git.99rst.org / stevenblack-hosts.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: 5039231)
Add axios supply chain attack C2 domains (sfrclak.com, callnrwise.com)
authorHomelabineer <redacted>
Tue, 31 Mar 2026 16:40:56 +0000 (11:40 -0500)
committerHomelabineer <redacted>
Tue, 31 Mar 2026 16:40:56 +0000 (11:40 -0500)
Closes #3098

These domains were used as C2 infrastructure in the axios npm supply
chain attack on March 31, 2026 (GHSA-fw8c-xr5c-95f9). Malicious
versions axios@1.14.1 and axios@0.30.4 were published via a hijacked
maintainer account, injecting a RAT that beacons to these domains.

References:
- https://github.com/advisories/GHSA-fw8c-xr5c-95f9
- https://socket.dev/blog/axios-npm-package-compromised

data/StevenBlack/hosts patch | blob | history

diff --git a/data/StevenBlack/hosts b/data/StevenBlack/hosts
index 46d333e00c996b5e785cd4b2708aceb60e0d7b18..3994faa24265667d6abb7737f303b3f594fb3715 100644 (file)
--- a/data/StevenBlack/hosts
+++ b/data/StevenBlack/hosts
@@ -3152,3 +3152,7 @@
 
 # Added March 29, 2026
 0.0.0.0 kra18.com
+
+# Added March 31, 2026
+0.0.0.0 sfrclak.com
+0.0.0.0 callnrwise.com
git clone https://git.99rst.org/PROJECT