{"report_id":"3729ccb7-b77b-4300-874b-aa607bd1c8a2","version":6,"status":"done","tags":[],"date":"2026-04-27T17:20:56Z","url":{"schema":"http","addr":"mexcuehs.com","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":0,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"final":{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"title":"MEXC","dom":{"size":25133,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (18693)","md5":"5d161104c9eea3623173c9b85f3bb286","sha1":"14c0e53f3bc1910dc63b45e0bc608958e0c0f879","sha256":"5689835ebfc2bfc3f71533ea9da3df3c701ed075dce511a5bf3218ab9879ae98","sha512":"957a33589c696ae1089ee41db3bbf48cf36cd792a7e704338978b16172a127cd8e16e8a41e5d25aff3937fe495d09da50d9bc219faa69f1bf7cc446e9fcd4abc","ssdeep":"768:JbQxX2+wBnPxT8hBR8MFQ2O/ZD6OpYx5I:Jb0ZwBnPxT8hBR8MFQ2O/ZD6Opr","tlshash":"c1b2abb1609000a292b785c3f0627f5976eaf30bc447c0447aee99d12fe7dbaf9594e4","dom_hash":"domhashe14499be0811070e50fda33316275dfc","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"mexcuehs.com","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":0,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-01T17:20:56Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"trading-order-roseccc.s3.amazonaws.com","ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"2005-08-18","domain_rank":0,"first_seen":"2025-06-03T12:45:54.189968Z","last_seen":"2026-04-21T18:12:23.036669Z","alert_count":0,"request_count":20,"received_data":187997,"sent_data":10564,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"mexcuehs.com","ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-27T17:20:31.219881Z","last_seen":"2026-04-27T17:20:31.219881Z","alert_count":70,"request_count":35,"received_data":3563317,"sent_data":14445,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"bin.bnbstatic.com","ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2018-03-27","domain_rank":229363,"first_seen":"2019-06-17T01:31:06Z","last_seen":"2026-04-22T17:43:36.237194Z","alert_count":0,"request_count":11,"received_data":22857,"sent_data":4812,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"api.mexcues.com","ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-04-27T17:20:31.216863Z","last_seen":"2026-04-27T17:20:31.216863Z","alert_count":50,"request_count":25,"received_data":70236,"sent_data":12648,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mexcuehs.com/assets/en-166baa00.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"8918681ea0eb17dd06966e103d2c98dd","sha1":"631575fcc1e7a11251d471042807a222bd2605d4","sha256":"89dd0fe4225cfe824c787fce13fe9c1510fe501dff93bc670419d9f8afff51d1","sha512":"e398c1442a3919bd51c680cb58a96288527ee45a980dec008b130d6320a453ea7d52cc38f708cbdcae7f310f880c705deb67ce400e236b7fef86744d82baa7ab","ssdeep":"768:+GtZcEw/o7rKOdAFsifnAMC2rAaAMFVoP6+6sPG9w1mwO6fpk7aOLxd:iponKOdebE2rdFVLsPWwqLxd","tlshash":"f403d6893e1a989a04f3537674ce6e1120f60ac18255881f4fedc9fd53d2b67a367b34","size":40454,"data":"","first_seen":"2026-04-22T17:43:43.792367Z","last_seen":"2026-04-27T17:21:18.606133Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"0f40806f855fc503ec7fe0e2cdc6da5f","sha1":"ad59d99993690064ee6565eea713ee4c5260f572","sha256":"954bc1931a5584c910a5391a0e2c05ba7190f3c672433a85c162ac948a74a44f","sha512":"7ea9c1cffaf640bc7083f2306a134368aa54ae775230a1f1990c43817594d950ecbf94412ea7ab6262bb8add4715ab6fffe7579f85b0a1c07f6acc4f8207cd9e","ssdeep":"","tlshash":"1fc08cc4a0c2ad001a12649010af24e49034402770481b029c94e8492e220b08237e98","size":137,"data":"","first_seen":"2023-04-13T00:16:19Z","last_seen":"2026-04-27T21:18:29.658774Z","times_seen":4932,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-12343a89.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"1b80b165889968d1c4b4bb1fc672d986","sha1":"8965ad64fe2d17df220dcebe27de8983d338a8d0","sha256":"21076cfdeafab3a04db633a604b92634e56937ecb2c743fea258df1585ea5307","sha512":"dcb5d98bd218fc52a2f3c3f334a6bcfa54e4e8366d71b9c976a049fb5662b3703642af9310b8ad1a76a400cdec37374f699901b84dbcce923bf32d6b3ad71cfc","ssdeep":"","tlshash":"a901b8f8fd0d8ebb1ea20a4541d13601140a2fedfa1419e198867e6a1be4990dbde72d","size":776,"data":"","first_seen":"2024-07-24T17:37:42Z","last_seen":"2026-04-27T17:21:18.497889Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"df55055f75e2187c0c3ffd3298e162c2","sha1":"dc0db5a52df96c5c7636f6c0aef602a6ff8d0042","sha256":"34d238e0facf0645b79ceb771e2969c69c252c99e63f22e7fcd3dcfc6d7ba0ff","sha512":"e903ff7edc9a3fe9051dacfd58d309f38e5f7689fa9749821e071171fee8dded977be371a8cfafd49c12a8e2501483f77fa64b0e732c827d0b5c0cca892cd137","ssdeep":"","tlshash":"4fc08cc4a0c33e102656641054bf25e490244027b0481b468cf4d8493e630b08233e98","size":144,"data":"","first_seen":"2024-01-05T03:21:28Z","last_seen":"2026-04-27T17:21:18.674196Z","times_seen":231,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"ced6204993ccd4d4792486f3b3c899b1","sha1":"c16ea5b8c59dcea2b9b03d844467f9db0d358cdc","sha256":"317f80fdd1cb3e7b69648541320cfeb07fd3ea3d1b70d3aab180edce7c3c4ac5","sha512":"dbf99b86ffabe8deeb56f836821b1f3c58fe9b502b89210ec5082f60b4cb4e30f060645fc970bf48f5c3f20073f0e79845925b0dfb4ac89df0319d4c26bdb795","ssdeep":"","tlshash":"b8c08cc4a0c22e509622651410af38e89034402ab08c5b52dc98e94e3f260f49237eac","size":149,"data":"","first_seen":"2024-01-05T03:21:28Z","last_seen":"2026-04-27T17:21:18.679294Z","times_seen":317,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-c0491bb6.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"68ffe96da85152a4cef46128f2d76dd1","sha1":"37f4bbc225f657566f67bc6116fa7fc0d4768405","sha256":"5ce9a80fdb9a10c12b2445cfe397360a54d5e70a259cbdde039ddc3b6ec33efa","sha512":"2b9d0280d90d31956990b48377432cc8eaa34a745afae0b39dadceead3cae29f4239cf0e99cdfcbbea0f1a051c1b5d75b55e915443d8989599df93d63d88c605","ssdeep":"96:Do+CY/9Y6qD+wSX+wMyrtb6airIGbTP3hv+e3XFNahejA:c+CYFY6qiwSXrtb3qJfhv1XXhA","tlshash":"c4a1b899f80285bef9b71540088c0010219c7bfeb20548f1fbfdad4a77b8979d754766","size":4667,"data":"","first_seen":"2026-04-22T17:43:43.759152Z","last_seen":"2026-04-27T17:21:18.444137Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/filters-11dec132.