{"report_id":"78171420-aa97-4646-8093-8e9afe6031d4","version":6,"status":"done","tags":[],"date":"2026-02-17T10:42:29Z","url":{"schema":"https","addr":"ehtgas.com/","fqdn":"ehtgas.com","domain":"ehtgas.com","tld":"com"},"ip":{"addr":"104.21.6.248","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"ehthgas.com/","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"title":"Instant Ethereum, Invisible Gas | ETHGas","dom":{"size":31397,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (11465)","md5":"523f5f075a71c2edc56b085165c8555c","sha1":"e9befed3f252ef1a0937a9f0d70dae2ac4f6a45b","sha256":"8869f719d55bfeea432cabc0b484a35c9f3051e3c9d7747b614b687d6fac717b","sha512":"c0226f374d9598f61bdb42237c02d330b7191ecce67ff0f0775b0dd892a3cf736483dda56c9b43a484603a693cc22c3baed662977f6194ad1b7907e2ddf6abb8","ssdeep":"768:1OjQnnVGt7KKLsl0Yr3JGHxWAdZGGmwedZbrnDOW+Z5ECtSr3BORyJhZemBsU4cV:1OjQnMt6xG2UJGkQL","tlshash":"3ae2f9b34940047ee35f2e81a3a25f1eb3bb520dee0255915aa57e94d2ebcd35003b9f","dom_hash":"domhash8de47dc4b43d4f312de10de176e6e6bb","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"https","addr":"ehtgas.com/","fqdn":"ehtgas.com","domain":"ehtgas.com","tld":"com"},"ip":{"addr":"104.21.6.248","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-03-24T10:42:29Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":1}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"ehthgas.com","ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-01-01","domain_rank":0,"first_seen":"2026-02-17T10:40:23.732023Z","last_seen":"2026-02-17T10:40:23.732023Z","alert_count":77,"request_count":77,"received_data":3258127,"sent_data":35890,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.prod.website-files.com","ip":{"addr":"104.18.161.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-01-23","domain_rank":20159,"first_seen":"2023-11-01T22:05:38Z","last_seen":"2026-02-16T06:39:34.799208Z","alert_count":0,"request_count":1,"received_data":2737,"sent_data":493,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"ehtgas.com","ip":{"addr":"172.67.135.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-12-03","domain_rank":0,"first_seen":"2026-02-17T10:40:23.730987Z","last_seen":"2026-02-17T10:40:23.730987Z","alert_count":0,"request_count":1,"received_data":529052,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ehthgas.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","size":1239,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-06T11:10:20.785742Z","times_seen":361890,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"a33a49c15b9091505ef7251169ccfbbb","sha1":"d821815c57574a06c13ae368c88664ba97f50d19","sha256":"4efa426ab460007b7be5ae24613e0ac9224978cb8d940a00b4c8f9a9848d82bd","sha512":"ff289d3cc362b2c9938e0fea0e4578af2bd908ba8d4a492d6e189b2cbf1b67356f7a4f1d81e4da29f3122a6573fbc9f47d3f1d17a888ed24d20d130b6b6e03d7","ssdeep":"","tlshash":"0411cc4c52f901312de702b7a3163a61e607f1971046d995f83e8aa19f48f250a305cd","size":884,"data":"","first_seen":"2026-02-17T10:40:28.36072Z","last_seen":"2026-02-17T10:42:31.315623Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"ehthgas.com/index_1.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.862Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_1.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9pOPDgx4YtcXHJ4%2BfbKBwsBl2p0ZtUZaH3hYPf%2FY9u1v9A6pTLrZOuvPfoT4T05kr%2B9PMjx81D7ERbe7H7jNkDo%2BJfTm4E4TQt3x\"}]}\r\ncf-ray: 9cf4ad129d8251e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":201,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with no line terminators","md5":"accffc389519d78f05c94892222f092e","sha1":"5f957871f50031c238dbc92e56c69469781d5fa9","sha256":"fcaa07a7179caba2296eb8ea54a865e7ba25dbde43a391ac7ac53d08614cba16","sha512":"c0aeb6ebee410c7d970bde7b01fcebc8736abd44820cfb62ec698795f4063ceddfe41c7de520a3cdcc611aa9a51416f7156a8381f405b66481e2b610da22babc","ssdeep":"","tlshash":"6dd02226c4054a2bac428aa0c763e380c880c33afd318c61adf1aa20f68d5258a23688","first_seen":"2025-04-19T12:20:06.699203Z","last_seen":"2026-03-18T15:39:04.149534Z","times_seen":59,"resource_available":true,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_3.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_3.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CcnHS6OYTJbbrHF2AdOGBnB2SII2PY%2BZ6OWRzPSsP1DEd9hwJl1tlpQt%2BTcY8fhPP%2By%2FqMCxmP7HbnQEQcJPMA5s043ZQJGSrP2e\"}]}\r\ncf-ray: 9cf4ad121d6751e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31420,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (11465)","md5":"f32cdd5d1739c68f5bbeef80358ee079","sha1":"aef28126e1d2d5493b5556667f16ce4a79502923","sha256":"2e77306bdfef11336529f5671219ed3ac5161ef3761f371e03390cca07a71b92","sha512":"78c050efe49733c32664a217895e6b06d3764f8700efb06052c9114388de6d4f66103d40f9ba1a30455d00b5f770b5c5e27190dfd20396d71a8a61010f10e697","ssdeep":"768:KOpQnnVGtJKKLsl0Yr3JGHxWAdZGGhGwedZbrnDOW+Z5ECtSr3BORyJhZemBs2SE:KOpQnMt82062UJGkQL","tlshash":"e9e2f9b34940047ee35f2e81a3a25f1eb3bb520dee0255915aa57e94d2ebcd35003b9f","first_seen":"2026-02-17T10:40:28.347844Z","last_seen":"2026-02-17T10:42:31.261747Z","times_seen":2,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_5.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_5.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4EAHvvxaTRwuLX1%2F%2B56hLMZfQv5IrqVsYATfH5izYsSeI5zOcRWD%2FgSia2Rb2en0%2FCgdjI%2BiBgN06wfCyDO0IcGAm4wpQMQbpOa8\"}]}\r\ncf-ray: 9cf4ad121d6a51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31984,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (22467)","md5":"687375843d9fadd02199e302dfd2abbe","sha1":"90be3b663f19673c9399214d95cfd60e1fc87e7a","sha256":"3b670d2c4b6418dc6a9c14cd4e7be4df1b8a9af175650fb7a118706a13c33628","sha512":"d49ebeb64ef60f8c5d0f8eec90aa95f1e1e79dcd2f16e76b249fcbd1e1ec2bddde85dc7f429570861b1fed637aa3d87fe8e9e325b7d1c6c7cc48b1133556e8c0","ssdeep":"768:XYpQnUAcnKKLsb0YrPJbHaWadnGGhGOexZbrnrOW+ZtECtnRpORyNhZwmPs2SDo3:XYpQUna24dHsI6kk","tlshash":"bfe2d7b20950007ee35b2d81f3725f1973f6520dde0294a14aa97ea4e2ebdd79013f9e","first_seen":"2026-02-17T10:40:28.283335Z","last_seen":"2026-02-17T10:42:31.262727Z","times_seen":2,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/mqROce2n0YTnGtpo.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_2.html","date":"2026-02-17T10:42:06.350Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /mqROce2n0YTnGtpo.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_2.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 46015\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b3bf-19b8d9ba336\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 20582\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3Xa81lfkC1BTt2pE4Ow4F48n%2Fbak2fDCaMUkDKdAlSm7THx3a2yuBrrmq%2B2reffgQ0xnorjlqAdYmFqALbxnphXHOqgxFyWCejZS\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad158e0551e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46015,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3","md5":"b0bdf5922af8c5ebf2e415ab221d8090","sha1":"89f005b576384be819aaf1151453cf3c28bd92c2","sha256":"f01db6b13ca393c707fa77f42b58ba634ac2d2aded667be1b5bfc7b42d45ccc2","sha512":"e5be4d969efa22e16b7ea1ab96f2b7239f74563cce673ea33bdc350de6ee066c3643bcafbba999ffdf00fe48d46399f86990a12ff72db7915c383b18f199ea75","ssdeep":"768:m6z/U/7d8+Fr9E0Iu8k12Dw+cJiobeOLadEV7vRrxHytKSRyCNQ6x32L:2xFrWJu8koc+8i9OK2Jxyt9RyCNQg32L","tlshash":"8a23f152730962266e4d0cfc07624b1eba6d4f09b6f99f94c7f0196643945fbeb38224","first_seen":"2026-02-17T10:40:28.324006Z","last_seen":"2026-02-17T10:42:31.26389Z","times_seen":2,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-17T10:42:05.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\ncast-mode: default\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Z0BH6A0GRYamipNmmsyfqhsLjuTEUlQJ4ewjsHkedpCAvaZKtKTR99i8SrNVJnuZqUW1lsUGf6AMcpmYpB4cOv7Hu8qQPxsprbGH\"}]}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 659855\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9cf4ad10390c57e3-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":528567,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (30927)","md5":"6b4f7080cbc8a5e459f8b791e5cece4b","sha1":"59c1b1c1380442d962767273c5d11fdfa283c8a0","sha256":"659cad5f732dc1f32985736a38705b359072373424f292c73bbda824c30cc791","sha512":"48f15c00c4098f9c9a6165df58db6a74b68ef3b2ee05a9fba0ea3509828aa8b4dcec8b942c22467ea7ee6e05c6ca31ad9c216345d6851fd70497f4b8e714bd8c","ssdeep":"3072:r/in6ZERoftP6lCjzyQGGm32+tpAOo9bvt7YAtHhV2Dt25cJ44WpSfFKy:rO6ZERoftP6lQGGmtpAOo9jUXWpSfFr","tlshash":"2db40a70a3440af8e5170bcdd9b67e1820f630efff951088d26452d257beee82c3a55a","first_seen":"2026-02-17T10:42:31.264695Z","last_seen":"2026-02-17T10:42:31.264695Z","times_seen":1,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":37,"dns":0,"connect":8,"send":0,"wait":38,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/-99z5orR_normal.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_4.html","date":"2026-02-17T10:42:06.099Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /-99z5orR_normal.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_4.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2263\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"8d7-19b8d9b9f3b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8SPExQb%2FGI2u4wmDEPCihtXNQKp1lREO%2BDQ0rOrHbK%2BezFrxLXUXHQvfIajLuep1DQxybjBNtva5F7KRWtP9OVtfUjmNBIHFpwma\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad13fdc851e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2263,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 48x48, components 3","md5":"a283e3b55c1bebed6b9c628eb50899d1","sha1":"e93a6e0ed97878dc8fa5208e8b16351ffcf30880","sha256":"55fcae24f7b96f12def599cd1a284e8b236d8739f2c94a076c1c019be5d6c870","sha512":"2e89eb04be0a4889eb31cd376a1a739c651ce3db44a9bfc37832ef64099eebaaa53f077afd9928d3ef03c6b8017acf9b08bb66578e7a0786d8c42c79a12a8276","ssdeep":"","tlshash":"9941c8e257488718dc1e0a7644a05ba6d7197d35ea4bbbae71cd241a3b3e0c08db81cf","first_seen":"2026-02-17T10:40:28.335027Z","last_seen":"2026-02-17T10:42:31.265812Z","times_seen":2,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_8.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.860Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_8.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j2eR346VqDsBx3v7pX2r4RQ36%2BAQGrIM0GRHn2VItqLqK2BHVZklrXQRnh3Pv6%2BmNdQ24hfXirCnxcnj9IyS2ZfZfIP7ydbrsswA\"}]}\r\ncf-ray: 9cf4ad129d8351e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31412,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (11465)","md5":"0ee4e57aded63c2fa004b77c759b7334","sha1":"42c962f905db8995774d086ed9b9e134fae6b2e0","sha256":"5b2151011e3b75124d3462ce9ace257e388c0b84914b03c4baf0ed6ab0e0033b","sha512":"5853d16896f01abb5f7b022a826c322a34b8f1d18ff8862f1b3600baaa325c2b5842628b4a088dc81ace3dc30c3cc5e24348ca38528e9fbd08379dbf8553fde8","ssdeep":"768:bOpQnnVGt7KKLsl0Yr3JGHxWAdZGGmwedZbrnDOW+Z5ECtSr3BORyJhZemBs2ScV:bOpQnMt6x62UJGkQL","tlshash":"d4e2f9b34940047ee35f2e81a3a25f1eb3bb520dee0255915aa57e94d2ebcd35003b9f","first_seen":"2026-02-17T10:40:28.31289Z","last_seen":"2026-02-17T10:42:31.26657Z","times_seen":2,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/67a1caa125d5c9f3dfb30931_ecosystem-img.avif","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.885Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /67a1caa125d5c9f3dfb30931_ecosystem-img.avif HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/ethgas-relate.webflow.shared.d868838db.min.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 24452\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"5f84-19b8d9ba054\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DYI6Z8I%2F6LNncW7b79kHvBTzHFypNVe03ajBsXasZazTaju0e1z4M5qAEGwIMNLSWWJX%2Fo6tjpER1bs6BxigvwBlaS4cFgHCcRrc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad12cd8b51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24452,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ISO Media, AVIF Image","md5":"3bcb992256c56df16292169b3bc5be97","sha1":"3dc4c668d68c8914cf655a1c0dc1e433c489dded","sha256":"61d45cab4fa063eb77468f6ba9d5c8a5f65c96a93b173b79cc7dfd9c940e4d31","sha512":"a49842585b10f46c5d3eb5233855446ea1ba23a5c0616055853a99bf837e56a3e95aa0cc84fa3a97c4ca01216c413d1eae86cc08900a048330bd7bbc01c968d6","ssdeep":"384:24o+/Mg+jDoxlMwCLDduDB+NjJwoYwNQ4qj9FcZCtMuonmdpUGo7utPd:24d1qolM7LDADMN9M7cAxom+utPd","tlshash":"efb2e1adb49d5971ef1a47b16dcc317b2e4ace01c73b6a2574042b8430d76663da8ecc","first_seen":"2025-10-21T08:24:55.467686Z","last_seen":"2026-02-23T23:29:16.304544Z","times_seen":5,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/3W13Wxcp_bigger.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_3.html","date":"2026-02-17T10:42:06.