{"report_id":"b692a8a4-eeef-4f77-975e-c8995d35f60b","version":6,"status":"done","tags":[],"date":"2026-05-19T09:23:11Z","url":{"schema":"http","addr":"faceit.auth2fa-connect.com","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"172.67.217.131","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"title":"GO VERIFY YOURSELF","dom":{"size":344,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (344), with no line terminators","md5":"ced0b2b46b2c37478e7524b9a4b5d0ca","sha1":"6faa5d1dd2e169cfd2171ddad46eecb69bf7883c","sha256":"0ea22a6bd1f7c90fe955c7a950389ee26e7f2d044957803792b66cd5a3bdb371","sha512":"44197c0ef77472a23c40ac4b6ed49a1fd0f135bed5003753f455084b97e88a3f902535c78d068008165e127034edf1e4c71087d24c32d0dc8e047d7b6c53990e","ssdeep":"","tlshash":"87e026fa6d79c93474e4028a20f1e29c1aa076a0b711d74442d8dc3bde10fe34ca2988","dom_hash":"domhashfa92bf49a0529f3ae8099507699ba65b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"faceit.auth2fa-connect.com","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"172.67.217.131","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-23T09:23:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"faceit.auth2fa-connect.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":72,"request_count":36,"received_data":4419228,"sent_data":17386,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/js/jquery-3.7.1.min.js","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87533,"data":"","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-05-19T12:14:19.853139Z","times_seen":158548,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d626812a1ebcd5b4842098bd49fd3d00","sha1":"8b64223d08e137eaf9a2f6bf13055ff7a6197823","sha256":"7503526668d935086aa63c87037eddd8c1d0747d9fa027f780e05629917800b5","sha512":"7c96446682e81f8d612ed82b469ba7466d97c6a4207b4083a5b97242ded16446a596093bc4eb1bd7ab4aa150eef7fc42719c4ecb09800d0904845a141c2e53a0","ssdeep":"","tlshash":"34d02e200112243a01bbc34ecb8bafc1328a008b404a9400382c8d4b3fc44a3e4a86c0","size":269,"data":"","first_seen":"2025-09-25T16:31:51.218639Z","last_seen":"2026-05-19T09:24:58.628295Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"0aed906c5a018ab4f3ac072002482101","sha1":"dd20955673bb605ebda7bb78e7ffb145b6ac0799","sha256":"3dd36c03bbced57d7df5ab8fce698b2b125a927623b2b01778c213dd7051009e","sha512":"b51b43b72047affa508d54439836a49f86f93cd24717b381ba4204a83e62a09c980f5278aad901f2489aa04d222eb66806337a6ecc69127c0b1b686fc3f93966","ssdeep":"","tlshash":"e7d02375397d853071d9014a60b5d39426f135907711d74481dccc3fee11de304f155c","size":217,"data":"","first_seen":"2026-05-19T09:23:17.341527Z","last_seen":"2026-05-19T09:23:17.341527Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2ddaef8c775618b743a3147abecbef03","sha1":"8733489d221f502d1363c055dac8b09b598640fb","sha256":"199267f911ec953ab8a1c7e37a600dd33d6774375ff25ac4a5ec9f7055c7468e","sha512":"3cebe5fe841243dcca70507a89e5d82972bb1008cbdb8f621cbcfdd77a6ebd0b64f67d89679bde14a9512def4986fc61eb444f782a42f9d31937397a4769b7bb","ssdeep":"","tlshash":"20e08625c7011537827785f57f46bead5560034f12048559789c45541f9ac2959d0cf5","size":357,"data":"","first_seen":"2025-09-25T16:31:51.220522Z","last_seen":"2026-05-19T09:24:58.629574Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8264d4dfcf1150dc5da56369eeb34ad2","sha1":"1843d59ee14bb903222649cdbf419da388910e52","sha256":"f7aac8b60f08fbd197c1f709dddb1d627d2c5b1cf52f3ec5524869eeac312e16","sha512":"11a14a1a9fd507bb5d8d725b6b11bb635a0a767b7580be64f7364928136cdb7f6bca9ec775f16917dd733d50e50d06949cc21dc2a5141adb7c27eafe253fa7d2","ssdeep":"","tlshash":"c3d022670234113006bb4197319b9ac168e218e7d220ec0939fc8acc1fafca202b45db","size":269,"data":"","first_seen":"2025-09-25T16:31:51.222385Z","last_seen":"2026-05-19T09:24:58.63259Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e717fbfec81c6ab6409dedebb368ad61","sha1":"14664578d0256c41b09bd00d6d3ab4b98abd2c1c","sha256":"329a9c61a7047a9144d18ca053bcee9f581dc43434d1a8ac60f6b3822c7ae606","sha512":"66e3db4089af8c5c1ba726b45bf86d83e84107716f2224d078c9fc073230406f4ebe526e3ca046b6680d467d211a7f073b11083719b66ecd82903d50f7f22066","ssdeep":"","tlshash":"e9f0e226a23a297a01a752be2f8186832130000b42448a0c3ebd96743fdcd1f2de16e7","size":574,"data":"","first_seen":"2025-09-25T16:31:51.224429Z","last_seen":"2026-05-19T09:24:58.63394Z","times_seen":13,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"cdb46bbebb4b438cbd7c4ffca8fccf56","sha1":"f250351f9ec9cb21291f5c003e7da5e8c72f5ed8","sha256":"2926e10c188a80668c2f28c1ac1b1237a2f52059b7ab5f4170c2a24b7bf7859b","sha512":"928d2bf76aeca503a40744bbb05befe493adcdeb14d99cba922c91708598089d9b4a4d33f6c91883901b39295476b8b6f1a6eed6f708232d916e24307a809b26","ssdeep":"","tlshash":"8711c0753b2a5634d5c6818b317ee7a93e7260617a029184c26ccc299d18e9714efcbe","size":902,"data":"","first_seen":"2026-05-19T09:23:17.347331Z","last_seen":"2026-05-19T09:23:17.347331Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/js/jquery-ui.min.js","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1e2047978946a1d271356d0b557a84a3","sha1":"5f29a324c8affb1fdb26ad4564b1e044372beed2","sha256":"9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd","sha512":"e7ba19fef5bc00d32347f290e817bdbfffbf87a6eaf7f9777f439ceef9faa8cab286f3ddd5cbca051596a73bb44289de226aabd929263b8312a94f91a47a26dd","ssdeep":"3072:eDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAV:uNdIVWjNS9cdzAV","tlshash":"8944f84d72403a3295dfa265103b2a0ba237955da601809cb43ccedf9e7ce4571bbfb9","size":255084,"data":"","first_seen":"2023-03-07T18:39:57Z","last_seen":"2026-05-19T13:01:42.001354Z","times_seen":28174,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5c0a29d3c3df4096927f4713ef35c416","sha1":"5dd4b93696ebb0dba2b8621c6fab7b0b959eee60","sha256":"fedd35c9b778d1d9234276421ae85acbfbe7ec76babb66524460bce216a117e5","sha512":"7afc9da3d69489d756e0b153efad7106139fe898059514f72665cb706d9d51be15a359edaa616b8fe8bbbc011a82cbd355c6bafbd9dd898c347acac18a0c23e4","ssdeep":"384:ipFaDTjzb/Qqz1vV7ITk21fJhcBPdFFucjaCBe09OqNInscIuEEBkH3JSRGj0GY5:ipFqjIOITrRyhFucjl4mIns/uEEBK3or","tlshash":"82b2c7ee76cb702a823e7478202774d622e9ec84eb0d55d5e600ec64bcad35d4359bac","size":23885,"data":"","first_seen":"2026-05-19T08:35:05.821133Z","last_seen":"2026-05-19T09:26:48.857243Z","times_seen":7,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/css/jquery-ui.css","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /css/jquery-ui.css HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:26 GMT\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e3pemc1xvWRA8KbuyOz2X72xRhfbTzh%2FCNr3PvPzZtQLvoai4jp7d1jARvSNawXvM%2B1bWSJMr7rnWCh7hnJsR%2BbdDkN7JGUce5BXWDSiZ77sZr6c09DBd3B%2B8%2BjPjoxd1bqU4L9Zy2Df%2BYio9w%3D%3D\"}]}\r\netag: W/\"69dff3fa-8c85\"\r\ncontent-encoding: br\r\ncf-ray: 9fe20a0b4a31569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35973,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2363)","md5":"c4a88ec0cb998929a670c0c58d7dc526","sha1":"03135a88e8dbc36020dd453d1e7407ce9a3a2cc2","sha256":"44f8a56d427917b5fa0dd7933ba545679be5e6b3b93099e64a4e29c2159f57c0","sha512":"fd0d6c06abcd661796db2bc071c2a2bbfc5cfe8d80b434b68cd068cc312a03ff0c93f21c1fce77c2bc03486a80765ee317239639c79f2edc03777918a36efa1f","ssdeep":"192:10OW02ANbMb6l2n+brGtUQnSMfps3+eYQY+h572hk//r8Y5Y6BjSmMErEURHllPb:xMb/+vaW1e07/PiF5fy/EzDS25qb","tlshash":"10f20c316b432919ba1bd1a425a11bf7e32e1342ee1b6e7f609a345cc3d54e0c0bf5b4","first_seen":"2023-04-05T11:18:23Z","last_seen":"2026-05-19T10:25:43.637544Z","times_seen":9258,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/825e783f7fae/main.js?","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/825e783f7fae/main.js? HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9fe20a0e3d74569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23885,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"ASCII text, with very long lines (23885), with no line terminators","md5":"5c0a29d3c3df4096927f4713ef35c416","sha1":"5dd4b93696ebb0dba2b8621c6fab7b0b959eee60","sha256":"fedd35c9b778d1d9234276421ae85acbfbe7ec76babb66524460bce216a117e5","sha512":"7afc9da3d69489d756e0b153efad7106139fe898059514f72665cb706d9d51be15a359edaa616b8fe8bbbc011a82cbd355c6bafbd9dd898c347acac18a0c23e4","ssdeep":"384:ipFaDTjzb/Qqz1vV7ITk21fJhcBPdFFucjaCBe09OqNInscIuEEBkH3JSRGj0GY5:ipFqjIOITrRyhFucjl4mIns/uEEBK3or","tlshash":"82b2c7ee76cb702a823e7478202774d622e9ec84eb0d55d5e600ec64bcad35d4359bac","first_seen":"2026-05-19T08:35:05.821133Z","last_seen":"2026-05-19T09:26:48.857243Z","times_seen":7,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/2.