{ "type": "Domain", "indicator": "simplerwebs.world", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/simplerwebs.world", "alexa": "http://www.alexa.com/siteinfo/simplerwebs.world", "indicator": "simplerwebs.world", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 4029516409, "indicator": "simplerwebs.world", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 6, "pulses": [ { "id": "6a0d0d30d3c1f85cb653d59d", "name": "IOC - Microsoft\u2019s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows", "description": "Cybercriminals abuse legitimate, albeit legacy, tools to push a host of malware, ranging from run-of-the-mill password stealers to advanced threats. Bitdefender\u2019s previous investigations already revealed how attackers used LOTL tactics in a Windows and macOS malware campaign that leveraged fake \u201cClaude Code\u201d Google ads.", "modified": "2026-05-20T01:24:00.331000", "created": "2026-05-20T01:24:00.331000", "tags": [ "lummastealer", "url emmenhtal", "ip purplefox", "domain new", "url hta", "indicator type", "ip ip", "loader https", "initial hta", "clickfix", "powershell" ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 89, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 6, "IPv4": 28, "URL": 31, "hostname": 10 }, "indicator_count": 166, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69690ca88230691c08910696", "name": "For INC Ransomware", "description": "Lumma, RedLine, Raccon", "modified": "2026-02-14T15:03:38.981000", "created": "2026-01-15T15:50:00.705000", "tags": [], "references": [ "For INC.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 45, "FileHash-SHA1": 39, "FileHash-SHA256": 77, "URL": 10, "domain": 14, "hostname": 3 }, "indicator_count": 188, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "105 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "689064f3e89fafcb74a2ef89", "name": "asdfgh", "description": "", "modified": "2025-09-03T07:02:52.843000", "created": "2025-08-04T07:44:51.014000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ESFBSOCTCR", "id": "200541", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 13, "FileHash-SHA256": 5, "domain": 15, "hostname": 13 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 86, "modified_text": "269 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68409244750c4c3b0bbb7729", "name": "IOCs 2025 JAN-MAY", "description": "Latest IOCs emerged in 2025", "modified": "2025-07-04T18:05:18.397000", "created": "2025-06-04T18:36:51.684000", "tags": [], "references": [ "IOC.pdf" ], "public": 1, "adversary": "Multiple Threat Actors", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 15, "FileHash-MD5": 106, "FileHash-SHA1": 141, "FileHash-SHA256": 117, "domain": 128, "email": 2, "hostname": 12 }, "indicator_count": 521, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "330 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68084f3d2e44c827d0062198", "name": "LummaStealer 2.0: Enhanced Evasion Techniques and Widespread Impact", "description": "LummaStealer 2.0, a sophisticated Malware-as-a-Service (MaaS), has evolved with enhanced evasion techniques, targeting a wide range of Windows systems. The latest version leverages MSHTA process abuse to execute remote code, bypassing defense mechanisms and increasing the likelihood of successful attacks. LummaStealer collects sensitive data, including credentials, cookies, cryptocurrency wallets, and other personally identifiable information.", "modified": "2025-05-23T02:00:56.614000", "created": "2025-04-23T02:23:57.737000", "tags": [ "domain c2", "intptr", "hash executable", "fygo", "int32", "lumma stealer", "noopdoor", "powershell", "assembly", "bitcoin" ], "references": [ "https://www.cybereason.com/blog/threat-analysis-lummastealer-2.0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 6, "FileHash-SHA1": 16, "FileHash-SHA256": 5, "URL": 1, "domain": 17, "hostname": 13 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "372 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6801a0b625d602fd6b63829e", "name": "Windows Systems being Targeted by LummaStealer Malware", "description": "LummaStealer is an experienced information-stealing malware. malware shared as\nMalware-as-a-Service (MaaS), has evolved with new evasion techniques that abuse legitimate Windows utilities.", "modified": "2025-05-18T00:04:15.805000", "created": "2025-04-18T00:45:42.367000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 15, "FileHash-SHA256": 4, "domain": 14, "hostname": 16 }, "indicator_count": 54, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "377 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows", "https://www.cybereason.com/blog/threat-analysis-lummastealer-2.0", "IOC.pdf", "For INC.pdf" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [ "Multiple Threat Actors" ], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 6, "pulses": [ { "id": "6a0d0d30d3c1f85cb653d59d", "name": "IOC - Microsoft\u2019s MSHTA Legacy Tool Still Powers Malware Campaigns on Windows", "description": "Cybercriminals abuse legitimate, albeit legacy, tools to push a host of malware, ranging from run-of-the-mill password stealers to advanced