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /3W13Wxcp_bigger.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_3.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 3151\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"c4f-19b8d9b9f46\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 20582\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J2DfVXy9w7tNfpbnWBmHPUEABWwQ3enXbLpTADzvcdmlCGirVV9jJsmJEGDlxOED2baKKF5oGfV211YvCdbC9lnGxCD%2Bq948Jt%2Bx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad13cdb951e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3151,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced","md5":"796567028587c0efe29e6a56c9918e13","sha1":"56e786360e552d7f9411ae50c7524a8b5e79667a","sha256":"12aad40cb901ad0c7793b381691ad34fbbe60825859972f0199d1df408fc9ad8","sha512":"7756585d957c492396a0814fca65c3c66c3afb9e99313fe5602e9d5f7ab2315e81e27282c303437c543e99c5d25ad7efd0bec859923c451722128f70bb5254e8","ssdeep":"","tlshash":"2a513ad9e4416023d98cc9ab086f8814953d18be5b97ae3abd68d43683d31dd0f66a02","first_seen":"2026-02-17T10:40:28.29404Z","last_seen":"2026-02-17T10:42:31.268128Z","times_seen":2,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/1f50a.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_5.html","date":"2026-02-17T10:42:06.076Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /1f50a.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_5.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"4bf-19b8d9b9f40\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HzpemQ6U%2FbylXweHQQeT8uDOK1BOT%2F36vuhDr7XUo%2F%2BEI%2F%2BBp0uCju92hWM2%2B8EKIIhvFmy9uXX3mOtDusYblYjJskKp3zTKKQng\"}]}\r\ncf-ray: 9cf4ad13ddc051e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1215,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"766c86e6244395ea36c530a7a4f27242","sha1":"0c1f2111e1a9e69fcb22196c537c80a5036c3445","sha256":"691652fc6f9851e5d2ee32350fa8e7df81a09e525b956d655c7505276f255389","sha512":"b26ecde83913cb3dba317ec9a6d8839c7761568fe4a507cd37e7f406e35bdafd58c82b72ccba79ad77a5f74a9abbd12ac4fffa1ebf671960524000effbe4b56b","ssdeep":"","tlshash":"fb2124c151b0b3cad807dbed8fb915a550cbb2bd84760dc947cc55ac050a5cffa61818","first_seen":"2023-04-16T15:02:53Z","last_seen":"2026-06-03T13:17:02.846518Z","times_seen":280,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/R98nm3La_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_12.html","date":"2026-02-17T10:42:06.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /R98nm3La_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_12.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2439\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"987-19b8d9ba0c5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ynRIC4c3b94hdKuHNv4m7N6rA5CSQFDRipoAzelTJUx6iQgVosw7PjQtlFGkWu4vSXgCYzboMGb%2Bz1bReOeGpAWLj4AOC%2FS1rRU8\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad163e2651e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2439,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"0975e06eafd6e61ba4d0253d0c10bc81","sha1":"7c5c4a5f09c7a739f770bf9fef6597587c955fb8","sha256":"0fbdc9f44188bc81700caecfb26cff79e2844aadb29b42ae5f3ed23160acd227","sha512":"8b7180975d7019ba0475e015bcedba43e9e939493e58fbccec23ecc0e1e6ceafd7181fcf644331096f88eb8316e903598b383e0ba66ccef5f815eb78a69d2035","ssdeep":"","tlshash":"e341b4a26b941610fc5e163311988390db66ff209fe91b0ab19c462837af082cd611ea","first_seen":"2026-02-17T10:40:28.32543Z","last_seen":"2026-02-17T10:42:31.269488Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/68e65b46a22240be9dca1f80_banner_eth.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /68e65b46a22240be9dca1f80_banner_eth.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"dbd-19b8d9ba061\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZbOr8bArv8JB30rx1Mu4Y1x7EAPm61ZDHgVsUmHar4YjzEP%2FHI0JZGJPAbO1bKNj0VtSy2bxvkDgi374k0f08%2FDTElP2K2DUiSnH\"}]}\r\ncf-ray: 9cf4ad135da051e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3517,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"21b7b08e0b59baf9db44a7d202e4b613","sha1":"84ed5cc3cef3ed84a672dab13fe7c5b2a8fb07d2","sha256":"0644d51a104de4a202eeb058b82eb7d4a7046de367f106a41ede23b74858ebec","sha512":"6498203a8f6ef62aa08938a5668292872c6d3fa3be76cc2b2afa5285af2e766b9bf8fca0a5ceff6daa43df5e22efc974faf39ef3b9e06eadcb965fb95d8b170a","ssdeep":"","tlshash":"6b717ff639acd89c6d67c364daa58c9007bdb2b6f010401a9c1e0b37d257dc6f52b798","first_seen":"2025-10-21T08:24:55.464228Z","last_seen":"2026-02-23T23:29:16.321981Z","times_seen":5,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/1f333.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_5.html","date":"2026-02-17T10:42:06.077Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /1f333.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_5.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"35e-19b8d9b9f3e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IY4liOgLjO4LiHg8txuwThIBw5iASnaFa6POp6%2Bs4lqWyxldQECbqIEXrk2qHs0I7UMCWkvgDqNGJ%2BAIayhD86zpCnjdrRV6pFrI\"}]}\r\ncf-ray: 9cf4ad13ddc151e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":862,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1179cce930e54f671be9a98ffc9313e3","sha1":"ba8daf3a95d245d5d7328d9dc3b85ca49eb1bfe6","sha256":"28b0601f687f84e5fd61d3bd9637d30db7c280967a4518e85bba9f4b24671f57","sha512":"1f9b2339eae7745b825822866a5c10530d353e15a478c627dd73eb1aa6f077c44ae66e0f9c49f05c8a012e3e93b14f56e2d4810c197838ff3c0475ad94b4b739","ssdeep":"","tlshash":"55112dc9608cf4814708812d045f10b6834f6327af298b4eb053ec3ceb931e639faa76","first_seen":"2023-05-17T12:47:48Z","last_seen":"2026-06-05T23:56:55.438733Z","times_seen":212,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/zHCm9d93_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_10.html","date":"2026-02-17T10:42:06.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /zHCm9d93_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_10.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2973\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b9d-19b8d9ba337\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BmXYFOll0hfnD%2B6Ty%2BnU6Rcmzec4Lh4%2BswtS0Y8yyzTOursQfQ7BB0b1NBJ15iduTDzuh6jTs%2B%2FOXy35%2F%2B98MCu%2FkfsH5ke8VC3N\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad158e0651e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2973,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"2a3dd8206f1eaf4bb599bd6e0a4be5f2","sha1":"4d84f473e9ddd66991b1d137f34417d021d37b96","sha256":"1c4f64d9be01d69a1c00ea555c96401fc48fe71d45535197f1c0ff3215fbb40b","sha512":"0bd638bc198d5000601e87c5b0ef93c06b1b32663a84a6b522d3575993356c9d8416d232ff99a5d4b76dd2c889c722a1cc5e8057dcf99008ce07243402144282","ssdeep":"","tlshash":"dd51f95323665b04e63e2b7511905bb1ff157e32a28e07af345ca91e7f6f0d04d21099","first_seen":"2026-02-17T10:40:28.320435Z","last_seen":"2026-02-17T10:42:31.271535Z","times_seen":2,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/6937fd6a578a9b893cbd47bb_eigen.avif","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.980Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /6937fd6a578a9b893cbd47bb_eigen.avif HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 3541\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"dd5-19b8d9ba067\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mu7DAEfbvd2qfhx%2FZao8V%2FoswTnX0s66WEOnqR5F6M7IOuNww65kcc%2BpckZEV3vVXxN0WZNWgf1sPiC0nebPB8H1WVCv9r%2BC85Il\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad135da451e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3541,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ISO Media, AVIF Image","md5":"b3a685598e0458d74d61302056f92950","sha1":"dc930685047e1f414d593914280d76eb9a8c448d","sha256":"321716ca4ed801ccbc187f0139fa9e69d3fa6eeb1c7cb936a69c520900069501","sha512":"9f97c201240955ad5ee0214011199c8af2a57ccce600b7193d4cef5d6adf1d0fb508499da3e15956b36bad5cc6a1f5dbd3a06726c026009c1f355a0a9b503ef2","ssdeep":"","tlshash":"69714c5e22a28f19d84d4b3392ad5201527351db35e277fd4830738d9c1d37edf64a80","first_seen":"2026-02-17T10:40:28.357322Z","last_seen":"2026-02-17T10:42:31.272284Z","times_seen":2,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.700Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript\r\nexpires: Tue, 17 Feb 2026 11:30:05 GMT\r\ncache-control: public\r\nvary: accept-encoding\r\nx-frame-options: DENY\r\nx-content-type-options: nosniff\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ks4Z%2FDeoEgsgT1XrUnrTYm4GkrAhNHXvntNp62ScKES28avGBShwn3N3asYyR5a7a38CET5tFF8ziiQiw8hGE0UKW546AxU%2BTjEp\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncf-ray: 9cf4ad11ad4c51e0-ARN\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1239,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1238)","md5":"9e8f56e8e1806253ba01a95cfc3d392c","sha1":"a8af90d7482e1e99d03de6bf88fed2315c5dd728","sha256":"2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8","sha512":"63f0f6f94fbabadc3f774ccaa6a401696e8a7651a074bc077d214f91da080b36714fd799eb40fed64154972008e34fc733d6ee314ac675727b37b58ffbebebee","ssdeep":"","tlshash":"6021d5743a18107e226a0133e56f66cee1f23715fd17e440408ad89566e4fe5063fed9","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-06-06T11:10:20.785742Z","times_seen":361890,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/R98nm3La_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_4.html","date":"2026-02-17T10:42:06.097Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /R98nm3La_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_4.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2439\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"987-19b8d9ba0c5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gu8Vwy5oJAGMptN5yT8ltzGO9EEWGRu71Z16iBJtZS0%2F1lJf%2BrJVVcMXALTL5hlsLucHw8cDfrvo2LG49yH5W1kOROZ6tOunWxHW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad13fdc751e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2439,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"0975e06eafd6e61ba4d0253d0c10bc81","sha1":"7c5c4a5f09c7a739f770bf9fef6597587c955fb8","sha256":"0fbdc9f44188bc81700caecfb26cff79e2844aadb29b42ae5f3ed23160acd227","sha512":"8b7180975d7019ba0475e015bcedba43e9e939493e58fbccec23ecc0e1e6ceafd7181fcf644331096f88eb8316e903598b383e0ba66ccef5f815eb78a69d2035","ssdeep":"","tlshash":"e341b4a26b941610fc5e163311988390db66ff209fe91b0ab19c462837af082cd611ea","first_seen":"2026-02-17T10:40:28.32543Z","last_seen":"2026-02-17T10:42:31.269488Z","times_seen":2,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/Uoyc5-p8_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_9.html","date":"2026-02-17T10:42:06.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /Uoyc5-p8_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_9.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3151\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"c4f-19b8d9ba0c6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pdZuLIBSRAtq6kyLyb9tetjugFjkjKWR2giEwjcKvHxFctxgVIQPjTUznDFMQ5tMfC8FH%2Bavc6bPNzAk%2FCtVj4946GxR6zZc2vyA\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad14dde251e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3151,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"748398a135b49b9d3bd7059d465ca235","sha1":"63eccea52513037b20dddca9d5aa18979a8b67ce","sha256":"50b91e7c6bece7444afe510cff78a73bf6282a8de5950dedd8539fd0fbcf57b1","sha512":"dc7b664c2b857481e2f9c679eac2f728dfa308d8bff76433fe3ecb3aa74cc5548cb55e8b1e1d4de7e1c511c0c618c6a2286578854ffdd9bbc0607d39a548705d","ssdeep":"","tlshash":"c551e903e7385a09f62d2938a0509b27d959bf252653937775dd452d372b0c08d286ff","first_seen":"2026-02-17T10:40:28.314801Z","last_seen":"2026-02-17T10:42:31.273594Z","times_seen":2,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_6.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_6.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AsUaBroH61rmtlqd7cBWNlKC6byYG6tlnV7hdEjf9jDQn2gUdbSjkzNu6hO2NyNErnjVTewurhHS2V1sjEmGp%2BSnoM7x%2FgJ5bISQ\"}]}\r\ncf-ray: 9cf4ad129d8151e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":289,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"ca701d07c747b621727b877d9784b98f","sha1":"02a1f8c24b1ca192c9c5ea7a9bd9a024530f3fbd","sha256":"fd51a2f912796606cab851116ca7273828ed0a7598409a21029d9ad09adce468","sha512":"2ef2d588b7a0afee51beef89ca2fd2997a4a9d86dd67b6f832c6a968ec19a9962e2b6e2693ed182352fe9042861074e7a9dfcd9fa6858f4a4bf0e50f52daa5ae","ssdeep":"","tlshash":"01d0ebd7c12100082e84a7804ac6b0100ccabb5eb4008f282e73b0a8eced2b0c033340","first_seen":"2026-02-17T10:40:28.329051Z","last_seen":"2026-02-17T10:42:31.274387Z","times_seen":2,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/6792056e5c6ed219791db714_InterDisplay-Regular.ttf","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /6792056e5c6ed219791db714_InterDisplay-Regular.ttf HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/ethgas-relate.webflow.shared.d868838db.min.