How One Website Exploited Amazon S3 to Outrank Everyone on Google

By Seth Kravitz

This is the shortest summary I could think of to help you can understand a little more about this fun discovery.

The world of trying to share coupons with you online is one of the single most competitive areas of SEO (search engine optimization… aka, getting search engines like Google to list your website higher in the search results then than other people’s websites). Other extremely competitive SEO areas are industries like insurance, loans, and real estate.

Thousands of websites try to outrank each other on Google to make sure they are the #1 result when you type in “wallgreens coupon code”.

Since most of the coupons you find on these pages don’t work, you may have wondered why do these coupon sites even exist? Their primary goal has been and will always remain to attach a browser cookie to your web browser (Chrome, Safari, etc…) so they can get a commission on anything you buy from that retailer. This is called affiliate marketing. The cookie contains information that let’s the retailer know that which coupon website sent you and reward them with a commission. These commissions typically range from 1% to 15% of your total shopping cart, but they vary greatly from one retailer to another.

Just in case you wondered why the coupon code is always hidden and requires you to “click” to view it; that’s so they can open a new browser tab (normally in the background) that launches the retailer’s website (like wallgreens.com) and adds their affiliate marketing cookie to your browser and then rewards them for any purchase you make. Even if the code doesn’t work (which it normally doesn’t), if you still checkout and buy something, you have just provided them with a nice commision. Yay!

BTW: The web browser extensions you use to auto-apply coupons at checkout do the same thing.

Now you know how the world of coupon based affiliate marketing works.

As for Amazon S3, it’s nothing more than cheap file storage and hosting for files. Really boring old-school stuff, but super useful and extremely popular among web developers everywhere. You upload a file and Amazon S3 serves that file up to people all around the world (think… images, videos, mp3s, PDFs, documents of all kinds, etc…).

Anyway, back to the Amazon S3 SEO hack that a very clever affiliate marketer figured out.

Amazon.com employs one of the best SEO teams in the world. Some of the best minds in the search marketing industry spend all day trying to figure out how Amazon can outrank every other website (including many times the actually manufacturer’s website) for any product. Whether it’s a turtleneck sweater or a new Weber grill, Amazon wants to rank #1 when you search for it.

Amazon.com has such an amazing power to rank for anything (known in the industry as Domain Authority), that even the other websites they own and link to (like amazonaws.com) have built up incredible Domain Authority of their own.

According to Ahrefs, amazonaws.com has 410M backlinks from 376,000 different domain names. That’s a surreal amount of backlinks, making it one of the top websites in the entire Ahrefs system.

For non-SEO people, that simply means a bunch of different websites link to a bunch of web pages on amazonaws.com. Google’s ranking algorithm looks at the number of websites linking to a certain page as one of many indicators it considers to decide if a web page is worthy of being ranked higher for a certain term you search for. So, 410M backlinks pointing to various web pages on amazonaws.com is a big deal.

Knowing that I’d seen PDF’s uploaded to Amazon S3 in the Google serps (search engine results pages) for years, it was obvious that Google indexed S3 files just like any other webpage. I was curious what were some of the most popular PDF’s that not only ranked well, but were linked to the most. I figured that PDFs that had tremendous amounts of websites linking to them would be indicative that those PDF’s have valuable information in them. Thus, maybe something to create interesting content around for one of my sites.

I click over to the Ahrefs keyword report out of curiosity to see what S3 files are ranking for what keywords and notice the entire first page of results is almost all coupon code related.

Ok… that’s weird and unexpected.

I click a few of the results and they take me to pages like this (https://s3.amazonaws.com/walgreens-photo-coupon/walgreens/index.html)

Things get even weirder.

I check the backlinks for the first ten coupon pages and none of them have any backlinks from an external website.

To rank for a search query like “macys promo code” with zero websites linking to your page and practically no content on the page other than affiliate links, is beyond ridiculous.

That’s so ridiculous, you could compare it to me turning off Netflix, dragging my body off my couch, and taking the silver medal in the 100 meter dash at the Olympics.

