*.azurewebsites.net

Phishing Download Exfiltration C&C

Azure web applications allows users to create a customized subdomain on azurewebsites.net. Attackers abuse this functionality by hosting phishing websites using the azurewebsites.net domain.

Malware such as Almaq have used Azure web applications as their C&C servers.

Attackers can create web applications with upload functionalities hosted on *.azurewebsites.net and exfiltrate data on there.

Attackers can host malicious tools on applications hosted on *.azurewebsites.net and download them when needed.

https://www.joesandbox.com/analysis/426500/0/html