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: font/ttf\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"627c4-19b8d9b9f82\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qb91xctiQD9JXfDNA0333eF41dtXtSxs7vZf79KJZaxLJFS3g8wu9jZSldcZ2x%2F5eSTkWyGRvRjG%2FL%2BSWAt0l2txMlwbKK%2BktchF\"}]}\r\ncf-ray: 9cf4ad12dd8e51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":403396,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 17 tables, 1st \"GDEF\", 37 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter DisplayRegular4.000;git-a52131595;RSMS;InterDispla","md5":"6087baf32494adfe1bb91a9cad6aa7cf","sha1":"d95ca7cbad5a031ad278e9d333fcab0f067bfdc0","sha256":"1cb7b997bd7a39ee151752946809bbef50648aa05ff50a855ef642886a57e1db","sha512":"2a9e6b2fff790c3885cd23c4d8b0c439601652326f57cd638639d3eeaeffeafbee9749a4afd724c2103f614fe280b9f68498f133f53fc09cac7b8ffe85e0d30b","ssdeep":"6144:3jWwXSpB22yJWPziKSQLmXGTd5kcAmGTRYZyNAyg5a3ga0wZsTArj3k4yhE18:3jwB22NPziKqe0aMCg8","tlshash":"05846b1beb05eb0ade1a1c3486f693d133a9fc953d1ac28bb05e3a59c9931b40ed71d1","first_seen":"2025-03-13T11:19:58.162328Z","last_seen":"2026-06-05T16:38:46.803964Z","times_seen":90,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/mqROce2n0YTnGtpo.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_3.html","date":"2026-02-17T10:42:06.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /mqROce2n0YTnGtpo.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_3.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 46015\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b3bf-19b8d9ba336\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 20582\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KG%2FDgFImCx6kk2rm9D78UjPKPJaOSiI%2FDHwtutl9SwsbRmaj4obB%2FgJQAOXnNEfNAQSsUO19GQFdsNqKwlZ6CP8%2FKoY8oF9Xckqq\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad13cdbb51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46015,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3","md5":"b0bdf5922af8c5ebf2e415ab221d8090","sha1":"89f005b576384be819aaf1151453cf3c28bd92c2","sha256":"f01db6b13ca393c707fa77f42b58ba634ac2d2aded667be1b5bfc7b42d45ccc2","sha512":"e5be4d969efa22e16b7ea1ab96f2b7239f74563cce673ea33bdc350de6ee066c3643bcafbba999ffdf00fe48d46399f86990a12ff72db7915c383b18f199ea75","ssdeep":"768:m6z/U/7d8+Fr9E0Iu8k12Dw+cJiobeOLadEV7vRrxHytKSRyCNQ6x32L:2xFrWJu8koc+8i9OK2Jxyt9RyCNQg32L","tlshash":"8a23f152730962266e4d0cfc07624b1eba6d4f09b6f99f94c7f0196643945fbeb38224","first_seen":"2026-02-17T10:40:28.324006Z","last_seen":"2026-02-17T10:42:31.26389Z","times_seen":2,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/3W13Wxcp_normal.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_5.html","date":"2026-02-17T10:42:06.080Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /3W13Wxcp_normal.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_5.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 1959\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"7a7-19b8d9b9f48\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PUt56bjflQMY6YTGYgjolN1HbyMTfID%2BCsN4awWOjouB%2FIRshmk0SeDfgeCcdL5EE3SuNWTOLPxsUQiMQVTqPBR0O2m%2BQpD1hXgF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad13ddc351e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1959,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"c474954c5b7a8aaeab8db5a5cde36a92","sha1":"26d86122e1cd14ccb9968beaed45539954543d65","sha256":"39b8a04e0d0d3d2a35ac2718e9fd0f7debfae013875c21812b69ee07dfb71614","sha512":"48bff9fb8bb7e2c422d222943fc736f1b08c339c3427f81d25074e7a3c8625e2698538c67902d3869e53861e0cfb92978b83692a3e4cf6b9e60a1fecf0530e4e","ssdeep":"","tlshash":"574119f5975953e5a14e0c88b2c7901a7910382e4a7fc98ffa0d14b6ef48ce1422f021","first_seen":"2026-02-17T10:40:28.322269Z","last_seen":"2026-02-17T10:42:31.275981Z","times_seen":2,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/3W13Wxcp_bigger.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_2.html","date":"2026-02-17T10:42:06.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /3W13Wxcp_bigger.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_2.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 3151\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"c4f-19b8d9b9f46\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 20582\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tpubwN%2FEDnYqIhDnXORyuQvwquiLJSh1cb%2F6LclXl0wZsKz0b1YUwNkAo9kEhvO8QyB3yh9BIbNWkc6CrWa%2BsXncyjMHbxD1VmAb\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad158dfe51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3151,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced","md5":"796567028587c0efe29e6a56c9918e13","sha1":"56e786360e552d7f9411ae50c7524a8b5e79667a","sha256":"12aad40cb901ad0c7793b381691ad34fbbe60825859972f0199d1df408fc9ad8","sha512":"7756585d957c492396a0814fca65c3c66c3afb9e99313fe5602e9d5f7ab2315e81e27282c303437c543e99c5d25ad7efd0bec859923c451722128f70bb5254e8","ssdeep":"","tlshash":"2a513ad9e4416023d98cc9ab086f8814953d18be5b97ae3abd68d43683d31dd0f66a02","first_seen":"2026-02-17T10:40:28.29404Z","last_seen":"2026-02-17T10:42:31.268128Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_10.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_10.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PpZndMrHrb2gPyV8d5jr09OVH9LjoNYrmzNJDAhiOy9I%2F31o3bdIp9AJQjvG%2FeINhkz8QEqK2L4G%2FmEZHlV64i0uXEG905zWpvOF\"}]}\r\ncf-ray: 9cf4ad124d7251e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31984,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (22467)","md5":"958f805b4826e6959b06732773e0d2d0","sha1":"a72e86728f7a887fca3c3de9a1b360f967b0fc3c","sha256":"81ab6ed73863d0afae9e62c9eeeffc0eda4f2cb8e299d4f897bb0af09b1bcde6","sha512":"4b5b9bf3ca2999e026f7c3b5185b8e6e06854e2569fedc4e554ed65f026ef88673261da5c283e05786e25bfe70e2f5448b018dd23da5e794899325d89b8d3035","ssdeep":"768:sYpQnUAcnKKLsb0YrPJbHaWadnGGhGOexZbrnrOW+ZtECtnRpORyNhZwmPs2SDo3:sYpQUna24dHsI6kk","tlshash":"5fe2d7b20950007ee35b2d81f3725f1973f6520dde0294a14aa97ea4e2ebdd79013f9e","first_seen":"2026-02-17T10:40:28.300289Z","last_seen":"2026-02-17T10:42:31.276855Z","times_seen":2,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/6792056f7fddabb04bb62348_InterDisplay-Medium.ttf","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.907Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /6792056f7fddabb04bb62348_InterDisplay-Medium.ttf HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/ethgas-relate.webflow.shared.d868838db.min.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: font/ttf\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"64368-19b8d9ba021\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VU8Q7B%2FS1bZn8tAuVgD2JT8YCkEg%2FJAKqe4%2FhtZ8Y7JhUkiQxWZKL3FMTqANkipB%2FS7JdYJWy8mAbcC6LHNow172XL6FYFIkqgsb\"}]}\r\ncf-ray: 9cf4ad12ed8f51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":410472,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 17 tables, 1st \"GDEF\", 39 names, Microsoft, language 0x409, Copyright 2016 The Inter Project AuthorsInter Display MediumRegular4.000;git-a52131595;RSMS;Inte","md5":"c3a19669953c82148d31ec5e8dc67858","sha1":"61953e5312b886c32b1c0b7e40da29aca58897a0","sha256":"3728a5143aefa1f75b7d271de56f76659ca726da1fc35973138b27a583d2b94c","sha512":"78cd2c3c092977bae03d83426577b510084ebd735209637b66418b7c704343ca04422a6dadfe38bec9cca222942f31bfff2ba62dd1102abaf0572b782ce61855","ssdeep":"6144:gSpAo9l7yJWPziKSQnY3l6S05wD/FegHOhS5g31s6AZ6j3k4yhM18:gGjl7NPziK43GMIum8","tlshash":"6f945a17e305eb0dd9161e708ab987c033bdfc81791bd28bb96e3b59c9871b40ad62d1","first_seen":"2024-09-18T19:40:52Z","last_seen":"2026-06-01T23:28:44.350157Z","times_seen":76,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/693aba3dbfebc06263091fb1_aquanow.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.982Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /693aba3dbfebc06263091fb1_aquanow.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"ac8-19b8d9ba096\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HxzVM6FL2zh2EJeT8WadaQAdKOXzpZjmbOumQ4VIpoC2zrCP4Xb3GxgesRmGOOCcGTHc7zEF0kt9hv7LJdNlUhmL6kIuZ5x015Q%2B\"}]}\r\ncf-ray: 9cf4ad135da651e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2760,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c9d45ca4bde9dc53c66b816451653a98","sha1":"a79c9023aae2ce6b092a967e321be274ccc922d1","sha256":"560fad3b1b14fe15e0e85b3bfac8954a187dcfba90c1093b660b06005267df8e","sha512":"d163b9f5d3b6c4d83fe379b88512db55f6896b6734c9db9df9daa86724a51b2dc8c556651ecb6a6fadf26e4a0ef3396f917b6ea13e3ce680b71a74774091f83f","ssdeep":"","tlshash":"975163f827b2c2a86d55f5be3a1da05c3ec154f942610521c6ab6d30f1c75332c26cca","first_seen":"2026-02-17T10:40:28.306702Z","last_seen":"2026-02-23T23:29:16.317981Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/26fd.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_8.html","date":"2026-02-17T10:42:06.552Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /26fd.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_8.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"66c-19b8d9b9f45\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 20583\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wmsEldwzXpUanN5u0kddR6EYYOnYUZBlsauFqvCe5YeNInk2M%2Fe5tfh48WAuRgMelXpRdRnpj3JaWEXvseL0URODM9mCJAN6xtyp\"}]}\r\ncf-ray: 9cf4ad16de5551e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1644,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"aceae280075be9b5026cf651f580a699","sha1":"19b45a97472a4884ea0934521ea4d9936c19f251","sha256":"0363471ab6a67271f8fad0271d3125076d9d4ee02e474a9dde22ad6f9c2d1b10","sha512":"69ef663259aed2dc724a38e80b83bbdcada40a696a0b1567543ffc361060627385767e2ef9a23cf6aca044658656c29be214e1fad150b35a69fc6a2e37df1b3a","ssdeep":"","tlshash":"163172c45738b6d14996dbed0fad32dc014e706ce27260cab24aea38519f9eff513908","first_seen":"2023-11-06T22:27:17Z","last_seen":"2026-06-04T16:31:08.110624Z","times_seen":102,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/26fd.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_3.html","date":"2026-02-17T10:42:06.068Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /26fd.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_3.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"66c-19b8d9b9f45\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 20582\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TGnt8XZf%2FiiU%2FkQetuV9RTEFNqR48d3KvWals3exKVIGUpelMYnTZwzhh42UGZUJ8w093XYiYj1A22GoGJRbq0xhF1cwEW1hgQQG\"}]}\r\ncf-ray: 9cf4ad13cdba51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1644,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"aceae280075be9b5026cf651f580a699","sha1":"19b45a97472a4884ea0934521ea4d9936c19f251","sha256":"0363471ab6a67271f8fad0271d3125076d9d4ee02e474a9dde22ad6f9c2d1b10","sha512":"69ef663259aed2dc724a38e80b83bbdcada40a696a0b1567543ffc361060627385767e2ef9a23cf6aca044658656c29be214e1fad150b35a69fc6a2e37df1b3a","ssdeep":"","tlshash":"163172c45738b6d14996dbed0fad32dc014e706ce27260cab24aea38519f9eff513908","first_seen":"2023-11-06T22:27:17Z","last_seen":"2026-06-04T16:31:08.110624Z","times_seen":102,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/c1FsysWP_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_12.html","date":"2026-02-17T10:42:06.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /c1FsysWP_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_12.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2973\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b9d-19b8d9ba0de\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=N9it6aYOVrV2eI6oFRTtVnqU7U4X22vIB21BrQ0EUbdzXjFlc%2BuRJf78AnbPHglLj1U2vUAqvvmZJJsisvfvSFxukVqpc4aRLHsI\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad162e2551e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2973,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"4704eba76873ad98ec5fac280fe95346","sha1":"8434b9bc2925321da4dc134430605da119065596","sha256":"bfd2edff1aa825fc0bd483b01e27611d7cf3fd0e96757f147d5ad0b497ff70e3","sha512":"c208f5882375baff0514c1b045a96b03960f751dd796fce23c89815bf724c2e757e4c7eee3a89a1df84d8c1abcb5f4493b8a80f42bced78c60d03d4cc3ef83cf","ssdeep":"","tlshash":"9651f822634d5e5af81d2a3910285724fb057e120a82af7f74cd4a1cbf7a4c10eac15d","first_seen":"2026-02-17T10:40:28.296839Z","last_seen":"2026-02-17T10:42:31.279586Z","times_seen":2,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/26a1.