{"report_id":"d4151575-37bf-45da-ae29-4e8f61c3e227","version":6,"status":"done","tags":[],"date":"2026-01-07T13:11:27Z","url":{"schema":"https","addr":"login.cs2-final.net/e08c889eb","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"172.67.175.191","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"login.cs2-final.net/e08c889eb","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"title":"Sign In","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"login.cs2-final.net/e08c889eb","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"172.67.175.191","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-11T13:11:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"login.cs2-final.net","ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-28","domain_rank":0,"first_seen":"2026-01-07T13:11:27.453441Z","last_seen":"2026-01-07T13:11:27.453441Z","alert_count":22,"request_count":11,"received_data":1795953,"sent_data":5179,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"login.cs2-final.net/e08c889eb","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"9321ed1409567af31ba7b1ed264bc6e5","sha1":"668e30fb1644ed6d391ece640420a7bd13470320","sha256":"5086692a29befda2fc07e384e18957ae3cecb9daf35552e27887906ee2d6d88b","sha512":"07fa6e815d9d4af040296afe7005c7ff9d908dd61a4cc104216f40eb3a4ca44ff15a5603ee56695cd30bf763f7364ccd8d20e3c3e0f7f6d5abbba6ed94b8959e","ssdeep":"","tlshash":"d2d0a7cb4066d5bf5664107059d93b2662a321e318f306c84bce2c4a64c14cf98291d2","size":220,"data":"","first_seen":"2026-01-07T13:11:29.157728Z","last_seen":"2026-01-07T13:11:29.157728Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/812b851.js?v=nsDHrGqm","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eba51a61894a773df5cab2a18e499c0b","sha1":"e028428f4f367af2660a66e976f223695020e732","sha256":"225edf54855697e6207ba9bded4d041d824e44c7c842f2803ede51764a9e54ab","sha512":"a57c4b5a43b3b629737c98ca9fb0cd549bc35c300208c23690bf9f04312d2aaca179d6cf523f031f2d6dcd42b4e8156a149b0ae676cc09737a6615c8d7119cfc","ssdeep":"1536:DPEkjP+iADIOr/NEe876nmBu3HvF38sEeLHFoqqhJ7SerN5wVI+xcBmPv7E+nzmQ:oNMyqhJvN32cBC7M6Whca98Hrp","tlshash":"bd93d8d9b6d27162977730b850bf510bb13a98eab80c4c60f1a4d8e47d78e89507bf2d","size":95701,"data":"","first_seen":"2023-03-07T12:27:03Z","last_seen":"2026-06-04T14:54:24.626758Z","times_seen":206,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/f6e15b1.png","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:04.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/f6e15b1.png HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-type: image/png\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:04 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=s6YHz0M%2F72y%2Fo%2B8kvTmWyeYZ7TFUr7M%2BhC7FoWv6v9pRvOezuurGyZ6UC9HcGUNdn6F2GYlwNzPUNZcvWbLt6wTQYKKsk5Gt5Q%2BO4xKuTP%2FfRig%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3b2e9fe0a23eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8552,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 744 x 171, 8-bit/color RGBA, non-interlaced","md5":"fd67cb7bbc8b269a3da874bd46a8194c","sha1":"cd4971306ee390ec0c8915950eb677debe12518a","sha256":"fe227b35c5ad0e7f785adc6e51a90ee961ad2606a9dac1db7f34429ffd3f4d41","sha512":"e7d128b0596b54d5fc5ac61894322a085645a03a965dbf74a5bb8a3a346f5e47c244758bb96abfb45958486bd1a077b8d1f2277023d57e19b129835d258f353a","ssdeep":"192:/WiHv4hH+0Q9hKiGDcbIao9AUsFPKD9rASDkSy9/ywmtGz1ygX:/WN+XTXBUgQU9qwGe1B","tlshash":"0302af8fd271f1cf8ea8491dd707aa5fbe1a23d21a7724b95dc0142a320f78146fe859","first_seen":"2024-06-13T10:36:03Z","last_seen":"2026-04-23T02:33:12.418611Z","times_seen":24,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":303,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/74d349c.png","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:04.011Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/74d349c.png HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-type: image/png\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:04 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MwhUZaAjNs4p%2B6xCfmdPFQUhne4qdI2BSQl4S%2B7llqTv1lBL02Q8lMCcXDvRv8ML7XCEuWgPsxLgKYq11wWv8psRuco7LEit8otRjPBL4eCciTM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3b2e9fe0923eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7789,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 356 x 89, 8-bit/color RGBA, non-interlaced","md5":"796c9e154e81ddfa9a92b90d198e1bba","sha1":"43060489aac45b9384f02c94d831f9880637633e","sha256":"018fbee96f108aad6043471fb4f58e5f2aa984cee0f5082a3e8c8084cda26bdf","sha512":"c8d5903f75f5a0c94dd9511cfa1253a5cd3bb99b2433018e80eb3b7c8ff89cb83e064e6f467a9cbcb003e42192361abe225580040dfc48ff77628181a42c07c2","ssdeep":"192:PTWeDDP7Fa2uuD7vYHbtMtAdOCVDruu2jCVvsD:pFao/YHe6dHRr/2j8vsD","tlshash":"63f1afe42f6feb29a69525374b8836fae80112b51d140ade0e0f3d9dd7c61977e0a124","first_seen":"2026-01-07T13:11:29.134607Z","last_seen":"2026-05-06T21:32:59.366831Z","times_seen":2,"resource_available":false,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/2d7e328.png","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:04.015Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/2d7e328.png HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-type: image/png\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:04 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bCUCS3OLFYBgLuK5ogEeYBTSj3JVPPKiXtqk3uOxrtS3%2B%2FSIwjO45%2BSfCmp5InxdUca5XmpjQa3a8Bs8ZLgePdflcpxYUhy%2F2rmGSuLp%2BL9D9eQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3b2e9fe0c23eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":989,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 26, 8-bit/color RGBA, non-interlaced","md5":"1395aebf0dfbc282415e988f932ce038","sha1":"69d3a04b976a62ccdd073044ec626be55172ff42","sha256":"1657d12a2ba5056334c769336d85909461317e00ff3b0f88a7aee09cc5069a3d","sha512":"8f72d76bc38ca96c7d30c0a4df7b8d4259433912ecba67d1eb4440a88f6169e35f066430613e805d2e5b4cfda3195391e839e414a95c6704f0c8746979a00ada","ssdeep":"","tlshash":"1511c8721bd498d5a2a6607c01c921a690ad6fbeaaf9484c3104c87e9826b463298726","first_seen":"2025-06-23T10:41:45.501088Z","last_seen":"2026-01-22T11:12:16.487336Z","times_seen":5,"resource_available":false,"data":null}},"time_used":300,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/812b851.js?v=nsDHrGqm","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:04.003Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/812b851.js?v=nsDHrGqm HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-type: text/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xNLjflNwHpVS333ZXuoARP%2F7hwiW%2Ft7ywSgVsigSEebL8uDgo1s9H7zCCOUopGID%2BtGg%2FieUcA11MHI6bZKiGxtDIUuHeq7QZ3T0tjy7KdEb%2BoY%3D\"}]}\r\npriority: