diff --git a/detection-rules/impersonation_amazon.yml b/detection-rules/impersonation_amazon.yml
index f4ef7367cd7..961920a4aef 100644
--- a/detection-rules/impersonation_amazon.yml
+++ b/detection-rules/impersonation_amazon.yml
@@ -16,7 +16,7 @@ source: |
   )
   and (
     regex.icontains(sender.display_name,
-                    '\b[aaa𝝰aａ𝑎𝗮𝕒𝖆𝓪𝚊𝞪аɑα𝔞𝒂𝘢𝛂⍺𝒶𝙖𝜶𝛼𝐚𝖺]maz[o0]n\s?(pay|marketplace|\.com)|ᵃ⤻ᶻ'
+                    '\b[aaa𝝰aａ𝑎𝗮𝕒𝖆𝓪𝚊𝞪аɑα𝔞𝒂𝘢𝛂⍺𝒶𝙖𝜶𝛼𝐚𝖺]maz[o0]n\s?(pay|marketplace|\.com|\.\w{2}\b|\.co\.\w{2})|ᵃ⤻ᶻ'
     )
     or strings.ilevenshtein(sender.display_name, 'amazon.com') <= 1
     or strings.ilevenshtein(sender.display_name, 'amazon pay') <= 1