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.256Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/2.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 43611\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:19 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3f3-aa5b\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7qaWIvpY41i0QCWb1LFpgGwkMr5T5jD6DxnNrwCreFrqetEmDiia%2FEFjOmXd4Odt5cOgWYgO1%2FDW0RK4gM4fevb%2FbbCh3BYQQiONz4jOtZkRpaXtbVr2%2FruLZCnBj%2F8%2BX00Pg5dFNF%2FDAWABHQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b5a51569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43611,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 750, 8-bit colormap, non-interlaced","md5":"3b1f9d993727a4725fd71722dece106f","sha1":"9d35c6f70ef2937c357dd4a90df5aa42bdf26e0f","sha256":"131db747bbb5e6f57f8301a3fe9b805b73006923479db53311650ea0c74d9e67","sha512":"7d75e39f2fd3ded23f0f51dc4446ea7a250c127e202dc83eb41c83f45859249fd113e6781282d7d357e780bff4700b22f91a5c920953973a28b48a7bce5fbe58","ssdeep":"768:rfkH94I6XIyXPe1O5Ms7gvRJAazHkUAlA3higqtSLSD6O27rOpl:rfkHL64yfeYKs7MAazHqA3zqULwr27ra","tlshash":"4713e14a29740d85e64e4b7620e1112a2b634d835ae3a0153dee3c4bfff18af8f515f2","first_seen":"2025-08-04T02:14:22.544263Z","last_seen":"2026-05-19T10:25:43.622149Z","times_seen":54,"resource_available":false,"data":null}},"time_used":182,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/3.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/3.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 64425\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:19 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3f3-fba9\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pjbqsvQqkKeexiajcQTFCGUM1yLgJqpNRYNChzFFL5jYpZBrJphg6iNsw6p4k42%2BPxDdUI4zaXpVOGz01Gj8UENn0YxCFvmjbcYjM%2FsuDRyn5OihqzsSaFsrN9G8CI3Lxl7BHX%2FTz9qXzi0kdA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b6a52569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":64425,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 750, 8-bit colormap, non-interlaced","md5":"52d9b9a3719911d6ef69def159dcbf29","sha1":"5f196e3fd93f5c3f9e76d22c7cc58ab2e5cec9a5","sha256":"72026f31c08a3db779d72065bc9578949abf311f3c9cf9628bd4c45f30786880","sha512":"191f280010c400faed826bf825674b791d9617d62f8023418172ea58b681c6d0f5010f8133f309336b1622910bc97590e73f76554a7dec3735441a5cfb8d7e57","ssdeep":"1536:dMXt4FgcSylEWag7RGTHt5NNhxuMNxZHRyVBz2K:2XS+cZlggQNXNWoxZQx","tlshash":"3b53014a9d64a2c2f148da32256938f62d2716cbccc487c6ff6d9e43af012bdc16d791","first_seen":"2025-08-04T02:14:22.602842Z","last_seen":"2026-05-19T10:25:43.613747Z","times_seen":56,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":74,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/css/style.css","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /css/style.css HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:24 GMT\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BTChjMphxm0MY%2FruFnwmysOx2v17R78bBzgAyBxBkyylIIcQIrrZM5cTEyStct0t8lNrZ8qxZ3P7aStR6B18FFEydV8Uq8Heb0%2FVSA1IcE0X0s1PEZeaovrnJJBritmVreCUg3KvjHzs%2FTs77w%3D%3D\"}]}\r\netag: W/\"69dff3f8-785b\"\r\ncontent-encoding: br\r\ncf-ray: 9fe20a0b4a2f569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30811,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"966f6875a2d850f5630684b35581627b","sha1":"99c2c0be90615ce68e693928a823f540cbdc7438","sha256":"d0a3b2ee41168a6d397cf326efaa809f56f55b64077265ab09cff3d526066515","sha512":"2cc52a634f2c464dd0f2be35202e71c4e981cc3003a3e5cd620e4f3090183e57f2a3dbe7febb0e60b8747d4cb30fdf0048e3ee17e91d005a4424439fda76df32","ssdeep":"384:d+Exov6J5AD28fLXbh05DqbUjceSG9tm3c:d+Exq6wDQDqytD","tlshash":"d4d256cda6133141d233c6ba7fa31219eeb640234b1121987afd91549fbd07a5292fef","first_seen":"2025-08-04T05:50:45.302585Z","last_seen":"2026-05-19T09:24:58.590392Z","times_seen":14,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/Padlock-3.1.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.264Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/Padlock-3.1.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 170739\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:57 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3dd-29af3\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HroymKTakDW5oMdSHr1VQ3Zu9TLBMv0zbPTWy81sQpLTcYXe6K5n6WVh4PI1X2eWRnqFuMxcHCBynecSOe7zaeAMYdaV78Oo%2Fk3%2FpSHQe8MX7d97dCL8RSpksiIUhUQOwfX6rjUFI8aaWjnq6g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b6a5e569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":170739,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1142 x 1142, 8-bit colormap, non-interlaced","md5":"1dd67cb4f0e66592c10d7108ac62a715","sha1":"82768ea86b40508c4c1b9fd0f4d4b5f1761c434c","sha256":"5c670c807c5a739a64badf59f2e99a5baa9be315851d190346d6392bbeda5499","sha512":"eddf158a95b70a6c6a366471f7adef220852f9f56a1f3c774f8be8c21f75713927a14abffad0d11a31ca3380601c4274b4404c8590e18300e02f8d8747b08693","ssdeep":"3072:oDxfgDuh6WNtkvdP2LBy5x0fPF/vo1F6s+Mi72odDd8vR:oDmO6WNOFPUBSx05wDeMS2odZ6R","tlshash":"a6f312df886fff841006ea3ac989b83db582ab8d27f32a85050d175dc9953e75053b43","first_seen":"2025-08-04T05:50:45.28331Z","last_seen":"2026-05-19T09:25:05.414216Z","times_seen":53,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":72,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/twitch.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/twitch.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 223\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:41 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3cd-df\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=che3Z7a%2F2TRyztSHDL5oRHGoR2IL1shMoEFW8O6AmQu7w%2Bm5YN65MI8NW0mmcp2hTpCjB%2BovhwSQ6LnxMxorXMQPgIItTpst2jz9eetQbg4wTg8WHXNGpLMWv%2BrWO5sYfZTSG6EcP19zFN2dwg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b7a76569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":223,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"5e0dfe53175829af58d212bf9e9b61f5","sha1":"3d0df2d64cde694220ddf9eb05307627c766538b","sha256":"6b2b83e2af00bd4db335105a5d719fa209bf9a77276f6b8053467b4f0e288146","sha512":"5081efdf7f4ef721c808daac305f70048815a46d3c10695912c0d04f2033bf52a89bd2aa2f2f63d79f52c979f85ff1d154f930da3280a33261cda7822dab3888","ssdeep":"","tlshash":"21d0a7db56858a6f906cd23b60160d4459e36e94886375159161b8f4242da9461c2e52","first_seen":"2025-08-04T05:50:45.300228Z","last_seen":"2026-05-19T10:25:43.631847Z","times_seen":54,"resource_available":false,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-length: 0\r\nlocation: /cdn-cgi/challenge-platform/h/g/scripts/jsd/825e783f7fae/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9fe20a0e1d4a569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23885,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-19T12:11:11.754429Z","times_seen":15436892,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/fav.ico","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/fav.ico HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nCookie: cf_clearance=RH0mrsI2dgxicJa.hkl9PRdX.9LRyGyfUlj_wfQMODQ-1779182568-1.2.1.1-GRBk7kehp_I38YGnAoAfZvWqXrfS54ZXGI.LWwmMap4RNK6.Ad7aiRCNJPBy7DjFZB3DyqalOrLhDJ2XAvaZcVX11indmHxrxi9eRJeMyloN_GMFYzqxMY4RGCFr9fUBKG_u.AEOLyOKBfpy_PHlnSXoo4vptgD4P_qyjthFZMK03L9EusY9ChYJ.82xRjXAKc81EbuOHT.ay.zi_YE9WIYjtodmv4hHNWK4rff_YAUwz9JKRIUiLe5dEbsCkZc18aElMis4xRbTEZ1aiJWxPPp0USFYEIeLVLV_GR63jJ90b.DU0Nyvg4f3RebvU9AHsP4HPjVOZlSTtcRJb7wwUA\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/x-icon\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:14 GMT\r\npriority: u=6,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FvvzPLWWpmUYaE44PIDIkuNyuNMUYVkF%2FdJF0yI6nT6Uz5Ao%2B%2BGRRTE40dBCQfzt%2FD5P3QECs34Gd5twqJ5npcJlQ6KupbuiKNkRCYtqdslvlkzwx%2BmUoP%2F1bUqeNlPajPvySZvxJKgi42VcPA%3D%3D\"}]}\r\netag: W/\"69dff3ee-1536\"\r\ncontent-encoding: br\r\ncf-ray: 