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_12.html","date":"2026-02-17T10:42:06.451Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /26a1.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_12.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"1c3-19b8d9b9f42\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XamW9IwloSC3IkDueH5FVHjrikfWY2IDPS8ebPTDULERfi9pCIgqqBUNsR%2BVDZEta6GCsHdRfQ0XkKc34q2byEroq8rbqNFqZBhA\"}]}\r\ncf-ray: 9cf4ad163e2751e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":451,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bcca43b1c7aa91d47f62962ce2422ae1","sha1":"6bd13c3ba629e5f79d9ddf15cc79b7dc34729638","sha256":"d3a6d0c18f6887f771aa3cd51db375e7a9588e1af63801cc100cd9bcc5bccaac","sha512":"17ca2fa881ffffb8be0e67b1d689c6e977df3ba079a4c36f8607b824763ae3c9e1f7d6791230ea71a4128d6826693c95f2b55a3297686a7b7c7939ea139bb596","ssdeep":"","tlshash":"07f0236163fd6658dacdc53cfba194c0f05ab0de01b9888897c69710127ff09b710411","first_seen":"2023-05-15T16:34:06Z","last_seen":"2026-06-06T09:35:20.044871Z","times_seen":2860,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_13.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_13.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eyuEH2BC3RTkAXTNtDWtnnju1OOzKyfdZwBRP2AwL4mBo4n82SAEf%2BhuDxpQmyWGNc4EafCsEsuLzeADD1thx7fX4eO6kO2r6LsR\"}]}\r\ncf-ray: 9cf4ad125d7951e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33121,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9521)","md5":"30782e74330c3a662f3167adcd911d82","sha1":"e7ab82311e646d4c218d65cd5c520b9a46c14469","sha256":"554a097deab159e819e874e28dc2dfa7746c9b965fd332f064b00be15208f1df","sha512":"a7311baba6490a88d61a59598b2a87f77928d712765d1e80123d2a872860e50f86485c47ba5e20e33de64e6e1bf51cd755783a9a4a29ca6da6c6cfcfb8f938a5","ssdeep":"768:5KpQnUV8KKLsE0YrKJ2HaWadnGGmgexZbrnsOW+ZlECtnEMckCw5iORyMhZPmmsG:5KpQUkc/BuBEJot0EObk","tlshash":"51e2b7b20a50003de36b3dc1b3721f5973f6520ddd0294915aa97ea4e2ebc96a017f9f","first_seen":"2026-02-17T10:40:28.340764Z","last_seen":"2026-02-17T10:42:31.29289Z","times_seen":2,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_9.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.790Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_9.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=L0rxtoqVo0ltuwkSOxpfYiwdnDJDFE2j%2FEOLmTfeaAzkrpIfZDdO3ikHmyDxqcH%2FO9MvNXVwWGwdXOuU4sdSGiShSkaMES%2BpPIag\"}]}\r\ncf-ray: 9cf4ad123d6f51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34485,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (13901)","md5":"4090bd82e35b397f378e510fb1f7c4f0","sha1":"9971522c24b6c7fbfb9a030dd528f326a1ed287d","sha256":"c554a8e5622648f353b9b0f8b8214ce8aa2cf554a8e80aee8f321cc71d6f9c2d","sha512":"6e88109104c85ddf5ce7b70732589ce25fa8ba35f2155835d8c5220fa76da3b495658a4beacab1c7509e5f3053097a13a913ec94d3f68c8302780df34d3c0287","ssdeep":"768:+xpQndVLKKLsFMU0d1rXJbHaWadnGGhGcexZMVjCgDnoOW+ZSECtn3DbPQePomqL:+xpQdF2/uJtPurzpjik","tlshash":"d2f297b24950003de35f2dc1b2772f4db3f6520dde0294915aa57ea4e2ebc96a013e9f","first_seen":"2026-02-17T10:40:28.326585Z","last_seen":"2026-02-17T10:42:31.293847Z","times_seen":2,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/693aba46f4ddea06563809c9_stakecapital.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /693aba46f4ddea06563809c9_stakecapital.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"157d-19b8d9ba097\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PGDscwdsWE%2BWHhRpIFGH2w8t7IgSBEmiWaLBoskK8BS8y3ESl2cx1Og3e4aOe5UA1jYQVJREfLYeS%2BekzJpXxEGKeM8rATO9l0MJ\"}]}\r\ncf-ray: 9cf4ad135da751e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5501,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"643085b0f4276be92290598e1ce4a69a","sha1":"0fa269dc764c939afaa08ef44926c71e4b798198","sha256":"f872037222214a75e69b6c6481e93a18a753acf45dd4c890474067f591ab7f12","sha512":"c83ade62691a524354a1bb13b448e4cd20c60a58f9f80d19f20d498f5c0f5186cf58f024a5be369872bcb254febf8c9414fcaf6dea488b65aec9bc7d780bb896","ssdeep":"96:eVZyFAB/qoAsKHNMTKDRbVIWE08Xh7bGmO+ls3gch+TVIy0tpmk5DZbWWxaefSTC:qyF8EHlDRbVIWzCamOVQchHy0tpmk5xH","tlshash":"0db11dc82f6886fdb895f1feb62218a42831a8faabc08374c729192d75448555e05bf7","first_seen":"2026-02-17T10:40:28.31649Z","last_seen":"2026-02-23T23:29:16.327341Z","times_seen":3,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/1f987.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_5.html","date":"2026-02-17T10:42:06.074Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /1f987.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_5.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"73a-19b8d9b9f41\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2ecSdixZ%2FcTz%2BJnhGnBKs2j%2BKUea2wiv8BBJmsMgadTXftaOxLg7XzYan3j1gvmiAfJ12jyJBEfqojdcy%2F7qXssiIYf0NIBiaxdC\"}]}\r\ncf-ray: 9cf4ad13ddbf51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1850,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"af70a9ae5dd90f1078e363eab1c855cc","sha1":"821240b1c6a6cf6589784fb1d0e1f46c17271421","sha256":"15e1e1bac9988be3960759f24289e3a5bfb04ad0a42a88f1ab10680df1bfa61c","sha512":"a93581b7de1371d92407755514e8d3a723a4ca5b17288de2591778f0b14e0378fa5b61d268035bc8314048cd98d5c744b5fd22d999d726facea0857bddce0094","ssdeep":"","tlshash":"d531a6c5a7b4f28404d5cbddef5ef0ca4329615e435e8ac3a1dcdc68620b6ef5842d40","first_seen":"2023-08-27T17:33:25Z","last_seen":"2026-06-05T20:56:43.646689Z","times_seen":38,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/26f3.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_5.html","date":"2026-02-17T10:42:06.078Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /26f3.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_5.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"291-19b8d9b9f43\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UBDkxzkcrFE3uj4bvzPW5q%2BTai4dNOefsKmBVKIHSCpNw90zGDekb%2FxvIW5T2H4ny6RC3sbwydwR8AzNmhOemxk5yj0Eyfx3UTmb\"}]}\r\ncf-ray: 9cf4ad13ddc251e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":657,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"795431f7abdbe4dcaa45e1355146ecec","sha1":"6bbe5a3ba1fed87b0854f8036a71dac2ef58200d","sha256":"1a234f081427c18433748344ea1bc0a6b973dde099aa32952bd4084a5109a204","sha512":"29e808da41980c37099200af5ce8e228591ab34cc41d7100860ccbfacaabe239f1db30343d9de81cfc5df7c7659744c49ef786b045e6641e635854275fde83b6","ssdeep":"","tlshash":"4b0123d0203c3a14cc830766dd3ff8e160cd30be51440b84a5ac899033a79ca74e4b60","first_seen":"2023-07-13T02:37:42Z","last_seen":"2026-06-01T07:17:01.681596Z","times_seen":155,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.prod.website-files.com/679203a36901695b8ac1ae2f/679791cd4e12c0c0e34a2131_Webclip.svg","fqdn":"cdn.prod.website-files.com","domain":"website-files.com","tld":"com"},"ip":{"addr":"104.18.161.117","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:06.149Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"prod.website-files.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 06 Feb 2026 00:51:58 GMT","end":"Thu, 07 May 2026 01:51:37 GMT"},"fingerprint":{"sha1":"57:A1:73:C0:08:07:F2:DD:56:2A:DD:FF:51:D4:A5:62:53:C7:9A:8E","sha256":"E9:8A:00:BD:F9:8C:57:70:7F:31:ED:E2:BE:3D:E8:0B:D1:09:B4:07:B7:19:9F:0A:04:46:22:1B:EA:3D:8D:24"}}},"request":{"raw":"GET /679203a36901695b8ac1ae2f/679791cd4e12c0c0e34a2131_Webclip.svg HTTP/1.1\r\nHost: cdn.prod.website-files.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\ncontent-encoding: br\r\nx-amz-id-2: p5TFJOvBZVktfqD5a3ytQ5wIW+W1aRxFk+wveTHODNiREA1nOsSAs61u3W0h1HIoIIxIIV4TAt0=\r\nx-amz-request-id: 3XH8PZW19N9PDCB9\r\nlast-modified: Mon, 27 Jan 2025 14:01:50 GMT\r\netag: W/\"6f26fa64f4e23b60c532c5cb8a57e258\"\r\nx-amz-server-side-encryption: AES256\r\ncache-control: max-age=31536000, must-revalidate\r\nx-amz-version-id: kLlBOQY94HgZvDXVLtW.fBdK9Ujq7yqL\r\ncf-cache-status: HIT\r\nage: 179150\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\ncf-ray: 9cf4ad149efd2efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2086,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6f26fa64f4e23b60c532c5cb8a57e258","sha1":"498bc4d54fc65c7fcc0b2d64704f3eb7317956de","sha256":"642eba909c29e0695de39405d25968378419a5cfc75715d3c9a055366b6c26bc","sha512":"a9da65e9fb2cf648b0b03b1cf7e6c14f96b066943b8cb75dbb85e6eb355b72247d5b853b94cea248539826b6e0efdaf0626ea41776ac006d710572f8c7d58b94","ssdeep":"","tlshash":"2f417d67f629dc63d369c1a8ea448a24105f91e3e9c1c27081e4ff1f78295db2d2ebc1","first_seen":"2025-10-21T08:24:55.471271Z","last_seen":"2026-02-23T23:29:16.334839Z","times_seen":5,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":1,"connect":3,"send":0,"wait":61,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/c1FsysWP_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_7.html","date":"2026-02-17T10:42:06.209Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /c1FsysWP_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_7.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2973\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b9d-19b8d9ba0de\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0RUzN469nwWTNoOufzqTTh7dWGVy0hFdlW2%2F603hnrLVZZ7eksE8x2LrRb84kcN5y%2Fk9n4nnKqvgIoFmnSYwsmAUQVyD00%2BPVe2T\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad14cde051e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2973,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"4704eba76873ad98ec5fac280fe95346","sha1":"8434b9bc2925321da4dc134430605da119065596","sha256":"bfd2edff1aa825fc0bd483b01e27611d7cf3fd0e96757f147d5ad0b497ff70e3","sha512":"c208f5882375baff0514c1b045a96b03960f751dd796fce23c89815bf724c2e757e4c7eee3a89a1df84d8c1abcb5f4493b8a80f42bced78c60d03d4cc3ef83cf","ssdeep":"","tlshash":"9651f822634d5e5af81d2a3910285724fb057e120a82af7f74cd4a1cbf7a4c10eac15d","first_seen":"2026-02-17T10:40:28.296839Z","last_seen":"2026-02-17T10:42:31.279586Z","times_seen":2,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/1f50a.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_10.html","date":"2026-02-17T10:42:06.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /1f50a.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_10.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"4bf-19b8d9b9f40\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IRamf4ijYw1DFZMomlX5hsNCTruAxPtdeih1%2BOSOp5d8AFWY24ptIXZuJqvUNQRXehGhAInTexzJ%2FRQAcglMMeh6ktwtWBFE3oAe\"}]}\r\ncf-ray: 9cf4ad159e0951e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1215,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"766c86e6244395ea36c530a7a4f27242","sha1":"0c1f2111e1a9e69fcb22196c537c80a5036c3445","sha256":"691652fc6f9851e5d2ee32350fa8e7df81a09e525b956d655c7505276f255389","sha512":"b26ecde83913cb3dba317ec9a6d8839c7761568fe4a507cd37e7f406e35bdafd58c82b72ccba79ad77a5f74a9abbd12ac4fffa1ebf671960524000effbe4b56b","ssdeep":"","tlshash":"fb2124c151b0b3cad807dbed8fb915a550cbb2bd84760dc947cc55ac050a5cffa61818","first_seen":"2023-04-16T15:02:53Z","last_seen":"2026-06-03T13:17:02.846518Z","times_seen":280,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_2.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_2.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 20582\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Ch5d1KxFUeGIe9PCo2jH7M5FHX8o0PI%2BWTryFEJPXJx5ElfiZs%2BoKNr1fTwD24zs6fvLlYEAKzmnSPsdc1%2FpjFI2NRlZxXcVmIgb\"}]}\r\ncf-ray: 9cf4ad123d7051e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31411,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (11465)","md5":"d69de3896453e4c782243b38b3d3bc56","sha1":"cfe298fbc5b4a658902072f06e4dac150a74bfd6","sha256":"522ba6d840c0f7bc25dd6530e2fdbd6dd5c50a58c06dfee1ec26e8b839398b8e","sha512":"36148d213e994340618bdb99c948df576ef899460e5a8899a7b031cdef15e3c914a2701518c81f8ad73c10b1ea524656d61da393b8b93e1754320cfc040e74b6","ssdeep":"768:bOpQnnVGt7KKLsl0Yr3JGHxWAdZGGmwedZbrnDOW+Z5ECtSr3BORyJhZemBs2ScV:bOpQnMt6x62UJGkQL","tlshash":"a2e2f9b34940047ee35f2e81a3a25f1eb3bb520dee0255915aa57e94d2ebcd35003b9f","first_seen":"2026-02-17T10:40:28.352801Z","last_seen":"2026-02-17T10:42:31.298368Z","times_seen":2,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/6937fd8789f9c78d25c32493_pendle.avif","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /6937fd8789f9c78d25c32493_pendle.avif HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 3586\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"e02-19b8d9ba069\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4GF%2FRwhQAZkrnwS50SKPRoPbP6%2B2GwqCmYDyLGfwn%2F%2BUJYCgP1UqmaVl42ABO0Xhueu98i5UbOsprn77eggLMVDMS8e0GHX%2Bz2YP\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad135da351e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3586,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ISO Media, AVIF Image","md5":"32ded607feb8ca70b74982f87fb3e8a4","sha1":"c94ece0062cb9682cc5e02800a90665e738e2913","sha256":"735ae7025afbaab7de54bd7357e7ab433544b4b6c3cbd0e5f47b930b071008ce","sha512":"163cfd87f680fca45ae6838b8f47d3505ac81bfa9b9cae7df83d242953e79f1a366c592f6569ea35fd0320f1b89070b081dc4cc1b55de7f3edc41873ca4c12fd","ssdeep":"","tlshash":"76715c1333119873e85c0eff0be48b027b2279e8699b4f57ec017d94922a195ca95ef2","first_seen":"2026-02-17T10:40:28.337757Z","last_seen":"2026-02-17T10:42:31.2992Z","times_seen":2,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/26fd.