DomainHighVerifiedSignal 62/100
anotherbag.com
Location
United StatesFirst Seen
Feb 11, 2024
Last Seen
Jun 7, 2026
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
5 reports62% confidence
5
Source reports
62%
Confidence score
Category tags
aaaaabuse contactacceptacintactive scanaddressaddress virtualadloadadmin countryagentagent teslaalexa topall octoseekanalyzeappdataappleapple iosapple phonearizonaartemisascii textaslrasyncratattackauthorityavailable fromavast avgazorultbackbackdoorbad reputationbandoobankbarracuda etbazaarbehavbillblackblisterbodybootkitbotnet activitybrute forcec2ca g1ca1 validcancel anytimecape sandboxcde stbayerncenterchina telecomcins activecisco umbrellaclasscleanerclickcmdlinecnamecnccngo daddycobalt strikecodecode signingcommand & controlcompany limitedconduitcopycorecount blacklistcowboycp cybercreation datecronup threatcrypcryptocryptocurrencycsc corporatecus cnr3cus cnthawtecus oapplecus oletcus starizonacyber espionagecyber stalkingcyber threatczechdaddydangerdatadcomddosdefense evasiondelawaredenverdetail infodetection listdeuteronomy 28:7dns attackdnssecdomaindomainsdomains domainsdomains filesdos executabledownldrdropped infoelevated exposureemailemailsemotetencryptencrypt cnr10encryptionenjoyentrieserroret toreuropeexitexpiration dateexpiry dateexploitexploitation activityfilefiles domainfiles filesfiles relatedfirstfoundfreefromfusioncoreg1 validityg2 validityg4 codegeneratorgenericgeneric windosget dnsget httpgooglegroupguardhackershackers for hirehandlehashesheadheader intelheurhigh levelhigh priorityhistorical sslhitmenhosthostnamehotmailhttphttp methodhttp requestshunkhybridiana idiana registrarico rtgroupiconidentity & access exploitationiframeillegalindicatorinfoinfo compilerintelinternet stormiocsipv4issuerkey algorithmkey identifierkey infokey usagekgs0kls0known torkr registrantkratonalarimer stlibrarylinkslmnchen oteamloadslocalmail spammermalicious sitemalicious urlmalvertizingmalwaremalware sitemalware spreading evadermatsnumediamemory patternmetamillionmindmisc attackmitre attackmobile threatmonitoringmost viewedmovedms windowsmsilmwdbnamename md5name serversnetworknetwork infoneutralnextnircmdno datanode tcpnode trafficnoname057none rticonnorth americanothingnumberodigicert incoffsetoletopenos2 executableotx telemetryoverview zenboxpapassive dnspastepatcherpathpattern ipspattern matchpayloadpe filepe32 executableperforms dnsphishingphishing siteplaypoor reputationporn videosportprocesses extraproducts idprojectprotectpublic keypublic serverpulse pulsesqakbotquery timeransomransomwarerdap databaserecord typerecord valueregistry keysregistry techrelicremcosresearchedresolver ipresources cyberrisk assessmentrticon neutralsafe sitesamplesscan endpointsscriptscript urlssearchseraph secureserverserversserviceshellshell codeshell foldersshinjiru mscshowingsiem compliancesigning rsa4096simdasitesizeskipspainspamspammerssdeepssl certificatestatusstreamstringsstrongsubject publicsuitesummaryswrortt1027t1033t1036t1036.004t1041t1046t1047t1053t1055t1057t1059t1068t1070t1071t1071.002t1071.004t1074t1082t1095t1105t1106t1112t1122t1129t1202t1210t1496t1497t1539t1542t1547t1562t1564t1574tag counttargetteamthreatthreat actorthreat reportthreat roundthreat rounduptickcounttiggretitletls rsatofseetop ratedtor knowntor nodetor relayroutertraffictreatstrojantrojandroppertrojanspytsara brashearsttl valuetulachtypeunionunitedunited statesunruyunsafeupdate dateurlsurls httpsutc submissionsv3 serialvawtrakvideosviewsvirtoolvirutwacatacwatchwhois lookupswhois recordwin16 newritex509v3 subjectxratxtrat
Activity Timeline
Jun 7Jun 7
Threat Activity Heatmap
· Peak: 2026-06-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
The domain **anotherbag.com** has been identified as a significant indicator of compromise (IOC) associated with multiple cyber threats originating from the United States. First observed on February
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
5
Reports
First seenFeb 11, 2024
Last seenJun 7, 2026
Verified IOC
VirusTotal
Not checked
WHOIS
- description
- [look back at the results of the WaproIntegration.exe analysis, conducted by Asseco Business Solutions, and published by the Microsoft Office (MSW) on 1 January 2017.] Client *doesnt* have windows.
