ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain www.nemzieo.info.

Database Entry

This IOC expired

This IOC is an old IOC and hence has expired on 2026-06-04 01:15:01 UTC. We therefore refrain from exporting it into our datasets. As a result, this database entry is purely informational and has no impact.

IOC ID:	1511048
IOC:	www.nemzieo.info
IOC Type :	domain
Threat Type :	payload_delivery
Malware:	FAKEUPDATES
Malware alias:	FakeUpdate, GhoLoader, SocGholish
Confidence Level :	Confidence level is high (100%)
Is compromised? :	False
ASN:	AS13335 CLOUDFLARENET
Country:	US
First seen:	2025-04-25 05:24:27 UTC
Last seen:	never
UUID:	95250a04-2152-11f0-adfc-42010aa4000a
Reporter	monitorsg
Reward	5 credits from ThreatFox
Tags:	CoreSecThree

monitorsg

hXXps://analytiwave[.]com/api/getUrl --> hXXps://goclouder[.]org/6a1F2b3C4d5E6f7A8b9C0d1E2f3A4b5/ --> hXXps://security.cludfgard[.]com/B6c4D1a9F8g3H7e5N6b5A9dE4f --> hXXps://security.cludfgard[.]com/wordpress --> hXXps://www.nemzieo[.]info/cloudflare.msi (payload)