{ "type": "Domain", "indicator": "usemultiplier.com", "general": { "sections": [ "general", "geo", "url_list", "passive_dns", "malware", "whois", "http_scans" ], "whois": "http://whois.domaintools.com/usemultiplier.com", "alexa": "http://www.alexa.com/siteinfo/usemultiplier.com", "indicator": "usemultiplier.com", "type": "domain", "type_title": "Domain", "validation": [], "base_indicator": { "id": 3633834517, "indicator": "usemultiplier.com", "type": "domain", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69f4e9528b14c4d84d91594d", "name": "CVD pointer (ISO/IEC 29147) \u2014 usemultiplier-com", "description": "Coordinated vulnerability disclosure (CVD) for usemultiplier-com under ISO/IEC 29147 and RFC 9116. TLP:AMBER. Informational only \u2014 NOT a threat indicator.\n\nVerification URL: https://saviourr.org/r/7d382eeffdda4e0b97cacdcbfc324328\nPGP fingerprint: E99E899CCBE3B8EE37631D3354DE70513B5ADA07\nPGP key: https://saviourr.org/.well-known/openpgpkey/researcher.asc\nsecurity.txt: https://saviourr.org/.well-known/security.txt\nOperator: MSK \n\nRequested action: PSIRT acknowledgment within 72h. Continued silence follows ISO/IEC 30111 escalation.", "modified": "2026-05-01T17:56:34.137000", "created": "2026-05-01T17:56:34.137000", "tags": [ "disclose-mesh", "coordinated-disclosure", "usemultiplier-com" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "MST478293", "id": "402211", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 1 }, "indicator_count": 2, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "29 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68f7aeb0219678d71fd9eae6", "name": "Phishing [211025]", "description": "Phishing domains and IP addresses that have been used to send malicious emails.", "modified": "2025-11-20T16:04:19.455000", "created": "2025-10-21T16:02:56.760000", "tags": [ "phishing", "m365", "spearphishing", "malicious-domain", "malicious-IP" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland" ], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "FS13JKMK", "id": "312129", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_312129/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 28, "hostname": 47, "email": 6, "FileHash-SHA256": 2, "URL": 77 }, "indicator_count": 160, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "191 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63ed8e8bf910895c13bb1d9b", "name": "etg.js whitelisted", "description": "The Falcon Sandbox malware analysis service is available to download, view, download and use on the Falcon website. and on our desktop and mobile apps, as well as in the browser and app.", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T02:01:47.650000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "falcon sandbox", "unknown files", "collection", "part", "please note", "data protection", "policy", "request report", "golden visa", "ransomware", "rats", "test", "august", "click", "close", "a9es", "idn0", "sendimage1", "refts0" ], "references": [ "https://matomo.it-connect.fr/piwik.php?action_name=Ce%20paquet%20malveillant%20SentinelOne%20vole%20les%20donn%C3%A9es%20des%20devs&idsite=1&rec=1&r=358500&h=18&m=16&s=24&url=https%3A%2F%2Fwww.it-connect.fr%2Fce-paquet-malveillant-sentinelone-veut-sen-prendre-aux-donnees-des-developpeurs%2F%3Fnowprocket%3D1&_id=e3fd2725c8cc9b66&_idn=0&send_image=1&_refts=0&res=1024x768&pv_id=tK8Zwe&uadata=%7B%7D", "whitelist", "https://hybrid-analysis.com/sample/548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 673, "hostname": 175, "domain": 22, "FileHash-SHA256": 160, "FileHash-MD5": 24, "FileHash-SHA1": 1 }, "indicator_count": 1055, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1170 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "references": [ "https://matomo.it-connect.fr/piwik.php?action_name=Ce%20paquet%20malveillant%20SentinelOne%20vole%20les%20donn%C3%A9es%20des%20devs&idsite=1&rec=1&r=358500&h=18&m=16&s=24&url=https%3A%2F%2Fwww.it-connect.fr%2Fce-paquet-malveillant-sentinelone-veut-sen-prendre-aux-donnees-des-developpeurs%2F%3Fnowprocket%3D1&_id=e3fd2725c8cc9b66&_idn=0&send_image=1&_refts=0&res=1024x768&pv_id=tK8Zwe&uadata=%7B%7D", "https://hybrid-analysis.com/sample/548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87/", "whitelist" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [ "Government" ] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69f4e9528b14c4d84d91594d", "name": "CVD pointer (ISO/IEC 29147) \u2014 usemultiplier-com", "description": "Coordinated vulnerability disclosure (CVD) for usemultiplier-com under ISO/IEC 29147 and RFC 9116. TLP:AMBER. Informational only \u2014 NOT a threat indicator.