Back to Guides

AWS (Amazon Web Services)

Hosting

medium

World's largest cloud hosting provider with dedicated Trust & Safety team. Handles abuse reports for EC2, S3, CloudFront, and other AWS services.

Response Time

24-72 hours

Success Rate

High (80%+)

Automation

Available

Quick Contact Information

abuse@amazonaws.com Abuse Report Form

AWS (Amazon Web Services) - Hosting Provider Abuse Reporting Guide

Last Updated: November 7, 2025
Provider Type: Cloud Hosting Platform
Response Time: 24-72 hours (typical)
Success Rate: High (80%+)

Overview

Amazon Web Services (AWS) is the world's largest cloud hosting provider. AWS takes abuse seriously and has a dedicated Trust & Safety team. This guide covers reporting fraudulent websites hosted on AWS infrastructure (EC2, S3, CloudFront, etc.).

Prerequisites

Before reporting, gather the following information:

  • Fraudulent URL (e.g., https://scam-site.com)
  • AWS Resource Evidence:
    • IP address (use nslookup or dig)
    • CloudFront distribution ID (if using CDN)
    • S3 bucket name (if hosted on S3)
  • Your legitimate domain (e.g., legit-business.com)
  • Evidence of abuse:
    • Screenshots of the fraudulent site
    • Examples of brand impersonation or phishing
    • Any customer complaints received
  • Your contact information

Verification Steps

1. Confirm AWS is Hosting the Site

Check IP ownership:

# Get IP address
dig fraudulent-domain.com +short

# Check IP ownership
whois [IP_ADDRESS]

Look for:

OrgName: Amazon.com, Inc.
OrgTechName: Amazon EC2 Network Operations
NetRange: AWS IP ranges

Check for CloudFront:

dig fraudulent-domain.com

Look for:

CNAME: d1234abcd.cloudfront.net

Check for S3 hosting:

Look for URLs like:

  • bucket-name.s3.amazonaws.com
  • bucket-name.s3-website-region.amazonaws.com

Reporting Methods

Method 1: AWS Trust & Safety Abuse Form (Recommended)

URL: https://support.aws.amazon.com/#/contacts/report-abuse

Steps:

  1. Navigate to the form using the URL above

  2. Select abuse type:

    • Phishing: For impersonation/credential theft
    • Trademark/Copyright: For brand infringement
    • Spam: For unsolicited communications
    • Other: For general fraud

  3. Fill in required fields:

    • Your Name: Full legal name
    • Your Email: Business email address (@your-domain.com)
    • Phone Number: Your direct phone (optional but recommended)
    • AWS Resource Information:
      • IP Address
      • Domain name
      • CloudFront distribution ID (if applicable)
      • S3 bucket URL (if applicable)
    • Detailed Description: Explanation of abuse (template below)

  4. Attach evidence (PDF, JPG, PNG):

    • Screenshots of fraudulent site
    • Screenshots of your legitimate site
    • WHOIS/DNS lookup results
    • Customer phishing reports (if any)

  5. Submit the report

Method 2: Email AWS Trust & Safety

Email: abuse@amazonaws.com

Subject Line: Phishing/Abuse Report: [AWS Resource] - [Domain]

Email Template:

To: abuse@amazonaws.com
Subject: Phishing/Abuse Report: [IP or CloudFront ID] - scam-site.com

Dear AWS Trust & Safety Team,

I am reporting a fraudulent website hosted on AWS infrastructure that is impersonating my business and engaging in phishing activities.

FRAUDULENT RESOURCE INFORMATION:
Domain: scam-site.com
IP Address: [e.g., 3.123.45.67]
AWS Resource: [EC2 / CloudFront / S3]
CloudFront ID (if applicable): [e.g., E1ABCDEFGHIJ]
S3 Bucket (if applicable): [e.g., scam-bucket.s3.amazonaws.com]

LEGITIMATE BUSINESS INFORMATION:
Business Name: [Your Company Name]
Legitimate Domain: legit-business.com
Contact Email: contact@legit-business.com
Relationship: Owner/Legal Representative

NATURE OF ABUSE:
The reported website is:
- Impersonating our brand and trademark
- Using our logo and copyrighted materials without permission
- Attempting to collect customer credentials (phishing)
- Deceiving consumers into believing they are interacting with our business

EVIDENCE:
Attached:
1. Screenshot of the fraudulent website
2. Screenshot of our legitimate website for comparison
3. DNS/WHOIS lookup showing AWS hosting
4. [Optional] Customer reports of phishing attempts

IMPACT:
This fraudulent site is causing:
- Customer confusion and potential financial harm
- Damage to our brand reputation
- Violations of our trademark rights

REQUEST:
We request that AWS:
1. Suspend or terminate the associated AWS account
2. Take down the fraudulent content immediately
3. Provide confirmation of action taken (if permissible)

We are available for any additional information or clarification.

