The Disclosure Hit November 9th. We Caught the Exploitation December 17th.
- Patrick Duggan
- Dec 19, 2025
- 4 min read
--- title: "We Watched Hackers Weaponize the Mintlify XSS in Real-Time (121 IOCs Captured)" slug: mintlify-xss-downstream-exploitation-captured date: 2025-12-19 author: Patrick Duggan tags: [threat-intelligence, xss, discord, vercel, mintlify, osint, stix] category: Threat Intelligence featured: true story_density_target: 120.9 psyops_score: 0 ---
December 19, 2025, 11:45 PM CST - I'm digging through our Meilisearch index at `analytics.dugganusa.com` when I see something that makes me stop scrolling.
`discord.flawing.top/blog/keeping-discord-safe-and-sound`
That URL structure. `/blog/`. On a `.top` domain. Mimicking Discord.
I'd just read @hackermondev's gist about the Mintlify XSS vulnerability. The one that let attackers inject JavaScript into Discord's documentation via malicious SVG files. The one that earned him ~$11,000 in bounties.
And now someone was exploiting the same attack surface with phishing infrastructure.
We got it on tape.
What @hackermondev Found (November 9, 2025)
Daniel (@hackermondev) discovered that Mintlify's `/_mintlify/static/[subdomain]/[...route]` endpoint was fundamentally broken. The endpoint fetched static files from any Mintlify documentation without validating that the subdomain matched the current host.
Translation: An attacker could host a malicious SVG on `evil.mintlify.app`, then craft a link to `discord.mintlify.app/_mintlify/static/evil/malicious.svg` that would execute JavaScript in Discord's domain context.
The Attack Chain: 1. Attacker uploads SVG with embedded JavaScript to their own Mintlify docs 2. Attacker sends victim a link to Discord's Mintlify endpoint pointing to attacker's SVG 3. SVG loads and executes JavaScript as if it's from Discord 4. Discord session cookies get exfiltrated 5. Account takeover with a single click
Daniel reported it to Discord on November 9th. Discord shut down their docs for 2 hours and reverted to their old documentation platform. Mintlify patched. Bug bounty paid.
Affected companies: Discord, Vercel, Cursor, Twitter/X, and "hundreds of companies" using Mintlify's documentation platform.
What We Captured (December 17-18, 2025)
38 days after the disclosure, our automated OSINT harvester pulled this from OpenPhish via AlienVault OTX:
{
"value": "https://discord.flawing.top/blog/keeping-discord-safe-and-sound",
"type": "url",
"source": "otx-pduggusa",
"threat_type": "malware",
"description": "Phishing via openphish",
"timestamp": "2025-12-17T13:55:42"
}
101 IOCs for `discord.flawing.top`.
Then I searched for Vercel - the other major company Daniel mentioned in his disclosure:
curl "https://analytics.dugganusa.com/api/v1/search?q=vercel.app+phishing"
20 IOCs for `openopenbox301.vercel.app` - phishing hosted directly ON Vercel's platform.
Total: 121 IOCs correlating to the Mintlify disclosure attack surface.
The URL Structure Is the Tell
Look at the phishing URL:
discord.flawing.top/blog/keeping-discord-safe-and-sound
Now look at Discord's legitimate documentation:
discord.com/developers/docs/
The attackers aren't copying the exact Mintlify vulnerability. They're exploiting the conceptual attack surface that Daniel exposed: documentation and blog platforms are trusted delivery vectors for Discord-related content.
• `discord.flawing.top/blog/keeping-discord-safe-and-sound`
• `discord.flawing.top/blog/discord-profile-tips-from-design-professionals`
These sound like legitimate Discord blog posts. Trust architecture for documentation platforms. Same attack surface Daniel identified, different implementation.
Timeline Correlation
| Date | Event | Source | |------|-------|--------| | Nov 7, 2025 | Discord announces Mintlify migration | Discord announcement | | Nov 9, 2025 | @hackermondev discovers XSS vulnerability | GitHub Gist | | Nov 9, 2025 | Discord shuts docs for 2 hours, reverts | Researcher timeline | | Nov ??, 2025 | Mintlify patches vulnerability | (unconfirmed date) | | Dec 17, 2025 | DugganUSA captures `discord.flawing.top` | OpenPhish → OTX → Meilisearch | | Dec 18, 2025 | DugganUSA captures `vercel.app` phishing | OpenPhish → OTX → Meilisearch | | Dec 19, 2025 | Patrick connects the dots at 11:45 PM | This blog post |
Weaponization Window: 38 days from disclosure to captured exploitation.
