Domain used in the malicious email URL link; hosts the ZIP archive containing the DLL sideloading payload; shared across both Chinese and Japanese-language phishing emails