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_2.html","date":"2026-02-17T10:42:06.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /26fd.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_2.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"66c-19b8d9b9f45\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 20582\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qPyClAB2PQBA%2BAooCTwN29RAj2bdC5UnyIPbSw%2BFQiaDMwStM5g4R8fKOWzIIBwcjCaUMSqw298Nw5moV5Rmj9FA50WmqeZFB3Nv\"}]}\r\ncf-ray: 9cf4ad158e0251e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1644,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"aceae280075be9b5026cf651f580a699","sha1":"19b45a97472a4884ea0934521ea4d9936c19f251","sha256":"0363471ab6a67271f8fad0271d3125076d9d4ee02e474a9dde22ad6f9c2d1b10","sha512":"69ef663259aed2dc724a38e80b83bbdcada40a696a0b1567543ffc361060627385767e2ef9a23cf6aca044658656c29be214e1fad150b35a69fc6a2e37df1b3a","ssdeep":"","tlshash":"163172c45738b6d14996dbed0fad32dc014e706ce27260cab24aea38519f9eff513908","first_seen":"2023-11-06T22:27:17Z","last_seen":"2026-06-04T16:31:08.110624Z","times_seen":102,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/3W13Wxcp_normal.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_10.html","date":"2026-02-17T10:42:06.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /3W13Wxcp_normal.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_10.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 1959\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"7a7-19b8d9b9f48\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2ZPfjCl6%2Fq%2BQ9Tw%2FI1KdVe%2BrlvY0jDRVGpggvbHnWJ87c34EskaeTKmFVb3xZr2OPTx0eHzvBesHNjh%2FBUSwSdBY0ywnS4fc9uhG\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad15be0f51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1959,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"c474954c5b7a8aaeab8db5a5cde36a92","sha1":"26d86122e1cd14ccb9968beaed45539954543d65","sha256":"39b8a04e0d0d3d2a35ac2718e9fd0f7debfae013875c21812b69ee07dfb71614","sha512":"48bff9fb8bb7e2c422d222943fc736f1b08c339c3427f81d25074e7a3c8625e2698538c67902d3869e53861e0cfb92978b83692a3e4cf6b9e60a1fecf0530e4e","ssdeep":"","tlshash":"574119f5975953e5a14e0c88b2c7901a7910382e4a7fc98ffa0d14b6ef48ce1422f021","first_seen":"2026-02-17T10:40:28.322269Z","last_seen":"2026-02-17T10:42:31.275981Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/zVvmaSBl_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_9.html","date":"2026-02-17T10:42:06.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /zVvmaSBl_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_9.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2617\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"a39-19b8d9ba338\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CD15Fx%2FUh9aLk5BfcjXlfiG%2Ffa5kRTLujw7zWXexmq0eTg2VbEXlPAiQTir7WmLOoH227b%2FCmknUUCdfbKBZXMBRlQhKx5JvpntC\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad166e3551e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2617,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"0dbaaab9c43a45a35e88629d50c1cae4","sha1":"5b8a642d58ab3ea933e8de30b9e7414d8843fd71","sha256":"86cd4d7559cbecce027ea46458cfe2f7224a187e3bedf1d71928b7f738fe5546","sha512":"d60701f3b429ee3e1361cc9c118c252ad6c5e8381d922c2db0d544acabcc4ea025b484bb01adcbc5e4564f6f35cffd5d9ac5617fce2e114491c32002d83e6ed2","ssdeep":"","tlshash":"9051b7e267942b43f81e1f3459d08ba0f6357f6a164b534a388c4a19233d2c0d9e839b","first_seen":"2026-02-17T10:40:28.333486Z","last_seen":"2026-02-17T10:42:31.300083Z","times_seen":2,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/3W13Wxcp_normal.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_7.html","date":"2026-02-17T10:42:06.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /3W13Wxcp_normal.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_7.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 1959\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"7a7-19b8d9b9f48\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J3tiNmtg3Hr4%2B5NNnMhYvObMWFRGh2gAc2MuIRGtHVxywW5ECA3l0KdhMZOQcMFPSTwTBSL8vchFA2XGbvSDLw1o3xZmyG7KVV0K\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad168e3d51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1959,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"c474954c5b7a8aaeab8db5a5cde36a92","sha1":"26d86122e1cd14ccb9968beaed45539954543d65","sha256":"39b8a04e0d0d3d2a35ac2718e9fd0f7debfae013875c21812b69ee07dfb71614","sha512":"48bff9fb8bb7e2c422d222943fc736f1b08c339c3427f81d25074e7a3c8625e2698538c67902d3869e53861e0cfb92978b83692a3e4cf6b9e60a1fecf0530e4e","ssdeep":"","tlshash":"574119f5975953e5a14e0c88b2c7901a7910382e4a7fc98ffa0d14b6ef48ce1422f021","first_seen":"2026-02-17T10:40:28.322269Z","last_seen":"2026-02-17T10:42:31.275981Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/css.css","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.697Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /css.css HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/css; charset=UTF-8\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"19e9-19b8d9ba311\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bmNlKporgZ%2FFERj6u1YVwFqmrAW7U5sFN7RPxMfYqgt%2FaW%2B4Wd7hsMsQyGED5nAWQ%2Fa7ztjny6NeT1n96cbhFs27Pv9UYKEQoxCS\"}]}\r\ncf-ray: 9cf4ad119d4b51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6633,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text","md5":"9ea4b8f99c0350f077a7a5ab6c5dfabd","sha1":"331a40272a0653adef0bee3ab2fe1c391f459726","sha256":"a67ac5a78f0de11ec82fde071d087014bfde920f8e98c4e11ff325bda2624349","sha512":"2a5dd9bccc380befcfdf440af17c6a9c356fab266378ddf6dd824e2d2d47d3b03d23cff789e1546c20531d086de91872538089b8cc375ba265c54919766d438a","ssdeep":"192:D7M4K76M4RdM4e8M4TnM4IuM4NhM4qQM4P7M4kz:DQvzjXHz7nHf","tlshash":"7fd103800c7f6900a7a31cc152da3e37de5eb290a409ad74affe10a8bd57c69636770d","first_seen":"2026-02-17T10:40:28.351241Z","last_seen":"2026-02-17T10:42:31.302038Z","times_seen":2,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/6937fd955e40ce4e01189324_velvet.avif","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.977Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /6937fd955e40ce4e01189324_velvet.avif HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 7463\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"1d27-19b8d9ba06a\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UvAk6SzJnZ54RhTuqygJHvyUZviCzO1Lj%2F6MbMJ4OhqV%2BXA8b9yzYaQz%2B1zCpCt7sNYYNyP71QM1n3uFSGQgQY1jpaPBlhsmpdY8\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad135da251e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7463,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ISO Media, AVIF Image","md5":"f3c39b39f016f65bd73061597c123bdb","sha1":"a240034555c5e9510a06347882a03e4a1c96e9ad","sha256":"07fadc6c3775c13395426a898649dc81b84edddb458abb18934b7811d962f9cd","sha512":"ef54c715137056ca0a939e2ed68c01205082f0a764ae96d4f4e102c05917127612e80416602158115f630c207c621f0155633f7a4f9f6facabfb37641736e3bc","ssdeep":"96:rGcHMQq2DiPsdpkljmKX9oG66YK9DNQ4ilojEvZaG8ZeXE8+Cw39gtbj3s:rGBQqQ0YKXu/6TQViE4GBXEog9gtPs","tlshash":"6ff1bf8a81f49bceff76a231194d6b237932a36c534340c4b165a6c45dd9e3b8851c90","first_seen":"2026-02-17T10:40:28.356145Z","last_seen":"2026-02-17T10:42:31.303811Z","times_seen":2,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/26a1.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_7.html","date":"2026-02-17T10:42:06.211Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /26a1.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_7.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"1c3-19b8d9b9f42\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zBC4Z3JajYuMWy9nrfz5BxtZ%2FQFuKtwlhXBMjxAmUlBLgf%2FHxUP%2BbGTqMv0QOHTJ2wy%2BYhZat6muSEXPyQh47Jeo6tq5PMDSOU2d\"}]}\r\ncf-ray: 9cf4ad14dde151e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":451,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bcca43b1c7aa91d47f62962ce2422ae1","sha1":"6bd13c3ba629e5f79d9ddf15cc79b7dc34729638","sha256":"d3a6d0c18f6887f771aa3cd51db375e7a9588e1af63801cc100cd9bcc5bccaac","sha512":"17ca2fa881ffffb8be0e67b1d689c6e977df3ba079a4c36f8607b824763ae3c9e1f7d6791230ea71a4128d6826693c95f2b55a3297686a7b7c7939ea139bb596","ssdeep":"","tlshash":"07f0236163fd6658dacdc53cfba194c0f05ab0de01b9888897c69710127ff09b710411","first_seen":"2023-05-15T16:34:06Z","last_seen":"2026-06-06T09:35:20.044871Z","times_seen":2860,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/zVvmaSBl_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_11.html","date":"2026-02-17T10:42:06.435Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /zVvmaSBl_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_11.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2617\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"a39-19b8d9ba338\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dsqYgI0IiTFTyfiSHFzYWoew%2Bb6BryRvnDUNOsAhv6Oy%2BaFp3%2BG%2BvXlt3F9upqMFFXfRjWhC5nCMckVoBb2%2BuBSncP7X3zbTQ87Y\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad162e2351e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2617,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"0dbaaab9c43a45a35e88629d50c1cae4","sha1":"5b8a642d58ab3ea933e8de30b9e7414d8843fd71","sha256":"86cd4d7559cbecce027ea46458cfe2f7224a187e3bedf1d71928b7f738fe5546","sha512":"d60701f3b429ee3e1361cc9c118c252ad6c5e8381d922c2db0d544acabcc4ea025b484bb01adcbc5e4564f6f35cffd5d9ac5617fce2e114491c32002d83e6ed2","ssdeep":"","tlshash":"9051b7e267942b43f81e1f3459d08ba0f6357f6a164b534a388c4a19233d2c0d9e839b","first_seen":"2026-02-17T10:40:28.333486Z","last_seen":"2026-02-17T10:42:31.300083Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/c1FsysWP_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_7.html","date":"2026-02-17T10:42:06.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /c1FsysWP_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_7.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2973\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b9d-19b8d9ba0de\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 128\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1hDVj9foSwIK6TeiQoQvVVca5xHHd6DBZkyJd9pz05RT1ewHuLLwRbSZ%2FFtPymtyxl3l7fIf99B9AqIaKoMh%2F5gc8ZIasYHlpwlQ\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad167e3751e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2973,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"4704eba76873ad98ec5fac280fe95346","sha1":"8434b9bc2925321da4dc134430605da119065596","sha256":"bfd2edff1aa825fc0bd483b01e27611d7cf3fd0e96757f147d5ad0b497ff70e3","sha512":"c208f5882375baff0514c1b045a96b03960f751dd796fce23c89815bf724c2e757e4c7eee3a89a1df84d8c1abcb5f4493b8a80f42bced78c60d03d4cc3ef83cf","ssdeep":"","tlshash":"9651f822634d5e5af81d2a3910285724fb057e120a82af7f74cd4a1cbf7a4c10eac15d","first_seen":"2026-02-17T10:40:28.296839Z","last_seen":"2026-02-17T10:42:31.279586Z","times_seen":2,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/R98nm3La_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_7.html","date":"2026-02-17T10:42:06.488Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /R98nm3La_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_7.