Living Off Trusted Sites (LOTS) Project
Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain. Website design credits: LOLBAS & GTFOBins.
Website Tags Service Provider
raw.githubusercontent.com
Phishing
C&C
Download
Github
github.com
Phishing
Download
Github
1drv.ms
Phishing
Microsoft
1drv.com
Phishing
Download
Microsoft
docs.google.com
Phishing
C&C
Google
drive.google.com
Phishing
Download
Exfiltration
Google
*.azurewebsites.net
Phishing
Download
Exfiltration
C&C
Microsoft
dropbox.com
Phishing
Download
Exfiltration
C&C
Dropbox
mega.nz
Phishing
Download
Exfiltration
Mega Limited
pcloud.com
Phishing
Download
Exfiltration
pCloud
*.amazonaws.com
Phishing
Download
Exfiltration
C&C
Amazon Web Services
*.twitter.com
C&C
Twitter
*.web.core.windows.net
Phishing
Download
Exfiltration
C&C
Microsoft
*.blob.core.windows.net
Phishing
Download
Exfiltration
Microsoft
*.box.com
Phishing
Download
Exfiltration
Box
sites.google.com
Phishing
Google
*.cloudfront.net
Phishing
C&C
Download
Amazon Web Services
bitbucket.io
Phishing
Atlassian
bitbucket.org
Phishing
Download
Exfiltration
C&C
Atlassian
firebasestorage.googleapis.com
Phishing
Exfiltration
Google
storage.googleapis.com
Phishing
Download
Exfiltration
Google
*.herokuapp.com
Phishing
Download
Exfiltration
C&C
Heroku
*.zendesk.com
Phishing
Download
Zendesk
*.cloudwaysapps.com
Phishing
Download
Exfiltration
C&C
Cloudways
*.netlify.app
Phishing
Netlify
*.cloudapp.azure.com
Phishing
Download
Exfiltration
C&C
Microsoft
*.cloudapp.net
Phishing
Download
Exfiltration
C&C
Microsoft
gitlab.com
Phishing
Download
GitLab
filetransfer.io
Phishing
Download
Exfiltration
Filetransfer.io
*.sendspace.com
Phishing
Download
Exfiltration
Sendspace
wetransfer.com
Phishing
Download
Exfiltration
WeTransfer B.V
cdn.fbsbx.com
Phishing
Facebook
mediafire.com
Phishing
Download
Exfiltration
Mediafire
cdn.discordapp.com
Phishing
Download
Discord
*.workers.dev
Phishing
Download
Exfiltration
C&C
Cloudflare
slack-files.com
Phishing
Slack
youtube.com
Phishing
C&C
Google
reddit.com
C&C
Reddit
pastebin.com
Download
Exfiltration
C&C
Pastebin
*.sharepoint.com
Phishing
Microsoft
onedrive.live.com
Phishing
Microsoft
app.milanote.com
Phishing
Milanote
*.appspot.com
Phishing
Download
C&C
Google
*.wordpress.com
Phishing
Download
C&C
Exfiltration
Wordpress Foundation
*.azureedge.net
Phishing
C&C
Microsoft
*.tumblr.com
Phishing
C&C
Tumblr
*.backblazeb2.com
Phishing
Download
Exfiltration
BackBlaze
*.blogspot.com
Phishing
C&C
Google
*.translate.goog
Phishing
Download
Google
*.googleusercontent.com
Phishing
C&C
Google
*.typeform.com
Phishing
Typeform
*.github.io
Phishing
Github
*.web.app
Phishing
Google
*.firebaseapp.com
Phishing
C&C
Google
*.webflow.io
Phishing
Webflow
icloud.com
Phishing
Download
Exfiltration
Apple
*.duckdns.org
Phishing
C&C
DuckDNS
*.pages.dev
Phishing
Cloudflare
googleweblight.com
Phishing
Google
forms.office.com
Phishing
Microsoft
sway.office.com
Phishing
Microsoft
discord.com
C&C
Exfiltration
Discord
slack.com
C&C
Slack
api.telegram.org
C&C
Exfiltration
Telegram
*.gofile.io
Phishing
Exfiltration
Download
Gofile
*.instagram.com
Phishing
C&C
Facebook
facebook.com
C&C
Facebook
*.glitch.me
Phishing
Download
Glitch
bit.ly
Phishing
Download
Bitly Inc.
*.trycloudflare.com
Phishing
Download
Cloudflare
beautiful.ai
Phishing
Beautiful.ai
siasky.net
Phishing
Exfiltration
Download
Siasky
*.clickfunnels.com
Phishing
ClickFunnels
*.docusign.com
Phishing
DocuSign
*.digitaloceanspaces.com
Phishing
Download
Exfiltration
C&C
DigitalOcean
*.godaddysites.com
Phishing
C&C
GoDaddy
*.weebly.com
Phishing
C&C
Weebly
www.canva.com
Phishing
Canva
t.co
Phishing
C&C
Twitter
*.mybluemix.net
Phishing
Download
C&C
IBM
appdomain.cloud
Phishing
Download
C&C
Exfiltration
IBM
archive.org
Phishing
Download
Archive.org
spark.adobe.com
Phishing
C&C
Adobe
*.atlassian.net
Phishing
C&C
Atlassian
dogechain.info
C&C
Dogechain.info
paste.ee
C&C
Exfiltration
Download
Paste.ee
gitee.com
C&C
Download
Gitee.com
*.rf.gd
Phishing
C&C
InfinityFree
viewer.joomag.com
Phishing
Joomag
my.visme.co
Phishing
Visme
archive.ph
Phishing
Download
Archive.ph
docsend.com
Phishing
Docsend
*.nimbusweb.me
Phishing
Nimbus Note
*.oraclecloud.com
Phishing
Exfiltration
Download
C&C
Oracle
*.azurefd.net
Phishing
C&C
Microsoft
parg.co
Phishing
Download
Parg.co
*.ngrok.io
Phishing
C&C
Exfiltration
Download
Ngrok
codepen.io
C&C
Download
CodePen
pastetext.net
Download
Pastetext.net
notion.so
Phishing
Notion.so
*.wixsite.com
Phishing
Wix
attachment.outlook.live.net
Download
Exfiltration
Microsoft
attachments.office.net
Download
Exfiltration
Microsoft
lnkd.in
Phishing
Microsoft
*.myportfolio.com
Phishing
Adobe