- domain rank
- -1
- raw
- Administrative city: Road Town Administrative country: Virgin Islands (British) Administrative email: [email protected] Create date: 2025-01-22 00:00:00 Domain name: anotherbag.com Domain registrar id: 4326.0 Domain registrar url: https://rdap.unstoppabledomains.com Expiry date: 2027-01-22 00:00:00 Name server 1: ns1.afternic.com Name server 2: ns2.afternic.com Query time: 2025-12-20 10:10:41 Technical city: Road Town Technical country: Virgin Islands (British) Technical email: [email protected] Update date: 2025-12-19 00:00:00
- references
- https://vtbehaviour.commondatastorage.googleapis.com/004a881e84a216c4bc74f3c80b65b93b0e92730e8650fcd540ddd9c05496821f_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779437688&Signature=gFtkoBqF5pShJtX6qkZtdovQkyQMLUYrFOjDP6NqgmFoOhYNKhh4DR%2BRduecXCaeSRa%2FFMLPwsZ1NNrjc%2Fg3iGJunOiw%2BNVCbqHgsCqgFukn94EvgBPpTB6B9jvTJkiWGF2dGk%2Bc%2FRUi11iqTV98lN1HTrKNfw0yL67LRmHYEPltNEYRvTe3krIx9Lc3e%2FgV5D2YEoCr%2BEB72AwqJDp3RZPJVsuY1pQBVpH%2FTq4FHpa%, https://vtbehaviour.commondatastorage.googleapis.com/01b1f4159b48ac9d2145ca334ac5088cb79c8d4c03cf0688a87e55335349b331_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779437830&Signature=o1mMUhfVofwSs5xyuFNizd0ePwrbhenHNa%2FGv1rJB1qPc8iZP5wkSG7TAOksy%2Bbq%2BSYFTz%2BK5iCcc3PayR7eyLcifui7TFP%2BR6BRfA165PwBWOQoBUg5NFD9IRXuidu5YGzacnbqDVdrzIWuDRh1%2BN95ftOdtUVsknU6Vxrs%2FlpgDcCvuCw8yBT9TpzeqirdVKlJPVDo9DR35AroEk%2BnXJbeXiIRkTJ3eVKTGSz6CphpXF, https://vtbehaviour.commondatastorage.googleapis.com/01b1f4159b48ac9d2145ca334ac5088cb79c8d4c03cf0688a87e55335349b331_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779437889&Signature=kOQWTYWZEnXg6x3z7n1h%2BZxGkgstZeT94Va6iNASpQTWtCaM1UzUpKuQfGgpopGCyTOEK%2F7OD4pGKGjQDwX29jg3%2BWWCnmzl2Mzx9F4yN1rq4t4SzOITafJ%2ByjOuVbRn5K%2BAZoVXDIZIUCsUMxgTHhqST3vBcQ503uW6lfzxUcdHHauNqTsPUzjiSG6JrJRGSJW%2BzxrctN1HmMSRzpHcu7CHCOeQuIhHiX7ibuCHhA3JzarYcCaHYe%2B8, https://vtbehaviour.commondatastorage.googleapis.com/07e1e7ad5d00405ee7c5fed83b4d9e3a512d9e872d8670cb86fd701f3b8b6259_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779438246&Signature=ZGz53K8c67xrCiLmZJbODFjoXur2NU9sF9Xjc%2Ff81AQIH8dBUyDkBf7MQwIyCG7huDtUlwHzNWPb0VzcJksqTxIo%2BJPVvtYvIl8RV%2BckzCDGa3AWmKyyvYPZbn4h%2B8stgKiEu6RzeO9KCA2o91kJ8RAu6HhS6SSlddRteH%2BA3MOc17NU6cmUv0B06xlL9i%2FEgkhPukOAi3TFeOT3hK7Y3pW%2FCBP536Ae%2BaDIzY24ugSkQ%, https://vtbehaviour.commondatastorage.googleapis.com/7d441193d1f16f78d054c1fe662e533db705dad62d0121f02d000e9a6b5fe86b_Tencent%20HABO.