Files
hosts/data
Homelabineer ed4ca8687f Add axios supply chain attack C2 domains (sfrclak.com, callnrwise.com)
Closes #3098

These domains were used as C2 infrastructure in the axios npm supply
chain attack on March 31, 2026 (GHSA-fw8c-xr5c-95f9). Malicious
versions axios@1.14.1 and axios@0.30.4 were published via a hijacked
maintainer account, injecting a RAT that beacons to these domains.

References:
- https://github.com/advisories/GHSA-fw8c-xr5c-95f9
- https://socket.dev/blog/axios-npm-package-compromised
2026-03-31 11:40:56 -05:00
..
2026-01-08 10:19:54 -05:00