9fe20a0f8f85569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5430,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"72511b91a78d0f1e5a511be2cf4ba618","sha1":"ee7ae8abd759837303da4be58f45aee2e41c5683","sha256":"202b9ba61e36a6fd6c22a2598ec8405a65871480cb4a994509465fe1a2886e70","sha512":"9885e038a21d27ad16301da70a39e43079f20e275e6c75f764b4af4953a2444639e180016974b5e86e0c3f35c5e102f8fbb22f7c5268138216dd7c68c57cdd2e","ssdeep":"96:yZZU1xFFFFs+xdaahhhhhhhSjOxFFFF4:yZZU1xFFFFpvsjOxFFFF4","tlshash":"0bb106f95237b878c3e406793ec5bdfd2e294bc1fc24042476902e673995b2a1cb305a","first_seen":"2025-04-15T19:20:51.410266Z","last_seen":"2026-05-19T10:25:43.638751Z","times_seen":62,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":118,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/js/jquery-3.7.1.min.js","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /js/jquery-3.7.1.min.js HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:37 GMT\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=h%2BLR21XyT6QfViFSeENqEc%2BYzueAZMy6Vqs5nW%2FW0giSxHrJvYhzLjX8fuGDGT%2BuOLE%2FclNnE5baT9a9%2FLdF2Gz7iuwWAyvboPo0Fqe2JjNNbNVyIVgM%2FvPGPUAEBm%2BDu7%2BwulYvMRK8I6unzQ%3D%3D\"}]}\r\netag: W/\"69dff3c9-155ed\"\r\ncontent-encoding: br\r\ncf-ray: 9fe20a0b4a34569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87533,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"2c872dbe60f4ba70fb85356113d8b35e","sha1":"ee48592d1fff952fcf06ce0b666ed4785493afdc","sha256":"fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a","sha512":"bf6089ed4698cb8270a8b0c8ad9508ff886a7a842278e98064d5c1790ca3a36d5d69d9f047ef196882554fc104da2c88eb5395f1ee8cf0f3f6ff8869408350fe","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr","tlshash":"3983f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-08-31T16:03:19Z","last_seen":"2026-05-19T12:14:19.853139Z","times_seen":158548,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":39,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/favicon-footer.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/favicon-footer.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 9723\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:14 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3ee-25fb\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=86Tf3Qs5%2FKPqQL9RQjwcrc4Q%2FXUqqvfr3MDfuU8mN4nBSeSirsOJEvoueh0B6mJO3hbcy%2BV100HD8cDZjMJYnJZQeLcrPY5DLiBHwoI5LLaSU9aDacBs49T8b0TQyiNTA1ydtOlGD9sXbnAXNg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b7a69569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9723,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"fe49c10cfdc493be66542cae7f3e6f59","sha1":"c23e199cae62af8dc6e4526d220ac73204cda2f5","sha256":"04fbe4d4ab574583d9d5d40a1ad3fe53530e171be139548cf185ebeb28becfee","sha512":"299cb25d3f66a289c92d0dd75c65edd27c5d3f90f16f6e1d926eeaa7a3cfd1c838d5f6620eff3644f1f6cfb2de17c2849aa6937b933b4c9ed1af43c8e85d5e6c","ssdeep":"192:9zRD7W+lojtj3OFUDLq2CmzxHlc1vGtX/EbBcbq3bxiQ9KkuZjWufRE:xRD7W+lodfDnrxHlcBGtXsb9bxluVE","tlshash":"f8129eb322f5e4e41c43a6b5d2956b9fe92751438af032b0f5091a6e85c9eac4377340","first_seen":"2025-01-05T22:57:12.227124Z","last_seen":"2026-05-19T10:25:43.625345Z","times_seen":57,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/img-lok-1.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/img-lok-1.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 159228\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:59 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3df-26dfc\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vWyt8jZVjP79KPITXC%2BFz6a5aLLqCFiF%2FFBlDsmvkgvolqq9Gj%2F1PiimnTCdu8Wc%2FpB1FH4WIyVUAdIDMacxDgSEd8Wy5hq%2FTXKQ2hZGVHbTm9fhsXnr%2BnwXnVunNN1srq6k2AYAfO7re66qDw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b6a59569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":159228,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1142 x 1142, 8-bit colormap, non-interlaced","md5":"9547f79adfa3f6c9167ca4a1dcd80290","sha1":"e9e2ff9d768a1d2fb9349487239003903984ac94","sha256":"4ea0773c28c7bd66e1481b5190c79ebb87805d16966d41b39cd662d3384ed1e4","sha512":"04a9c4257275688bbc21b30162b1981c451337da466a1cbf8dec93d09028be72cd3adf1de30fdcddf8b87ebdf6634054d6898cf8a182f644a003f4659ac654a7","ssdeep":"3072:PXrp8Nb48fVffGr3sQEDDRhz59OaqTu/G97E6T9dUdCZSDHk:PbuNbLff+srDR2u/Y7E6T2CgDHk","tlshash":"42f312ddee711a39ea120735e056d7e93d014b2877778a5b7a4eabbdb05850c320073b","first_seen":"2025-08-04T05:50:45.28983Z","last_seen":"2026-05-19T09:25:05.394633Z","times_seen":53,"resource_available":false,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/image-89.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/image-89.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 110334\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:02 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3e2-1aefe\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=l7xWjEMgMcC%2FXR8TmMnLFnPrl7p%2FFioBSW5t%2Faj3oBy%2Bxabr9X%2BcfdplAkJ1QNRABhLnpqgdLipIWlZN7%2BeSftGpzvpEF3d5NOUlOQjqrN9nZv6zSChrCX2Q%2B7zE%2BZgmL3N7t6rFRnB0wDZC2Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b7a63569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":110334,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 623 x 415, 8-bit/color RGBA, non-interlaced","md5":"1079936c60f64c5da31c6d847e49b0dc","sha1":"259e15fba1b6720e7acab7b5fb0b051f3fe4db53","sha256":"e810944925f9d3fff2ba4753407d0a1efc80ca84de73e84f92f8fa4777919423","sha512":"8b0a8dd3239831f683faa25c5ed24308fcffb2c984b05bc66a0ff1c5f7f37fd466abc48c838a12a4a666b6a281d7e29996fd42ecfaa043137eca467504b5c268","ssdeep":"3072:ApTseiX8iwgWNm/CDxK5Za9bPJ+LQaEV7vHHzFc:8eX8iwgWaCDqI9bPg1o7Jc","tlshash":"e7b312de760801af503f5bec8f78505b6a4ab7c53b40e00fac45613eda4eaa70969773","first_seen":"2025-08-04T05:50:45.275988Z","last_seen":"2026-05-19T10:25:43.635905Z","times_seen":54,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":145,"receive":89,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/Hero-Footer-Badges.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.268Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/Hero-Footer-Badges.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 344296\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:05 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3e5-540e8\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dIihyhpcXclVM8aqt9A%2F04g%2FJrkdOLv2LBQlvnoXiTTgcWoyv4X%2B8cArTBZpKem%2B1rz1Gg2ZDg1dH9DOE2EqRoVQnho93ijpVEV77Vl9rHHmOT0tRY3icbm7J5j83q%2FwJs669d%2BRXaugc64gJg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b7a67569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":344296,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1024 x 472, 8-bit/color RGBA, non-interlaced","md5":"a65ce645fdc6ad465a53ca3bfd8b00cc","sha1":"4c76f00f3e15f9045bf7272542c9a575c544f5bd","sha256":"f29e6b5e08748a405e244b0cf15814346f31b72e133c8efc1d5aee0a0dcc9dda","sha512":"9efbaed9aabecbcbc2c6eaec806b8fa66562aff6ba74b6141608177f040d499e406bd0286f6c7565e2d342746a695969ad48f351364d5126ee9aea53aad99d85","ssdeep":"6144:mx63o1BPH6kOzFGaXouVWGTLE+B/qQhzzKfJzIrT30oy7vpCx:m6QPyz5ZRv12ogoyLUx","tlshash":"4c74236894d2b71418493f25c3825d42a87151cee9d7fb58a573fdeada810cee7e8f00","first_seen":"2025-08-04T05:50:45.279463Z","last_seen":"2026-05-19T09:25:05.4181Z","times_seen":43,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":170,"receive":95,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/section-main-bg.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/section-main-bg.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 886631\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:51 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3d7-d8767\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BnoIqJgvt8COk2RzxeeHXpGgCiVjei9OqWNe4%2FXI1e4Z9dFczbICwvjb6TLL3qpzhwIAjfskkYDiaIGQErDehcnI2XYxSJ7SfdqNNoF%2B42ufPAgc8I5bTbephYdc6lGBZB8rIiFYPCcx%2FMgV1g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0d9cb9569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":886631,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2560 x 1715, 8-bit colormap, non-interlaced","md5":"da71280b849b9a45f8330bc9e47068b6","sha1":"26efd7f9fd345951e33797171dd6086f51dda5b0","sha256":"f8994a13a1059cc0fcbe42a96a53baa258510351a7426407403c58471ef36d62","sha512":"9edcf3a647fa70b71bf9dc1d76b914f581eb48f704e1acb60fcc67c52e27801a113725698bc957ef19dc30e110cf65868fdf9a644b4da35fc8b8ef0e1f31570b","ssdeep":"24576:aeQekcUrO5nXPY8e2f1PjDD0dBlTt6p+zEgV9waSxBp:s9wXg8eWj30dB0YEgUaGp","tlshash":"1c1523c09df87caad5a78b78a36c739d84c8320a452d6880311f536ee7a7d73179d271","first_seen":"2025-01-05T22:57:12.150607Z","last_seen":"2026-05-19T09:25:05.401938Z","times_seen":62,"resource_available":false,"data":null}},"time_used":296,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":143,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/4.