Add axios supply chain attack C2 domains (sfrclak.com, callnrwise.com)

Closes #3098

These domains were used as C2 infrastructure in the axios npm supply
chain attack on March 31, 2026 (GHSA-fw8c-xr5c-95f9). Malicious
versions axios@1.14.1 and axios@0.30.4 were published via a hijacked
maintainer account, injecting a RAT that beacons to these domains.

References:
- https://github.com/advisories/GHSA-fw8c-xr5c-95f9
- https://socket.dev/blog/axios-npm-package-compromised
This commit is contained in:
Homelabineer
2026-03-31 11:40:56 -05:00
parent 50392318f5
commit ed4ca8687f

View File

@@ -3152,3 +3152,7 @@
# Added March 29, 2026
0.0.0.0 kra18.com
# Added March 31, 2026
0.0.0.0 sfrclak.com
0.0.0.0 callnrwise.com