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"487bf81ca2caaf3f47666e79c3621f2e","sha1":"cddf12e097d077059e50493bc710a4aec193574f","sha256":"5b9b2f2a66da241622acb5d6c73baebc6b8f1ddbed98f8d2a49f184bd79d9538","sha512":"3f093eaa7283df55c3ebb347d04607050a02dd1909ab154d21137251a1183776f2f16d7475e20bf501b3e78a911bb02c62a96b8c01049706b3ca65ef29196fa7","ssdeep":"","tlshash":"a05135fdfdd7613356ea6ef944288414728ebe20686e0a4df54bd0455933888e07f778","size":3102,"data":"","first_seen":"2026-04-22T17:43:43.776094Z","last_seen":"2026-04-27T17:21:18.579479Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"d8a0b36a3bb5359d82373fd74ab0a55b","sha1":"109fcd2e9501021577ad657d5701aa40e771b723","sha256":"26b23c11a596c1301030aaa5e72296226d0b2c601ff7b24694d413a401ac9826","sha512":"ebb5fb5d0b9ad70253bc33b31f5fab9fa0efb74a89eefd5b900d6b956970a52ef306b8e62a73b47775339624aef7daf7f4779743b84394f80591c0ea8182f9fe","ssdeep":"","tlshash":"d8c08cc4a0d22d001a02641060af34e49028442670481b028ca4d8482e620b48233e98","size":138,"data":"","first_seen":"2023-06-06T09:30:31Z","last_seen":"2026-04-27T17:21:22.802422Z","times_seen":1176,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"ba78027dcfdc9eb09767e4e83301b631","sha1":"1b7e7e0f0922b9165de433222ba8cc4afd0c59b2","sha256":"3de67c074b8692e1861e1c651848411308eb4c90e96f491e9cddc2df529a5da5","sha512":"158882fe08ddcf7bd297cd25a0e7b518789ef98ffa6ba9f14d1b565993ddd00de407f5be64c5c8a819e7a01c4da5887b21ba51f65308cd238c10076951e9e499","ssdeep":"","tlshash":"8ac08cd4a0c62d009646a51116ef36e4a0248026b8486b47cce4ec482e230b08633ea8","size":152,"data":"","first_seen":"2024-01-21T00:00:16Z","last_seen":"2026-04-27T17:21:18.72046Z","times_seen":398,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"ad53bdca95253da3ed0339a52f219d8e","sha1":"1acba9622b6c70c03ce56310becd1d72226538e4","sha256":"3fecdc9cf7339d52588891d5d7b0c4b4ebfd82fe813b141fd5b81fdc70694f81","sha512":"d2bf6f0a88bbc044c6aab45f1f8795b3aafcf709a0a2b294f27062c0c34e1f34ec3964286f776c55a40a412cdf01c2ace59fdf7981fd69c6d8a63a6791ff8d3e","ssdeep":"","tlshash":"61c08cc4a0c22d001a02645014bf24e4a024802770481b02dcd8d8483e220b08233e98","size":137,"data":"","first_seen":"2023-05-08T20:49:31Z","last_seen":"2026-04-27T17:21:18.658843Z","times_seen":850,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"361e9d9b886c9f2b98f57c626c09b9d8","sha1":"01032a33013459a8de015112421c1a9e467f5d44","sha256":"b96071e372b614f6406f0b01ed200e24be43c5c21eac83934e41d7dd6f70ec38","sha512":"c3dc60f09e32481fa8a331627b2cd7911592847e3e0e82721694d14205de941a15ef18259c871c5957195b1ca8b3b63a8109390863f3f8d48e5e8a7d3f8b02dc","ssdeep":"","tlshash":"8bc08cc4a0c22e102602641010bf38e49024402774881b028cd4d8482e230b08233edc","size":140,"data":"","first_seen":"2023-12-19T15:12:13Z","last_seen":"2026-04-27T17:21:18.708646Z","times_seen":465,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7de71cd324bb8833f4a138cbcdafa759","sha1":"d7a8122c1483170fa571ec47c62f91c66d662ede","sha256":"62b9d7d992de0ba11591d4ed7c7ab166d886c09ddb4a6b79693795ce836c6003","sha512":"5d42f665549881c48abeb0ee42138dcd1b0f6140e49c3fc6efdfe3657cba54e63218787f0b0d2f12622873799b4ec3a21b9f4f62194f2cc9bda2758dd699a439","ssdeep":"","tlshash":"73c08cdab0d72d006602642110af78e8a0388027b08c9b439cd4d8883ea30b08233fa8","size":151,"data":"","first_seen":"2024-01-05T03:21:29Z","last_seen":"2026-04-27T17:21:18.684423Z","times_seen":304,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-ffbaf533.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"e716c9ebf484dc22003269bf390b9d7c","sha1":"07e25fae802bf231bb2433d5335f82ab21c9bcfc","sha256":"abf5994d0cbe2ac6820c63c2854948e9ebfe3c3d797a2c7a1b7abccdf071e584","sha512":"86877dad7d1c28475e316f990e00f5a15cedcfb88d7dfc140057a422508a940a36cc0fc626f425525cd6c203a86d4b514e4c3811930d2dd19827414d1fde9bbd","ssdeep":"384:JQEnt3hRxSJUFAFtAfU+Cs0K8+YmFuZ36kXMMzprhQhdCR+SD:JFgSWtAfUFqbAprhQhdCsA","tlshash":"1952d865f902d93cf5fba05140880050b66a7ffb401989e6b9bc6d4b3356eb8b78d718","size":14001,"data":"","first_seen":"2026-04-22T17:43:43.775122Z","last_seen":"2026-04-27T17:21:18.509Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c0e88513b499aae066f13f6f0edfedab","sha1":"12fd9320e7be26e9257e2a1a39a698a5e2706292","sha256":"3ffd5a1fea533c35c122aeb0a36f3d4a37022e0a14c83167faeaa819b3ee8cfd","sha512":"36b57e74aa71e21ec5489637f206796e8b9097db32c59e4ffbbdd7eb11ce35c2f754178f996bd6e11abc560cdddd3af7cde3fc1847c1a455120b5c26ee4fb838","ssdeep":"","tlshash":"17c08cc8b0c6ad001602e45111bf25e4a024802770481b128d98e8483e220f48233e9c","size":139,"data":"","first_seen":"2023-08-29T11:10:58Z","last_seen":"2026-04-27T17:21:22.93645Z","times_seen":779,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7746993e8adb9277ba5afa2584910974","sha1":"8e7e6d562fd56f594b40b6657156d483d7426e40","sha256":"833dc15f120cad89d5c0680edae217dbad02010e42af351959607df4170074ee","sha512":"10ee66e22fa45386057f1385e179955ad4fd4d53363c0aebe68aa9ba0547bf409a286e53ab6e678e5d0c3485d6cabcdd359f359c5258160b50a0a5a5496d6e6d","ssdeep":"","tlshash":"39c08cc5a0c22e101646641010bf28e49024402674481b028c98d8482e220b08233e9c","size":140,"data":"","first_seen":"2023-04-13T07:32:13Z","last_seen":"2026-04-27T22:37:23.380295Z","times_seen":3284,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"1831de11b3f834a2de4166013d75eda2","sha1":"4cd45ddc173078df52a6a5da8ee597fc7b8fa84b","sha256":"890bb39f44fdd8c6b918239d60c90dce9fd3fae1b9b2049c5a0e9f80f02c8009","sha512":"7e4471d6a84fcda0c90b1ef370a7ac6853bb28d5fe3de1f3955f2cd491853b7b07f7eab7a9df9731f584e664d59606ca969359d613ca46193c9a31e392fa594b","ssdeep":"","tlshash":"b9c08cc4b0c36e103a26a450a1af34e4d0248027b04c1b139da8e88d2e630f18233e98","size":152,"data":"","first_seen":"2024-01-21T00:00:16Z","last_seen":"2026-04-27T17:21:18.691454Z","times_seen":174,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"7d764b0b9e8bef95dcf9f0f849edccc6","sha1":"15be8ee3a96501522a2bf45a99f67f824c8aea40","sha256":"8b8989047e79dee3c51c15e6775949819e5a84fea6abe9c0a4c705c19c380e1c","sha512":"3ed96dd8987dd6f0f5b1b37c1e7a922483c12c15802fa75cc1a7da653e06d5bcb19dc86de0b6d94558bef150d65911b020ec0639f2d3ef3844bfd33f5b78cc08","ssdeep":"","tlshash":"37e0abaa3229c03456f08b3e6dfc0c17fa576b324d8c0a1bb8f0e9091e7dd1020b88d2","size":420,"data":"","first_seen":"2026-04-22T17:43:43.839491Z","last_seen":"2026-04-27T17:21:18.711045Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"9d379fc52463f2b630c6894900da5180","sha1":"b33fecceae6c1ef97518c6ad7159534d78e7b2f7","sha256":"6c3288c6af4396096b1a8a927fbfaf05ac8cc29658fc97d13cf036ba6bb38ab3","sha512":"49b43b0c253e26c135bd5009d73c537cf2e78342ef6b116ce6efbd3627152ac804449ec5cbe637a544b5557b52a50213a19dfcf33158a4f6b0a8ff91d79372d5","ssdeep":"","tlshash":"61c012c5a0da29102951595424bf28e8a024c026b55c6b169de4dda829e64fcc627d98","size":190,"data":"","first_seen":"2024