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/4.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 141580\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:18 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3f2-2290c\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JQC00ajQsvBSJfqszG5u5TLQchjhyOXfhgYX%2BE1k2mOk3SizbrYbg9E0hMX%2FqaoGXktNnB%2BzWF65ji69Flj%2BWX7cIPLe8isGX2qk%2F6SlWHfDGR1C8A48hw6C9QIpbZeJFV090jntFxvbUdFcqw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b6a53569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":141580,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 750, 8-bit colormap, non-interlaced","md5":"74940a5d07388158fe38d2cf2d5f6fef","sha1":"36a34693221a9f2eab159a84e29229ba0f41ad8f","sha256":"8f7225a19bcf1c008088be111789156f69a5df3862336a66c7b63b92e2bef6c8","sha512":"e6f54b567b50a336325fc04ad0885c9d7c3386668886803bdcc6b3bf3953a539cb8739620f26bd54818bafe077cdc12afaf7da641b99728eb00008505c2fd21a","ssdeep":"3072:dKyj3nzQagP6rq5q/CQCRfG9UD0rr1osiSw+vyKKowgc9h+:93ncagP6rqZNGCAr2rS/6KLwz9g","tlshash":"20d312430772d332b2d69704aadc35192e10ae7918ddc6bc5b06d2c3fb60bdc6c65a6d","first_seen":"2025-08-04T02:14:22.610402Z","last_seen":"2026-05-19T10:25:43.618389Z","times_seen":56,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/players.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.260Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/players.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 242652\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:53 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3d9-3b3dc\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BDm%2FSWozRWSmtFN18tsgC%2ByuRqadZ7ke0KIkTmNr%2BmJbUpvFSnbZqzlWcULQwqwi89XDLPLQIgQsMpCAH3dYNdu%2BXnYhE8kntRJm%2F9huy2vGXAGG47Ndw1r7WAh9RpyzFZ0J4XzZVq5ZxDXlfg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b6a56569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":242652,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1020 x 778, 8-bit colormap, non-interlaced","md5":"516b2ecdc268b171e65d7f9499450bac","sha1":"3a1a5762a1515ddcb4dd05fd41cc4bd4ecd7f7eb","sha256":"1e4b7408604c813bb0a9297844579f2c44f750f96547805d7ef49b089880f8cf","sha512":"a95905f89ea1fc55186607d5f180b31dfe884aa633f86a82d464d1baf88d461b9f50fc908d96f78b4276f267d4795bf176f16202bcc06c831673b9e20072205b","ssdeep":"6144:mRuE0wKuPxD1IWLYmIgHjfUOYAQVp4pBl:oud+PEUYmXHjvXapI","tlshash":"a3342315832ef685ae9dc0e85c41b8dddbe14dc43d9caa1e3135b65a0236243cfddaac","first_seen":"2025-08-04T05:50:45.305775Z","last_seen":"2026-05-19T09:25:05.431866Z","times_seen":53,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":102,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/font/Play-Bold.ttf","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.586Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /font/Play-Bold.ttf HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/css/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 214392\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:23 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3f7-34578\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=D89DC6TEebqShyFZb1JRHKcplUvJh2Sc4wFwJmBvWbd1XZXgwXrAP%2FpuWOk4dFnLVb%2FkMKiqRQDxc68b%2BPwGX7%2Fe0qsAofeicSQPZSjfDIiNQcFtMUN1sBJGouze5EPig97WNa%2FS%2FLtVOOPjMw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0dbce1569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":214392,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 18 tables, 1st \"FFTM\", 26 names, Macintosh","md5":"3fd68d00f407b74752d3cc00b30d7b67","sha1":"03d54a8302aea486f8eea785f8b4014f477378d6","sha256":"96365fee2e462288b62968f664e14f722a7cdca04f038945170cb5733701efcb","sha512":"85724a1a2dcb3e7e88d089d527a248ad6b4f01aa90cf333f4921e1da73fc61e55f1396ea6bb822aeeb493c3b2761381980541d11aee69a9bfed52032b4a6666b","ssdeep":"6144:ETkQHlVyp8wrkmn8lh3cHIydFnW20SuMeFYYcMzbLVtXLpY8bX3zy5TTZlniHrdT:EzlVyp8wrkplh3cHIyFnW20SulyYcMzT","tlshash":"52246b4b7f5fd702da261e75196d1313a7e1f922ab4a578ba4093bb8dcd30d81c026cb","first_seen":"2025-04-15T19:20:51.406103Z","last_seen":"2026-05-19T09:25:05.429395Z","times_seen":50,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":70,"receive":87,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/font/Play-Regular.ttf","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /font/Play-Regular.ttf HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/css/style.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 204444\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:22 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3f6-31e9c\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rJ%2FZsmVSc6csP4dXjsGuJv3lWRRpwKCB%2FRtuLpz%2FaQJMcrjVxTY2WUl9JkzvkqzsoLWLHZlf1apo8uL8IauACoTQMAZmn1LGARkYohPD7L9XPB%2B7t03tp1EAJwFimC7YkTgUmZMW0Jyd083ulQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0dacca569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":204444,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, 18 tables, 1st \"FFTM\", 26 names, Macintosh","md5":"020f4a111af892154e2a4e8b7f05490f","sha1":"29fccdb03e5e51dfca47fa122cfbfb0e69ad8067","sha256":"007480125bc6c623d1be1f6c93cfe6872b00cce9218aadffbe7e0a7e3daf8950","sha512":"df9a9af5751f3f2fcc82413eab48b31e43b3c34995bb7adb57e4d3b3e56767adc00a4e1e5a9fc295ab43de0b961817c37b7988157aa7099efa17b6f3b78451d8","ssdeep":"6144:MkNfD6gQpSx0DJTzCysgVixtqIAKSNsLS3NnevrCpxtVgTziBZ+2g7k:hfD3QptTzBsgVixoBKSNsG3NnevrCpxj","tlshash":"ba147d0b7b5ee305da120e75196d0367a3e1f922eb4b974be5453a68ece30d81c426cf","first_seen":"2025-04-15T19:20:51.405093Z","last_seen":"2026-05-19T09:25:05.422883Z","times_seen":46,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":140,"receive":70,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/menu.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/menu.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 457\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:57 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3dd-1c9\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=38p9bB2kqnmDNqSfTGRdlXKdygtyAL%2FvOnm9GVNPzAST3htNhFSOvvVkzwoIjPjnoTkwmX0SFvEG8xvEM%2FEdPfMUNznhRfadTpGdgRSCNgBz3m0vMVDjdKzW1AiSAVfUkWgKBfo05ov32RHsPA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b5a3a569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":457,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"a799da96b72503b9e2ccd0b6ddc22bc6","sha1":"dafde6c34017a627288ff8fbdb22dfa3c9ee6ee0","sha256":"26c2ff5d5796cbd473b403b394f1088e25f8510abdd9401f6f5d6e47f1e7c9e4","sha512":"4c58b9801eb0ff561c4b00d4eb5191faf21a1d2b3363c480f88f1f9f5ba37e43fed058f6643aaf7ec54140c643949faa1255d68c3f3da38fea305c735ba00d51","ssdeep":"","tlshash":"ebf023c38a11d9d2e4030723076b012378bbc9c291af2a3cf754d0480a2c7dd8e32361","first_seen":"2025-04-15T19:20:51.432634Z","last_seen":"2026-05-19T09:25:05.391238Z","times_seen":62,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/inst.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.272Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/inst.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 345\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:58 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3de-159\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wU219OONhnarfQdbH%2BgDGKCLzX6N3cKiy5ID0gzwWMs0s6Ng%2Foof7SI0wuMu2sc8qxnp5RB3FieCb7P5wsQgdipeTdmoX9zn2cAS2MimzyX1CCX8pd7eoF1Ks77Ldwlc3SJIkXe7SfmwPc84jA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b7a75569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":345,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced","md5":"5ee082bb4534fbc6b341279378fb72b8","sha1":"30c9e24461d8baf87b540534d5e6ca39326a75b7","sha256":"156b40c57497b4cf64d1d6e6a05e56a568b4935636a6ca873246fec7166a21d0","sha512":"b16b4bfd7cba2812431fbe71ef95f43026d4cd9e2f4e318d59c851c7698996c022548f47b1ed150d2b371027a09ba0613a3a4f77e141f68a8f3ae5c0ab54d4c8","ssdeep":"","tlshash":"92e0c6ce5348097bf64db862603f12228cb303ba02098a8bd048e12876466a5856b4e2","first_seen":"2025-08-04T05:50:45.285514Z","last_seen":"2026-05-19T10:25:43.616442Z","times_seen":54,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/player.