{
  "website": "*.blob.core.windows.net",
  "tags": [
    "Phishing",
    "Download",
    "Exfiltration"
  ],
  "service_provider": "Microsoft",
  "phishing": "Attackers have the ability to choose a customized subdomain on blob.core.windows.net for blob storage. Attackers abuse this functionality by hosting .html files using the blob.core.windows.net subdomain and therefore creating fake login pages that capture credentials.",
  "command_and_control": "None",
  "exfiltration": "Attackers can upload exfiltrated data onto applications hosted on *.blob.core.windows.net",
  "download": "Malicious tools can be stored on *.blob.core.windows.net and downloaded when required.",
  "sample_url": "https://www.joesandbox.com/analysis/464535/0/html",
  "created": "2021-11-10",
  "last_update": "2021-11-10",
  "credits": "mr.d0x",
  "detail_path": "/site/2a2e626c6f622e636f72652e77696e646f77732e6e6574",
  "detail_slug": "2a2e626c6f622e636f72652e77696e646f77732e6e6574",
  "detail_url": "https://lots-project.com/site/2a2e626c6f622e636f72652e77696e646f77732e6e6574",
  "scraped_at": "2026-06-16T11:57:40Z"
}