-07-11T15:08:28Z","last_seen":"2026-04-27T17:21:22.853658Z","times_seen":589,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"f2d562f0482af28097a1e8bff743e202","sha1":"ab1f7442f13da01242f874f07b84041f32ff8cb8","sha256":"8ea8193c70220762139c7844d4be3c37d53d805256513bc224b53d16ad35730a","sha512":"2cf8993becc7c96e42b0499e72862eefa57d365830253e8b580c35ee9f854d4adb0b5b6817b56dfb125acdbc496ae99e8e78d7f73220c4093e8f2d2e521205f0","ssdeep":"","tlshash":"21c08cc5a0c23d002616641011af38e49028402674481b029c94e8482e230b48233e98","size":137,"data":"","first_seen":"2023-06-05T11:50:57Z","last_seen":"2026-04-27T17:21:18.718118Z","times_seen":459,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"f2f5a4f08c8536ee9b64126b563cd62c","sha1":"15d57cd315463221c807ad74b0e19578dd90f7a5","sha256":"1fce7bdbc1acea81dde9287f6971529e3cc024b01b1ebcd537ce4f16e064b760","sha512":"204e680610bbc982bcb79334b0acd7f7f3c101fcd0b0d384925c0d0f1dbb4fb222d259d164c7cf5a339887dc471086b3dcb2ca246f6af92c95526c91a4ac0427","ssdeep":"","tlshash":"48c08cd8a1cb6d005682b41459bf3ae4a0344027745cab139ce4dc682e230b48233e9c","size":158,"data":"","first_seen":"2024-01-21T00:00:16Z","last_seen":"2026-04-27T17:21:18.706178Z","times_seen":395,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"abb28f11e757fcda27a1eecf2c7d5b9d","sha1":"28a773ce9b1a35991f4c90248cb976d5d42a96d0","sha256":"e9fd09a77ff21752baca91b35732e4404b8f2d4e28ad726a872883f803e19f08","sha512":"6728d65045badf3ea619e41164225955e48bc6dca240d48c799a55d962011c440175efc99fa976c42113774d91f71d5bda4c6660c3f18f7ed33a66edee048906","ssdeep":"","tlshash":"1b11abfe195a602e6303404f976b7901a42290e9000a184177ccde9dbb9ab7dd0cfb8c","size":1048,"data":"","first_seen":"2026-04-22T17:43:43.838221Z","last_seen":"2026-04-27T17:21:18.664018Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"5948bc3b90afab1829ab7ee61269f24e","sha1":"517e29a82521418181f702543be8ae74a3bf68b3","sha256":"14fc83a84c91770211dc352186f8e87ddc85e87c2dba0c80a159b45897b9ae2d","sha512":"05c079bbf0389ad341941c3e837aca91dc9aff681cee8da0b4560551ba13e6bbb76b01213af6514e6991e3369062870866a41e67e6d67a37038ddba3ddee7d5f","ssdeep":"","tlshash":"a5c08cc4a0c26d002606691010af24e49028802670485b028c94e8592e264b08233ea8","size":139,"data":"","first_seen":"2023-07-01T13:40:07Z","last_seen":"2026-04-27T17:21:18.713423Z","times_seen":893,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"1797b90369a99ff22f1c40b0d94ec9a1","sha1":"aec8ba7bbf7bb80c7a4669d074c61aefb319ecfc","sha256":"e7129c3c36ef7b4a55f09622f14d1a60dd64551f16fd0f7a070edf2c75a13680","sha512":"a578a2dae3c0843433b3aca46d828da3db506e6c048302d6e857b77767968b4cac8e71e6d56dbd81aca28909b96a5f23447544a7a24ac9e3486478aa64b977bd","ssdeep":"","tlshash":"70c08cc4a0c72e001646641018af26e49034402ab0482f568df4d8492e620b08233ed8","size":146,"data":"","first_seen":"2024-01-05T03:21:28Z","last_seen":"2026-04-27T17:21:18.681916Z","times_seen":267,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"c1155eee87487f5efe9634a03695b16c","sha1":"2532dae40bd8f2c93a9eb7cbb00bf21e050124b1","sha256":"41c9b4311d7a14bda7da372afb964f0bf08f0823e01617a967aa9eb2554d298b","sha512":"ae1174eea2e3597d1ecd46bea51c7948e05095c00c03cb3670e5b62dd0c14abd26e7c3643fda485610290a4426fa92d0c9d7920303a7bdbc659f735313f2ea48","ssdeep":"","tlshash":"28c08cc4b1d22e106606641010af36e490298426b08c1b028ca8e8892e260b08237fec","size":148,"data":"","first_seen":"2024-01-05T03:21:29Z","last_seen":"2026-04-27T17:21:18.653961Z","times_seen":383,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/charting_library/charting_library.min.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"2a5fa40461c4e10123b62c021ab0a4ed","sha1":"527b4a35104eda6479c5ac876f57b5375ab00f51","sha256":"bcee984fd52b4a82bd6b23543bb33f6472e076c125edbdd8756d29ca230628cb","sha512":"51c91bff846f3825a21d6b301b1e4615d05bb27defef6c39c622e647f5d0262fdb0382924c9245c4a18a11cd32b60e4c913ed451b6f4b2fec1c87ce871eb874b","ssdeep":"192:9fdWSo7ktFUnoBelr6lw2LfnzuIQPlaJ1i10K+Ei/ISJhvHIheu5Ph3Ffa5:vWS2ktFUnoIlD2LfnqIJimK+5/ISJhvB","tlshash":"58224f58ed2478720acb54f0427f180f8239e278d84944ed3c84e6ec59fd44a6a6fbb8","size":10859,"data":"","first_seen":"2024-07-11T15:08:28Z","last_seen":"2026-04-27T20:33:57.356554Z","times_seen":877,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"cd7a34e714de94d5c29b8ac5acdde24b","sha1":"b722bccb435490630d97ef88cafeb02d92f70fd0","sha256":"312ebfdc50a0e168cff60c206811b02e944263a7d9060c2685509dacfacd7f71","sha512":"a724bc648a508c24e5bb1788e1f02b47030893bbb0b80a99e380d95480095983a35d8ec11193c53f0a67db47a289ab608fcbc9dbca846bfdd5d61a8832290f43","ssdeep":"","tlshash":"58e07d48ff28c7f316ce28ab516e770858d104d58c1b58024cebccc86935ed87291527","size":314,"data":"","first_seen":"2023-03-11T11:23:25Z","last_seen":"2026-04-27T22:26:01.147256Z","times_seen":32209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-1d5c1be8.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"8910f1aec449c03242910b473a8ec3b0","sha1":"31c86dfb080f2eefc3400ec4fb5df07e23de341c","sha256":"08267d5ccb286034ddeb20391bca3803ece6c6c0424f83bf56148aa33f29b056","sha512":"dac05a0d6729c46b1378ace5ec87d58a910fb2b356c96463492b538eee1a15496b5452736a76befabeeca54d8783a3965817b428b644bec650397094a0548db8","ssdeep":"","tlshash":"46f00e7fbd6a80722bf388eca1630820ba2d1b5a3754c4a4d9871e10d778cf3d12e624","size":510,"data":"","first_seen":"2026-04-22T17:43:43.758306Z","last_seen":"2026-04-27T17:21:18.486903Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"afd6dadb9533533d8514ac548303e331","sha1":"0b297795e161099658da59b3912482e86732e56d","sha256":"e378d3c8bb137aed4116bdd0c560231896d500f4edbb80088c14fd8fb220c3a9","sha512":"0df2fd8eb6e505ad35fff7e135feb15d50d1ae87d9990d9fa472fb834b7baf48ca73b3e8850042c74584e60de2daa8b9a4a981e5bef460ab48ad5f8ddb5d03e6","ssdeep":"","tlshash":"6cc08cc4a0c22d101602661014bf29e59024802671881b42cc94e8882e220f08233e98","size":140,"data":"","first_seen":"2023-06-06T09:30:31Z","last_seen":"2026-04-27T17:21:18.701208Z","times_seen":761,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/currencyItem-bd7d8e14.