False positives in subdomain

[pcebrianz]

Hi team, thanks for your work as always.

We have detected a high number of false positives regarding the following indicator:
jspassport[.]ssl[.]qhimg[.]com[.]
Apparently the C2 Server you detected it is on:
jspassport[.]ssl[.]qhimg[.]com[.]dsa[.]dnsv1[.]com[.]cn

This is already on your domain list.

Could you please check this?
Best regards

[drb-ra]

Thank you for reporting it! Given where it's used in the C2 configuration it will be filtered. New feeds should update shortly.