indicatorurl

hxxp://attacker-server[.]com

First seen: 2026-05-14
Last seen: 2026-05-14
Sightings: 1

Posts referencing this indicator

Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files | CVE-2025-59536 | CVE-2026-21852
Example malicious server URL used in the PoC for API key exfiltration via the ANTHROPIC_BASE_URL variable.
2026-05-13

http://attacker-server.com · URL · cyfar.ca