of frustration with Amazon (and with Namecheap) reaches far too high a level at times LOL Quote Link to comment Share on other sites More sharing options...
Lking Posted October 8, 2019 Share Posted October 8, 2019 You might try stop-spoofing@amazon.com Quote Link to comment Share on other sites More sharing options...
NanaBird Posted October 8, 2019 Share Posted October 8, 2019 Today alone I have received over 30 spam/phishing emails with the host name of amazonaws. 99% of these emails refer to a website or reply email of "s.free.fr". I have reported each and everyone and I have discovered that the ec2 host numbers are registered to MarkMonitor.com. If the information in each email looks the same, I send a copy of these emails with their headers, hostname and ip numbers to abuse@amazonaws.com, spam@fightspam.gc.ca (I live in Canada), abusecomplaints@markmonitor.com, ipmanagement@amazon.com, hostmaster@amazon.com, stop-spoofing@amazon.com, and ec2-abuse@amazon.com As fast as I report an email, I get another one and they are mostly an amazonaws host from the Registrar Mark Monitor LLC. I am even getting 2 of the same email. Because of the number I have submitted since the first of October, I have seen a slowdown in amazonaws abuse reports being sent back to me. I have yet to see a response from Mark Monitor. I have even sent an email to them and Mark Monitor with a plea to stop the harassment. If it continues much longer I think I will file an official complaint with our Canadian government and the RCMP. Quote Link to comment Share on other sites More sharing options...
petzl Posted October 9, 2019 Share Posted October 9, 2019 1 hour ago, NanaBird said: As fast as I report an email, I get another one and they are mostly an amazonaws Hammering my Gmail account as well always mark them phishing and report from my Gmail.Criminal phishing, bogus reply address, bogus unsubscribe, DDoS attack on my email account stop-spoofing[AT] amazon.com, abuse[AT] amazonaws.com, abuse[AT] amazon.com, ec2-abuse[AT] amazon.com, ipmanagement[AT] amazon.com, phishing-report[AT] us-cert.gov. The links are "tinyURL" and go to a free picture site of a text document. but don't look at all Quote Link to comment Share on other sites More sharing options...
Hanco Posted October 9, 2019 Share Posted October 9, 2019 1 hour ago, NanaBird said: s.free.fr You are dealing with a group of very well known spam/phishing jerks (at least, we’ll known to me) Namecheap are almost exclusively the domains they (1) Create, or (2) Takeover. The s.free.fr is a redirect site (short url) so the actual sites are not linked to in their malicious emails. Thus reducing risk of their actual redirect site being listed on SURBL or such. Their actual site is not the ultimate destination either, but a redirect dance site to wherever they fancy sending you. You'll also probably find they use other sites for image hosting (to deliver to their malicious emails when opened). Often they use “imgur.com” - and imgur will happily delete those as against their terms of service. Report here, if you want to help make the malicious emails look more odd than they do already 😏 https://help.imgur.com/hc/en-us/requests/new Quote Link to comment Share on other sites More sharing options...
Hanco Posted October 9, 2019 Share Posted October 9, 2019 (edited) 1 hour ago, NanaBird said: . If it continues much longer I think I will file an official complaint with our Canadian government and the RCMP. Hope that helps. I include the authorities on all my Amazon reporting. Not sure it has any impact here in this country. Canada may be different... Edited October 9, 2019 by Hanco Typo Quote Link to comment Share on other sites More sharing options...
petzl Posted October 9, 2019 Share Posted October 9, 2019 3 minutes ago, Hanco said: https://help.imgur.com/hc/en-us/requests/new Thanks that's where I get sent but don't bother clicking every link or any link that often Seem AWS is backing this. Not a friend of Namecheap they seem the ones flooding spam to this blog Domain name blocking will be the only way to block this, if Gmail get enough phishing marks they will block domain and won't advertise they have done so. So far the only way to do this is by "sh*t list" as I haven't seen a effective way of gathering domain evidence. IP gathering of domains is hard as spam is hopping through domain IP's Quote Link to comment Share on other sites More sharing options...
Hanco Posted October 9, 2019 Share Posted October 9, 2019 2 minutes ago, petzl said: clicking every link or any link that often Oh absolutely. I try hard NOT to click the links. Ever. The Imgur team are good guys. They’ve got really quick at deleting. I send in my submissions in a very recognizable format they know will be a genuine report of ad images. Today, this jerk’s domain site hosted by Linode was pulled really quickly (within minutes of me getting their email. The images were also deleted very quickly. So quickly did this all happen in fact, that the dense idiot behind this process was sending out emails from the Amazon hosted mail service with “image not found” errors in the body and still linking to the non-existent site. Shame Namecheap and Amazon cannot get their acts together. Be more like Imgur and Linode. Quote Link to comment Share on other sites More sharing options...
Hanco Posted October 9, 2019 Share Posted October 9, 2019 5 hours ago, Lking said: You might try stop-spoofing@amazon.com I think the Amazon business divides the IPs. Sometimes EC2 responds, other times IP Management, and other times a more general address. I first noticed the split when SpamCop wanted to report rather than switch @ for # Quote Link to comment Share on other sites More sharing options...
Hanco Posted October 9, 2019 Share Posted October 9, 2019 This may be wrong to mention here but it closely links with the only source of spam I deal with (these jerks) - I noticed SURBL .org was offline a while today. It was in a quiet period for the spamming (at least to me) so maybe they were using their resources for other reasons than spamming? DDOS anyone? (Leaving to get some aluminum foil for a new hat now) Quote Link to comment Share on other sites More sharing options...
petzl Posted October 9, 2019 Share Posted October 9, 2019 51 minutes ago, Hanco said: DDOS anyone? If you get a overdose of spam with Gmail they will close your account so it IS a DDoS attack from AWS. Quote Link to comment Share on other sites More sharing options...
Hanco Posted October 9, 2019 Share Posted October 9, 2019 2 minutes ago, petzl said: If you get a overdose of spam with Gmail they will close your account so it IS a DDoS attack from AWS. Never knew that. Quote Link to comment Share on other sites More sharing options...
petzl Posted October 9, 2019 Share Posted October 9, 2019 1 hour ago, Hanco said: Never knew that. Neither did I. Do now! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.