Thank you for your prompt attention.

Sincerely,
[Your Full Name]
[Your Title]
[Your Company Name]
[Your Phone Number]
[Your Email Address]

What Happens Next

Timeline

  • Automated Acknowledgment: Within 24 hours (case number provided)
  • Initial Review: 24-72 hours
  • Investigation: 3-7 business days
  • Resolution: Account suspension, resource termination, or forwarding to customer

Expected Communications

  1. Case Confirmation: AWS will provide a case ID
  2. Investigation Updates: AWS may request additional information
  3. Resolution Notice: You may or may not receive final outcome details (privacy policy)

Possible Outcomes

Best Case: Resource suspended/terminated within 48-72 hours
⚠️ Common Case: Warning issued to customer; customer removes content
Rare Case: Report deemed unsubstantiated (you can provide additional evidence)

Tips for Success

Do's:

  • ✅ Provide specific AWS resource identifiers (IP, CloudFront ID, S3 bucket)
  • ✅ Use WHOIS and DNS tools to confirm AWS hosting
  • ✅ Include clear evidence of impersonation or phishing
  • ✅ Reference AWS Acceptable Use Policy violations
  • ✅ Be factual and professional
  • ✅ Save your case number for follow-up

Don'ts:

  • ❌ Don't submit vague reports without AWS resource details
  • ❌ Don't use personal email addresses
  • ❌ Don't expect AWS to disclose customer information
  • ❌ Don't submit duplicate reports (slows investigation)
  • ❌ Don't include threats or inflammatory language

Follow-Up Instructions

If you don't hear back within 72 hours:

  1. Check spam/junk folder for AWS emails
  2. Reply to your case confirmation email
  3. Contact AWS Support and reference your abuse case number

If your report is denied:

  1. Request clarification on the denial reason
  2. Gather additional evidence
  3. Resubmit with enhanced documentation
  4. Consider additional reporting to FTC, FBI IC3, or legal action

AWS Resources Covered

This guide applies to abuse hosted on:

  • EC2 (Elastic Compute Cloud): Virtual servers
  • CloudFront: Content delivery network (CDN)
  • S3 (Simple Storage Service): Object storage / static websites
  • Lightsail: Virtual private servers
  • Elastic Beanstalk: Application hosting
  • API Gateway: API endpoints

Important Notes

AWS Privacy Policy

AWS will not disclose:

  • Customer identity or account details
  • Specific actions taken against the customer

This is to protect customer privacy, even in abuse cases.

Multi-Step Approach

Because AWS hosts infrastructure (not content), they may:

  1. Forward your complaint to their customer
  2. Allow the customer time to respond or remove content
  3. Take account-level action if the customer doesn't comply

This process can take longer than domain registrar takedowns.

Additional Resources

Common Questions

Q: Will AWS tell me who owns the account hosting the fraudulent site?
A: No. AWS does not disclose customer information due to privacy policies.

Q: How long does AWS keep resources suspended?
A: AWS may suspend resources immediately or give the customer time to remove violating content. Permanent termination depends on severity.

Q: Can I report multiple AWS resources in one complaint?
A: Yes. If the same fraudulent operation uses multiple AWS resources, include all details in your report.

Q: What if the site uses both AWS and Cloudflare?
A: Report to both. Cloudflare handles CDN abuse; AWS handles origin server hosting.

Q: Should I also file a police report or FTC complaint?
A: Yes. AWS abuse reports focus on TOS violations. Government agencies handle criminal activity. File with both for maximum effect.

Summary Checklist

Before submitting your report, confirm you have:

  • Verified AWS is hosting the site (IP, CloudFront, or S3)
  • Identified specific AWS resources (IP address, distribution ID, bucket name)
  • Gathered clear evidence (screenshots, DNS lookups)
  • Prepared a professional description of the abuse
  • Used your business email address
  • Attached all supporting documentation
  • Reviewed for accuracy
  • Noted your case number after submission

Document Version: 1.0
Contributors: ScamSnitch.ai Research Team
License: Public Domain - Free to use and distribute

This guide is provided for informational purposes only and does not constitute legal advice. Consult with an attorney for specific legal guidance.

All Reporting Methods

AWS Trust & Safety Form

https://support.aws.amazon.com/#/contacts/report-abuse

Email Abuse Team

abuse@amazonaws.com

Need Help Taking Down a Scam Site?

Let ScamSnitch.ai handle the entire takedown process for you with automated reporting and comprehensive case management.

Report a Fraudulent Site Browse All Guides