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779438365&Signature=h7GZQeeOJNTBzxgmrZzfcTlZI6TwhUTTE1VEYyZfCBcBfVE3Jb8jMGpRJTIh2RjWBMEf1FRvCibTgA%2BKnZNrtxGDZe4CJvEqy02XWJbLarRkHqmn1sMQpskfa4sIPni%2FCkajAZUdYmEuTES7jYJsimQO%2FNtd1bIFSqBot7ecyvQT%2F9ax7KazcoIudKVimT0ihn%2BstThD1NxJalqWZoY2sO1jzCgkaOK9lZeCsAXDE1H3B3LD6yIg, https://vtbehaviour.commondatastorage.googleapis.com/8a7e906f7a61cab63e462258f69c24e3425fa54e5e90cdf68b495c4fd04a1982_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779438540&Signature=vQDqnOc819uwIf0UqNrPAXjrnU5lZulCRWIGBinfcBaYOLutIIcBkwpwhJn4GTrg04JjCxqIcZ43GlpX%2FYhN5uiLQZ5Iq0%2FZl1WfsxOy3LhAomStnIrBU0FvlkCre1wYUHlPoU48crf8016tg9ioYlD%2BwbWR7jeN%2Bk5Ji8P0ipnBOP7K0C822Ae5VenOIz4a%2BB8OR1YdodkTomWdLo46lmTdc899jW0IxF3msxKmV4nal0ZD4aeX, https://vtbehaviour.commondatastorage.googleapis.com/3fe3b0bc7ca7ec4d23c1cd7c07d5cdf9cb3463beb18cd58e2501150d343d0851_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779438798&Signature=pANruTzJyu09Hzf4DTv20LDHBbtyRDfVqdUDXcUHU5t%2Fo4ZASzGodrrrh0fSnpxRID7l8PUYQBpatP0X3BS%2BDZyUILHdoxM41n4EbpJ%2B53f5rTs3mKuxEjWVK5Qqv%2BETgwTMnpZ8nScsLJfzlqHy%2B0U7pGcwf58Ddn5NAxMvveGCxrjpeP1nPaMKQMqKtlgIaoZKaRUTWeQus8tECh70NEy%2FBGwoljYsR%2FbGJ5YyrB1jlrAY, https://vtbehaviour.commondatastorage.googleapis.com/7d441193d1f16f78d054c1fe662e533db705dad62d0121f02d000e9a6b5fe86b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779438900&Signature=GdSSawcnAzzWjiMJAEJMz7h0KpqPNqgwPzPkzv%2FPKo1IhjY2w4WE1ioTHKCJ7eMvq%2F0dzNI1JvYz47q%2FosHjl0ZOvE39XCHG5BsiO6AoXnUe9D1sIksXC19D%2FvOQZLtOQ8uMwJ7oehwmB9VfuwQCEqwu22ClFUwOXSvDI%2FBRa2m8ingT7tEflhqF2okL36dFvtY8GKspHKfRv4ayCedzCEp70TXYBwOOFSkNdMr8ddnW5YBSkzp5, https://vtbehaviour.commondatastorage.googleapis.com/beddd6543579e4744aa3aceb91c6ff522e5d4a9cf54c41b27ad97d6533cff57e_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779439368&Signature=CDFw0%2B8LvB0k7nbKeUPwBR%2FfS5URr4xkEa2F4j12yJ7df5yIucYFDJweGXE%2BExkhEyGCO5CWuoTJB0K%2F6Rpxgfnlabbn5ygiAsFOnib4deEJdbcSyN3Gy9Kws8AW9KqC0rNuo61G5054uz8o49zs3kKm1T18tPWnUdh7hoAvUZZd%2FYUxruCfZvqZhlpNuf5GDd2wiMtdi5FN0gjAWablDvhxF3tIQ15UvXQMm%2BBmTkTGDpYQ1N, https://vtbehaviour.commondatastorage.googleapis.com/beddd6543579e4744aa3aceb91c6ff522e5d4a9cf54c41b27ad97d6533cff57e_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1779439406&Signature=Yyt5VdwIWVXZPSrz2llE%2Fkbs8LRRL%2FYacK8lMJDwqz1wnQB9NTQ5QEbHs%2B45GJHAJP3KN1mSh2WU7JPp%2BmDqFZFoauenLoF11M2RaKMwIDojWNE%2Fwb%2BSo6gvaguoU25WEGapdxQpMpn7ojI4%2FW3dmzzX7F9qYQmhmbC9ipqyKXDZHQuAUJaa074tvOcIBvP974a3DKMGUmWO1KyDP73MEZpyuKfxhVFdco02FkPG7mvGCJnXuw3KbSvC, honey.exe, 