While intercepting traffic from a number of infected machines that showed signs of Remote Admin Tool malware known as HawkEye, we stumbled upon an interesting domain. It was registered to a command and control server (C2) which held stolen keylog data from HawkEye RAT victims, but was also being used as a one-stop-shop for purchasing hacking goods.
Article Link: http://cyberparse.co.uk/2016/12/29/one-stop-shop-server-steals-data-then-offers-it-for-sale/