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"232ac81983696a197cdbd76190021c86","sha1":"422727d8aba3096864ee74fe7aca281bfe8599eb","sha256":"01f3f3bd127f89d6a8f4a30628df7dcd4f8f0d58de60e1c1f0239d64e07ce1ac","sha512":"b4a2e606cce6429f1975bbe1f62246b7c7f5b50a67f68907ea3df171295f1446f9e21a013449d50944a9962a75226e3bcaf7af8a3c61d191f1421891cc604328","ssdeep":"","tlshash":"7e31be69ad02cbb5c6bd9562c1f80424535d7bca70028581fafa15893bd76fce324971","size":1817,"data":"","first_seen":"2026-04-22T17:43:43.751784Z","last_seen":"2026-04-27T17:21:18.60378Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"207820ea30e8c69ce04100e8526ac9b2","sha1":"289c2ffded67dd3ddfa4bfbbba56b6f8043610a9","sha256":"1fd71a67efe14f91b321e3f476ef6de1ac2329e77f5720cd37ae6589fb074b69","sha512":"d1237fe7e4dbcbfe699ee7e9b4b30d9963a1919d1451c928aa9af64326dfb7a7d43f8bde094fdd4dab7a65a070422f6904cdea73eaac2fb4225f0bb1c8d6df5e","ssdeep":"","tlshash":"30c08cc5b0c36e10261ba85050ef34e490248027b04c1b038da4e8892e630f08237e98","size":148,"data":"","first_seen":"2024-01-21T00:00:16Z","last_seen":"2026-04-27T17:21:18.715845Z","times_seen":379,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"088a6aa95783926cdda35b9bd61df402","sha1":"6bcc7a91394c2ec7d95c5a259f70e51ffa50dc29","sha256":"5efd1243926a95339e0c10066db940873b88a24070c8c70285adfdad50e7cfa6","sha512":"ec608e74458bb6cb3e0aaa13c9b2b17d814407459c022a625fe862a385518d367444c170f2fa700db1196c2f7c94ca5b7197e27023ad87c03daa1008dc96b767","ssdeep":"","tlshash":"aec08cc4a0c22d005656641018af34e890244027b04c1b128de8d8482e620b09333ea8","size":142,"data":"","first_seen":"2024-07-07T15:46:54Z","last_seen":"2026-04-27T17:21:18.703737Z","times_seen":451,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"d98acc1019303c876db914a972334937","sha1":"73807338e5295d0e4a62fbf19a5258d5cc93e72c","sha256":"864aa8328e7915cfbea7a8773cd622fbf24494c9b6019a076bef6e3f795e7d9d","sha512":"77d7c9975e811e66a77b15f141c84b12ae3aa0f991d15d2864c3c3ce082e0da5f4154d93424ae8580ebd93a1c7231752fbf22ef82ce7a01d997287d2d854d1af","ssdeep":"","tlshash":"e6c08cc8a0c32d001a13642210ff34e4d03440a6b44d1f028dd4e8493e624b09333edc","size":150,"data":"","first_seen":"2024-01-05T03:21:28Z","last_seen":"2026-04-27T17:21:18.693852Z","times_seen":467,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"83678961efc93c088d42dd78bc6ea6dd","sha1":"8007d82eec4894fa2867c628e925f1fcfa443fa3","sha256":"d6045334796ceaf006da578968c4ce319e6d4127c9c36ea88297daf6c6713026","sha512":"cd5e028a3850ceca98e01b30d338a9874404eba5a4d8fce81855dc9f8a6189c9c202e6caf3fe736b10295b4c81a1361a68fda5abeeca58d358c8fdb9c02a282d","ssdeep":"","tlshash":"13c08cc4a0c23e106602681124af24e4a0244027704c6b02cde4d8492ea34b8a233e98","size":147,"data":"","first_seen":"2023-07-28T08:36:26Z","last_seen":"2026-04-27T17:21:18.656368Z","times_seen":608,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"a4bdcb8203f55c2a0d42fe2daeba7f94","sha1":"28d4fb637c1f7d7cfc979d90f4f388d62eb58a51","sha256":"386fe5926fc7fa712f45c79142ec5390c9082ce14bd96a609004647fb1f4d823","sha512":"09dd6e53cd308472025baff2f600acd0b5be74b4d557bf48d7402cf6147449fa01db100adc90a5ea3930e80b42a5a2a1782265620c3f940cc93f60e873363d5e","ssdeep":"","tlshash":"c6c08cc8a1c33d001602661060bf35e4a0288026714c5b128cd4e8492f230b88237e98","size":145,"data":"","first_seen":"2023-06-06T19:23:28Z","last_seen":"2026-04-27T17:21:18.676704Z","times_seen":635,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/#/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"Function","is_inline":false,"md5":"f19a249a3e546a75d19b9d3f75497cdd","sha1":"4fcf8a4234dc76c37cb9415dd3c2d4820fb45a30","sha256":"8f0b9cbdf1999a03131eed312b7dc7ab85a5ddbf696e4805d240a61cdf5066b2","sha512":"7f999eee3d080218db37b9bd7ae6ca464771276ae0eb378b537d24635f5d700aede00359099b8e2197cc4f36e56162a46110fbdb85f213ed5ada51d9875a7402","ssdeep":"","tlshash":"c5c08cc9a2c22d001646641014bf28f4902480277048ab038dd4dc892e620f0823be9c","size":146,"data":"","first_seen":"2024-01-05T03:21:29Z","last_seen":"2026-04-27T17:21:18.661413Z","times_seen":477,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":true,"md5":"528dd01eb509d1fc3c68b48e165c9d77","sha1":"8d702f33d869eb8c53cf75c17014f96385322395","sha256":"b508dff20bdbd9138e31aa48c45bc501805e509d2fd4709b39c4a60cd5c6b43a","sha512":"4c1edeec560f431005363ff5291acc80c1c42edf7c9a6d6e4fde2f7539b6a35a8e36f0bc228503263277bf5df4525dc579575faadca614c32e5dfa885a2d343b","ssdeep":"","tlshash":"78a012bb71b851710cd51ba7a40455e01c20123105052c101c8d5151c011c171d394c0","size":84,"data":"","first_seen":"2023-04-07T06:55:59Z","last_seen":"2026-04-27T22:26:01.151469Z","times_seen":35540,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-f8df6c8b.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"scriptElement","is_inline":false,"md5":"fb36fbb81e5f9ac585953268d70b99c0","sha1":"d2040e0b608693f08fcbd9d570282abbd07979fd","sha256":"3cb36500e83814fc0f1711ae759b346bb3cc7dc295f04cddc0d5c5d9be8bfdf1","sha512":"274df2e8a3c6e93b0961f10b81ff03814b6a7256dd01fe4d123309cff1fe156b944ddf70c9f19c911e4f7ca385a3ea2e85616bd065ca98142148691ecffab2da","ssdeep":"768:arHo6BnmPgarfm1/iWFaoeHVCNdw9XdUTCnmuyQhmdvH4jBj5HOyzf54cRfCcXZv:mWqRFKdU+xi4J5Oyzf59XZDd7ALLLwj","tlshash":"8ba34c8da40b0ebf69fd08486d9b451020b81fd35c89cc97b7baae4527fecd4629971c","size":100329,"data":"","first_seen":"2026-04-27T17:20:36.770088Z","last_seen":"2026-04-27T17:21:18.570427Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/vendor-cdb74f29.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"introduction_type":"importedModule","is_inline":false,"md5":"6345e3d8458fadedf8b878bfbf63cfda","sha1":"a33d5a56cc1d51acf04a2f67a1a3ee8e83e09fce","sha256":"85225714a39f2a0dbfaaa10116ed7c76fc331487ec5ba33c09140332f4f5b83e","sha512":"43e1eb582e16c9feb5ffd7e3505a72a153ca79c57acaac2cb601052ae52a5b05403b392b37c181e31b2b3249fe8c97a22bb892ca8b89a26a32719d50f58691f1","ssdeep":"12288:Mv6NLEg6h1uVDwbV7VPY+L668W/LGDV2e8qwnWkOukK4a2V9:Mv65Eg1VUh7a+J/LGD8ownWkOusa2/","tlshash":"151529c97292f06147ab24e240bb0006f3396e59744e84a4f16d98db7d7ad89e277f3c","size":879067,"data":"","first_seen":"2024-07-24T17:37:42Z","last_seen":"2026-04-27T17:21:18.573059Z","times_seen":31,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/57c0cfa5-b945-476a-8cdc-3a5b58c5ff85echo-proe36d00e58a654af7a67ef5c241ef5be6.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/57c0cfa5-b945-476a-8cdc-3a5b58c5ff85echo-proe36d00e58a654af7a67ef5c241ef5be6.