*.web.core.windows.net

Phishing Download Exfiltration C&C

Attackers have the ability to choose a customized subdomain on web.core.windows.net. Attackers abuse this functionality by hosting phishing websites using the web.core.windows.net subdomain.

*.web.core.windows.net can be used as C&C servers.

Attackers can upload exfiltrated data onto applications hosted on *.web.core.windows.net

Malicious tools can be stored on *.web.core.windows.net and downloaded when required.

https://www.joesandbox.com/analysis/428807/0/html