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2439\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"987-19b8d9ba0c5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 128\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rvRuR65WvHg3%2BD3JkXJ6C16yaCqLjwe9rgbaq8hGMFPHfBwbu0kB38OzUIqC1j5xJf5hAY0gR55s%2FfgL%2BcgV7%2FTVn%2BMT3h2Yy%2FsU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad167e3951e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2439,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"0975e06eafd6e61ba4d0253d0c10bc81","sha1":"7c5c4a5f09c7a739f770bf9fef6597587c955fb8","sha256":"0fbdc9f44188bc81700caecfb26cff79e2844aadb29b42ae5f3ed23160acd227","sha512":"8b7180975d7019ba0475e015bcedba43e9e939493e58fbccec23ecc0e1e6ceafd7181fcf644331096f88eb8316e903598b383e0ba66ccef5f815eb78a69d2035","ssdeep":"","tlshash":"e341b4a26b941610fc5e163311988390db66ff209fe91b0ab19c462837af082cd611ea","first_seen":"2026-02-17T10:40:28.32543Z","last_seen":"2026-02-17T10:42:31.269488Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/ethgas-relate.webflow.shared.d868838db.min.css","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /ethgas-relate.webflow.shared.d868838db.min.css HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/css; charset=UTF-8\r\npriority: u=2,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"1c01e-19b8d9ba316\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mM3pHhw8EFF%2BsOUtVgzps5IW%2FkU1%2FsHMmRnKfCcEtAtOinh9ENNNfwV3Vis1BrIBSXvWA3D6WHMIUshcBMTfj2UBZx5H7AYglPxp\"}]}\r\ncf-ray: 9cf4ad119d4a51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":114718,"size_decoded":0,"mime_type":"text/css; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (65524), with no line terminators","md5":"ff9cbdf0990dc2362c270e80e5b48f3f","sha1":"85f9bde9549bdd89225678a37df2f1b5bf2b9e49","sha256":"286ef90301ee223982dc5dd9dcad020a98e2f6af059dc6d0449dbbeffeb47ce5","sha512":"2d64680cd8477746f132bba3f4178b64da3be7c6624224e14bceebeb8e39ff74851cd5a8602e24cb722cd5c41ff9a741aad080cc34f82d4f64dfc194b8c0108d","ssdeep":"1536:KBoCWhhzV3ZkPyosi/m9x/QQQIIAf1A/dGUG:a2rzpZkPVsi/ex/QQQ5Af1AzG","tlshash":"47b384265f65341ce42b8036aae4f78ca4295146d61342edf553e52acacf2c32f73e9c","first_seen":"2026-02-17T10:40:28.318535Z","last_seen":"2026-02-17T10:42:31.304911Z","times_seen":2,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/c19an1blasptnjazh4aw.webm","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.877Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /c19an1blasptnjazh4aw.webm HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nReferer: https://ehthgas.com/\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: video/webm\r\ncontent-length: 1058708\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\nage: 127\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"102794-19b8d9ba0dd\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\ncontent-range: bytes 0-1058707/1058708\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eF1k9xnTMDaWNSbGGLnrvWg7txaYxmnUjgz1c3eE3M1MMl37iSB%2FX9tXoaCJdU96w8ksq%2FThXL%2BXM2%2BOcZxvxwbIDHVa%2BXyWDzdU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad12bd8651e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1058708,"size_decoded":0,"mime_type":"video/webm","magic":"WebM","md5":"467cc94edad037b7404a40576a2048b3","sha1":"de87a5f54f07f895728b729b0b50d4f7a164ba71","sha256":"a6d035561a50c22a1ee849907f174fcb05607c97abcfb5b79b98e041861e5736","sha512":"0cfd9da329b69367e773b385e43311e8c1ab47319a5d884719b4b63bd973b3d2276a7439868d91e924d2a6084f65bef30df87c2b17c936d490f2765fd90f2131","ssdeep":"24576:T/yggZyXY6HM9Xggnwh1ls8OIoOnrZPDYet0ExjwNl:T/y2MJggEjs4VtxxjwNl","tlshash":"f8252394a08055e6c00e8d78dbdbeda3c409e84f6b774169ebbfa56528fb341a00347f","first_seen":"2025-10-21T08:24:55.451135Z","last_seen":"2026-02-23T23:29:16.307976Z","times_seen":5,"resource_available":false,"data":null}},"time_used":248,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":229,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/1f987.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_10.html","date":"2026-02-17T10:42:06.354Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /1f987.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_10.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"73a-19b8d9b9f41\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 128\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gK2c%2Fn0SF3i8SSkozY51uQETq%2FbQoJCkOi6X5%2BaPs3RHQNHnSdAy9SY%2BCXp5CE9sY0zd6OmYW7k4Sb%2BG9R9plnHFK5Ef7JA2svxS\"}]}\r\ncf-ray: 9cf4ad159e0a51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1850,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"af70a9ae5dd90f1078e363eab1c855cc","sha1":"821240b1c6a6cf6589784fb1d0e1f46c17271421","sha256":"15e1e1bac9988be3960759f24289e3a5bfb04ad0a42a88f1ab10680df1bfa61c","sha512":"a93581b7de1371d92407755514e8d3a723a4ca5b17288de2591778f0b14e0378fa5b61d268035bc8314048cd98d5c744b5fd22d999d726facea0857bddce0094","ssdeep":"","tlshash":"d531a6c5a7b4f28404d5cbddef5ef0ca4329615e435e8ac3a1dcdc68620b6ef5842d40","first_seen":"2023-08-27T17:33:25Z","last_seen":"2026-06-05T20:56:43.646689Z","times_seen":38,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/26f3.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_10.html","date":"2026-02-17T10:42:06.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /26f3.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_10.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"291-19b8d9b9f43\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2Bvt7qJYycJxa9%2BRr54wgwxgOhCRQ0f2GH3Z7HZ3%2BCS5FRVG1%2BNW0EJ9Z%2F%2F08ODCvrQpfyrVfpQTs19IWeUoVdDIA1FkEVwuUlJ4i\"}]}\r\ncf-ray: 9cf4ad159e0d51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":657,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"795431f7abdbe4dcaa45e1355146ecec","sha1":"6bbe5a3ba1fed87b0854f8036a71dac2ef58200d","sha256":"1a234f081427c18433748344ea1bc0a6b973dde099aa32952bd4084a5109a204","sha512":"29e808da41980c37099200af5ce8e228591ab34cc41d7100860ccbfacaabe239f1db30343d9de81cfc5df7c7659744c49ef786b045e6641e635854275fde83b6","ssdeep":"","tlshash":"4b0123d0203c3a14cc830766dd3ff8e160cd30be51440b84a5ac899033a79ca74e4b60","first_seen":"2023-07-13T02:37:42Z","last_seen":"2026-06-01T07:17:01.681596Z","times_seen":155,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/Uoyc5-p8_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_9.html","date":"2026-02-17T10:42:06.485Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /Uoyc5-p8_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_9.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3151\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"c4f-19b8d9ba0c6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HjcNkv%2F0vWRH8w13KgtEhwuZZ8Q66YoSw2zATP0nfaptIQK6buc20f8GkTo9J%2FajWur2V5R63XzVryVMTzKwcuzOKWph8DwimjwU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad166e3451e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3151,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"748398a135b49b9d3bd7059d465ca235","sha1":"63eccea52513037b20dddca9d5aa18979a8b67ce","sha256":"50b91e7c6bece7444afe510cff78a73bf6282a8de5950dedd8539fd0fbcf57b1","sha512":"dc7b664c2b857481e2f9c679eac2f728dfa308d8bff76433fe3ecb3aa74cc5548cb55e8b1e1d4de7e1c511c0c618c6a2286578854ffdd9bbc0607d39a548705d","ssdeep":"","tlshash":"c551e903e7385a09f62d2938a0509b27d959bf252653937775dd452d372b0c08d286ff","first_seen":"2026-02-17T10:40:28.314801Z","last_seen":"2026-02-17T10:42:31.273594Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/zVvmaSBl_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_9.html","date":"2026-02-17T10:42:06.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /zVvmaSBl_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_9.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2617\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"a39-19b8d9ba338\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pCRr2MJO6CSv0oYecrS00%2F5wpIiCg1VZeiLEy7mqOaKdu3KBF8Gm5dxA6Cuv18v4uKhTSzd1pQLfITGv9re%2FxgMux4T6GL%2FuIAHE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad14dde351e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2617,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"0dbaaab9c43a45a35e88629d50c1cae4","sha1":"5b8a642d58ab3ea933e8de30b9e7414d8843fd71","sha256":"86cd4d7559cbecce027ea46458cfe2f7224a187e3bedf1d71928b7f738fe5546","sha512":"d60701f3b429ee3e1361cc9c118c252ad6c5e8381d922c2db0d544acabcc4ea025b484bb01adcbc5e4564f6f35cffd5d9ac5617fce2e114491c32002d83e6ed2","ssdeep":"","tlshash":"9051b7e267942b43f81e1f3459d08ba0f6357f6a164b534a388c4a19233d2c0d9e839b","first_seen":"2026-02-17T10:40:28.333486Z","last_seen":"2026-02-17T10:42:31.300083Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/68e65a56b6db5bbfa02ab55b_telegram-cloud-document-2-5361679667285753370%201.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /68e65a56b6db5bbfa02ab55b_telegram-cloud-document-2-5361679667285753370%201.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/ethgas-relate.webflow.shared.d868838db.min.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=utf-8\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: default-src 'none'\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\npriority: u=4,i=?0\r\nage: 127\r\ncontent-encoding: br\r\ncache-control: max-age=2592000\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8WmbP544XSNP1CUK5Tdh6V6aYmcdVfFq0cD%2BtAxMpWn5AbbqvCCBfnG0VjbQ4pVFfUgh6HfHyjhZrmWPZylmushPZWIw7ddCFaie\"}]}\r\nvary: accept-encoding\r\ncf-ray: 9cf4ad12cd8a51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":217,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"61ac7b0bbdbff4f4093ccc64b77d0a93","sha1":"7869d3670b1903d2486b66f22e7a26f4c0719b05","sha256":"eecc6606a8bbc615a903324b30c9b1c501865031679e27c694ea79e51188ffce","sha512":"dd37e0398c6cf5649916444bd899e2baae3b26a1780e117217e4500ee8d3dd70984c5345e32fb1266eab8dfe8ef3b3fbe6f5420766bf8a01ed7a6df61e481bee","ssdeep":"","tlshash":"08d023be0120530157608304f780b3d428c6375b75eb590097d5d05fedd5916dbde384","first_seen":"2026-02-17T10:40:28.355025Z","last_seen":"2026-02-17T10:42:31.306921Z","times_seen":2,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehtgas.com/","fqdn":"ehtgas.com","domain":"ehtgas.com","tld":"com"},"ip":{"addr":"172.67.135.131","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-17T10:42:05.379Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehtgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 29 Dec 2025 07:21:29 GMT","end":"Sun, 29 Mar 2026 08:21:16 GMT"},"fingerprint":{"sha1":"F1:8F:71:D4:43:2F:A6:87:33:45:48:D8:ED:92:2E:B7:69:68:21:84","sha256":"2A:13:81:B6:9F:0E:1A:2D:CA:A7:16:01:C3:45:50:E4:C5:8B:DE:71:57:10:2E:75:22:19:9F:3D:87:FC:A8:75"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ehtgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-length: 0\r\nlocation: https://ehthgas.com/\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=u0h0%2BHqT%2FRrNj77w7XFNLvBZXVn%2BepmX5KsT960KB9Fv%2FDFcqrn0s8mQtc0Nu%2BAEvL0T6Hfusp0Xzx21gaDDZAcIzpn2IBHvslw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9cf4ad0fdb48902d-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":528567,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T11:09:43.107236Z","times_seen":16175386,"resource_available":true,"data":null}},"time_used":82,"timings":{"blocked":31,"dns":1,"connect":8,"send":0,"wait":13,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_4.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.779Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_4.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KP3xNGZZ1bHnETJLx65Dms30gxwdzYnzHYj68pMs1RrLuwkUF3KgEZQyQEDYOAOu7L2th83qCw6eR%2FSlcM%2BHTtgddiOI%2B5S494%2F%2B\"}]}\r\ncf-ray: 9cf4ad122d6d51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":33121,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (9521)","md5":"67a516f704e06b630c301af78bd8bb29","sha1":"0cd8c4ef985853d499f3fc42e5931d8f3ffb5eaa","sha256":"a4a92e1afcb9dcd75f1cd198011b4b879a534d8e0880ced33f042d314763bc17","sha512":"bd02c8bd4b5c49b5e901bf080f5040979d287818134577989abf7d532adb4c854e4a695d4a198c1df91878bd5973de6a6d3fb06f30a349ba29c5d1cb6a635201","ssdeep":"768:IKpQnUV8KKLsE0YrKJ2HaWadnGGmgexZbrnsOW+ZlECtnEMckCw5iORyMhZPmmsG:IKpQUkc/BuBEJot0EObk","tlshash":"7ae2b7b20a50003de36b3dc1b3721f5973f6520ddd0294915aa97ea4e2ebc96a017f9f","first_seen":"2026-02-17T10:40:28.343298Z","last_seen":"2026-02-17T10:42:31.308529Z","times_seen":2,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_12.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_12.