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: oyJHX7ibZBL2+CxJF5BomGC+O0Mk5KhdvgkyBkXwPXBkF1mLFaZOU/4jvLpV8FiTPYmRsmxsjoaO48WnJk4ksIfsIo9KjocY\r\nx-amz-request-id: ZNXP79NC1EVBBDF4\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:46:39 GMT\r\nETag: \"886dd2e9e7acf01ce99935135129da70\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 4132\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4132,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"886dd2e9e7acf01ce99935135129da70","sha1":"a6b6378cdee4595bae45cf5236f301b316c4f4bc","sha256":"e39d56e54bce5eb62b4e911c72a527671cb0954aa49f8f17714c3def94c04acc","sha512":"91ed05a28d3f739ec9e31a94eaa6ac29f1f27b7a72ee25dd9759e73c41fcabb960452b014fbb40ac50f02d283eea1310764a4a659da639aff4bbbdb7d4274143","ssdeep":"96:3qrYVFKsDwGqu4cYipLzIEhsRrZ4xkzC4:hF4cfLz50rZ4QF","tlshash":"a8814c06f9c55483e368e00a51df31ab0d468c80ded2d15abbcbc6a642787ba572f09f","first_seen":"2024-12-08T15:39:09.777158Z","last_seen":"2026-04-27T17:21:18.613189Z","times_seen":55,"resource_available":false,"data":null}},"time_used":761,"timings":{"blocked":640,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/resource/svg/light/user.svg?2.0.1744277799644","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.466Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /resource/svg/light/user.svg?2.0.1744277799644 HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 551\r\nlast-modified: Wed, 01 Nov 2023 13:05:32 GMT\r\netag: \"65424d1c-227\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":551,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"cbadb23520ecde3a8d7488fc19e95980","sha1":"b10897e06fe244e246e8542b0d1b6d695317576c","sha256":"7217fe0095fa190b95295278d273242aafd0ce4944095f55a3a2a6554d428e46","sha512":"9223a7055472f242d2a4494d80c4c546578663054b494dfd7d3c668157c598c91d6a5e9cfcb1835746b16b02abda7dd674a57b7313011f2a961a87e0cf68a3a9","ssdeep":"","tlshash":"70f04cf7501c949950014550c9de3a85973df133a3468d5eb3a208e68a1454b217c555","first_seen":"2024-07-24T17:37:44Z","last_seen":"2026-04-27T17:21:18.475126Z","times_seen":309,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/LTC.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/LTC.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 957\r\ndate: Mon, 27 Apr 2026 11:18:23 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:30:31 GMT\r\netag: \"db1f13e46508474023e51dac9b924272\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: g_cdj3TjMVGw_vf5Heig0wXuWzyx3JC9\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: qjUizZ3eUZHtLEYkr3vU7OWPAWX2LypIndYFAC4Q8JRmlVPC00wOwg==\r\nage: 21742\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":957,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 97 x 96, 8-bit colormap, non-interlaced","md5":"db1f13e46508474023e51dac9b924272","sha1":"976aea7b350c3d301a1bcc9350fa9b54bff9c8af","sha256":"50b7635088e72a9f004283284a8d63488fa127afa53e157393ca38bb55db1ff2","sha512":"08f80512e3edb58c31435f259a6d27f0ce55186594e94b3d5883245788edf4b503cae6f5361876896658070c159de7d4ea5457b0bdda11df6673f02e7c598181","ssdeep":"","tlshash":"c511b7abf5cceccad1b1414f118a4490e550cdb0147da74eea127e1bb839ab02d04f1a","first_seen":"2023-05-07T19:16:40Z","last_seen":"2026-04-27T17:21:18.429892Z","times_seen":486,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":14,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/BNB.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.522Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/BNB.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 2560\r\ndate: Mon, 27 Apr 2026 11:18:23 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:30:22 GMT\r\netag: \"cb84d3ca48a52e3df1025731a8bef4ec\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: VPOEiAD2nY8z9QSV1.wLDACbBRxBtI9s\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: CoHNvG-DbKTmOkFEGKT2QS1wm_jKnDVqR4y_maNzDxE0SiIIHWdppw==\r\nage: 21742\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":2560,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"cb84d3ca48a52e3df1025731a8bef4ec","sha1":"b059f2eb3aaf93145fd62647cb908c5532e06795","sha256":"0f4502d8c5254df1eb0eb8d124c7684b4f02e2a5004525d5bd7acd18a6ebb9fc","sha512":"d7cd5d9aface1bb4718d418d1f7108bbbde7e8e24e926ce4bd4a88f51c715759e55741de3d6b17e7e54dea502761817e093e768a337fc0030a259fe9b4338151","ssdeep":"","tlshash":"7e513a6a47020c971334d44f89fc3eea1d6edc1ad421e0aeee0197fa18101c18dbe343","first_seen":"2023-05-25T23:01:30Z","last_seen":"2026-04-27T17:21:18.637869Z","times_seen":1433,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":8,"send":0,"wait":11,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getAllSetting","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.876Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/getAllSetting HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: en\r\nlang: en\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:47 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14384,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"814b44f9d3717821581d1c308d674fcc","sha1":"e3106a5075571c42e3dcaa2e03dd30b26356e4e4","sha256":"023bab9af4f5e1ad0fb56d1ca9dab38d78bc10a9fa92868efd17f6f1b6d74ccf","sha512":"e2738b430f1771bc8343c9ee7dae138be4395e82cbd6041fd346168c174ecad26d2bfb3a7f8a404c6e4db187148c720263d669fd833b87c0fa4c1dfbcc180ef7","ssdeep":"192:c0alafId3MhOSp/tV0YCD+RbJuy2hzwv76hv3kLxA0uXG54D6/2smXfMNk1QoC9R:R2Mueusu3YZ2HM7oCOhX0NYCKw","tlshash":"985231ca33ec9c7c668652c290eb7f9e747875b3d8e4e845e6b6fe4999819308c07049","first_seen":"2026-04-22T17:43:43.805529Z","last_seen":"2026-04-27T17:21:18.500672Z","times_seen":6,"resource_available":false,"data":null}},"time_used":280,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":280,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-f8df6c8b.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:35.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-f8df6c8b.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 23 Apr 2026 07:31:00 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69e9cab4-187e9\"\r\nexpires: Tue, 28 Apr 2026 05:20:37 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100329,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65526), with no line terminators","md5":"fb36fbb81e5f9ac585953268d70b99c0","sha1":"d2040e0b608693f08fcbd9d570282abbd07979fd","sha256":"3cb36500e83814fc0f1711ae759b346bb3cc7dc295f04cddc0d5c5d9be8bfdf1","sha512":"274df2e8a3c6e93b0961f10b81ff03814b6a7256dd01fe4d123309cff1fe156b944ddf70c9f19c911e4f7ca385a3ea2e85616bd065ca98142148691ecffab2da","ssdeep":"768:arHo6BnmPgarfm1/iWFaoeHVCNdw9XdUTCnmuyQhmdvH4jBj5HOyzf54cRfCcXZv:mWqRFKdU+xi4J5Oyzf59XZDd7ALLLwj","tlshash":"8ba34c8da40b0ebf69fd08486d9b451020b81fd35c89cc97b7baae4527fecd4629971c","first_seen":"2026-04-27T17:20:36.770088Z","last_seen":"2026-04-27T17:21:18.570427Z","times_seen":4,"resource_available":true,"data":null}},"time_used":542,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":542,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-1d5c1be8.