threats. Bitdefender\u2019s previous investigations already revealed how attackers used LOTL tactics in a Windows and macOS malware campaign that leveraged fake \u201cClaude Code\u201d Google ads.", "modified": "2026-05-20T01:24:00.331000", "created": "2026-05-20T01:24:00.331000", "tags": [ "lummastealer", "url emmenhtal", "ip purplefox", "domain new", "url hta", "indicator type", "ip ip", "loader https", "initial hta", "clickfix", "powershell" ], "references": [ "https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "celestre", "id": "295357", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 89, "FileHash-MD5": 1, "FileHash-SHA1": 1, "FileHash-SHA256": 6, "IPv4": 28, "URL": 31, "hostname": 10 }, "indicator_count": 166, "is_author": false, "is_subscribing": null, "subscriber_count": 138, "modified_text": "10 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "69690ca88230691c08910696", "name": "For INC Ransomware", "description": "Lumma, RedLine, Raccon", "modified": "2026-02-14T15:03:38.981000", "created": "2026-01-15T15:50:00.705000", "tags": [], "references": [ "For INC.pdf" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 45, "FileHash-SHA1": 39, "FileHash-SHA256": 77, "URL": 10, "domain": 14, "hostname": 3 }, "indicator_count": 188, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "105 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "689064f3e89fafcb74a2ef89", "name": "asdfgh", "description": "", "modified": "2025-09-03T07:02:52.843000", "created": "2025-08-04T07:44:51.014000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 11, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "ESFBSOCTCR", "id": "200541", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 6, "FileHash-SHA1": 13, "FileHash-SHA256": 5, "domain": 15, "hostname": 13 }, "indicator_count": 52, "is_author": false, "is_subscribing": null, "subscriber_count": 86, "modified_text": "269 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68409244750c4c3b0bbb7729", "name": "IOCs 2025 JAN-MAY", "description": "Latest IOCs emerged in 2025", "modified": "2025-07-04T18:05:18.397000", "created": "2025-06-04T18:36:51.684000", "tags": [], "references": [ "IOC.pdf" ], "public": 1, "adversary": "Multiple Threat Actors", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "IMEBEEIMFINE", "id": "343873", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 15, "FileHash-MD5": 106, "FileHash-SHA1": 141, "FileHash-SHA256": 117, "domain": 128, "email": 2, "hostname": 12 }, "indicator_count": 521, "is_author": false, "is_subscribing": null, "subscriber_count": 40, "modified_text": "330 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68084f3d2e44c827d0062198", "name": "LummaStealer 2.0: Enhanced Evasion Techniques and Widespread Impact", "description": "LummaStealer 2.0, a sophisticated Malware-as-a-Service (MaaS), has evolved with enhanced evasion techniques, targeting a wide range of Windows systems. The latest version leverages MSHTA process abuse to execute remote code, bypassing defense mechanisms and increasing the likelihood of successful attacks. LummaStealer collects sensitive data, including credentials, cookies, cryptocurrency wallets, and other personally identifiable information.", "modified": "2025-05-23T02:00:56.614000", "created": "2025-04-23T02:23:57.737000", "tags": [ "domain c2", "intptr", "hash executable", "fygo", "int32", "lumma stealer", "noopdoor", "powershell", "assembly", "bitcoin" ], "references": [ "https://www.cybereason.com/blog/threat-analysis-lummastealer-2.0" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1218", "name": "Signed Binary Proxy Execution", "display_name": "T1218 - Signed Binary Proxy Execution" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 5, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "PetrP.73", "id": "154605", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 1, "FileHash-MD5": 6, "FileHash-SHA1": 16, "FileHash-SHA256": 5, "URL": 1, "domain": 17, "hostname": 13 }, "indicator_count": 59, "is_author": false, "is_subscribing": null, "subscriber_count": 540, "modified_text": "372 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "6801a0b625d602fd6b63829e", "name": "Windows Systems being Targeted by LummaStealer Malware", "description": "LummaStealer is an experienced information-stealing malware. malware shared as\nMalware-as-a-Service (MaaS), has evolved with new evasion techniques that abuse legitimate Windows utilities.", "modified": "2025-05-18T00:04:15.805000", "created": "2025-04-18T00:45:42.367000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "cryptocti", "id": "110256", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_110256/resized/80/avatar_e237a4257c.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 5, "FileHash-SHA1": 15, "FileHash-SHA256": 4, "domain": 14, "hostname": 16 }, "indicator_count": 54, "is_author": false, "is_subscribing": null, "subscriber_count": 500, "modified_text": "377 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "simplerwebs.world", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "simplerwebs.world", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780185298.8822803 }