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Os99OE1fLu2txwrU6FF1lyiL%2Bo4dFBNa3uktOucIyJDXPXAcWaAuf1XuX3Aa9Wg%2BPYmK1o2dVX2ykEZIoYbFoigJM8GN5AuMCjUB\"}]}\r\ncf-ray: 9cf4ad126d7d51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33570,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14057)","md5":"3803a488104f9fdab4e9e11e083a5134","sha1":"9cbfc006285b0af4d0c448c89ebed7d867daa68e","sha256":"4137d332afd4f5e0c47953686a070fc3ca5a1f0881de5d6aad3ef1999bced8ea","sha512":"24db9b3d6353732f4611b1d2535dc931b90b6e80fbbd58c250f5ff3e205502836d549ae169b86fc778665d46aa13976411c9a0ed59f698bb991a34aab3ea02a5","ssdeep":"768:yZpQnUV2+KKLsB0YrdJUHaWadnGGmAexZbrnIOW+ZvECtnEMckCw5eORyLhZZmNi:yZpQUMMCNssIVweJk","tlshash":"85e2d6b24950003ee35b2d81f3721f1a73f7520dde0294915aa97ea4e6ebc979013b9e","first_seen":"2026-02-17T10:40:28.344482Z","last_seen":"2026-02-17T10:42:31.309394Z","times_seen":2,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/6937fdac2bcbc25c19658950_gashawk.avif","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /6937fdac2bcbc25c19658950_gashawk.avif HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 6537\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"1989-19b8d9ba06b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zkKLUBIlW2ux5U4KIgBcQVgAJeMkYxQ%2BNSFdRme9wLpnW8TFFPKzgefk5kEfh0ol3qCDt%2FYxt37VwWyonHTZuhDWhtf5eKDa7dy3\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad135da151e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6537,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ISO Media, AVIF Image","md5":"a516c356050501785af2f87ad900a4c2","sha1":"57f9ad69eebbd6d26a0610192fbafacffef2831c","sha256":"b29c501bb37dac7facb79d47652685c2d1e2bf90583f310e33a560102bed2b54","sha512":"f71cfec727db9918d1a48b5b3cecf2a0b38254e4f318686fc7ccf25216fda543b5fb690d55503e279faca31ee98ba8899c20a30d00613df8ee0a815a6919f6c6","ssdeep":"192:rGbEAjAjIjv8fn/9EVWxDoI6Fiep1e+cou+9/LweC:rvIo3UFhtBccZLBC","tlshash":"bed19e0223336d63daa24d3c1ac892d332761900f74e39c7d899769119a6bb7d4ffb44","first_seen":"2026-02-17T10:40:28.359563Z","last_seen":"2026-02-17T10:42:31.310324Z","times_seen":2,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/dsAJIX9F_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_4.html","date":"2026-02-17T10:42:06.094Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /dsAJIX9F_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_4.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2973\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b9d-19b8d9ba313\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9z1bGSbSc2tfSS4ZFWsqEFoK9SW9li17fmxIdLT5HatQPxb2K9pbskr9FtSs3%2BQ32vcVfAWlUMlLWEvIQsZoGQKGeu%2FuNQLEIetH\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad13edc651e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2973,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"348495d214aa7282f86bb4e3d8366c22","sha1":"ced73aedff3c36a28edc613b7256dc78dfa14c2b","sha256":"a58b2c3b516428ab5f0b661ee7038876e329c129ded34e666efe2f7d63f0204f","sha512":"6214b24c5863e83e68616ace6ce3c1cefb37cd81bd41d35ba7a7aaae167afafdb923509557fe7194903688008aa7202d6c034ea1d9ae4b474d3ac0dabc7e6ae1","ssdeep":"","tlshash":"05512b16d3dc2603ec1d06bac0a45f34fbb4be22419743ed3ccc546a93784400e182dd","first_seen":"2026-02-17T10:40:28.346611Z","last_seen":"2026-02-17T10:42:31.311216Z","times_seen":2,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/3W13Wxcp_normal.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_7.html","date":"2026-02-17T10:42:06.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /3W13Wxcp_normal.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_7.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 1959\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"7a7-19b8d9b9f48\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AlH7QdVqL8qq1ZsLXD%2F179n9LfhrX29TIeoRNaPArEChkcR6ooIEl4tSM5HEyIdHw5KnlCl%2BOsxw2BMIX4q3FG7gWOtpIgFn10v5\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad154dfa51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1959,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"c474954c5b7a8aaeab8db5a5cde36a92","sha1":"26d86122e1cd14ccb9968beaed45539954543d65","sha256":"39b8a04e0d0d3d2a35ac2718e9fd0f7debfae013875c21812b69ee07dfb71614","sha512":"48bff9fb8bb7e2c422d222943fc736f1b08c339c3427f81d25074e7a3c8625e2698538c67902d3869e53861e0cfb92978b83692a3e4cf6b9e60a1fecf0530e4e","ssdeep":"","tlshash":"574119f5975953e5a14e0c88b2c7901a7910382e4a7fc98ffa0d14b6ef48ce1422f021","first_seen":"2026-02-17T10:40:28.322269Z","last_seen":"2026-02-17T10:42:31.275981Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/dsAJIX9F_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_13.html","date":"2026-02-17T10:42:06.388Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /dsAJIX9F_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_13.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2973\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b9d-19b8d9ba313\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=40itf7cq0n5dsm4sJVOhDLBfPyVyJlllw9uvs%2BLtlssJbZ3MMPUhJQlI7fFDuf05ydSa7eEcszDmSgrw3EnFMtKRXpY2CqCHUqVC\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad15ce1251e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2973,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"348495d214aa7282f86bb4e3d8366c22","sha1":"ced73aedff3c36a28edc613b7256dc78dfa14c2b","sha256":"a58b2c3b516428ab5f0b661ee7038876e329c129ded34e666efe2f7d63f0204f","sha512":"6214b24c5863e83e68616ace6ce3c1cefb37cd81bd41d35ba7a7aaae167afafdb923509557fe7194903688008aa7202d6c034ea1d9ae4b474d3ac0dabc7e6ae1","ssdeep":"","tlshash":"05512b16d3dc2603ec1d06bac0a45f34fbb4be22419743ed3ccc546a93784400e182dd","first_seen":"2026-02-17T10:40:28.346611Z","last_seen":"2026-02-17T10:42:31.311216Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/3W13Wxcp_normal.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_12.html","date":"2026-02-17T10:42:06.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /3W13Wxcp_normal.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_12.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 1959\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"7a7-19b8d9b9f48\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sE%2Bq7vialcmi9msrgFayx7171xTQjeZ3pY5I8pid5HgvYgjcBkWQ7YiSeELpuhtdAgKR6%2FhEqzZQlW87e7ITEsXRwpch%2BdqbjPxN\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad163e2951e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1959,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"c474954c5b7a8aaeab8db5a5cde36a92","sha1":"26d86122e1cd14ccb9968beaed45539954543d65","sha256":"39b8a04e0d0d3d2a35ac2718e9fd0f7debfae013875c21812b69ee07dfb71614","sha512":"48bff9fb8bb7e2c422d222943fc736f1b08c339c3427f81d25074e7a3c8625e2698538c67902d3869e53861e0cfb92978b83692a3e4cf6b9e60a1fecf0530e4e","ssdeep":"","tlshash":"574119f5975953e5a14e0c88b2c7901a7910382e4a7fc98ffa0d14b6ef48ce1422f021","first_seen":"2026-02-17T10:40:28.322269Z","last_seen":"2026-02-17T10:42:31.275981Z","times_seen":2,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/3W13Wxcp_normal.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_10.html","date":"2026-02-17T10:42:06.482Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /3W13Wxcp_normal.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_10.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 1959\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"7a7-19b8d9b9f48\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iKDv2TudGzt0bGc3MvbCYVWc0QpbjuYrFvM2eT%2BdEkL0TQSRwgv02Ai661oNOoZqdl9TUBd5ENg0azRFSbgASxj7SaxshFWkxnES\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad166e3351e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1959,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced","md5":"c474954c5b7a8aaeab8db5a5cde36a92","sha1":"26d86122e1cd14ccb9968beaed45539954543d65","sha256":"39b8a04e0d0d3d2a35ac2718e9fd0f7debfae013875c21812b69ee07dfb71614","sha512":"48bff9fb8bb7e2c422d222943fc736f1b08c339c3427f81d25074e7a3c8625e2698538c67902d3869e53861e0cfb92978b83692a3e4cf6b9e60a1fecf0530e4e","ssdeep":"","tlshash":"574119f5975953e5a14e0c88b2c7901a7910382e4a7fc98ffa0d14b6ef48ce1422f021","first_seen":"2026-02-17T10:40:28.322269Z","last_seen":"2026-02-17T10:42:31.275981Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/3W13Wxcp_bigger.png","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_8.html","date":"2026-02-17T10:42:06.551Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /3W13Wxcp_bigger.png HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_8.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/png\r\ncontent-length: 3151\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"c4f-19b8d9b9f46\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 20583\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iE3AwbuEF%2BTX05NQVABQ%2Fvx8DHFaiMZ%2BigoG%2FfeNq8aRbTvGyYhqvbjX%2FIRy5icH4chuJbD9to2isnk1chHEy1XbjgbMmMrenjTn\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad16ce5451e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3151,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 73 x 73, 8-bit/color RGBA, non-interlaced","md5":"796567028587c0efe29e6a56c9918e13","sha1":"56e786360e552d7f9411ae50c7524a8b5e79667a","sha256":"12aad40cb901ad0c7793b381691ad34fbbe60825859972f0199d1df408fc9ad8","sha512":"7756585d957c492396a0814fca65c3c66c3afb9e99313fe5602e9d5f7ab2315e81e27282c303437c543e99c5d25ad7efd0bec859923c451722128f70bb5254e8","ssdeep":"","tlshash":"2a513ad9e4416023d98cc9ab086f8814953d18be5b97ae3abd68d43683d31dd0f66a02","first_seen":"2026-02-17T10:40:28.29404Z","last_seen":"2026-02-17T10:42:31.268128Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/mqROce2n0YTnGtpo.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_8.html","date":"2026-02-17T10:42:06.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /mqROce2n0YTnGtpo.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_8.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 46015\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b3bf-19b8d9ba336\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 20583\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1j1TP6%2FdqOdj1gcoCLsBxyKmfyWG73HypRrPkWjLT5Y9GmlAOro11j1X%2BflMwO%2FzUQcdSdRJ1PDq7o2lfB4G4JyXJ0skHBEfrIFj\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad16de5651e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46015,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1200x675, components 3","md5":"b0bdf5922af8c5ebf2e415ab221d8090","sha1":"89f005b576384be819aaf1151453cf3c28bd92c2","sha256":"f01db6b13ca393c707fa77f42b58ba634ac2d2aded667be1b5bfc7b42d45ccc2","sha512":"e5be4d969efa22e16b7ea1ab96f2b7239f74563cce673ea33bdc350de6ee066c3643bcafbba999ffdf00fe48d46399f86990a12ff72db7915c383b18f199ea75","ssdeep":"768:m6z/U/7d8+Fr9E0Iu8k12Dw+cJiobeOLadEV7vRrxHytKSRyCNQ6x32L:2xFrWJu8koc+8i9OK2Jxyt9RyCNQg32L","tlshash":"8a23f152730962266e4d0cfc07624b1eba6d4f09b6f99f94c7f0196643945fbeb38224","first_seen":"2026-02-17T10:40:28.324006Z","last_seen":"2026-02-17T10:42:31.26389Z","times_seen":2,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/6937fd5003bd46aeec6b6253_etherfi.avif","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /6937fd5003bd46aeec6b6253_etherfi.avif HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 5060\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"13c4-19b8d9ba066\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nqdtgmpQjejbhKUNb9EoV93uaErUVizGdQdJF5h%2FKGoriqi8%2FVCgmxGonTlfcfLqP5uA60tEY6gKeB%2Bds0pSiT7C1lOY5E4qC6D2\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad135da551e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5060,"size_decoded":0,"mime_type":"application/octet-stream","magic":"ISO Media, AVIF Image","md5":"621642e1059593bc46e173d8412d6f87","sha1":"9e2935cb766e70f19cc5734b6839f25d62b4d2aa","sha256":"e77e2ea24e093372c63c3706b98167e0e6c23fc814501790c76b59af4ce654fe","sha512":"3fee175d5f5a0c64a1863db8a7281aa48115a3dd5b90c7567669440228e562c3db49894011ba51a557380ff1d7d7f4c06d2f748a778f1a1ecaf91cee96e068a7","ssdeep":"96:rGctba2nqiNraiwo6tkVa9lGeP6YkZhHZo1WVZUJ7PPoo6fEL5:rGAfqiodtkVayeyYkmMVy1PPcfg","tlshash":"e0a16d1c57a85f27f23c22ff7a68886755319249f7223bbf66cd310cb5187168908e56","first_seen":"2026-02-17T10:40:28.330619Z","last_seen":"2026-02-17T10:42:31.312069Z","times_seen":2,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/zHCm9d93_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_5.html","date":"2026-02-17T10:42:06.073Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /zHCm9d93_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_5.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2973\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"b9d-19b8d9ba337\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WJ%2FXWljyl1lwemh8ggPfLubpnyVreKrIeMiUFOHKbK2mo%2FUaUC277%2FwA2gknGYjXw4D%2BQQPVDi8gxl2qSVh%2FKPMatp60y0xHzsNb\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad13cdbd51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2973,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"2a3dd8206f1eaf4bb599bd6e0a4be5f2","sha1":"4d84f473e9ddd66991b1d137f34417d021d37b96","sha256":"1c4f64d9be01d69a1c00ea555c96401fc48fe71d45535197f1c0ff3215fbb40b","sha512":"0bd638bc198d5000601e87c5b0ef93c06b1b32663a84a6b522d3575993356c9d8416d232ff99a5d4b76dd2c889c722a1cc5e8057dcf99008ce07243402144282","ssdeep":"","tlshash":"dd51f95323665b04e63e2b7511905bb1ff157e32a28e07af345ca91e7f6f0d04d21099","first_seen":"2026-02-17T10:40:28.320435Z","last_seen":"2026-02-17T10:42:31.271535Z","times_seen":2,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/679791cbcceddeedd9056f22_Favicon.