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.629Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-1d5c1be8.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 510\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\netag: \"67f79128-1fe\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":510,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (509)","md5":"8910f1aec449c03242910b473a8ec3b0","sha1":"31c86dfb080f2eefc3400ec4fb5df07e23de341c","sha256":"08267d5ccb286034ddeb20391bca3803ece6c6c0424f83bf56148aa33f29b056","sha512":"dac05a0d6729c46b1378ace5ec87d58a910fb2b356c96463492b538eee1a15496b5452736a76befabeeca54d8783a3965817b428b644bec650397094a0548db8","ssdeep":"","tlshash":"46f00e7fbd6a80722bf388eca1630820ba2d1b5a3754c4a4d9871e10d778cf3d12e624","first_seen":"2026-04-22T17:43:43.758306Z","last_seen":"2026-04-27T17:21:18.486903Z","times_seen":6,"resource_available":true,"data":null}},"time_used":6419,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6419,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-c0491bb6.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-c0491bb6.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-123b\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4667,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (4660)","md5":"68ffe96da85152a4cef46128f2d76dd1","sha1":"37f4bbc225f657566f67bc6116fa7fc0d4768405","sha256":"5ce9a80fdb9a10c12b2445cfe397360a54d5e70a259cbdde039ddc3b6ec33efa","sha512":"2b9d0280d90d31956990b48377432cc8eaa34a745afae0b39dadceead3cae29f4239cf0e99cdfcbbea0f1a051c1b5d75b55e915443d8989599df93d63d88c605","ssdeep":"96:Do+CY/9Y6qD+wSX+wMyrtb6airIGbTP3hv+e3XFNahejA:c+CYFY6qiwSXrtb3qJfhv1XXhA","tlshash":"c4a1b899f80285bef9b71540088c0010219c7bfeb20548f1fbfdad4a77b8979d754766","first_seen":"2026-04-22T17:43:43.759152Z","last_seen":"2026-04-27T17:21:18.444137Z","times_seen":6,"resource_available":true,"data":null}},"time_used":6417,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6417,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=brent","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:39.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/getMt5Amount?coin=brent HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlang: en-US\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"647fa6866ec2d0ec693e177bd2dbcd4c","sha1":"3c0920b983dff76c13ff3c32fb2c8d4f3472a69a","sha256":"9a0e51f4fd269809aeb78be4b6ac1c057991d04f4b8326672af905bbf68b9b43","sha512":"aa01b7f2acaba9bf83e2d0f5dc7c386565eeadc22b87ef5979fc708222e50083c59fc51212dd6a45c66348b6b810147fe9d1f8e2537bfcbaffd76b03f84a0bf5","ssdeep":"","tlshash":"669002565c1c8242fcc300a6950a161400243164666592484c59513580881e22054858","first_seen":"2026-04-27T17:21:00.517583Z","last_seen":"2026-04-27T17:21:00.517583Z","times_seen":1,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/96b67bad-1693-4a2f-aed4-90e1ef9d401fecho-pro81d1e34081af4a2f916e0baf80689886.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/96b67bad-1693-4a2f-aed4-90e1ef9d401fecho-pro81d1e34081af4a2f916e0baf80689886.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: aNjrnugjPYrj40EJKIDjON6IW8XSvde0nZnXILHz8XWOP5X6eotdC7Jhc5ptHvPdW3TPJ5CEkbNF40sPuzcFJ5yAfUZfSMkv\r\nx-amz-request-id: VZM0792QE92D7CH0\r\nDate: Mon, 27 Apr 2026 17:20:45 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:44:55 GMT\r\nETag: \"cd69d086565731bb66ffaacb11d86880\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 4956\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4956,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"cd69d086565731bb66ffaacb11d86880","sha1":"dd2e292dbdd462e496c9196f7386eb1e32951881","sha256":"53ee26bfd5089ed42c23c844e72a29962458cccdcc603ede272c9cf3acb83b0f","sha512":"c4bbcf7159ffdfa53b971b822c4bc0fd208480eb638562b67e29ac6da5702c3b0942431a625c24b2c0a8c8ff086f737da49fad00c441a48da1ef6c4e40f6a273","ssdeep":"96:2Krhf9rmJ1zMJb8/DopC8b06jJYVl+Wj7hQNyFPXz:2KrhNWzMJbeud0CaVfjfj","tlshash":"9ea17f0ca9beb91d4ef46565137209bf8d531e0088def181fc695dc7e3690a8bb306e5","first_seen":"2024-08-19T15:53:11.181904Z","last_seen":"2026-04-27T17:21:18.511737Z","times_seen":52,"resource_available":false,"data":null}},"time_used":878,"timings":{"blocked":378,"dns":3,"connect":93,"send":0,"wait":120,"receive":1,"ssl":280},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/5337e9cd-6ac7-4572-a0cf-c8879e576c59echo-procce93ff8b98f4b7fb737b629efeb7d5b.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.488Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/5337e9cd-6ac7-4572-a0cf-c8879e576c59echo-procce93ff8b98f4b7fb737b629efeb7d5b.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: uA4h7r1BP3GUqAv3vIjMN++1Q441/Av7/zJG69HeANFCKb+rsA3agMifAbDLrM1jUkh984EquUPiRqQjwZolzzD3v40mKxQr\r\nx-amz-request-id: VZM6NFR5RVYE6XX0\r\nDate: Mon, 27 Apr 2026 17:20:45 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:36:12 GMT\r\nETag: \"52622a415647774ba3681c0e049e6800\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 1712\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1712,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"52622a415647774ba3681c0e049e6800","sha1":"add4e37d5a7c33344b2a276395cf2f6b247837e9","sha256":"24eda54bc218b21a61b5539a111bbcfc26344f35a0165246b2938bade4a992a8","sha512":"8b6135dc16338c92d3723e72c4ab833794bb2219e328a8177661213c2b98a7ddebdc9fc6348aba722d5304e0eb49944af32acbac0ccf175ed72a1cfab76fb469","ssdeep":"","tlshash":"3731fa497250be419289991110fba0a74da74e90c9e4f261e4cfc9272c313fed97d8cf","first_seen":"2024-12-08T15:39:09.82287Z","last_seen":"2026-04-27T17:21:18.536632Z","times_seen":61,"resource_available":false,"data":null}},"time_used":574,"timings":{"blocked":453,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/BLZ.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/BLZ.