u=2,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ba3b2e9fe0523eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":95701,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (32086)","md5":"eba51a61894a773df5cab2a18e499c0b","sha1":"e028428f4f367af2660a66e976f223695020e732","sha256":"225edf54855697e6207ba9bded4d041d824e44c7c842f2803ede51764a9e54ab","sha512":"a57c4b5a43b3b629737c98ca9fb0cd549bc35c300208c23690bf9f04312d2aaca179d6cf523f031f2d6dcd42b4e8156a149b0ae676cc09737a6615c8d7119cfc","ssdeep":"1536:DPEkjP+iADIOr/NEe876nmBu3HvF38sEeLHFoqqhJ7SerN5wVI+xcBmPv7E+nzmQ:oNMyqhJvN32cBC7M6Whca98Hrp","tlshash":"bd93d8d9b6d27162977730b850bf510bb13a98eab80c4c60f1a4d8e47d78e89507bf2d","first_seen":"2023-03-07T12:27:03Z","last_seen":"2026-06-04T14:54:24.626758Z","times_seen":206,"resource_available":true,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":56,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/f56d0cc.js?v=nsDHrGqm","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:04.005Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/f56d0cc.js?v=nsDHrGqm HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-type: text/javascript\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=f0qKZPYmGErfXMH7k%2FXtZFUf2g7LpveuiUTVx3sgJf8hV8H9EifA7%2F%2B5zQ6sGKVuGl8Lq0UsgwQ4RcQge4eBXebyj4GVRpv1bRzgtrqhi8%2Fi36I%3D\"}]}\r\npriority: u=2,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ba3b2e9fe0623eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1446633,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65352), with no line terminators","md5":"a31f12f890d00ff7436a0d8de1201b70","sha1":"e70ecdbdec08c216d8070fb2c9f69c320c2dc9e3","sha256":"a6fce8b5ece3c4fa13db664b247e7ad9077c11b6681865843dc2f59521244fc0","sha512":"d0ca8fc2e0911f9a9944a5fadae6b7049e9119af9522896859f77afa1c56e5f63d9d68964085cbc667feb03b129f5af9573c95c7bb7b19a57fd2816c7667e4ae","ssdeep":"24576:P+7ELnwHOgqDJMhZm8v02mZAQuclGEiiSd5yDmREK2hCfYA/:WqgqmpmFA/","tlshash":"ae2550c21e3678b4c042e62a392563e294277f52ce0e08b37667bcd4997ce5da4fe435","first_seen":"2026-01-07T13:11:29.141987Z","last_seen":"2026-01-07T13:11:29.141987Z","times_seen":1,"resource_available":false,"data":null}},"time_used":681,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":509,"receive":172,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/c0599a9.png","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:04.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/c0599a9.png HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-type: image/png\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:04 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=diDW7e5GUu6nUfY%2BPMfNZMmbGMxhRR0inaKUcMPPSunLcPcjLlwnJ%2FIKfdowH4mz8oEBaQiGi3cpIwCOL9W3DC%2FAc3JJCHIGd5CR73KznxHq8ZU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3b2e9fe0823eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3858,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 244 x 212, 8-bit/color RGBA, non-interlaced","md5":"c5e4565ca89733f610165c29e1f4732e","sha1":"5897336e1948cc95c4d25c124cb6a337f580f4ea","sha256":"608fd76329c47fce0520234823963bbf6eb6ebd600dbf69db5deb02f07bf7207","sha512":"ba57876cc2b0839a352b7b3382499b4ae49bafc8a3e56b34758b00eb40dfe3a37f434e29edfa24809d78bc2dda08d27711527d8bb9108500c6777bc2c4f37106","ssdeep":"","tlshash":"fd8109fc18ed9fe7142ddc6978ea0852d0115aa340b1a1c7849ddd54a2ce437fc6e58f","first_seen":"2025-07-05T20:01:49.602434Z","last_seen":"2026-01-07T13:11:29.144821Z","times_seen":2,"resource_available":false,"data":null}},"time_used":307,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":307,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/e9f3837.png","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:04.014Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/e9f3837.png HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-type: image/png\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:04 