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.251Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/player.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 189290\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:55 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3db-2e36a\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NrKiAYCa0JhYtVpIVeMQEOPlP9j0ebkfCzZYm0u1erprTfi3nq7CK5h1EiEY9crCgjVOrr9VLK%2FvBlcVha80AkaMMS2%2BW7qs6YRE1D5QiwH%2FttVz8QE%2BtMqsop7FBPBiliKe9%2FK1lmb1Ox3a4g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b5a49569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":189290,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 350 x 415, 8-bit/color RGBA, non-interlaced","md5":"37b0afe78fee66ba4f6f107f4e3b682b","sha1":"40187d9a1d0a12f17f6cb91ac183c07f9b0b479b","sha256":"5b5ee354effd393c9dc23fbfa68bc1621738cef36bde227ab40ff4ea8e4b9251","sha512":"0e7455f366812d045a75d6ec332574be5bd6f99290176f0416d381427357dd89445cc4ce02c4817540d81f991b0594c8218890327df25d420358a8ee0a809844","ssdeep":"3072:Y9Tgu2G4dn6Lo5iTZcONfIwFrb1NwTl3/EYNQSB5LPELqisDeCJVfD+fi:ov4xlwTZcON3wx38KDEjsD1","tlshash":"9d0413f4c87ee14e1bb6dab1e7e78a6a88114fc5175e46424beef932c24b2805146cf1","first_seen":"2025-01-05T22:57:12.12258Z","last_seen":"2026-05-19T10:25:43.63086Z","times_seen":76,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/twitter.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/twitter.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 845\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:40 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3cc-34d\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UJCC1L55NNC2Waji5le6h0GSIsMdkHPXC%2FKYxmDTQ4JTWwalOKnjMhoPqOqkbM4Vvc%2FBQRdRKcoqWRi%2BiPqBgHyEhIQcZDK2xJFUEnnGC47xkdz6wpnboh7sS%2Bfou7hndweE9N19WxZi0x5Iag%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b7a73569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":845,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"7b192a8454a8bf550da2f1d70bafe43e","sha1":"8cf2587f41b26b545444281a0597b3518663deb0","sha256":"a5e887f3cab99de5e6dde6e0b71f932a6c7c8d32b90cc951cb52fc26e5d2de9c","sha512":"fa00c602cb3000aebd116313f48f4d22c60989fdf6901bc1c8c614a4aa1058482bfbfbdcaaeaef1723caa6ae9d95095a1af872ec2e44ac607cbb5da08efb39cc","ssdeep":"","tlshash":"340196b955b53ef5e08045234b5e45ef92ead7024970600c4da895b207274244362ba0","first_seen":"2025-08-04T05:50:45.284425Z","last_seen":"2026-05-19T10:25:43.615427Z","times_seen":54,"resource_available":false,"data":null}},"time_used":113,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/verif-stars.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.249Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/verif-stars.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 261826\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:40 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3cc-3fec2\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WjY5ZL%2FojMI9nznw8aoOJIaYoN%2BBfeIU5jyMeVRcUxOO0Rnb97lHf2cruNgu4MmxNTcbsjkg%2BaYNGFLcC7eAfefvrdZSzlcMgCsORA9k6Wq1r3PWfdqYVkV0jYkdwTiUnZinbrfPJ8i19Cs7Dw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b5a3f569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":261826,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1800 x 830, 8-bit colormap, non-interlaced","md5":"b315cde9b8714a92b3e181bb71056cd3","sha1":"b7902edb831374d78eb8d12be379658bfe7f5eed","sha256":"e488f2d40d280c97da8c08e9080e17e21d4a6b8c17f25fda6cb0a45f609392c5","sha512":"e639078cfe915d9f746e52647fba107da6a2eac4eea5cb158800e40652523507d5db7d49400e39ab60dd67c21f0ee02aba22956987be030ebf17ac59e22bd9ca","ssdeep":"6144:9gPuDxB3Qel47/ejvQGkEHjIQ5TaJyGVmw7MvHGZz3x:WPOHdlvQG3kQ5Ta5MvmZzB","tlshash":"82442336053181bba7f0f8d089f8ed5ac07421a5b6273f407b2b967a35d50992ad0e7d","first_seen":"2025-08-04T05:50:45.277773Z","last_seen":"2026-05-19T10:25:43.612994Z","times_seen":54,"resource_available":false,"data":null}},"time_used":239,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":109,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/down-arrow.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.255Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/down-arrow.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 390\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:15 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3ef-186\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JZGSIthLyELUpaAy4biw7kjjFgQx4qAY6CT8pRss10BzdkiIExV5CDg5fPwvkjfQeiv43BojLe02Q2AGUamQLLhU4hSpIIzKp55fFVOwHpIl%2FfTwnlagwMWsk9tcU6SA8GwnW%2FCTw%2BwFspA48w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b5a4f569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":390,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"38119c48d069b72bc7dca826fa26e510","sha1":"f794a0a3fd38850354b4b7210da59cfe3f5211ca","sha256":"c73580fe1bf2daff4f00c04a86d2da738c9f6259da1ae2d2795a220e4ad12a28","sha512":"a3fa50328ed4b3a5938f500d571ae830d8a9043d18a2c818e65a3cb945045cf7f1811dfc11b8517c4e61ac161f2e9c0babf428516b3619c34506b1497fa74664","ssdeep":"","tlshash":"10e0f1caf342a4e5e33827390f1f02f0a91f1f4817150033640388b4b06371958ca9b5","first_seen":"2025-08-04T05:50:45.293001Z","last_seen":"2026-05-19T10:25:43.641047Z","times_seen":54,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/logo.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/logo.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 1908\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:58 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3de-774\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ReYFh%2BpKfzCokdskYLjlMdFLlOWRBqcofWfmAHp6Cgd02Ub%2ByX2qr6zXG7knh7%2BvFP7LoptD91%2BnJtur%2F8mW3KgfE25LaCM0p7rJziP5hnDpEWNmU7lbSHgXOFwt7R8J6BobGa%2BKGLlsdn544Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b5a39569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1908,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 350 x 51, 8-bit/color RGBA, non-interlaced","md5":"1d087f4b49d571becb05138581b37557","sha1":"815a2b1b704a09ed1cbe88ec2c7cb4ad7126fcc4","sha256":"e8c3b6b052600f0206205b802e8d6774da926f2b6cffd38a164ddac1714c5d3a","sha512":"ecbd6053b79a1171bade56a39aa5fc068ff0601fe6f20a26d5b406e1200c482f566c6aaaf29d650f5a5ff9fca5f24eda4dfad0a0624048f96ef6fcd81e534de8","ssdeep":"","tlshash":"99411bea5fa1167ec0cef39d0706f968312e967b200140977a57c6175172c7bd8e6560","first_seen":"2025-01-05T22:57:12.125142Z","last_seen":"2026-05-19T10:25:43.635052Z","times_seen":85,"resource_available":false,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/x.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/x.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 531\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:38 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3ca-213\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rcSrk%2BQo%2FJWZjdnjsvTQPck2GdKz%2B9js2Hy6vnPgCKieODUS8nwFGURQcPSQVSmUvhEeGMvqyBvn4tcCf7OJsTh89C0JSTDgSEqxFdaDZU2QepzvWVsyyo9GzBmBQk5P%2BZlmBDEuXslkPxPptA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b5a3d569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":531,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"1724756d52613b74ed25743a875cb5a3","sha1":"a5036859985c49e8fbd04f5ec941a59b31444253","sha256":"4cdb9c5b06498749f661774cc98014f3c80a2ff80df70ad174b5aafa92f9404b","sha512":"448425ce53cff9703e478b3bca8510136eb1ded3a107bdb6c0bd6699586269c7ea6123c888877435d188bbac07020c854a6b692dfa17eb8568ad0aee9ebd464e","ssdeep":"","tlshash":"e1f020c2c3b820d4c606265b2a1a0213fc72868e043b0f3c93adf90a9908e849114e80","first_seen":"2025-08-04T05:50:45.274156Z","last_seen":"2026-05-19T09:25:05.430625Z","times_seen":51,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":109,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/DaonLogo.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/DaonLogo.