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:06.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /679791cbcceddeedd9056f22_Favicon.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=6,i=?0\r\ncast-mode: default\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cast-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"818-19b8d9ba052\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 139409\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xWPh0%2B3gXGuTHx3SyNtRv4NknNGDACYzkdNa1EcU1SxqHstEpp9Od1PIKn8Ub1J4wl4%2BxdcISGPlN2hvdAOU6hM7OS%2FTHF4yQfXx\"}]}\r\ncf-ray: 9cf4ad147dda51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2072,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7ce6e45d21b545a28c9bb38a5d67570b","sha1":"537cf74a28dde25f371375b6bd9374ba9989c83e","sha256":"7189c4f8f17747ca5c039e2bfebc8787d81862081d9de8dd5b27f8fcab43f9d7","sha512":"7b0b7a5ab1f451184c0ed9997283aec6e60b2428f7082de66f19a9673bd924606d0485f8ea7cf4416ed56de84bd16208452005d65d7851dd30a8bc70ff646564","ssdeep":"","tlshash":"9c419866f62adda3e26dd18ce9109525206a52e3e9c1c29081e1ff4e3c261c32e1eed1","first_seen":"2025-10-21T08:24:55.469935Z","last_seen":"2026-02-17T10:42:31.313146Z","times_seen":4,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/R98nm3La_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_13.html","date":"2026-02-17T10:42:06.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /R98nm3La_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_13.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2439\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"987-19b8d9ba0c5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6G6WgXa4tbqQDPyoVit9GxvLLz3t19f%2FctKUumit%2FOrbbo1XfyNsuBWUlrm2nszo%2B2Fgl8G5Yl%2Fic%2BiP2HwREXVkw4RSQox6CzGt\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad15ce1451e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2439,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"0975e06eafd6e61ba4d0253d0c10bc81","sha1":"7c5c4a5f09c7a739f770bf9fef6597587c955fb8","sha256":"0fbdc9f44188bc81700caecfb26cff79e2844aadb29b42ae5f3ed23160acd227","sha512":"8b7180975d7019ba0475e015bcedba43e9e939493e58fbccec23ecc0e1e6ceafd7181fcf644331096f88eb8316e903598b383e0ba66ccef5f815eb78a69d2035","ssdeep":"","tlshash":"e341b4a26b941610fc5e163311988390db66ff209fe91b0ab19c462837af082cd611ea","first_seen":"2026-02-17T10:40:28.32543Z","last_seen":"2026-02-17T10:42:31.269488Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/R98nm3La_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_13.html","date":"2026-02-17T10:42:06.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /R98nm3La_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_13.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2439\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"987-19b8d9ba0c5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=njFESnOgoglZ18ngYRePPS0DbuMJ80uT7M%2Bsv1nHxKHz42aSLMzm6YfeDIgWFxDRjXyx%2B5gIU35uFldR4jqXYPzQechNz%2BNnpDvM\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad164e2c51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2439,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"0975e06eafd6e61ba4d0253d0c10bc81","sha1":"7c5c4a5f09c7a739f770bf9fef6597587c955fb8","sha256":"0fbdc9f44188bc81700caecfb26cff79e2844aadb29b42ae5f3ed23160acd227","sha512":"8b7180975d7019ba0475e015bcedba43e9e939493e58fbccec23ecc0e1e6ceafd7181fcf644331096f88eb8316e903598b383e0ba66ccef5f815eb78a69d2035","ssdeep":"","tlshash":"e341b4a26b941610fc5e163311988390db66ff209fe91b0ab19c462837af082cd611ea","first_seen":"2026-02-17T10:40:28.32543Z","last_seen":"2026-02-17T10:42:31.269488Z","times_seen":2,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_7.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.786Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_7.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=igGS9ofBzuR7Uc8dN8g1HiYTquSZY3lETnvEGyTjEgI90OYAiLjKZoS3hW1eXVfVWlZzLSvImZm7u0%2BJgOo2uVgWJ8EhFeyaGhXD\"}]}\r\ncf-ray: 9cf4ad122d6e51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":33570,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (14057)","md5":"bef6324c65853fbc1c8a55b02beb94d2","sha1":"00166a5ce442df306f057eac6954b690d761f266","sha256":"50d8e8410631cbd0db70957e9ce3f5785341584148ad1a946de6c8bad2a7de70","sha512":"8ddbc777df557fd077592d9961901970ebe7ee922bcf69a8d0e2d914b35b932c52fa9c7f8df4dccaeb32c05066e05e50addcaaa7f58fc1e88ea0b90d41480e1b","ssdeep":"768:lZpQnUV2+KKLsB0YrdJUHaWadnGGmAexZbrnIOW+ZvECtnEMckCw5eORyLhZZmN+:lZpQUMMCNssIVwe1k","tlshash":"d7e2e6b24950003ee35b2d81f3721f1a73f7520dde0294915aa97ea4e6ebc979013b9e","first_seen":"2026-02-17T10:40:28.327963Z","last_seen":"2026-02-17T10:42:31.314002Z","times_seen":2,"resource_available":false,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/index_11.html","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://ehthgas.com/","date":"2026-02-17T10:42:05.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /index_11.html HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:05 GMT\r\ncontent-type: text/html; charset=UTF-8\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-frame-options: SAMEORIGIN\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\ncontent-encoding: br\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oBgZQG7BKlYUcYvwBt%2BAajujJ2DzHBLiruALAbKxlY3X9OXCe4yHihiNpUIDaHjRWnkXL%2F2ak%2FAbYT4B8InHGzqI0%2BSN5KLEnYAZ\"}]}\r\ncf-ray: 9cf4ad126d7e51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":34485,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (13901)","md5":"878f181809533856c189e3845a736149","sha1":"61fb8c5896d0a2e6a75446b166472c8d9e5381c9","sha256":"05493e6fa2f490a086a682749f900e771923636e3d0a179326b429a39787337d","sha512":"f75881127a5a712cc938bdac9a35a09dbb1cb4868049f14d4dd56de3a3e9c6127814b0cd8227bacf75c543de89853af3eb9ff236922cd1244431df61583c4758","ssdeep":"768:fxpQndVLKKLsFMU0d1rXJbHaWadnGGhGcexZMVjCgDnoOW+ZSECtn3DbPQePomqL:fxpQdF2/uJtPurzpjik","tlshash":"abf297b24950003de35f2dc1b2772f4db3f6520dde0294915aa57ea4e2ebc96a013e9f","first_seen":"2026-02-17T10:40:28.310566Z","last_seen":"2026-02-17T10:42:31.314848Z","times_seen":2,"resource_available":false,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/R98nm3La_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_7.html","date":"2026-02-17T10:42:06.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /R98nm3La_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_7.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2439\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"987-19b8d9ba0c5\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gYqkghZe%2FS%2FZaIHw0dIIPJ3b64v1rg6S0G9sGZUPMe7MiKvIsj1lpD2EqL8osmL2Dny1iiJzqWiTCLeU5adag5W9JukdktKI%2F%2F5A\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad154df951e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2439,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"0975e06eafd6e61ba4d0253d0c10bc81","sha1":"7c5c4a5f09c7a739f770bf9fef6597587c955fb8","sha256":"0fbdc9f44188bc81700caecfb26cff79e2844aadb29b42ae5f3ed23160acd227","sha512":"8b7180975d7019ba0475e015bcedba43e9e939493e58fbccec23ecc0e1e6ceafd7181fcf644331096f88eb8316e903598b383e0ba66ccef5f815eb78a69d2035","ssdeep":"","tlshash":"e341b4a26b941610fc5e163311988390db66ff209fe91b0ab19c462837af082cd611ea","first_seen":"2026-02-17T10:40:28.32543Z","last_seen":"2026-02-17T10:42:31.269488Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/1f333.svg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_10.html","date":"2026-02-17T10:42:06.358Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /1f333.svg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_10.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/svg+xml\r\npriority: u=4,i=?0\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\ncontent-encoding: br\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"35e-19b8d9b9f3e\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=68n1LikBuTj6oChCXI4O2iYyDNnbQotDFNIdgFJOZDlPWJzUtNRUBynOl6Wkq5FPmK9r2cR1z8WLxkQ9l1N8vZmpHgw9iRBvWl%2BU\"}]}\r\ncf-ray: 9cf4ad159e0c51e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":862,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1179cce930e54f671be9a98ffc9313e3","sha1":"ba8daf3a95d245d5d7328d9dc3b85ca49eb1bfe6","sha256":"28b0601f687f84e5fd61d3bd9637d30db7c280967a4518e85bba9f4b24671f57","sha512":"1f9b2339eae7745b825822866a5c10530d353e15a478c627dd73eb1aa6f077c44ae66e0f9c49f05c8a012e3e93b14f56e2d4810c197838ff3c0475ad94b4b739","ssdeep":"","tlshash":"55112dc9608cf4814708812d045f10b6834f6327af298b4eb053ec3ceb931e639faa76","first_seen":"2023-05-17T12:47:48Z","last_seen":"2026-06-05T23:56:55.438733Z","times_seen":212,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/-99z5orR_normal.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_13.html","date":"2026-02-17T10:42:06.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /-99z5orR_normal.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_13.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 2263\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:24 GMT\r\netag: W/\"8d7-19b8d9b9f3b\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Jki45j3NZ721X4HyiB9807sjGH86R6Qljip8eOVYMJrKFZYYqfAye1KKYW4bEAO1llJQXAqqJ5TzwMONCZ1%2F2yqf02MIVb%2Bbq9%2Bh\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad15ce1751e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2263,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 48x48, components 3","md5":"a283e3b55c1bebed6b9c628eb50899d1","sha1":"e93a6e0ed97878dc8fa5208e8b16351ffcf30880","sha256":"55fcae24f7b96f12def599cd1a284e8b236d8739f2c94a076c1c019be5d6c870","sha512":"2e89eb04be0a4889eb31cd376a1a739c651ce3db44a9bfc37832ef64099eebaaa53f077afd9928d3ef03c6b8017acf9b08bb66578e7a0786d8c42c79a12a8276","ssdeep":"","tlshash":"9941c8e257488718dc1e0a7644a05ba6d7197d35ea4bbbae71cd241a3b3e0c08db81cf","first_seen":"2026-02-17T10:40:28.335027Z","last_seen":"2026-02-17T10:42:31.265812Z","times_seen":2,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":12,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ehthgas.com/Uoyc5-p8_bigger.jpg","fqdn":"ehthgas.com","domain":"ehthgas.com","tld":"com"},"ip":{"addr":"104.21.86.215","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://ehthgas.com/index_11.html","date":"2026-02-17T10:42:06.433Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ehthgas.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 05 Jan 2026 09:04:08 GMT","end":"Sun, 05 Apr 2026 10:03:58 GMT"},"fingerprint":{"sha1":"9C:08:E9:6C:5B:36:E4:40:6F:D9:05:8D:4D:9C:61:5C:6F:13:9B:B4","sha256":"E2:FD:1D:52:E4:4E:54:D5:F1:20:73:7A:54:5E:09:23:D8:F6:AC:2B:DD:AD:2D:07:C6:35:1F:71:67:64:76:7E"}}},"request":{"raw":"GET /Uoyc5-p8_bigger.jpg HTTP/1.1\r\nHost: ehthgas.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://ehthgas.com/index_11.html\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Tue, 17 Feb 2026 10:42:06 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 3151\r\nx-content-type-options: nosniff, nosniff\r\nx-xss-protection: 1; mode=block, 1; mode=block\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-security-policy: frame-ancestors *\r\naccess-control-allow-origin: *\r\nx-cdn-cache: MISS\r\naccept-ranges: bytes\r\ncache-control: public, max-age=2592000\r\nlast-modified: Mon, 05 Jan 2026 10:02:25 GMT\r\netag: W/\"c4f-19b8d9ba0c6\"\r\nstrict-transport-security: max-age=63072000; includeSubDomains; preload\r\nx-frame-options: SAMEORIGIN\r\nage: 127\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tWG5HaO8SQvNel8bYB0%2BHxBJskc1H%2BkjLBjJ6o9UH2xf30vqZ0yLF6oGrveCOYg5Z%2FHcOLsyow3VkNGUsGyOdvo6vStB5AYRRDTa\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9cf4ad162e2251e0-ARN\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3151,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 73x73, components 3","md5":"748398a135b49b9d3bd7059d465ca235","sha1":"63eccea52513037b20dddca9d5aa18979a8b67ce","sha256":"50b91e7c6bece7444afe510cff78a73bf6282a8de5950dedd8539fd0fbcf57b1","sha512":"dc7b664c2b857481e2f9c679eac2f728dfa308d8bff76433fe3ecb3aa74cc5548cb55e8b1e1d4de7e1c511c0c618c6a2286578854ffdd9bbc0607d39a548705d","ssdeep":"","tlshash":"c551e903e7385a09f62d2938a0509b27d959bf252653937775dd452d372b0c08d286ff","first_seen":"2026-02-17T10:40:28.314801Z","last_seen":"2026-02-17T10:42:31.273594Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-02-17","alert":"Sinkholed","trigger":"ehthgas.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}}]}