ClickFix Site Feed

Cursor-paginated, filterable, multi-sortable feed of ClickFix sites.

Recent Requests
Log in to see full request history
TimeStatusUser Agent
Retrieving recent requests…
LoadingLoading…
☢️

ClickFix is a social-engineering technique where malicious websites instruct visitors to paste clipboard content into a Run dialog or terminal, executing an infostealer or downloader payload. This feed tracks active ClickFix sites detected by automated scanning.

Required Permissions

clickfix_threat_feed

Response Limits

  • Rate limit: 50 requests per 10 seconds
  • Maximum items per page: 20 hosts
  • Maximum response time: 90 seconds

Body Params
string

Case-insensitive match over domain/url/pageTitle (regex-safe).

string

ISO date/datetime — timestamp >= dateFrom.

string

ISO date — timestamp <= dateTo (whole end day included).

boolean

Filter to malicious sites (opt-in).

boolean

Opt-in filter.

boolean

Opt-in filter.

boolean

Opt-in filter.

string

metadata.country exact match.

string
enum
Defaults to date

date = timestamp, domain = domain.

Allowed:
string
enum
Defaults to desc
Allowed:
string

Opaque keyset cursor from a previous response's pageInfo.nextCursor. Omit for the first page. Must match the sort/dir it was issued for (else 400).

integer
1 to 20
Defaults to 20

Rows per page. Clamped to [1, 20] — this feed returns full records including screenshot blobs, so pages are heavier than the C2 feed.

boolean
Defaults to false

When true, also compute pageInfo.total via a full count over the filter. Expensive — avoid unless needed.

Responses

500

Internal server error.

Language
Credentials
Header
LoadingLoading…
Response
Click Try It! to start a request and see the response here! Or choose an example:
application/json