Report - batmazdefence.com/.word/yehm/amNvaGVuQHNsdXJwbWFpbC5uZXQ=

Report Overview

Visitedpublic

2025-08-02 22:37:22

Tags

microsoft phishing suspicious tycoon aitm

Submit Tags

URL

batmazdefence.com/.word/yehm/amNvaGVuQHNsdXJwbWFpbC5uZXQ=

Finishing URL

yym.ywnhwmard.es/xt93bcdq8g2je4?id=3e7461c9cc6c628582a-88f96426eb-5bdc192304-4c13f8c2074c4-0d04ad03dd65-d005e985eb2a254-d96b0ec8-7c3e8c98-3b183f03627-83a39390b-8d9e677b47-6ee92d3f185-9fd9a96f5-7afd54093b-01fd0f110a1d-37eba0c0d9db6cd132818ffb3

IP / ASN

Türkiye

78.135.82.55

#207326 HostLAB Bilisim Teknolojileri A.S.

Title

Login For Security

Phishing - Microsoft

Suspicious - Anti-debugging code

Phishing - Tycoon Phishing Kit

Detections

urlquery

4

Network Intrusion Detection

1

Threat Detection Systems

3

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
get.geojs.io	17418	2017-02-18	2017-03-30	2025-07-31	978 B	2.4 kB	104.26.1.100
ubj1fmmxwkf7msfoys2jozelwdetx1xnggxhthy5key81vzuwqyrhbr.iqepx.es	unknown	unknown	2025-08-02	2025-08-02	676 B	1.2 kB	104.21.95.138
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2025-07-30	447 B	5.5 kB	151.101.1.229
github.com	1423	2007-10-09	2016-07-13	2025-07-30	455 B	15 kB	140.82.121.4
ok4static.oktacdn.com	16592	2014-11-11	2018-06-15	2025-07-30	2.0 kB	268 kB	3.167.2.106
yym.ywnhwmard.es	unknown	unknown	2025-08-02	2025-08-02	43 kB	963 kB	188.114.96.1
batmazdefence.com	unknown	2023-06-06	2025-07-24	2025-08-01	525 B	544 B	78.135.82.55
code.jquery.com	634	2005-12-10	2012-05-21	2025-07-30	848 B	180 kB	151.101.66.137
release-assets.githubusercontent.com	unknown	2014-02-06	2025-05-11	2025-07-30	1.3 kB	11 kB	185.199.111.133
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-07-30	3.6 kB	264 kB	104.17.25.14
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-07-30	7.2 kB	600 kB	104.18.94.41

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-08-02 22:37:06	medium	Client IP	104.26.1.100	ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
Quad9 DNS	batmazdefence.com	malicious	Sinkholed
OpenPhish	batmazdefence.com	phishing	Phishing - Generic/Spear Phishing
Quad9 DNS	ubj1fmmxwkf7msfoys2jozelwdetx1xnggxhthy5key81vzuwqyrhbr.iqepx.es	malicious	Sinkholed

JavaScript (109)

	HASH	FROM	Size	First Seen	Last Seen
	086707e4369f60afedcafb16050a7618	DocumentWrite	39 B	2023-03-07	2025-08-31
Introduced by DocumentWrite First Seen 2023-03-07 Last Seen 2025-08-31 Times Seen 152855 Size 39 B (39 bytes) MD5 086707e4369f60afedcafb16050a7618 SHA1 8216b0cc6876cbd44f01c158e7dff3833ceccd41 SHA256 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Format Code Loading...

	5fa267cc94b91babc57fa21b8745eeaa	DocumentWrite	38 kB	2025-08-02	2025-08-02
Introduced by DocumentWrite First Seen 2025-08-02 Last Seen 2025-08-02 Times Seen 1 Size 38 kB (38213 bytes) MD5 5fa267cc94b91babc57fa21b8745eeaa SHA1 69277b804566084baec158ab6dda2bd46df29b04 SHA256 4cb4c5c6ba0960fb383432b6917a5b3f68b339a092b9e57faf816c25a1e07490 Format Code Loading...

	241697755890a9cefea17632e5fe9e03	DocumentWrite	7.1 kB	2025-08-02	2025-08-02
Introduced by DocumentWrite First Seen 2025-08-02 Last Seen 2025-08-02 Times Seen 1 Size 7.1 kB (7086 bytes) MD5 241697755890a9cefea17632e5fe9e03 SHA1 92c32d186cd667a58de78a01063de14ba96b9060 SHA256 8887e65c7882152b20e4f5d24a3389349acf3a5a5ac3fca93670f00e569e459c Format Code Loading...

	511cb5b6784b2249ed0523ccf2ac03ec	DocumentWrite	204 kB	2025-08-02	2025-08-02
Introduced by DocumentWrite First Seen 2025-08-02 Last Seen 2025-08-02 Times Seen 1 Size 204 kB (203952 bytes) MD5 511cb5b6784b2249ed0523ccf2ac03ec SHA1 aacfd7d3a34274dc68ba84096ae374a318573e74 SHA256 ddc414909bb5ce0fd9fffc0eeb772db360f0bd98ea1e28a4dc5279d66bfd6f54 Format Code Loading...

	d518c3ec3cfd41629edd6dce468796ff	DocumentWrite	107 kB	2025-08-02	2025-08-02
Introduced by DocumentWrite First Seen 2025-08-02 Last Seen 2025-08-02 Times Seen 1 Size 107 kB (106989 bytes) MD5 d518c3ec3cfd41629edd6dce468796ff SHA1 4b14f67394845700debf097c4ca881af429099a7 SHA256 d12f9093c435065882735b1ec15386aa107cd1c1b97e5a383b87948311fe4fba Format Code Loading...

HTTP Transactions (62)

	URL	IP	Response	Size