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 14177\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:15 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3ef-3761\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oP3gc7V8ie8QwEwGgx5q5YZlghUwTpaOdhrrZ6TQoVI28Ry3DJhjSCDXfrmoxCLEjRXZkuZSKLIwQIZ4Fvu5DctbhX8wP8c3MpBms4esslRwQ8X%2FzLNhdX9CwQ8ZhqL8RHi0va5moV5nbEWSwA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b6a5b569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14177,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 786 x 250, 8-bit/color RGBA, non-interlaced","md5":"63f50cfead0a68b69ebc53eb8f72306d","sha1":"b0ba2c2d346741494384565ee0d9bfadb5e83e6f","sha256":"ebc72ec3c1b16dea4f741f3b029c1c0fed50081d65b3ef754292bcb4571afed0","sha512":"1111fa8f3c483b5f7fa609781c5406488b065c3e8a04c96f7e79a1ae75b64116bb0f5d6a7e73eb37df15d7899ce2a19d611de815946fcb5da70fcbd73291607d","ssdeep":"384:MxppPeDafNP3OUgUeUw6OVIyGdpMn3uSZ0qyFgdvXJNvdZVb:MRZ33g1UOGqn3uS14g5JjZ1","tlshash":"d352c0397b24c025ccd9614c8eb514f7e281a9cccdfb682bd2bcfd55af1941096e4b86","first_seen":"2025-08-04T05:50:45.29552Z","last_seen":"2026-05-19T10:25:43.623076Z","times_seen":54,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":144,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/youtube.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.276Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/youtube.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 612\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:38 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3ca-264\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=htamJ%2FZgAGM%2BMdTHu2WwwNeQyPL662S8lwN8v5TSi5APn%2FRPvy6p0aI0MR%2FCDCTAsbn%2BQV2u1P6ord50%2BVqUcweaXezjx4zDvgPgfk2TudgMw2Qo4krJqaDADwaGrFGUO1VxpojfRh8Y1Vcx1w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b8a79569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":612,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"608dd386d5f3ab4f1bab06fbabfa8491","sha1":"97508178a6930ef3c088b70d56120dfb8806860c","sha256":"b4be1d600bb4510f31b3bfa25b5dcee342309082517bc439fed214ad1e28d189","sha512":"e073db35350f3d33028c6a4ec05b393d1844f0bc7b01702b6c5084b592a5d2669c22b6a1e2a515165ab934a748bc52d9814a1ce7d162ef874357159ce0f768ca","ssdeep":"","tlshash":"49f062fe0290002bd22f5eb2a6cf071ed9fb80a50912006082eeeb28e14e40a46d5a5b","first_seen":"2025-08-04T05:50:45.298428Z","last_seen":"2026-05-19T09:25:05.397387Z","times_seen":53,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/1.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.252Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/1.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 61455\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:20 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3f4-f00f\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dnf57JwlZragIhC4mgq9W2tr6XETtuJ3qVn%2FdZ17Gosq3EmPE47LkPnEHJ5mbYuXz5Hb5r7U41qopNgtO3EaoWfVRxDCsbAiA2%2B9FjjZqG7cmI9Xi%2B69K9X1rKvYXsAmn4k4qBH4MsT0PoWWLg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b5a4b569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":61455,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 750 x 750, 8-bit colormap, non-interlaced","md5":"e32a856ffbbfb56536d50b76a150b092","sha1":"44025a425d7246a71d86e90348e9741985d47793","sha256":"06725c1a1a900904128250cb95712bc8144d133a9937249aaf4a911bd54764e8","sha512":"2ba39462c9fda261a9ada31d7c9416fcbddde269890f3c4b0a4b3d94ba9b77cbc237849de32fe12b4a1a6271bafdd7b1d9be3e413216be1cc7b9209234a20e2f","ssdeep":"1536:rPOPYKf0LmpsXDc/7AQgP9h1Z8BsZG4Uha2O:v4sXwVgP9LMY","tlshash":"bf53f1b8b6414895cc6f82f25b8204ad09b3cc88d7f1419a7e9fb9180fb99ef15c7680","first_seen":"2025-08-04T02:14:22.595782Z","last_seen":"2026-05-19T10:25:43.63314Z","times_seen":56,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/825e783f7fae/0.9828335528669454:1779178007:1vPRlbirOcrikDFc_gvRY9kH-xPS_1LBAfcXByjeSRY/9fe20a091d0e5a0f","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.827Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/g/jsd/oneshot/825e783f7fae/0.9828335528669454:1779178007:1vPRlbirOcrikDFc_gvRY9kH-xPS_1LBAfcXByjeSRY/9fe20a091d0e5a0f HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12180\r\nOrigin: https://faceit.auth2fa-connect.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":12180,"data":"HXTwt9q6IU1cc8aAuXqUqvuztuHIuHwq+qZETuow8+15uOKLLsYPb+1vTDau1wLNPuC6hw1ZuEC$qnP6gWaYauLdaBauINfPuq9wqQuKL+qCUTEXoDtWKZTqxrKQgltxXwuR7hTXPoXfRXKm4suuH6$EnUfIuDP8q6F4Psy1ww8x$4RnE5g97fZj7P$uNUPW4wUevuqFBzlUI$CIVIcHyhuqzJwuhu8ROp$qSWm+KR8dDVYToXRB5mTIwVuqN6wugEDkWS2vaSwu-2OvJ5RSIuuFBjCuf8uq2gpwM81E7u12Djk8C0Sv7suuS6owrnE67BgJlrnXHPuEr$+lJonuup8-I78YI+EE+Ec+PuaeAusk7yPuTnI$rQj2WRPqFr88$SlJT1bmFbOfgp8yRMuzTCSXKbTBA$yS0gIALdwwIIFjBV7-uIWJjt9vjero$2j-PG96CvDCZECVRtfky4Pq76Ewu1UEO5TmIfLLaZQuqNd6njztm+jqRt1FGrfOlSjJsk4rBvvGZFGuptfTmWJe56xv3Xw215GHcxe8Rx7K8KhbTKWBxyNC1NwKa4cEnZ$DxlsXyK81FKv$lKwzG5lI5Hx-0Tk0fLJ-$DJcU-GHU-Zq$l4wljdhvo15SnEWaFfk6UjEdEf7lq-0PbjPsfJ4gnBBmUaSX4N-Ig63owVnYgVJEv46go-jSVw9jFjGwZhXwHuF+uFZoafwJu-tcqaB9Aj9OmqKHOVoDybnhBUNpnyj7lH9YAwEJu70c9gf7nyGtYcZtddTPa18pAu1YCW9e9tIjtP7uCH79wlSABuD932qw1+boD1XL-AUwNd-ZLHn5TXNwNl9kGjIAXnxpuQkKuTxu4k6DqUt7a9xT+anI1+9jjHPtuIt$71QZ8wkQH$9k6UPFCoHPTow8c+w9ITKfdSTgqwt7+w$B4jTKjuUC$YPX97sWa9fpuu7VpTRnuwapFae9blypTJw1puGnovUPel8WJ94ZPa92bWHkH2P6veALDuCIThq2pTzEM6WVF9WxMPtU88ymgwP0C1HXxXLSmeSZPQ1XI9xuSfLavFsIy5tWxfjvUWq0qWxN7oPSsE1kEr8jD9a9yH$Joum7v5bI$JwLEarxwOPblxbRV$nFyF1d6HuIZQ1qvugfBgIGtIgwS1RLTbuf27sC$XnGZA3nawCH1cgj9$hIbgStq7cPaITY+R9cL43IR3kPTwSkHHy4H01EUP+u$l7hgKLPDSHF$DKE81+qFZk+n9skGr81t9tG0XDfMqL7IhUTIQ9U7pc5HO31KUkUHtq4wfwISpUwqEzyMT6RjeO$+IbbEsowUPL7fkUJnT9AxwprRmCvvAcL7D97yq++H98$9bE7fb+qf$McDJO$Twepum7m+MDIeQPPf-G$a9RKMaoXw1SqmGuWE36+awwy+UeOZdTuIX8mqXuz7ucUTb2I0wymp8+U7ppMuM230fYkX0OIftgDuw$TH9pL493xXA-LOqh5-dohQTeohym4EA9Byb8H6J4wL4yMxTIyS6H3lVspcPzsjnKTV-thGVawJ7o13MMhaw8urVgu6+Fqunurs6$R1Fqw8$p-Tqr4ld3xmOYHPe14aDuxRwdqTqlNpqusw4qo16Wa7up6PTB7d-51xK$W+z2cBL1tSzuuJO$UPOWCu18EZypw7c41ygTp$WoaoBWzPCQFZUSoo1MkNwaLYp2gNyT+6hN$Tw4kRuylw1Zc9G+jPGUP6P4Iwkpg8qO6$$EpJd9DQ+s$gqBAhbc94P3gfOb6E0pT27+L6ODg66FbKxoeWO$IPBTL1RRkK16WEL+fP0IY0$bIq8yj4I7g9JjWZek8jEgBAx1Dpj9w1uEI$bLJjPqWgGDP6mSIqncTQuUF9tc6d$SG+RTmFP7IO1uIsgvQk8wab$I2JEQupOEIIsIjKY28wob9+Rcu0uPz8$In8YLffjkZFGlm+w9wqlKIB1kWwTo1TYkOlOFGDuCw5bJqlgB1R8AFjBwUPwofRXBtvNR0wO7MlmgvrprKdfsRwpfZ5F8Qqyj115KTsX-xBOFTuHL98EuSTm9AEA7kJfERTSxkuQ54cWDaL6OR5WZNMkXyfe19IxnrTmzwkf+cAsPGwWA9n0v-sCLZawv+E0NnU4$GLsNTRJBTD-aukmk0B+yhT$eD9RRFLjwuFQc9BhHBmCZek+8FAym-whzHISazCpdqvIkmga4ktB65q+skFCWk9vQmwSJRoWKtEAWP4B5-TqoypTL4g80nD8HLavMrJM6nIqcJNdj$fwE-sT5je-wC2pvLISj1ge$tS+$hlB2TD+GPk3mDqpGLTkmNbLZk+ZU8e4m4Yk2GculcLb9hfUcKpBG4uvSmKTqPJoCdxAelwFFHHTwfAYW6vHaBHSabWJT+WCtvrjKOrWgAoSYFaYAt+rKzumRWYBlBwW-LtmkTRY$XPOz+EP7ug4eArA$I98ZJ$kZhUEyHHlvTWSff5p5v-EumF5GTyvnSA9Ff$eO0TKYk+t9xoB0MQOOP8v9H2KDFqW65AWELa6AbEpcKWU7qtpAHU5QDuMyZkubpgvgc7ulh$pDYWaoz1R1994m77u2yIAXKuIXsFe+fOXPTAT$tM5RzfQFeFrjDK6N2YCJH$tBRu8E+Jdgbjuvf4T3bfGqD9rNV-J+HjfUIA+OGxq$BlBZGW7q3v++QTv8m3bnODbaAfc+0fPgNfIYCWJGfDIDrNw6-5u$hqMG8zrqmo+wO8891YXWpOjfpPqoEnQ9LY56DBwqATfSW8cuRM7hu9tRFAJ99TLoW6pHDIqTg8WdNtBfbg2FH$enDz0GvbelAW$3N7Ymm5SoEr6v8qq9T2Jezo94L5vWICTqlEx1+UE1aZvGBHvMz7kX2p05chgmsjF1jBwSH+gm0eh8rJeuYUUGP9oZWquG5HAm3KcZc75wrTYOqj-nozz1IHe$fqcbyxz+8RoukpWB3cn$-omZZNe+EEXs1yjht-B9MNhdy5ZzS+BN8h8fI40ce+enUUlQt1kvu8p-oAwcb$gsJatRdlc0GdPfaTvxEqso$axL2jpSXa7VLMPV48N9qvYA+Nw2tZWR9F7CWkg8oE+6u2VtY-KtMb$IEXNMJzIcJT7MImEOIGeloWMvFncfZz+a6IyNXC5EMHtShvKb$fqqH-KnSnuz60nT2N6BomtuvUC8HSpSjQGzfARDaJfTHSrPzefoGm-GYRDv+qLJd0aKLksUXaBmooJIhhsvL9naoEcBuNmkttstqNk5BPUA0TTWY3O8UORuYrWqB+RYyq2l$PAjZAy+j$q1BSmQa946CqD7cdBEGmn0ee-35q4SzLw+oqVlHmopXHZxd0btLPgB8TKXZ0UafEV5rKJ1UPybwNx22AxezL5jM0SyOnexM0w2gMdy+Ad88mmptqQ+9qqSMtF7wk2wWPpeI2yfhUgeAnq1zT3zd-7zQLd$GTO-xXTntzhOG+510G2tw$$OEIcP7XGG0A9dQtKIcfhmcuY$5AIOQwxNe+ta6N4BoaFezwGNCzRqT$eIEqP9jzqktOT+F+1uxJS7husIXzXJE8FLH+49P+w8ZfnNMJnjEOEm7fkInPFCDTMIJ7SNkGw+MIsqgXHjhfpTPtPb1XToYIcq6XfOmdcOA9GOGmcLEu+AjeYXYkYXO18u5Cf13qPof-4GFa-mTBeuII6Cqf68kOGzXz+pIpGGPbQay8Tpe+BLnNka-bQIzTCqaPH+pWsPrmNdmJEGAo2aGTjj$d7Lqfv$7-W9FO6Pvw7a$n1t6ImjZ+0Xy70d+XkBMm-fSeTdGBsAKtcCTwGXtGodFtkdZaDprzoXAbuBvbR8OC8Ie8ToeNWeLnfpLdoaxps+t8vOUjNuyC6I8InWzLLWJN8zQoD83p2O38w1cLGneT$NjBynFp9X583jzws1yN7j4T3BsqO+kbVG-dZGY$4qhd2dfmsXbT6AOjYLPACuC-vNCaSP$wcq7+yCNNod7eewUB08kA1uBIUXX8azyuNJ2XcjOBZaObQqWJPl++oBF$IT5IgdJjL7BXo+$wZGnJZ+OIK17tuOT8kdNkqdclVL6tPo2JZNCmWIAqV8sapIuKC+HkRqDWqPojnJoaCdc7l1UIe1XGsJoa-m6PHjE$lW-mgt$wlWWLSdOGIROzWLzCjqw84PPpG74dFfIK9l8IEur$s8IX$wSpj1jnuB6tMzII6t6T47QJjKHPWbBquo9CqNvJ9wNC61UIs1QLUtuBIAdo-k88MoSBj+$Nzd6udXcfnNjmPR4l7tjnqqub$nq-4ed9aj8IP-KunP91cerqtzqlR1M8SdEuDzuoMGEGFaWe6Th1E1-JhWnPYSERCJflnpummKeR$NM161y1aR0J4m9pIKzAx7RNunffb+sIl+wofdc$wGqSwuW7B10CQRzBZWkeCaRRjjkRYP7-BO6Im-cA1u+t$wzNfKzL71EXgdjf2SLBAKTSW1sqakfPglPAIJ-bB+