Comment by masklinn

It’s because curl and libcurl are used virtually everywhere, and clearly identified. This means in any problematic or malicious device or software, odds are good the first clearly identifiable thing you’ll find are references to curl.

Though the domain probably doesn’t help with the association. If you got hacked and the first clear string you find is “haxx.se” it’s not a big leap to interpret it as a taunt.