X
X
xpyctt2019-03-19 10:41:07
Amazon Web Services
xpyctt, 2019-03-19 10:41:07

What exactly is generating strange traffic from amazonaws.com?

Starting from March 12, strange traffic began to be recorded after email newsletters that are sent through mindbox.
Approximately an hour after the start of mailing to several parallel streams, all links in letters sent to certain addresses are clicked. "Clicking" is clearly not done manually, because. 20 clicks / sec occur from one letter.
Here's what we found out:
- the same User-Agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.98 Safari/537.36"
- all IP addresses (3.83.29.70 , 54.91.208.246, 52.90.58.49, 34.238.170.24) have a host like ec2-3-83-29-70.compute-1.amazonaws.com
On March 12, all emails from domains similar to popular mail services (gmai.com, yangex.ru, notmail.com, icoud.com, gmaul.com, iclud.com, gmil.com) were clicked, and there were quite a lot of them.
On March 14, there were only clicks from letters to mail.ru and in smaller numbers.
Any ideas what accumulates emails or links in emails and instantly goes through them all using AWS?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vladimir Dubrovin, 2019-03-19
@z3apa3a

All the domains you listed are processed by one h-email.net service, most likely it is someone's spamtrap or vice versa, these are typesquaters , all this is hosted on Amazon.
But you most likely ruined your reputation thoroughly with such mailings in any case.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question