0001c8afa9ca148752e1439140fadb6571b27f455ad1474d85625bcddfb63550, CS Sigma Rules: Suspicious Remote Thread Created by Perez Diego (@darkquassar), oscd.community, CS Sigma Rules: Python Initiated Connection by frack113, CS Sigma Rules: Use Remove-Item to Delete File by frack113, CS Sigma Rules: Suspicious Userinit Child Process by Florian Roth (rule), Samir Bousseaden (idea), Relationship: http://www.cpmfun.com/go.php?i=Zml0sXNlQhR0gRzjdXpLNlz4&p=71408&s=1&m=1&ua=mozilla/5.0+(linux;+android+4.4.2;+ast21+build/kvt49l)+, api.login.live.com, http://appleid.icloud.com-website33.org/, https://www.milehighmedia.com/legal/2257 [phishing • Brazzers porn], FileHash-SHA256 c030b0a1be8745d192f45.159.189.105743b3c4f4094f33507a5904c184c8db0bde1a91efccb5 [tracking], http://45.159.189.105/bot/regex [Tracking Tsara Brashears involves in person following and or harassment as well], message.htm.com, http://pornhub.com/gay/video/search, CnC IP's: 206.189.61.126 • 217.74.65.23 • 46.8.8.100 • 64.190.63.111, stop following, stalking, hacking, talking, modifying, hijacking, threatening, contacting, sending people to harass target, threats, https://www.anyxxxtube.net/search-porn/tsara-brashears/, https://wallpapers-nature.com/tsara-brashears/tse1-mm-bing-net, ww1.imobitracking.net, https://www.hybrid-analysis.com/sample/dcf9f5e78d4645b38540d25c4d8ca7fe3e019671caadf7cade4cc01008282bff, 114.114.114.114, signin-appleid.jackpotiot.com, https://www.anyxxxtube.net/media/favicon/apple, http://manage.apple.com.webobjectsd5dbc98dcc983a7028bd82d1a47540.dsiblings.com/Info/information.html, https://www.pornhub.com/gifs/search?search=tsara+lynn+brashears+lesbian, https://httpdev.findatoyota.com, https://secure.medicalexpo.com/request-management-ws/views/contact-details.xhtml?token=A3QIgyaKRur%2BIjZfA4R8MkKBwXLdgMI5Gg%2F0dwmuMj0, t.prototype.hasownproperty.call, https://www.assurant.com/?utm_source=email&utm_medium=email&utm_campaign=Mobile_Transactional_withad&utm_content=Deductible+Charge+Acknowledgement+PD-MB&utm_term=, http://trkr.similarphotocleaner.com/trackerwcfsrv/tracker.svc/trackoffersview/?q=pxl=mco2191_mco2146_mco1132&utm_source=mcosfl&utm_medium=mcosfl&utm_campaign=mcosfl&x-count=1&x-context=osversion-5.1
- subdomains count
- 4
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
highFirst detected 2 years ago · Last seen 3 days ago
Appeared in 5 threat reports