| Sample | Type | Delivery Vector | Payload | |--------|------|------------------|---------| | ig69_202402.apk (found on VirusTotal) | Android Trojan | Drive‑by download → deceptive “free video” link | Collects device ID, contacts C2, displays intrusive ads, can download additional modules. | | IGAY69-Downloader.exe (detected in Windows sandbox) | Windows Downloader | Phishing email attachment (HTML/ZIP) referencing igay69.com | Pulls a second-stage ransomware (e.g., , Conti ) from a C2 at 185.53.179.27 . | | payload_2023.js (obfuscated) | JavaScript Exploit Kit | Embedded in the website’s ad‑network scripts | Attempts to exploit outdated Flash/Java (CVE‑2018‑4878) to execute arbitrary code. |
: The platform features a variety of adult content, including specialized categories and "magazines". It has a notable presence in Asian markets, with traffic patterns and filters suggesting a strong user base in Thailand and China. Technical Characteristics Anti-Adblock igay69%2Ccom
Due to its nature, security experts often recommend using tools like NordVPN and ad-blockers (such as AdGuard) when browsing to protect personal data and avoid intrusive pop-ups. igay69.com #195940 - AdguardTeam/AdguardFilters - GitHub | Sample | Type | Delivery Vector |