Recently I’ve seen a lot of AWS traffic scanning my website and can’t find a good reason for it.
Exactly every hour we get a visit from amazonaws.com domain, each time on a different IP address but all from the same US AWS location.
They only visit the home page.
Obviously, it messes with our data but is it harmful?
Are you still experiencing the scans?
The official website for Amazon AWS is https://aws.amazon.com/
Just scanning isn’t harmful but I would still investigate into it.
Is the whole IP address different or just a part of it?
It’s stopped now.
Once the scanning started we started getting blackmail mails to all the official email addresses on the website pages. Seems pretty obvious now that someone is using US AWS servers to scrape sites for email addresses and then send blackmail emails.
Kind of annoying but not much you can do about it unless you remove the email addresses.
Yep, it seems like a scraper looking for emails as target.
If it happens again and if you have a main email gateway where all incoming emails go through, you can filter the sender from hitting your inboxes. Usually they’ll use masked emails (can be different each time) but the original source stays the same.