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 2875\r\ndate: Mon, 27 Apr 2026 11:18:25 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:25:46 GMT\r\netag: \"0f51074728ea7a0b05e3faabed2712c3\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: egHG0Aao3BZ6jsZ00StEmgqwaC2mYguT\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: tkdVUFbD1a4lW1Ix_F0ADeLrCpQwJzXcyf5AtLEdo3t0_VR36jmxBA==\r\nage: 21739\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":2875,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 49 x 49, 8-bit/color RGBA, non-interlaced","md5":"0f51074728ea7a0b05e3faabed2712c3","sha1":"ebeee75be591c3f38f0f2f321479906fe77316cf","sha256":"af3c20d9c5337d8c37cf2f13fa20420a57be06558cd847962992be261dfe0df4","sha512":"c7c68d9a9b4282002e940ec9af3106cc5c08fee1e706d31bd5806e17ddb1067bdfb0904e0e2c639bd17f5b8e2d7a87d0d958ee9e90f8e349ce7c3faa5ee9a3ab","ssdeep":"","tlshash":"9b514b8f84703c403c60883be9e21638acdaff825fa9536eb6984b541c78795d8ddd24","first_seen":"2024-11-06T16:41:01.071927Z","last_seen":"2026-04-27T17:21:18.544157Z","times_seen":22,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":3,"connect":0,"send":0,"wait":26,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/notice/list?key=ACTIVITY_NOTICE\u0026modelKey=HOME_ACTIVITY","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.828Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/notice/list?key=ACTIVITY_NOTICE\u0026modelKey=HOME_ACTIVITY HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: en\r\nlang: en\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:47 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1752,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"5386a149b659ae1608906c9f19092a7e","sha1":"16321470bf9f7a07a91f10face28a277770bc968","sha256":"4e59d647f0fdbb5630991954f4e1c250216aef1dc06fc5df70d6e6c02c2532ff","sha512":"c99e9998e1c99ed61b6add94fd21eb3b61a05a0904be52d7103ea0e017cb462e69b123763785000fe26fbf0e8e9c2d2884788c4ef99c1772d175d36a6c168423","ssdeep":"","tlshash":"b731664e167c9daa080848c768ddbdcd929f2797d6a0cc70976acf2d45f197b0f1aa08","first_seen":"2026-04-22T17:43:43.812833Z","last_seen":"2026-04-27T17:21:18.481038Z","times_seen":6,"resource_available":false,"data":null}},"time_used":273,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":273,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-27T17:20:34.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:36 GMT\r\ncontent-type: text/html\r\nlast-modified: Thu, 23 Apr 2026 07:30:58 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69e9cab2-1481\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5249,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (1094)","md5":"55e610fa868e2eb970d67096ece77cc9","sha1":"571752561550af51c1cc9fca6b597cd160005308","sha256":"a2253f23244fd4b27898a502bdc9ef00659168f793638ae9c13c099e1a860fa1","sha512":"bf49289d3a6bbcf6a6ebee73a3d9c93f59ba493cfb54f7e509945cdeef860802a88a2df5231594ff7cbe144fddd1860b63154d270431c0d22bcd39ba560062d3","ssdeep":"96:Tr82r8L5yKuc674yaUit/aXr6TCZydHRH/gR2mUsGKAiowGpuB1niHEiHZH/w:TFAL67EeZCxfE2nfD3bpuB1niki5fw","tlshash":"acb161b39cf0c81a2352022beed7b018aea155d389194c58b0cd94ed4fd5fe684dbb74","first_seen":"2026-04-27T17:20:36.751593Z","last_seen":"2026-04-27T17:21:18.525106Z","times_seen":4,"resource_available":true,"data":null}},"time_used":1367,"timings":{"blocked":549,"dns":1,"connect":269,"send":0,"wait":269,"receive":0,"ssl":276},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-d253bac1.css","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-d253bac1.css HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 61\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\netag: \"67f79128-3d\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":61,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"c88360cef8df86c995e562333879873a","sha1":"8674b487cf92f20149c0ef681b42a599469813bf","sha256":"d253bac175b5b52734c192e96d18c8b26b0c92b881584f63b7de91bff96c6149","sha512":"eeeb5ec01fe8c7d483182fc60a2b54ee1d02994718fd9b23a6182f49ead49d889889f21592b2955bcac8cc859023204782db3210d3a0c706a3e4677564db3636","ssdeep":"","tlshash":"f6a0026d11156404b2225341ff5ff95dce686917da91820453421c9135cbe8f25d821b","first_seen":"2024-07-24T17:37:43Z","last_seen":"2026-04-27T17:21:18.631217Z","times_seen":275,"resource_available":false,"data":null}},"time_used":6167,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6167,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/type/defi_activity_type","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.434Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/type/defi_activity_type HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: en\r\nlang: en\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":635,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7a423e3451e474878191a0a7f1d323b9","sha1":"13312f533f380295131f6a1540f425d0c98a16ba","sha256":"49c938e0bb3a834cab9319575489cf6c1694cace3f1ceb9671570024328e2a35","sha512":"0522e47fc06c4329cee21e354b264c90ae4b0725941d75cf63af54bee4a307fbe91e7078a412bd9750f3856657159ffe5efff139a652ec0443368f7c146bfdbf","ssdeep":"","tlshash":"5af028143d3dcebf098f65e745ec7818399c152794a0fca058ab0f3c5ae4171088921c","first_seen":"2025-04-07T11:28:26.961944Z","last_seen":"2026-04-27T17:21:22.665018Z","times_seen":592,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/a38871da-60a9-4392-b023-ad5606526808echo-proe1d51526e87940209947c30c32fa05e5.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/a38871da-60a9-4392-b023-ad5606526808echo-proe1d51526e87940209947c30c32fa05e5.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: G03NYSWjq1O/jEdcuZDLTPcpk8aKspWw3ByhL0VI5gTP3jenj3ZEaxSxrUvL5kGUvKTAT5cvFirojWdDy82km1KE0FPs450A\r\nx-amz-request-id: VZM4PS8J0GT8KZPP\r\nDate: Mon, 27 Apr 2026 17:20:45 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:46:30 GMT\r\nETag: \"339c6f06112912dfec4082cf192541c8\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 2314\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2314,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"339c6f06112912dfec4082cf192541c8","sha1":"e54f413a9f97256501ea21cb6df1dae60556c1fc","sha256":"fbdf7c741403b5d3e7a381293773fe48f296f52735321922f372a58702f6eb14","sha512":"5330142859855547ec32c626f8de088e213fc75fd88ef5c95e34724e2cd7c6b1c4019037ef3f77f7951eac67e111f2bf2dbc431ea7894860c8ea4cb0b6ed74fb","ssdeep":"","tlshash":"1741e80abac06d90479deda068f5846b4d5b48c48e80f67976cfd4265a713e28f481eb","first_seen":"2024-12-08T15:39:09.779663Z","last_seen":"2026-04-27T17:21:18.530976Z","times_seen":69,"resource_available":false,"data":null}},"time_used":887,"timings":{"blocked":368,"dns":1,"connect":93,"send":0,"wait":140,"receive":0,"ssl":282},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/resource/fonts/Arial.ttf","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:36.275Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /resource/fonts/Arial.ttf HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexcuehs.com/assets/index-84a63188.