Igay69. Om [2021] →

| Step | Action | Tools / Tips | |------|--------|--------------| | | Resolve the domain, record the IP, note any CNAME chains. | dig , nslookup , whois , dnsviz | | 2. Reputation Check | Query multiple threat‑intel feeds. | VirusTotal (URL & IP), AbuseIPDB, URLhaus, Spamhaus DBL, Cisco Talos, Hybrid Analysis | | 3. Sandbox Fetch | Retrieve the page in a detached, virtual environment (no network bridge to your main workstation). | Cuckoo Sandbox, REMnux, Any.run, FireEye Threat Analyst | | 4. Static Analysis | Download the HTML source, examine scripts, iframes, and external resources. Look for obfuscated JavaScript, base64 strings, or known malicious payload signatures. | wget --no-robots -O page.html , js-beautify , grep for suspicious patterns | | 5. Network Capture | While loading the page in the sandbox, capture all HTTP/HTTPS traffic. Identify any redirects to known malware domains, suspicious download URLs, or data exfiltration. | Wireshark, tcpdump , mitmproxy (with proper certificates) | | 6. Dynamic Behavior | Observe if the site triggers pop‑ups, downloads, or attempts to execute files. | Sandbox UI logs, process monitor (procmon), Sysmon events | | 7. Threat Intel Enrichment | Correlate observed IPs/URLs with open‑source intel platforms. | MISP, OTX, Passive DNS, Shodan/ZoomEye | | 8. Documentation | Record all findings (screenshots, logs, hash values) in a structured report. | Markdown/HTML report, CVE‑style layout, MITRE ATT&CK mapping if relevant |

1. Summary • Domain: igay69.om • Category: Adult / Potentially Unwanted Content • Observed Risk: High (malvertising, possible drive‑by exploits) igay69. om

Title: Threat Intel – igay69.om (Adult‑Content Site) | Step | Action | Tools / Tips