Report Overview
Visitedpublic
2026-03-11 03:52:04
Tags
Submit Tags
URL
yyyyyyykjghfghjkjlhjnkjhgfhfjgkhghfg.com/
Finishing URL
yyyyyyykjghfghjkjlhjnkjhgfhfjgkhghfg.com/
IP / ASN
192.142.54.88
Title
The United States Social Security Administration | SSA
Suspicious - Suspicious Javascript code
Detections
urlquery
2
Network Intrusion Detection
2
Threat Detection Systems
6
Host Summary
| Host | Rank | Registered | First Seen | Last Seen | Sent | Received | IP | Fingerprints |
|---|---|---|---|---|---|---|---|---|
www.mediafire.com 1 alert(s) on this Host | 2190 | 2002-08-11 | 2012-05-22 | 2026-03-05 | 534 B | 8.6 kB |  104.17.148.83 |  |
download2279.mediafire.com 2 alert(s) on this Host | 5259825 | 2002-08-11 | 2020-08-19 | 2025-05-28 | 925 B | 7.7 kB |  199.91.155.20 | |
yyyyyyykjghfghjkjlhjnkjhgfhfjgkhghfg.com 8 alert(s) on this Host | unknown | unknown | No data | No data | 1.5 kB | 18 kB | 192.142.54.88 |  |
api.telegram.org | 206724 | 2003-12-15 | 2015-06-25 | 2026-03-06 | 586 B | 387 B |  149.154.166.110 |  |
Cloudflare (CDN)
Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.LiteSpeed (Web servers)
LiteSpeed is a high-scalability web server.Nginx:1.18.0 (Web servers, Reverse proxies)
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.Related reports
Network Intrusion Detection Systems
Suricata /w Emerging Threats Pro
| Timestamp | Severity | Source IP | Destination IP | Alert |
|---|---|---|---|---|
| low | Client IP | 149.154.166.110 | ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) | |
| low | Client IP | 149.154.166.110 | ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI) |
Threat Detection Systems
| Detection System | Indicator | Verdict | Alert |
|---|---|---|---|
| YARAhub by abuse.ch | yyyyyyykjghfghjkjlhjnkjhgfhfjgkhghfg.com/ | malware | Detects file containing Telegram Bot API |
| YARAhub by abuse.ch | download2279.mediafire.com/5rk46jmcwf8gfkAHCVQSHBQBI_ucpuxz7jmczzoW8cdp3QaTkejR2rhqKoGyGHBumdRADoThv5NHyMjjfLuUdSEIsTT8LiZSbkZpB5xOuo_LpYZ7d650j7OAgO7xESldC4I4FdiH-wbDnEYvb9nkUgQVKJgI8tqnQgxgmlnddxK0/jojq868tzjw1ry2/SSA_E-FILE.vbs | malware | Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen |
| DigiCert UltraDNS | www.mediafire.com | malicious | Sinkholed |
| DigiCert UltraDNS | download2279.mediafire.com | malicious | Sinkholed |
| Hagezi Threat Feed | yyyyyyykjghfghjkjlhjnkjhgfhfjgkhghfg.com | malicious | Sinkholed |
| DNS4EU | yyyyyyykjghfghjkjlhjnkjhgfhfjgkhghfg.com | malicious | Sinkholed |
JavaScript (2)
No JavaScripts
HTTP Transactions (6)
| URL | IP | Response | Size |
|---|