{
  "website": "*.amazonaws.com",
  "tags": [
    "Phishing",
    "Download",
    "Exfiltration",
    "C&C"
  ],
  "service_provider": "Amazon Web Services",
  "phishing": "Attackers can use *.amazonaws.com to host their phishing websites.",
  "command_and_control": "The Pareto Botnet was found using *.amazonaws.com as their C&C servers.",
  "exfiltration": "Attackers can create web applications with upload functionalities hosted on *.amazonaws.com and exfiltrate data on there. Alternatively, attackers can use *.s3.amazonaws.com as storage and upload exfiltrated files there.",
  "download": "Malicious tools can be stored on *.amazonaws.com and downloaded when required.",
  "sample_url": "https://www.joesandbox.com/analysis/510382/0/html",
  "created": "2021-11-10",
  "last_update": "2021-11-10",
  "credits": "mr.d0x",
  "detail_path": "/site/2a2e616d617a6f6e6177732e636f6d",
  "detail_slug": "2a2e616d617a6f6e6177732e636f6d",
  "detail_url": "https://lots-project.com/site/2a2e616d617a6f6e6177732e636f6d",
  "scraped_at": "2026-06-16T11:57:39Z"
}