LbzTH+8d2amR2-yzIehLVqnzAO91QRjSuv+b$9nbwWTw2Npq+SELu98uVa7mFuA8U88Jurm8a-wWuvyncuz9cPQpuFgXhXyrffMpD$reFlwXxSz7xR$-tRv9R7purmjObkv1UPvw-N6LK8xbvC0PCkOSPFxX$vdWdeJz0CZBcdd811GFyq41pIplOeURtGw-kkUCwl9W-GhPka2PjkMpBvtux$j81fjpp$x$Cl8Aw1jwyq47Yrup-BcuhdGruXFeCby1CK+RFTlaYa+$CerXH7t$ZEAbMWmlJeT9NCI+lWFJ1PNlkLEbOeLKZJwzT95j4qZPadFfTaMuhIO1K1F-YN8OYOgaquGpMS$-DkprgkuALN2A6atCrmQrY+5T3Pub3vbeW1yzX17a$TJET91X$KBtKIbp38$9r7af7BvbNeZN3vNm5RfBW9R9q16qUNBqA8NBG7nN1r2Oj9OuN7XN7f1b7LWqEqAvwatRoApGfqkCZAZG7K9XNNuKKaXuaFSPdARRgCVqWu7Tmj8q2bNmn+auHucI6EmPQv8mojQJLI4rwlQI0dBlfrOTGrtpuFWtQRw+Nv6S4vyGAkf1TRZExGnXYGNEU07pOP1zc5J$bLSmROM8OfIu1+orhKlFP9JGnpn9bdpI$xjOkqDz7FatHJGKoPM8Fee9SqBOUFPto$FTRx9EcR3kHF8NAGhe1mokw5qfau3jjuLPhNQAYd8Ila+CDFDaOFfbZxDpaRp5EeunntMdnSISrEx7jBXBJCcERFjBfvzpvX7abJeqpuOSE018kau8GNy191kIt1hFWqEfzEVEv9KzgAvwElF7k7pRPvZNWuNpUvxWA7cuCbOTlSdeZznIwzwz8u98Flddoln85qkbZdZAQGs1kv4LUj3$rKtvv+YmXOUSybMWn+1TMGqNaWWINAwzrBv8A5GXXxjSXRTEazHzfI7ryqcJlq-afRG7XvKlhBjen$PRYxY5sImroO2CGOV-p1GmZy2LSrUk8CqpETOPBKFdFXz7I-NRoXLvx1gjJapfkz35LqDw3o6RTlwOAwTpy1fmx7hfp10G7bBJ1XmWpWYSup4$KyVqWbYSFAARRFIR2JTnZlON7Bgy5XGzH+H-8mdrolumx0A$OqM$u5lvyg6je9LxRE7aPSB1EtqP3rj9NCzeunajHCrOVIttNkhak7lbrAHbQGM-M8XKE$DyGbKuXmjHpGy1e8QrHNClyI$5ImSkIA-7ARaPT-urmX$KwSk$MuM1VuBJJGF-Hy8$XtPCBIqHed5auE$9EK$9ZN-BsveqPmhkQTlpwJRo7L7oJgbywIoxUk2aGZjuNCc$um5pLqlq$zbNDWZUh1Aw9A5ywlDLkCQlhp111lwZX5J5ELWTW5yxolyx8xUycyOLSyS1pIKqeJvr6doK9g$Ty8FFnrsJha2mgBN-2O2OaSFRPdIrPXNGk7nNTXAXKtSN-OuxgAl8WR0SSknUKqKIpr-l6-akU1$KUFWeywbvuEFjOCEIrjkuDWkxAGJGvW$euBvbaxGHWSWIIJpaOB2RabcGF-20rmBp6jp8Z1S$QRUWE1UbuwaB8TBIj717qFNPqJYZfSDlW0vJdw4PhH5+3uw-uFI86nl5qP41ppI5uAQ07tV-yERvLF5W+7qPmkffBgIotW9voJ4GzWm+8gjgrHBI0ZkgnS+y9Ify513r$v6x8y9xOPzk$EDrrO25M5EGAQnNMp8BUFTa7oucHzKuTZEuOxLCpl5SKlUExF6hxy$J4YUrZmEHKyqFOAm$7$QHOBjeHaMkpqnzZBSxyNndJcre-Q9yRNBFF5uXZrvAMqn+JAtLtL9InUmrUjNjOmxlxUa-47MJKmP8pKc5Way8OkhIsqcp9HFI4kZSJXKSm07LSgQuoFvdYFM5fSSbWyGUFxcxKS0lQqRNSfBR4+hBQ8nZQAmOzHIFPdxKy9eabtHKfRGruU80xc4pHa0phyFXSznGECh0pA0f9IKU5qDxTbRx9If1J-ZzeKyIQd3rBX$w2OEaMjcIJ-4PyH6jhq2vXNu9K0z0TwJHaYs1sto0yKS0ycByFZcIYIMKxYgt11fu3fTowy1Aq1e0oY8OYbfgZEg-pq0g+ZXZDCXg0G9+6AMNLRGdv1tu5uu5FdcZ8OaxUHdhpA1ZBN6xLczk90$sSxF7nlZxjA9y9qLlEa-fuOLOeTqfdbn+15I53ryIhLShebj9eXqjXRKAgtrxeh0HuFSK9b3rldHOaQtQe+2BvIFdAO8IjLQ7t1pUIWUmKKZRuRR+6B9Zzt-Df7VSLlQoXN2u7zvSTwlbUh5Zcebc0cXsz$SEFtkgsWY$50DgHHNvpF9AjOmgBZttRp$2KZvNLx5RG5XdzLeN4yLhgxEEszETwon-eqd02ZL1UODOA7a1rK0NSPpreNwYCZnFDoNUx1vIQDyKEL-lgfbKhdTrnJnn3h$F8XRa9Yd0U2AEeR0S4AdvCtCtxmaYnZy97KBqdaKsoEmP7dkguAIhRA7j-F7BRGlI47PQEENxV1LtW5qy9Bfv-Nevuvqre2uQVz1A1AWHAbVIWGLuuOpf9EGUjErOQlKuIU5$AXqfzkKYo8dnxrGORWuYUFv5fqIHoj3HKz91q-0QmhaWaq0h0yTAY7-O3h1zgeAEFZ5W0sJth1lc84HeoSJ8xtWyDJjuygAyGmEcXocD4s27R4vDEV0YwhAw5YsucLx0Bq9rTnZfJfjMFdN5kDLugrBupbDJDKwE5gd-n9S0ts8alKq+AmfZWA-b$oeNWd6jT+djjQIozkqLT91yLX6rQ9AuYsFrXhlvNqnzMSGCeSeqBlcXed0Ge9q1BuU$qfdyc6SQJ6V+-6okFFeepsbedmYVEqD8nBMPeHeHaPBUwnbQLvsqMz1KrhIezmrRQSQSOAYYFdQRpNSf$OSP2gfUdBfZohnLQHk71TnLOO+EwVFjyWjlM8R52MM4Z4w1A01IBhDDs-36MTEEkB7sKpeoDWk4fO3lA8OWWqMTIMUQtx6yRxmKINe4$OCsFL56zgBqHW9pSr7Le5DjyWGKfImMVqWme9nbfCbs58C9L1ejkp$uw0fwl8Pwu$kDRf7InS+O9o9juwS8PpfcnusPNkQduLdYU8jbmq8wCKcfp7Cuoz6tHx58jvqOBgIjpQ8$9a7+DK-GqwjffKj+HOwtF2S9jS2AxMm3ADs+Z48A1$SBA3$fFu7oBfM$L4N0s+LSuHdsfCu3$TK8Y5Nz6UK4Dus+ZUuu7wqO9HwJmuAt519uhA5QHp1qRE852++OFZTBATjwGI4wAGgjtpjE1zRkc3wcDIAocIjTMTMRsueP$SOBIMwFceX1IfPLl2$PKEuNITI-oEEnuEHjRZ8Zkjf1WuyPBpl9upq7I7DAYfTDwoI971L$4PyrWxbo9Ewd+yDfCZIqeWdQEo7P48oLq+p8EoyLW6AkEUpw6me4kP4nZMbJIHITPCPnu2pK$pD76qUp68ZkIgLQIMw-wvApubp8FI7cdPQ-TsyluFI2yE7D8YFlKp0RNw+wDJOgF1uF1Ep$82qA7P5W9q2ZEJNyQAk5bHICogRIXfrnjWaIUodjfTzRH1IvfVeaPKRmjW+onal8D$bXjd13usIMwk88P115mGEoYRYE+BLMWIWdq9+YGp8++vIWj1ePITSOoM8UeHEJDtRH8Pmw7W211IEYg8+wjfWsPqwU0LMpFqLpTnUfrytbb4ejo-77u0Wp+LjbpucLOYNP98TOpepfP$ej6qeZIIN8+ANRPAh+Hyo29FmwwpH2R2yIs7U7mf6YTzLZ8S86NtwNKWbmIUR8I6vDzGU8zCbuWd15UDDqGHkI597QL$-TdeZvf5Py9J43u0KIvjI7oI4wHA9CmjWqp8MkoRwIHmjIEp$7hfxwG86KlHbQqtfA+beU4t18fnrfhjzzw4ljbbSBuB$2lgTev8ZPNI+uHUvpLKpNnzTDZrU280eba93+m2TcEh0qu8m2$syj61$qOW$9NwnwMPAPIoqBq3TxPnAs9oQCbIDobPxTrr0$uS2T7FnkWBp8G9PM4UX$y8Fykz8dm7fSwJSUDfxmc9-70uqczZZo139Yy6Nk9e5e0pkwNwtEg6v5UmuzwdI$GuJUET1wFa97D$1Ze3Ef1n1MKXksubKT4w6P-oq-sGHu5e8R+KyXASPHP1+1gPapkRuHYIIuRwkYuEHgem4W4jkwUXPlJ+N5nwSV1xuG1+HBXp0bb9NRv8KYZIuJoaFcXv7tSqKWquho7u3uuPZ+WzbA4FZ7RDko8gU1NXUcBUeDtRnwCUf$wHwHbTWl+SlPE+OBrjLYf8uIj4uDRTTZLLuqbW6B79ImtLZxaM$YDNhv5UU9fqcWGKnW1SqB0LJGnaudg20Z+bDI3S4u7VT4hk8tdxuF5QNgNwSW+SGXfcAgI$ZVS3qBqaEMUI5h904IpNnUPUHCuapMpXWBqJqU8ufEAjcj8j1wneTj58qFu-LawuuWT1qZPlum$HtxhkpAquQAYQWTw2m$WWpXwufeQyUOy$bRf6qPrR86f5LVqYX6luWZZk-1zR9THusAHnthQW7kEYwQ9G+TeXY8HwwXuDyzzXQMwWPZmcIWR1-IQT53FPg9r4pToN3SOE$rcpC7cuqmM8-5mZ89KMnfoGJg1BppYBf2VY0PKweDEM8ZFePOUjTZeTf1F7y7A+2Bf3yuKvuxmSTUSZeU4GDf7ft$EvoQpg-Eop+ourKZegOWkTgmqBFl9$w3R5Fpv0PX8T9qZmxnWy5h68uW1xWFj0mLp6ENIpou2nL$kR87Uoy0W$nKuuEuNUkZebd9xu4XQ-6aqkaECePmUS8uCTCq7oHTHLUdwcqIn+6huSwbApn9nCEnVqDqjwZ5twak7$Puw2JeTqFpoo7wjA-+LE8M8Zu-KxAvw841DuFTTEgyR-qAuC1HE7TH+KYuaqD11kZwIL85sWxa9eFhcnWj56HZQKX2e+FuuvJFuc9jIxKDuqGpNIlwZf1T7R25vQWv1kkPKTuz5jYU4ucuXBdcoKWbLFT7Cvunw7Pe+8I1hQkZ1REXHKonlb+z+p6OXFde4jPADRl8KZzEbhwNG++K6Vd1bThAWGxuku8Zzle3o1m0Nd+cetvt1lHC5aVHZYEZKjngWDaKPqZtdedSpqMZPNkYD5gyoxCDTpveY6ae9PDP4vN0eLZVorKZfuEVg25N+pnRWCtufcq$ZdeKGeuJqVSqGUsTLfB1Za74a-Zdgxm0CkYNEtDPrgxmSPwU+Ne5uVgE1nC8w1RkA13FglYCVaXwL8UzL+1ue6A1pJBbVHxdb9wWYhFvL0Twr1CXWgav3PrH+9AEwc1RqPHbb2ReusG3I3ZPrekSraZa0RfH1zl2lI1aayISwerxVlytP+2IC+WHutKceQ6-44lhQRBw47nc9w2XZ2wQla47uj125juATLmFZaF8hMZ$A7eyt7WFc+uS$Or$Y77WxZqcDdgoS9qlAvoZojq5AGTwWWpI4Fg3r8rXIsaa95yDCpUv2GMTT4IM1wAxpJ7+akUsq6XmcIuejWb9O5p0I6FruzRI627P8QkKUeD+TjSq2XmIvwefaXjcCg0tAEmxWRg957qlosl3fRSTjxLJe$tlnumNUAX+t+mwF2q4SUcO+JX8d9qG870820HwOdnFt1u-4xwt29R7eWoWCja6c69QwkGE51-JqBXAu8WGJZ7GJqAyByrWF5+rcU3Nmn-vE7tWpIVuoCPJE2GbTTcwwm-oJEZfufOCp1eccvEztZS4GCYvcm2n1eeIB4MDk+8BEWCGuNPp$HaW4wWCBXmGtQgr8+rgexE8eD3PrHqp8u9S7ZDDH+y91Vt6BpQZoJIOIortGc1RJwb88fK2GbT4elqvWWzWtMRFxyApzPgTvxqMZS$oG1UI1GE$N6rZtoEatAEPm9F4T2cvT8LF5C+j7ZEdYdgb9L+R31Re11QINEh4$Xp6DGgy1GoIG1mfRror4g7EZFo4zyv7DIb1Rhtgm8RrX178YWjB3X2GR7ufy4oP9WFs$l9b7Ifqs4UP8$Qov4U6njGUJRBh+bdLHr1uAF8c4xFbL4vOjCFV93L+w5QvEoU7LkrBP2nHFUCbKoBHyNPH1Iqq4U$eeckXmfXoBMwmjnpophSljCWNowIHPaIAIDGnFgcQxfhT1KkwRxQu+ZklgkEseNwZ45YEJQnSLCyxmJSE9ltA1DqGx0f8F271CFNBpxVRDQzGOSvY7R4aJcYDvcOSxBDx3BR5P0UzFpB5abM82EZnpFHOfxUjMHJZAjvCBoyRj42NRIZFeBmaz6H2zgUm9ZOOuj4OobITYEIBSFNeN3EJBtE1BG+C3DfuDh+1TAhWfB93FPBzE0GHxQBdaEJQsSo$oYb-73vAbsKlBSF3QF2zJAwr0BSF8IK2E5AwrCBAHcIALzqmVeTt$HIIX66oOPvhOFSvIMHzwcFv5BIWNBTxvvBzvRemWjB9oJgqXNHBJWsJBnsT$hvMPaIkJnoDKAXvkBnF0IaOl$m0eItMG$$5xfTBgr4zIwR9c2EBmRvdEKH49KnD7BEFEBvHB99Msx9E+2GSF590fvZeFEpeXcZ-M9LLSTxIzzf$pACQ+ACljzFH9JjjhvO9EYtJS5pl7vqO$y3tyWopl7ruYTy3eRHnK9LJoB4xKNTHtKRLkqBHFLtOHHwzLJYLVEqfPQhBsRfWYPySttFajl2rRcj5FqrFkJnmrgHcyNzSSH-CtNkp5rdjSF3vMK8NmKEntQx5vAxv6QpEBzzFHvGKWUhkEHzjQ0j9Mj6AZEN+5HjBnOjFB5FQtD7DGGwZcO-x2tKTdvVNjxAYrmOyQz$Q9n+IVb-BWuV8J+rDZvx-NYfqePf2kl47UuGWXTJ$1yS5x4afHD$16I4uNpEo5xmoIuqKIBqgqjS4JVGw3t5$Cqce3$W-uTpga0c2fuByJ+ruTt06Po3woGtYCDKmJ8xh5Y8zpYIqgJEf6K7Is5CaE6BU$gwfNIT8wuuq-kbETWwawuLoKlFu8TuuIyheMSfII5ogqONbdJyL1uEwqEVX-Rbf84pyPJPU$G-j$u29Du6d18wR1U1LfCEuuIF+Uw8$I8wR8k$s+ga8R1CSOP+rF$Rxu+wk1x7BTWXt8gEoFkz8DXLrsvgFxXqyuD$tPTtAuuETPL4uu8mL2GYdwZyrJANodutu1IWzc6WwuGE6YdAuOc7yp-n27Yo0kPL8II-IPwYy4TzAu16wYo0Ewl15OuAMwYOv1uqQqYo12aY$rPqlfnEqU2ButPeDpC0Ndq2c9p+TNWvI+dAu9D$0FzmVt8qoXyj1UplO+uEkMub5$T8NS5ANo1u7Z5RpReF0UqnuPeh6p0m+u2-qwZueGH0cqFrfOPGJ3wT$qdy6uATfqj6T2U+bJIWPxA2Wbs9MdKTATMR14+Wu1PNwFP6++lsfI$9NG-9KcTyDEelALqtmE6o6SXwJwH$U$dJCbkXbJ1p7QMhl28LuvQIXdgu3ZQJe+IL0Rqj2zedNqkQ6oPfOBo$j$HJqYIsdwLrIJyWAbPuS-8uKDXjLw8WxJu8uRuFuew8wqYwkMA+LKrowJoZfBfp+IWLCAKKrnBfE868BDvLbRjXwMAWXbxIUucuG1VDhuINHXukadPsqCxNFp+HXqdPR$MFzQbfR6IU$uu+9ryX8ATa5yMlkWfyb6U25ZhVjduLxupj2NZ4uChc705oE+Xwr7t6uuI3aoAuu"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 0\r\ncf-chl-out-s: msw+TSzj81dPBa1ctlZ2+g==$6b0jcnJFelUIGuUljp0eIQ==\r\nset-cookie: cf_clearance=RH0mrsI2dgxicJa.hkl9PRdX.9LRyGyfUlj_wfQMODQ-1779182568-1.2.1.1-GRBk7kehp_I38YGnAoAfZvWqXrfS54ZXGI.LWwmMap4RNK6.Ad7aiRCNJPBy7DjFZB3DyqalOrLhDJ2XAvaZcVX11indmHxrxi9eRJeMyloN_GMFYzqxMY4RGCFr9fUBKG_u.AEOLyOKBfpy_PHlnSXoo4vptgD4P_qyjthFZMK03L9EusY9ChYJ.82xRjXAKc81EbuOHT.ay.zi_YE9WIYjtodmv4hHNWK4rff_YAUwz9JKRIUiLe5dEbsCkZc18aElMis4xRbTEZ1aiJWxPPp0USFYEIeLVLV_GR63jJ90b.DU0Nyvg4f3RebvU9AHsP4HPjVOZlSTtcRJb7wwUA; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=auth2fa-connect.com; Expires=Wed, 19 May 2027 09:22:48 GMT\r\ntiming-allow-origin: https://faceit.auth2fa-connect.com\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 9fe20a0f3f26569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-19T12:11:11.754429Z","times_seen":15436892,"resource_available":true,"data":null}},"time_used":21,"timings":{"blocked":7,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/image-98.