ThreatFox IOC Database

You are viewing the ThreatFox database entry for domain thomphon.com.

Database Entry

Add tag Delete this IOC  Report False Positive Export IOC (JSON)    Export IOC (CSV)
IOC ID:1784017
IOC: thomphon.com
IOC Type :domain
Threat Type :payload_delivery
Malware: KongTuke
Malware alias:TAG-124, js.LandUpdate808
Confidence Level : Confidence level is elevated (75%)
Is compromised? : False
ASN:AS13335 CLOUDFLARENET
Country:- US
First seen:2026-04-11 07:06:15 UTC
Last seen:never
UUID:51c7b7a2-3522-11f1-9af6-42010aa4000a
Reporter Lenny_3BO
Reward 5 credits from ThreatFox
Tags:ClickFix Kongtuke msi

Avatar
Lenny_3BO
MSI delivery domain. update.msi (512KB, WiX, fake Microsoft Endpoint DLP). WebNic registrar. Registered 2026-04-10. Cloudflare-fronted