{"report_id":"abbf1e60-5fbd-4db7-b3d0-ca52bc0af470","version":6,"status":"done","tags":[],"date":"2026-02-16T13:47:34Z","url":{"schema":"http","addr":"au-club.top","fqdn":"au-club.top","domain":"au-club.top","tld":"top"},"ip":{"addr":"154.89.152.9","port":0,"asn":984,"as":"OWS","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"au-club.top/","fqdn":"au-club.top","domain":"au-club.top","tld":"top"},"title":"Group Login · Secure PIN","dom":{"size":12185,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"b126b3816c321ae2636e76bb1eecc6fa","sha1":"3d482894603983d833fdccc848fb27a345c4daed","sha256":"35a70c6460d6d7c877d43a5893afbbdec797a32d346a77bf040acf3b74e3d7f3","sha512":"83d92ecf45c3e7fe27e476209fbe6e6ed868573f8d9c2a1051a2b98a39d315c3a3e958754fb8df1de836c2f2d48d34b7c1ffb08cd72fea38e514fb8a73dd7f5c","ssdeep":"192:OvyCVAvGfprVypLAcZZoHcIupDH44zjx+Zs8/wBa22QJOAHC3QpHchEu92:OvwvaoF/o8X1H4KjQZsOVacAHCApHc4","tlshash":"4b42c4e126b100397073c299b6e7d94d33ba8403941bda587ffc258d0fc2bdda666259","dom_hash":"domhash46db7f82e4aee5c04f44bbbd316fcb74","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"au-club.top","fqdn":"au-club.top","domain":"au-club.top","tld":"top"},"ip":{"addr":"154.89.152.9","port":0,"asn":984,"as":"OWS","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-23T13:47:34Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-16","alert":"Sinkholed","trigger":"au-club.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-16","alert":"Sinkholed","trigger":"au-club.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"au-club.top","ip":{"addr":"154.89.152.9","port":443,"asn":984,"as":"OWS","country":"Hong Kong","country_code":"HK"},"domain_registered":"2025-10-12","domain_rank":0,"first_seen":"2026-02-16T13:47:35.027049Z","last_seen":"2026-02-16T13:47:35.027049Z","alert_count":4,"request_count":2,"received_data":12995,"sent_data":909,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"au-club.top/","fqdn":"au-club.top","domain":"au-club.top","tld":"top"},"ip":{"addr":"154.89.152.9","port":443,"asn":984,"as":"OWS","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ed38447364c1764b37f45ff7cd91f74","sha1":"64a25b6482a54ca0754946f129b594f587b5f3eb","sha256":"a0a619f60ceea1870c2567d40430fb6ae70972332397e1810319f00124f43e39","sha512":"a69835fc7eb6378372e4eb69d71e51f70b9e4bd7e96b5c61329f96dee94c97565db6e1bd88ade3eadfcecb24cf611e3dedf6ac3527531797320ebb40f34c3705","ssdeep":"","tlshash":"417121eb76b7147942b3d02226eff019336b4416108ad5d8bfbc49480fd0715b2796aa","size":3577,"data":"","first_seen":"2026-02-16T13:47:38.317239Z","last_seen":"2026-02-16T13:48:44.592946Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"au-club.top/","fqdn":"au-club.top","domain":"au-club.top","tld":"top"},"ip":{"addr":"154.89.152.9","port":443,"asn":984,"as":"OWS","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-16T13:47:13.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"au-club.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Feb 2026 10:29:01 GMT","end":"Sun, 10 May 2026 10:29:00 GMT"},"fingerprint":{"sha1":"A3:65:03:E6:AC:F3:B1:6E:BD:52:DB:5D:AC:80:97:02:3E:20:29:44","sha256":"D3:20:76:60:7C:12:09:39:E3:13:13:B4:03:E8:DA:68:BE:11:5A:0A:88:4B:60:34:00:D5:14:BD:C8:80:57:CB"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: au-club.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 16 Feb 2026 13:47:13 GMT\r\ncontent-type: text/html\r\nlast-modified: Mon, 02 Feb 2026 08:59:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6980676a-2f9e\"\r\nexpires: Wed, 18 Mar 2026 13:47:13 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12190,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text","md5":"e333043d13c772c8d37f054e83bca3b5","sha1":"69cdc6538f1dc4072bf11986c906a86bbc6580c3","sha256":"04ff70f1acc48f645cf223d6a7d884e9fddef57553f3f9633470698b08804d16","sha512":"432602aed02e3a1b19713e99ef20bb4ad31b4e3bb7c016ac4b505df679c8333d7c192b7ad3ddaedfe68c95bb162476fda5697a536c133d7c0556565e6c297500","ssdeep":"192:FhvyCVAvGfprVypLAcZZoHcIupDH44zjx+Zs8/wBl2LXHOAHC3QpHchEu90D:FhvwvaoF/o8X1H4KjQZsOcUuAHCApHcY","tlshash":"fa42b4e126b100397073c299b6e7d94d33ba8403941bda587ffc218d0fd2bdda666259","first_seen":"2026-02-16T13:47:38.31371Z","last_seen":"2026-02-16T13:48:44.591835Z","times_seen":2,"resource_available":false,"data":null}},"time_used":1378,"timings":{"blocked":561,"dns":43,"connect":255,"send":0,"wait":255,"receive":0,"ssl":261},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-16","alert":"Sinkholed","trigger":"au-club.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-16","alert":"Sinkholed","trigger":"au-club.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"au-club.top/favicon.ico","fqdn":"au-club.top","domain":"au-club.top","tld":"top"},"ip":{"addr":"154.89.152.9","port":443,"asn":984,"as":"OWS","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://au-club.top/","date":"2026-02-16T13:47:14.220Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"au-club.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 09 Feb 2026 10:29:01 GMT","end":"Sun, 10 May 2026 10:29:00 GMT"},"fingerprint":{"sha1":"A3:65:03:E6:AC:F3:B1:6E:BD:52:DB:5D:AC:80:97:02:3E:20:29:44","sha256":"D3:20:76:60:7C:12:09:39:E3:13:13:B4:03:E8:DA:68:BE:11:5A:0A:88:4B:60:34:00:D5:14:BD:C8:80:57:CB"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: au-club.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://au-club.top/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\nserver: nginx\r\ndate: Mon, 16 Feb 2026 13:47:14 GMT\r\ncontent-type: text/html\r\ncontent-length: 146\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"8eec510e57f5f732fd2cce73df7b73ef","sha1":"3c0af39ecb3753c5fee3b53d063c7286019eac3b","sha256":"55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0","sha512":"73bbf698482132b5fd60a0b58926fddec9055f8095a53bc52714e211e9340c3419736ceafd6b279667810114d306bfccdcfcddf51c0b67fe9e3c73c54583e574","ssdeep":"","tlshash":"b7c02b2d35133c4cc563313423c37140c0d6833b687a41110400c00371cf2998ec3397","first_seen":"2023-03-07T12:05:15Z","last_seen":"2026-06-07T22:32:16.29856Z","times_seen":523756,"resource_available":true,"data":null}},"time_used":255,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":255,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-16","alert":"Sinkholed","trigger":"au-club.top","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-16","alert":"Sinkholed","trigger":"au-club.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}