\n\nVerification URL: https://saviourr.org/r/7d382eeffdda4e0b97cacdcbfc324328\nPGP fingerprint: E99E899CCBE3B8EE37631D3354DE70513B5ADA07\nPGP key: https://saviourr.org/.well-known/openpgpkey/researcher.asc\nsecurity.txt: https://saviourr.org/.well-known/security.txt\nOperator: MSK \n\nRequested action: PSIRT acknowledgment within 72h. Continued silence follows ISO/IEC 30111 escalation.", "modified": "2026-05-01T17:56:34.137000", "created": "2026-05-01T17:56:34.137000", "tags": [ "disclose-mesh", "coordinated-disclosure", "usemultiplier-com" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 0, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "api", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "MST478293", "id": "402211", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 1, "URL": 1 }, "indicator_count": 2, "is_author": false, "is_subscribing": null, "subscriber_count": 23, "modified_text": "29 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": false, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "68f7aeb0219678d71fd9eae6", "name": "Phishing [211025]", "description": "Phishing domains and IP addresses that have been used to send malicious emails.", "modified": "2025-11-20T16:04:19.455000", "created": "2025-10-21T16:02:56.760000", "tags": [ "phishing", "m365", "spearphishing", "malicious-domain", "malicious-IP" ], "references": [], "public": 1, "adversary": "", "targeted_countries": [ "United Kingdom of Great Britain and Northern Ireland" ], "malware_families": [], "attack_ids": [ { "id": "T1566", "name": "Phishing", "display_name": "T1566 - Phishing" }, { "id": "T1192", "name": "Spearphishing Link", "display_name": "T1192 - Spearphishing Link" } ], "industries": [ "Government" ], "TLP": "white", "cloned_from": null, "export_count": 2, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "FS13JKMK", "id": "312129", "avatar_url": "/otxapi/users/avatar_image/media/avatars/user_312129/resized/80/avatar_3b9c358f36.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "domain": 28, "hostname": 47, "email": 6, "FileHash-SHA256": 2, "URL": 77 }, "indicator_count": 160, "is_author": false, "is_subscribing": null, "subscriber_count": 71, "modified_text": "191 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 }, { "id": "63ed8e8bf910895c13bb1d9b", "name": "etg.js whitelisted", "description": "The Falcon Sandbox malware analysis service is available to download, view, download and use on the Falcon website. and on our desktop and mobile apps, as well as in the browser and app.", "modified": "2023-03-18T00:05:45.328000", "created": "2023-02-16T02:01:47.650000", "tags": [ "sandbox", "malware", "analysis", "online", "submit", "vxstream", "sample", "download", "trojan", "apt", "hybrid analysis", "falcon sandbox", "unknown files", "collection", "part", "please note", "data protection", "policy", "request report", "golden visa", "ransomware", "rats", "test", "august", "click", "close", "a9es", "idn0", "sendimage1", "refts0" ], "references": [ "https://matomo.it-connect.fr/piwik.php?action_name=Ce%20paquet%20malveillant%20SentinelOne%20vole%20les%20donn%C3%A9es%20des%20devs&idsite=1&rec=1&r=358500&h=18&m=16&s=24&url=https%3A%2F%2Fwww.it-connect.fr%2Fce-paquet-malveillant-sentinelone-veut-sen-prendre-aux-donnees-des-developpeurs%2F%3Fnowprocket%3D1&_id=e3fd2725c8cc9b66&_idn=0&send_image=1&_refts=0&res=1024x768&pv_id=tK8Zwe&uadata=%7B%7D", "whitelist", "https://hybrid-analysis.com/sample/548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87/" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 7, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "callmeDoris", "id": "205385", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 673, "hostname": 175, "domain": 22, "FileHash-SHA256": 160, "FileHash-MD5": 24, "FileHash-SHA1": 1 }, "indicator_count": 1055, "is_author": false, "is_subscribing": null, "subscriber_count": 90, "modified_text": "1170 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "domain", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "usemultiplier.com", "type": "Domain" }, "abuseipdb": null, "urlhaus": { "indicator": "usemultiplier.com", "found": false, "verdict": "clean", "urls": [], "error": null }, "from_cache": true, "_cached_at": 1780200584.435337 }