indicatorurl
hxxp://lemurinfo[.]com/content/fragments/combine.html?fragmentOneContents=
- First seen
- 2026-05-13
- Last seen
- 2026-05-13
- Sightings
- 1
Posts referencing this indicator
- Using threat modeling and prompt injection to audit Comet
Attacker-controlled endpoint used to exfiltrate combined fragment data, specifically stolen Gmail contents, via URL parameters.