This chart above is an example of a web page, dragging itself off the couch and taking the silver medal. Imagine Usain Bolt looking back as he runs the 100 meter dash and seeing you covered in sweat, screaming up behind him. Imagine the look on his face. That’s my face when I saw this page went from total obscurity to top ranking for “g2a discount code” in one month and generating an estimate 30,000+ visitors to that one page.

So, something is obviously off here. I naturally had to dig a little bit deeper.

First off, the site seems completely bare. For something ranking so high for massively competitive keywords, there is practically no information on the page, no links to things like Categories, About, Blog, Contact, Privacy Policy, Terms of Use, etc… That’s practically unheard of for a site in this type of position.

Second, I notice the company logo links to the root domain of (https://s3.amazonaws.com) and I find a About link buried in the footer that I’m guessing is supposed to the appear like it’s the real AWS about page https://s3.amazonaws.com/pages/about-us.html (now a 404 error). Both of those are immediate red flags that something is really off here.

Third, I notice all the links are routing through (promocodefor.org via 301 and 302 redirects) and upon looking at into it, the domain has experienced quite the traffic spike recently. Looking into its Google rankings, that website doesn’t rank for anything other than a few obscure terms. So, that traffic isn’t coming organically. It’s all coming via direct visitors or referrals (which in this case would be people clicking these links from these thousands of coupon pages).

Most likely, that massive traffic spike is all people clicking links on these Amazon S3 uploaded coupon pages. Meaning, whoever this person is, they are getting hundreds of thousands of clicks on their affiliate links, appending hundreds of thousands of their tracking cookies onto people’s web browsers, and making serious $$$$.

There is no way to estimate how much they are earning, but let me put it this way. I have a friend who runs a review site, that ranks for various web hosting related search queries like “web hosting reviews” and “godaddy hosting review” etc… He’s not the #1 result and he’s one of many sites that rank for the same terms, so it’s not like he is getting 100% of the traffic. He still pulled in over $140,000 in affiliate commissions in 2017. PS — Don’t quit your day job. It took him years to get those rankings and it’s only last year it finally started to pay off.

Fourth, I jump over to the source code of the site to find some super bare code. It’s nothing more than simple pure html, using only locally uploaded resources (css, js, etc…) and it doesn’t appear to have a single externally loaded resource (including Google Analytics which is practically a default for most websites).

Fifth, almost all the info on the page is faked. The counters, visitors, rating are all hard coded onto the page and haven’t changed in days. The search doesn’t work, the filtering is broken on most of the, and various elements like Load More are broken. They are static elements, made to look like real activity is going on, so the visitor believes these pages are on an active and useful website.

Sixth, I can see that there are thousands of these pages. Each one is sitting in its own Amazon S3 bucket, one page per bucket. Each bucket dedicated to a different retailer.

There is a lot more going on here, so before I jump to any final conclusions, I’m going to continue talking to some SEO experts I’ve known for years to get their ideas on how they got all of these indexed and why Google seems to be ranking them as if they were a part of the main amazonaws.com website.

Hold off on those world domination plans. This is the definition of what is called Black Hat SEO. There is a zero percent chance that this doesn’t both violate the Terms of Use for Amazon AWS and that the Google SPAM team wouldn’t consider this to be a blatant violation of their Webmaster Guidelines. Meaning, these amazing Google rankings are soon to go “poof!” into the ether.

Let’s go back to that sprinting analogy. You ran your heart out, you took the silver medal, you get to stand on the podium, and return to your country a hero. Black Hat SEO is that, but the only thing is… you get called out for doping, stripped of your medals, and all your work was for nothing. Black-hat SEO, like this coupon site, only last for temporary periods of time, they get caught, it all becomes worthless, and you are forced to try to find the next scheme. It’s always better to stick with White Hat, put in the work, and reap the long term benefits.

Seth Kravitz is the CEO of PHLEARN, the world’s #1 Photoshop & Lightroom training company online. He is an avid writer, photographer, rock climber, and Chicagoan.

This story is published in Noteworthy, where thousands come every day to learn about the people & ideas shaping the products we love.

Follow our publication to see more product & design stories featured by the Journal team.