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.267Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/image-98.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 142351\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:01 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3e1-22c0f\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5E0iGH%2FBBxrBqOWm7vzB3dqDBHZp5QZpZ9b5r8UfTm06tQecW8elK7lDetmWajctwxMMD8OkgZfQkCsgkMHiZVWTLB4oAxe4VwUb9141GtjB3rNgA%2FcrmeGkAkp23rq3VrJ%2B8XFvO3aNrvXuIA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b7a66569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":142351,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 397 x 415, 8-bit/color RGBA, non-interlaced","md5":"e27dbc1c113d8a7a761bbc6dcbd6ba9f","sha1":"aac4d21a85dd73624186212a01e8cc2c4e1c9c8e","sha256":"5ead4d639fbbf7f894e86c669408372d9f7d64864a72d52ec4c497f6277c8dca","sha512":"36863fd5eca9cc4228939238e7e3fafadf9a1871f15ef57c5bc5fb4be1741fb97e3a08e88895ebc4e8ebcd674ea720fdde26fdcd88b8f2333621c42c0c733ae9","ssdeep":"3072:ocGd/GE7gfjRB9+aWxAYmmu6SmiPmpxqZPKi6hWFjEA6w72SkyV:oc1xSAYmmu6nTpMNFzv2Sr","tlshash":"33d3133186e09dfa62550382947dc0d0de7d9f6ba5499b97d0046aeb08bfc2dcde2d4c","first_seen":"2025-08-04T05:50:45.30133Z","last_seen":"2026-05-19T09:25:05.396102Z","times_seen":53,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":101,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/facebook.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.274Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/facebook.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 742\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:24:14 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3ee-2e6\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EYA5qrR%2F3wq4uAAN3KYB2fDKwk%2FevD3N7xFf3V6wiPPFmiPDLC1dN%2Btjzhf4o1iZxYjoWYgkNMHLGhNY2IOe3eJk9eOk6ZVCo9RAhpCaqi89CUt%2BcmGyrYoDI7MUjo%2FOajJvtnvA3BdPs4WXhw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0b8a78569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":742,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced","md5":"32158f84f0ed03527d8785207ce38719","sha1":"4fecb0c9a496cafef7af09c7bb6963a04e76eab8","sha256":"01b257b254cea6ab5d9590d3a41b43932ae7f9dfa6d7894dd78cc76f60e89972","sha512":"1299455ab3e84378d523c7d8525631642d785376382da1ee4aa8cd6e754e6bc65ee0479577c45ca6890333d90b3b189e45cd370bf7605b8db4ba30c2df4a9fe2","ssdeep":"","tlshash":"500165af6d9d98b183188d24a5eb4456de0f188e10725d7c4feb06b4117314c2b0e72f","first_seen":"2025-08-04T05:50:45.287293Z","last_seen":"2026-05-19T10:25:43.629516Z","times_seen":54,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-05-19T09:22:47.832Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 19 May 2026 09:22:47 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lztC5y6ZJJlMebrGQ%2Bh8F6x3BeYNkg6vIfnpM%2FSJrVc53j8kXmzJjZCfWbF5i9rWeJHu1DeU2IW8lBZo6ndlmyGWoTffJ9g8f068bB1XQwXVcdIU7yef2eeXqqe9dTY9Xb0I7N1j8AqzTqR6SQ%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9fe20a091d0e5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"jQuery:3.7.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery UI","description":"jQuery UI is a collection of GUI widgets, animated visual effects, and themes implemented with jQuery, Cascading Style Sheets, and HTML.","website":"https://jqueryui.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery_ui:*:*:*:*:*:*:*:*","icon":"jQuery UI.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29334,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (926)","md5":"502e3faad3ce346af3b77ed2ba1b0c31","sha1":"00dee75f28e0b152a6dffe842d6a8741ad35425d","sha256":"354e35e86cb5ba6081a0fe94c1614fb9e92179f3c52cab6e891a9bc5941849d7","sha512":"b305dca5ed8b328266daedcb66287b454817da1d3b1d0b7162ca7d6e60c84c6425d5ad76063cb9907499fb56c4d26a9f79154d83db46b99c9985f17c1ef3c2fb","ssdeep":"384:tYpwRXL7dIFilur3hO0EOUuLuiHiFyuGSVnx/a:tYpwRb7dem+3hXLU4CFyTSNx/a","tlshash":"a8d2b92159f6207302c380d26f625b6bbfe29107da0a494472fc8bd8af9bd47de1355d","first_seen":"2026-05-19T09:23:17.336193Z","last_seen":"2026-05-19T09:23:17.336193Z","times_seen":1,"resource_available":true,"data":null}},"time_used":167,"timings":{"blocked":23,"dns":7,"connect":1,"send":0,"wait":115,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/js/jquery-ui.min.js","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /js/jquery-ui.min.js HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:37 GMT\r\npriority: u=2,i=?0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4sWywGphHIC4ZMEkE4J3aJbHH%2FNL4CXUNkDUtAztkk6gI0fiNYyQVuWqV1PZ3rpjfgiSYA2go6%2FqnC4SBGgMi9RsNj%2Fc9aUp0uPVOjesf0HF8PuGfLqukm27DwJDbY%2BdTPJg0Vb9xxcoGH%2FV6Q%3D%3D\"}]}\r\netag: W/\"69dff3c9-3e46c\"\r\ncontent-encoding: br\r\ncf-ray: 9fe20a0b4a37569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":255084,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (64399)","md5":"1e2047978946a1d271356d0b557a84a3","sha1":"5f29a324c8affb1fdb26ad4564b1e044372beed2","sha256":"9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd","sha512":"e7ba19fef5bc00d32347f290e817bdbfffbf87a6eaf7f9777f439ceef9faa8cab286f3ddd5cbca051596a73bb44289de226aabd929263b8312a94f91a47a26dd","ssdeep":"3072:eDPNddBFak8JUaVDpYujVHUc92smVppuzUPFI9fB8NpjJSyACAV:uNdIVWjNS9cdzAV","tlshash":"8944f84d72403a3295dfa265103b2a0ba237955da601809cb43ccedf9e7ce4571bbfb9","first_seen":"2023-03-07T18:39:57Z","last_seen":"2026-05-19T13:01:42.001354Z","times_seen":28174,"resource_available":true,"data":null}},"time_used":257,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":99,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"faceit.auth2fa-connect.com/img/section-scroll-bg.png","fqdn":"faceit.auth2fa-connect.com","domain":"auth2fa-connect.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://faceit.auth2fa-connect.com/","date":"2026-05-19T09:22:48.577Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"auth2fa-connect.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Tue, 21 Apr 2026 12:25:43 GMT","end":"Mon, 20 Jul 2026 12:25:42 GMT"},"fingerprint":{"sha1":"CE:48:E5:C4:FC:04:30:DC:B0:60:A9:57:E2:13:C3:2A:5A:76:0B:B6","sha256":"F5:DF:CE:F7:F0:18:8A:29:79:EA:F8:A8:9D:3A:DC:AE:BD:DB:F1:22:F3:5A:0F:04:FA:DC:E2:97:F0:8C:A7:45"}}},"request":{"raw":"GET /img/section-scroll-bg.png HTTP/1.1\r\nHost: faceit.auth2fa-connect.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://faceit.auth2fa-connect.com/css/style.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Tue, 19 May 2026 09:22:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 634961\r\nserver: cloudflare\r\nlast-modified: Wed, 15 Apr 2026 20:23:45 GMT\r\npriority: u=4,i=?0\r\netag: \"69dff3d1-9b051\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=C7VnsstCZVBMdwn448gmLql8Yn7NeIdT3x5aSa5K7%2BcTkaLEhBRJBomcPZEtZXgviK%2FzC%2F6akaJi1aER34CG5KxqM9piKhsbG3qqCKPO8yh4PQJkhwys77oMhntWe8OU267nYFw6V9s7gZVmbw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9fe20a0d9cbd569c-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":634961,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1393 x 1543, 8-bit colormap, non-interlaced","md5":"0a33b3d1e11494b3489c9668156c6f4c","sha1":"b6055cabc252060b281c478af7c547fa5e6914bb","sha256":"865f3b3e643eaa0460b6d665101132db6cfd914265be49a64510ed74a1c66847","sha512":"75bdcb689d106cc9ef39d5f2ef7db6c848d502f01a87b8ff09976fcbd9803cf7b9ef7be24228533155bbcc08e7b0bc9dc45d89ecf46a81feb64a6cf31b20d303","ssdeep":"12288:4H8Zloit/eXjvDpQP2qEMvkzywvDSzuZTwhwN4+eBh9He/KveIhba8i6pG+kY4+:4c8id21aixdLS8T6wi+eBh9+/Kvegba0","tlshash":"b5d42305673b07a6eba2e173706c6436f1f2319f1b6ee5865438a3896e58937f7024c3","first_seen":"2025-01-05T22:57:12.152761Z","last_seen":"2026-05-19T09:25:05.403016Z","times_seen":63,"resource_available":false,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":125,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-05-19","alert":"Sinkholed","trigger":"faceit.auth2fa-connect.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}