Report - email.mg2.substack.com/c/eJxUkDtuhTAURFeDuyD74g8uXKR5VbosABn7AlawQf68J3YfkTRJPZo5R-NsxfXIl1ky4tsLd3dEJN5wz0YxEjRMSa1BgNQEow37tGLCbCv6ydY_qVCKbIYBHTjjVjOg3DMBGrmTGri2SJeRkWCAgqRAGRWCg-iH3jk_u5EvYl7kwqTvk1fC27J3nMYV-tLmUq376t0RSSjTbXqbmJobkt1stZ6lG947eHTwKK8-t9TBw398to2cbZ7cEWNLoV4TJjvv6H-bZ5v34GwNR5qCN2oUiilNsin4vNKJFXM5-KA6Tteb98MvbfZHtCEZZ0sJWOzrwryvWzxJ_X9iK5jv4UHzYZR8lORp4DsAAP_

Report Overview

Visitedpublic

2026-03-12 08:57:26

Tags

Submit Tags

URL

email.mg2.substack.com/c/eJxUkDtuhTAURFeDuyD74g8uXKR5VbosABn7AlawQf68J3YfkTRJPZo5R-NsxfXIl1ky4tsLd3dEJN5wz0YxEjRMSa1BgNQEow37tGLCbCv6ydY_qVCKbIYBHTjjVjOg3DMBGrmTGri2SJeRkWCAgqRAGRWCg-iH3jk_u5EvYl7kwqTvk1fC27J3nMYV-tLmUq376t0RSSjTbXqbmJobkt1stZ6lG947eHTwKK8-t9TBw398to2cbZ7cEWNLoV4TJjvv6H-bZ5v34GwNR5qCN2oUiilNsin4vNKJFXM5-KA6Tteb98MvbfZHtCEZZ0sJWOzrwryvWzxJ_X9iK5jv4UHzYZR8lORp4DsAAP__1wt35g3f7wnrdghohp9xd2rh3m4p1xeyjziz

Finishing URL

acccount-center-password-and-security-vbcvcas.pages.dev/changepass

IP / ASN

65.9.46.11

Title

Change password

Suspicious - Suspicious Javascript code

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
sw.run	unknown	unknown	2025-12-17	2026-02-26	480 B	32 kB	104.21.60.61
api.db-ip.com	669398	2010-05-18	2017-01-30	2026-03-09	523 B	963 B	104.26.4.15
shorten.as	unknown	2025-07-11	2025-12-21	2026-03-07	484 B	32 kB	188.114.96.1
cdn.jsdelivr.net	1678	2012-05-16	2012-09-30	2026-03-08	471 B	18 kB	151.101.193.229
acccount-center-password-and-security-vbcvcas.pages.dev	unknown	2020-09-02	2026-03-12	2026-03-12	8.8 kB	884 kB	172.66.46.254
email.mg2.substack.com	434704	2010-04-27	2018-06-01	2026-01-23	889 B	31 kB	65.9.46.38

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2026-03-12 08:57:06	low	Client IP	172.66.46.254	ET INFO Observed Cloudflare Page Developer Domain (pages .dev in TLS SNI)
2026-03-12 08:57:07	low	Client IP	104.26.4.15	ET INFO Observed External IP Lookup Domain (db-ip .com) in TLS SNI

Threat Detection Systems

Detection System	Indicator	Verdict	Alert
YARAhub by abuse.ch	acccount-center-password-and-security-vbcvcas.pages.dev/_nuxt/DK5gxUVJ.js	malware	Detects file containing Telegram Bot API
OpenDNS	sw.run	phishing	Phishing Block
Hagezi Threat Feed	sw.run	malicious	Sinkholed
Quad9 DNS	sw.run	malicious	Sinkholed
DNS4EU	sw.run	malicious	Sinkholed
OpenDNS	shorten.as	phishing	Phishing Block
DNS4EU	shorten.as	malicious	Sinkholed

Telegram Bot detected (1)

URL

acccount-center-password-and-security-vbcvcas.pages.dev/_nuxt/DK5gxUVJ.js

IP / ASN

172.66.46.254

#13335 CLOUDFLARENET

Token

8466802255:AAH8uMBT6V_Yl4jD-WbkBujQU9GfYWWUCBM

Bot Overview

User ID8466802255

Usernametruosbot_BOt

First Nametruosbot

Last NameN/A

Chat Info

Chat ID-5008962109

Chat Typegroup

TitleData new +1

User Count6

Admins2

Pending Msgs1

JavaScript (9)

HTTP Transactions (21)

	URL	IP	Response	Size