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ao%2FraZUwLue%2FjHL0UY8k9njFNcvqEH%2BtJYHOl2E%2FyeS67wEo9XLJSqEaiGYsQ%2B6XmdUSSVNwfDY0vE7%2FjLw3sqexu%2Bwr6DkLQB4ZKjcNAD711TA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3b2e9fe0b23eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34032,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 772 x 528, 8-bit/color RGBA, non-interlaced","md5":"27ba87012cc5cf803c309e4e2777496b","sha1":"e9821babd93ea392df1dc09e4e40f517b81a7127","sha256":"3ec7b165236ebd7f8e6f4c5ff412c8eb63ad1b4cf4549aee92bc0c13e7e0f4f4","sha512":"491444de25f4cdc912780c0cbcd40f659406259bfde4818b70b7e05fd67389cc7ac4e60afe36c97fee290deb4442ee4cc22131fc4da88d737f0c5f3b1de734de","ssdeep":"768:D9Z67CygpTqIBKr7tpRew8kHneAA8yMm7fU+OUl:DPuCygMIWRnV8V0yM+OI","tlshash":"64e2d067e6dec0a39f97772035fe842fd4e1937619481abf8db74961d28f84211e3282","first_seen":"2026-01-07T13:11:29.147327Z","last_seen":"2026-03-29T14:59:40.479319Z","times_seen":6,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/ee9cdfa.png","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:05.436Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/ee9cdfa.png HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:05 GMT\r\ncontent-type: image/png\r\nvary: accept-encoding\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:05 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fae7BJPcjjn8V%2BTkjhm%2B9cJcm%2FMaxFDau6beHFUdisujHybkPvJyHKangmC9wSa88Y8GBAqcWsuHdNRbDar4lit8wzMZE44Z%2BFXdkiXbaQwqxDM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3b2f2b8b923eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26727,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced","md5":"bd3a0a1b2306335abcb7e7bc4030e28b","sha1":"90fb45f735efaf1c8044ead8b272c42b58e0d2d5","sha256":"d01a70bdbd111685f29bbb0c8256a20a948a9c0f43fd16ab1f8b581c663994ea","sha512":"9983f7b35c20df00cda8a8a97678a70484087ece9b9b920398e0b92d91bc4f5a398b79c038e2b87815a9dd13eca1f2792d604276411097f99267520ba3666751","ssdeep":"384:3P+5wks1trryZHiDRTNkvp8IO7NGU/Na8+ADu1pJyPZL6GKWvO63y5wvHDAaxG:39kKt0CD8pW7NZaRF1poxCIOZwvHDAaY","tlshash":"bbc26a1499b4e0966d63457ebdf68fef06a391b2d4fc28fac308ad4c2940c2d1e910db","first_seen":"2026-01-07T13:11:29.150127Z","last_seen":"2026-01-07T13:11:29.150127Z","times_seen":1,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":93,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/e08c889eb","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-07T13:11:03.581Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /e08c889eb HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 07 Jan 2026 13:11:03 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4hjw3EqExwU1%2FBMQ%2FcbOztXl%2B0NKOegbJbjATXerDKClZtBS5Ns9RUUQbi%2FaZRmrKc7yKrgy4ZYu928GWB0IDUkXzfpJtQhEjpoBLTt2IT%2B0\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9ba3b2e78e3f0b59-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":122674,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (44152)","md5":"e54cc99e657253ec944d00a35301168e","sha1":"a5f0aae262e4f5864763cc47bb3b9949a11ede23","sha256":"2401fb3a287e059096d5c523b7c3ed06898aa8fd0ee3d31f4cf94a64195b5591","sha512":"86d73b3c4b12df58a7f0dc8cb8614494a3e3338d56ad30c6dd2a90fcb5dcd940a81650c2ee475d4dfe128de0e82484407d83a07a09ccb741a871ae48b917937a","ssdeep":"1536:ShlG8VSA5YGu0Ya7MP8YlG8VSA5YGu0YzP3LFaAPBHVbP103+IvaJtkwLLQZ/Vy5:W","tlshash":"30c31d390c94a23f197bada937351f1eb0b2870add4f081e7eac46d6dfd1d86c812256","first_seen":"2026-01-07T13:11:29.152332Z","last_seen":"2026-01-07T13:11:29.152332Z","times_seen":1,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":29,"dns":10,"connect":1,"send":0,"wait":163,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/47ffa9c.css?v=nsDHrGqm","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:04.001Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/47ffa9c.css?v=nsDHrGqm HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-type: text/css\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R4Ukyo4tKDoy3vzAY1dKvFosscvwb8Mii8m3habFkQqCTlVSkCAJRg2Zx%2B%2Bgwl3mhE5ZeXfDsOSSQt%2Bx7bcrE0yXO62Jq3GNtQEsarfveV8CQ6Y%3D\"}]}\r\npriority: u=2,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\ncf-ray: 9ba3b2e9fe0423eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":41088,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (41088), with no line terminators","md5":"8566c03b1233f43e7f46ca2b150ab7ea","sha1":"cced78d5baf742a4f0c086d57ae54bafc0d16df2","sha256":"8b0da80c3caa2a20a0fb5cb23c60e635bf900f54ef8d201bf762ca32ede36820","sha512":"18348cdf67ce22724eef7ce590be3174e5bcfc27691ab81ff11c3f4472a8968fa7f545baaf5a5af3b3f1f101ec96a290a31872aae71e390f378d95778e1c9681","ssdeep":"384:PMru7w7EH2XZ/DRQLTRVwcQCKQCPAqqH1Yb2KC28Ossb2eQMdcpqaCm+TUFsI0:kru04uTU5IPnqFJsOMdaC4V0","tlshash":"a003093156803138b537cca2b0e42bed716e840bd5231b7ef76676b4ca866d623b3794","first_seen":"2026-01-07T13:11:29.154212Z","last_seen":"2026-01-07T13:11:29.154212Z","times_seen":1,"resource_available":false,"data":null}},"time_used":342,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":315,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"login.cs2-final.net/9828f98d0/30af0/c75cb9c.png","fqdn":"login.cs2-final.net","domain":"cs2-final.net","tld":"net"},"ip":{"addr":"104.21.40.47","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://login.cs2-final.net/e08c889eb","date":"2026-01-07T13:11:04.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cs2-final.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 03 Jan 2026 14:24:07 GMT","end":"Fri, 03 Apr 2026 15:20:52 GMT"},"fingerprint":{"sha1":"2C:5A:D6:D1:00:7B:B8:A4:E3:42:4F:29:D4:21:CC:2E:1A:CB:76:E9","sha256":"D1:C5:D0:96:24:82:50:16:D4:39:8C:BC:C5:6F:49:57:9C:C9:64:EA:7A:31:55:01:14:AD:90:10:5D:8F:12:87"}}},"request":{"raw":"GET /9828f98d0/30af0/c75cb9c.png HTTP/1.1\r\nHost: login.cs2-final.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://login.cs2-final.net/e08c889eb\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 07 Jan 2026 13:11:04 GMT\r\ncontent-type: image/png\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Wed, 07 Jan 2026 13:11:04 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jN6Sp%2BUDjQwgiW3XYhoGGOSpzoUyr0D1p%2FKxJo4H8b5U%2Bs5giN1fOkx3x6RTb4ZIbeAZSKvPiTT8npivMZhWOZqgqvGiMb5cRKCx7SMZHrToY%2BU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ba3b2e9fe0723eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":974,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 92 x 26, 8-bit/color RGBA, non-interlaced","md5":"6f333f08272b9dcbf2c0263e2736aade","sha1":"b478b4c26a0c7d881fcc490adc992fdedf82ad0d","sha256":"229efde7a7c619ea6bd45bffda5b487f1ab346c8e53139dc0e82ad851e0c2eb1","sha512":"bb97e1b5d0c0394fce418ad37e72bbd84739b0e60d38ed1a60946acf46ae3d19f11dc087984fe61f4f4d8727a77813236550d35a4bee61218ece49120b8a39a5","ssdeep":"","tlshash":"6c119887f53de487a457b303501659f559121f3497e724c5e26dac4228a5c908be8713","first_seen":"2024-08-19T19:46:40.679203Z","last_seen":"2026-02-01T07:10:03.51193Z","times_seen":3,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-07","alert":"Sinkholed","trigger":"login.cs2-final.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}