• Attackers were monitoring security disclosures (they read Daniel's gist)
• Infrastructure was pre-positioned (`.top` domain, Vercel abuse account)
• Campaigns were ready to deploy the moment they understood the attack surface
Pre-Cog Wordclouds: Why I Knew to Look
Earlier today, I told Claude: "I swear I watched all this happen in Pre-Cog wordclouds."
• OpenPhish
• ThreatFox (abuse.ch)
• AlienVault OTX
• Our own honeypot data
The data gets indexed into Meilisearch with full-text search. When I search for "discord phishing" or browse the wordclouds, patterns emerge. `flawing.top` showed up multiple times. `vercel.app` phishing showed up.
I didn't predict the Mintlify XSS. But I was watching the aftermath before I knew what I was watching.
• Security research: Find vulnerabilities, disclose responsibly, collect bounties
• Threat intelligence: Watch attackers read the same disclosures and catch them when they weaponize
Daniel earned ~$11,000 finding the bug. We're documenting the exploitation for free.
The Technical Receipts
Query 1: Discord Phishing ```bash curl "https://analytics.dugganusa.com/api/v1/search?q=discord.flawing" | jq '.data.totalHits' ``` **Result:** `101`
Query 2: Vercel Abuse ```bash curl "https://analytics.dugganusa.com/api/v1/search?q=openopenbox301.vercel.app" | jq '.data.hits | length' ``` **Result:** `20`
Query 3: Natural Language Search ```bash curl "https://analytics.dugganusa.com/api/v1/search/nl?q=Discord phishing documentation" ``` **Result:** Returns all IOCs mimicking Discord's blog/docs structure
What This Means for Defenders
If You're a Discord User Don't click links to `discord.*.top` or similar domains. Real Discord documentation lives at: - `discord.com/developers/docs` - `support.discord.com`
If You're Using Mintlify The XSS was patched, but the conceptual vulnerability remains: documentation platforms are trusted delivery vectors. Audit what static content your Mintlify instance can serve.
If You're Running Threat Intel Cross-reference disclosed vulnerabilities with downstream phishing campaigns. The attackers are reading the same security blogs you are.
If You're @hackermondev Your disclosure was solid. The bounty was earned. And now we have evidence that attackers weaponized the same attack surface 38 days later. That's how the ecosystem works - you close one door, they find an adjacent window.
Why We Publish This For Free
CrowdStrike Falcon Intelligence: $25,000/year for threat intel Recorded Future: $40,000/year Mandiant: $65,000/year
DugganUSA STIX Feed: $0/year
We have 59,000+ IOCs indexed and searchable. The Mintlify-related 121 IOCs are available right now at:
curl "https://analytics.dugganusa.com/api/v1/stix-feed"
Because hoarding threat intelligence while attackers are actively exploiting disclosed vulnerabilities is morally indefensible.
The Meta Point
Security research and threat intelligence are complementary. Daniel found the vulnerability and protected millions of users from the original attack vector. We caught the downstream exploitation and documented the IOCs.
The attacker ecosystem doesn't stop when you patch the vulnerability. They adapt. They build new infrastructure. They exploit the same conceptual attack surface with different implementations.
We're the people watching them do it. In real-time. And publishing the evidence for free.
Evidence Links
Original Disclosure: hackermondev/Mintlify XSS Gist
Our IOCs (Live Query): ```bash curl "https://analytics.dugganusa.com/api/v1/search?q=discord.flawing.top" curl "https://analytics.dugganusa.com/api/v1/search?q=vercel.app+phishing" ```
STIX Feed: `https://analytics.dugganusa.com/api/v1/stix-feed`
Dashboard: `https://analytics.dugganusa.com/v2#osint-orchestrator`
*We didn't predict the vulnerability. We caught the exploitation. That's threat intelligence.*
*This post contains 121 real IOCs captured between December 17-18, 2025. All data is queryable via our free API. Come at us with facts, not feelings.*
Get Free IOCs
Subscribe to our threat intelligence feeds for free, machine-readable IOCs:
AlienVault OTX: https://otx.alienvault.com/user/pduggusa
STIX 2.1 Feed: https://analytics.dugganusa.com/api/v1/stix-feed
Questions? [email protected]
Comments