mirror of
https://github.com/StevenBlack/hosts.git
synced 2026-07-01 02:36:52 +00:00
Closes #3098 These domains were used as C2 infrastructure in the axios npm supply chain attack on March 31, 2026 (GHSA-fw8c-xr5c-95f9). Malicious versions axios@1.14.1 and axios@0.30.4 were published via a hijacked maintainer account, injecting a RAT that beacons to these domains. References: - https://github.com/advisories/GHSA-fw8c-xr5c-95f9 - https://socket.dev/blog/axios-npm-package-compromised