{ "type": "URL", "indicator": "https://www.terrapin-attack.com", "general": { "sections": [ "general", "url_list", "http_scans", "screenshot" ], "indicator": "https://www.terrapin-attack.com", "type": "url", "type_title": "URL", "validation": [], "base_indicator": { "id": 3811234459, "indicator": "https://www.terrapin-attack.com", "type": "URL", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 2, "pulses": [ { "id": "68dce1558c830411203e8d83", "name": "131.186.60.123", "description": "Vulnerable IP appearing in pivoting firewall logs among different vendors.", "modified": "2025-10-01T08:07:48.491000", "created": "2025-10-01T08:07:48.491000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "nash_wells", "id": "362169", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 28, "CVE": 17, "FileHash-MD5": 1, "FileHash-SHA1": 20, "domain": 6, "email": 11, "hostname": 15 }, "indicator_count": 98, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "242 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65858f1a2869b730fa4d8229", "name": "CVE-2023-48795 | Ubuntu", "description": "The latest security updates for the OpenSSH operating system, following the release of the proftpd-dfsg package and a number of putty fixes, are being published on the Ubuntu website.", "modified": "2023-12-22T13:28:58.873000", "created": "2023-12-22T13:28:58.873000", "tags": [ "needs triage", "ubuntu", "launchpad", "debian trusty", "security", "managed", "observability", "openstack", "ceph", "kubernetes", "core", "desktop", "contact", "close", "score", "bugs", "install", "cloud", "main", "server", "misc", "terrapin attack", "legacy", "mlist", "attacks", "openssh", "netgate pfsense", "rust", "database", "cvss severity", "ruby", "phase", "detail awaiting", "analysis", "description", "ssh transport", "ssh binary", "packet protocol", "tools", "rating", "fix information", "vulnerable", "scap", "mappings", "cpe information", "cve list", "severity cvss", "severity", "nist cvss", "nvdbase score", "h nvd", "cvss", "cvss score", "solutions" ], "references": [ "https://ubuntu.com/security/CVE-2023-48795", "https://ubuntu.com/security/notices/USN-6560-1", "https://ubuntu.com/security/CVE-2023-28531" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1098.004", "name": "SSH Authorized Keys", "display_name": "T1098.004 - SSH Authorized Keys" }, { "id": "T1212", "name": "Exploitation for Credential Access", "display_name": "T1212 - Exploitation for Credential Access" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bd.taylor", "id": "263619", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA1": 27, "URL": 10, "domain": 4, "email": 2, "hostname": 6 }, "indicator_count": 51, "is_author": false, "is_subscribing": null, "subscriber_count": 27, "modified_text": "891 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "references": [ "https://ubuntu.com/security/notices/USN-6560-1", "https://ubuntu.com/security/CVE-2023-28531", "https://ubuntu.com/security/CVE-2023-48795" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 0 }, "other": { "adversary": [], "malware_families": [], "industries": [], "unique_indicators": 117 } } }, "false_positive": [], "alexa": "http://www.alexa.com/siteinfo/terrapin-attack.com", "whois": "http://whois.domaintools.com/terrapin-attack.com", "domain": "terrapin-attack.com", "hostname": "www.terrapin-attack.com" }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 2, "pulses": [ { "id": "68dce1558c830411203e8d83", "name": "131.186.60.123", "description": "Vulnerable IP appearing in pivoting firewall logs among different vendors.", "modified": "2025-10-01T08:07:48.491000", "created": "2025-10-01T08:07:48.491000", "tags": [], "references": [], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 4, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "nash_wells", "id": "362169", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "URL": 28, "CVE": 17, "FileHash-MD5": 1, "FileHash-SHA1": 20, "domain": 6, "email": 11, "hostname": 15 }, "indicator_count": 98, "is_author": false, "is_subscribing": null, "subscriber_count": 20, "modified_text": "242 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 }, { "id": "65858f1a2869b730fa4d8229", "name": "CVE-2023-48795 | Ubuntu", "description": "The latest security updates for the OpenSSH operating system, following the release of the proftpd-dfsg package and a number of putty fixes, are being published on the Ubuntu website.", "modified": "2023-12-22T13:28:58.873000", "created": "2023-12-22T13:28:58.873000", "tags": [ "needs triage", "ubuntu", "launchpad", "debian trusty", "security", "managed", "observability", "openstack", "ceph", "kubernetes", "core", "desktop", "contact", "close", "score", "bugs", "install", "cloud", "main", "server", "misc", "terrapin attack", "legacy", "mlist", "attacks", "openssh", "netgate pfsense", "rust", "database", "cvss severity", "ruby", "phase", "detail awaiting", "analysis", "description", "ssh transport", "ssh binary", "packet protocol", "tools", "rating", "fix information", "vulnerable", "scap", "mappings", "cpe information", "cve list", "severity cvss", "severity", "nist cvss", "nvdbase score", "h nvd", "cvss", "cvss score", "solutions" ], "references": [ "https://ubuntu.com/security/CVE-2023-48795", "https://ubuntu.com/security/notices/USN-6560-1", "https://ubuntu.com/security/CVE-2023-28531" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1098.004", "name": "SSH Authorized Keys", "display_name": "T1098.004 - SSH Authorized Keys" }, { "id": "T1212", "name": "Exploitation for Credential Access", "display_name": "T1212 - Exploitation for Credential Access" } ], "industries": [], "TLP": "white", "cloned_from": null, "export_count": 23, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "bd.taylor", "id": "263619", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "CVE": 2, "FileHash-SHA1": 27, "URL": 10, "domain": 4, "email": 2, "hostname": 6 }, "indicator_count": 51, "is_author": false, "is_subscribing": null, "subscriber_count": 27, "modified_text": "891 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "URL", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "https://www.terrapin-attack.com", "type": "URL" }, "abuseipdb": null, "urlhaus": { "indicator": "https://www.terrapin-attack.com", "type": "URL", "found": false, "verdict": "clean", "error": null }, "from_cache": true, "_cached_at": 1780297515.7362301 }