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:38 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 1047012\r\nlast-modified: Wed, 01 Nov 2023 13:05:30 GMT\r\netag: \"65424d1a-ff9e4\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1047012,"size_decoded":0,"mime_type":"application/octet-stream","magic":"TrueType Font data, digitally signed, 25 tables, 1st \"DSIG\", 58 names, Unicode, � 2017 The Monotype Corporation. All Rights Reserved. ","md5":"ffe66dbfc4b07f36ef38dd621ad2c7cc","sha1":"e032b102cfc37c3226d17e1b462edea5fbf8fe1c","sha256":"c1216a01b3cc4e94df72577a6f618154058a1d8999ed58fa31ab7e54c7e4be4b","sha512":"3c7952b71c8117938c5284efca0e0b3e8c20d7b84c74a4890f76a72af3b26295786b0f7c33d9b6c980527b4c4c8dad628d1f5e7e5f202d11076367f082349bb3","ssdeep":"24576:NoQIQRjo/Y7wjgTmKJ4WxA7EAD4OBfDamXKE6AMra:NHIQJo/Y7wjgTm0PxAwJHE6hG","tlshash":"f125be0bf3929f0fe3902b38c9a5d761939b76189b2743b73d8c5858ecc85a45e487d2","first_seen":"2023-07-29T15:16:45Z","last_seen":"2026-04-27T17:21:22.673284Z","times_seen":1176,"resource_available":false,"data":null}},"time_used":5626,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1140,"receive":4486,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getCoinList","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/getCoinList HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:40 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":1360,"timings":{"blocked":544,"dns":1,"connect":270,"send":0,"wait":267,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-2f4644ae.css","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-2f4644ae.css HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-a01\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2561,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2560)","md5":"45baacfdd2499066688f7ffc7225c372","sha1":"46551e76bfa93f50857a6b0f53d1f117d2adf0fe","sha256":"2f4644ae09e7b5a53ec8996547eb607ac21976285369b68da4ccc2c49fba346c","sha512":"edb7742f23bacfab32449c041654cb2e47b50fb18da2e9a33a7e736fbc02745db06ecb8b913c3c5b0f3defa871da7bc5e89bf3c9d7457be31f4595c0be470eda","ssdeep":"","tlshash":"c4511e4cfe9915345c7be98fbe5c6e488000be93e54aed85f007d70649cfae3276065a","first_seen":"2024-08-19T15:53:11.157245Z","last_seen":"2026-04-27T17:21:18.588093Z","times_seen":47,"resource_available":false,"data":null}},"time_used":6162,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6162,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/platform/dev/favicon.ico?2.0.1744277799644","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:40.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /platform/dev/favicon.ico?2.0.1744277799644 HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:43 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 25871\r\nlast-modified: Sun, 12 Apr 2026 08:13:35 GMT\r\netag: \"69db542f-650f\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25871,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced","md5":"e3647298ed17654e424e41d27b08170b","sha1":"6428ddc3ed3b0587a6dd8ddfa614301663b7d2b4","sha256":"7aaf20df416596c067ae7587a4120fdc010725a0b889663837c529eca297f29a","sha512":"2784205d2974000f2fc547ccf440931b78a34cc04324d40b9600311f4a905039a7f67f7e90bc0effd961fc943e9d29628e0e8cfa678494c1a22f150bee8db193","ssdeep":"384:h6DbRkfbP3iHuGoEQSDVnm45Gk0U+Cc+VKtgcQcXL9:h6XHqEnDVnr5Gk5+Cxzc3XB","tlshash":"9ec2afa1fcd531942c01953225e3a41e48b2898bef43dd82bbdd40aaef12f559c9f58e","first_seen":"2025-09-12T08:50:03.430349Z","last_seen":"2026-04-27T17:21:18.44053Z","times_seen":9,"resource_available":false,"data":null}},"time_used":3284,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3283,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/TRX.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/TRX.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 1315\r\ndate: Mon, 27 Apr 2026 11:18:23 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:29:49 GMT\r\netag: \"79cbcbdfcc32e9ed14054fb9f306d76b\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: n6Q72N4CRo3VkIHj4mksUjkTB7ZCHWEN\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: M694PEvxgl2nsDDy5DciarGbMzm3ivxynfry-XdnQnPHD_SGEHElNg==\r\nage: 21741\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1315,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit colormap, non-interlaced","md5":"79cbcbdfcc32e9ed14054fb9f306d76b","sha1":"d0fe46ecc0664340d7027500d23cb6ee7b8de4f6","sha256":"ac3824adc2a37e25d5e63fe30c4de623c0985730450f3e12b58bcc58677d107d","sha512":"98eb00b634f4214e5d546aff3c51c6e889a337ed9e9a59d96b2dc189bb822352d01d2d53e02db22255c2c3f44836ce30c52c8e22199eca10c8e431d17560cedd","ssdeep":"","tlshash":"1f21f8b87b5d652cc209c890e8364aa77098f9ae0512041e3830ec3dfee098be2567c3","first_seen":"2023-05-04T03:36:11Z","last_seen":"2026-04-27T17:21:18.45299Z","times_seen":991,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2026-04-07/5e6a1db8-3785-417d-8517-068a5ab59539473d3adc-48da-4cfa-8cf8-5c5989b62012.jpg?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:45.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2026-04-07/5e6a1db8-3785-417d-8517-068a5ab59539473d3adc-48da-4cfa-8cf8-5c5989b62012.jpg?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: 0zmhxmuICHu1fCYq1LG2F1oJHHSIvwx2T1Inajkxh5CnJ69a70zmZx0Gzbs8KmkDQrU4jVOAguqw6n5Y2Eqsrp18uionkrKB\r\nx-amz-request-id: ZNXSRGP8882ZR2C9\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Tue, 07 Apr 2026 23:42:53 GMT\r\nETag: \"e96bffc51f6b455ca01505423e6944d5\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 38580\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":38580,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1119x381, components 3","md5":"e96bffc51f6b455ca01505423e6944d5","sha1":"d606dd0f5dffa3e1717e237b7ab00610c302d649","sha256":"dade6122ad2e4ce6ae75585498102e2348cd89a81d12596ebaf3346973a1f22d","sha512":"d5618e72f9d64418b91f6d4aaf6041faeff357d16caf7a5c8fc1811f3817d2cc0c71da51655a9d209c4838798684122f1159e222e24bbc8052cfe7a7d740667a","ssdeep":"768:PvXVLRpkUdQhT+X8dgBkUDeEQXNU33sEY/VMn8ySMr5qVpJz4a:PvXRRpkdSAgBkUainPwy8yJt6","tlshash":"d703f197369a416bed731f331eb4519f1ca7bf2e4c801b27d283c6a0907fa3465681d4","first_seen":"2026-04-22T17:43:43.809467Z","last_seen":"2026-04-27T17:21:18.489686Z","times_seen":6,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":114,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2026-04-07/c4c57c29-cacd-43cc-947a-8d42dbfa2603a4d4b96d-1a6c-4284-b750-6386fad89ac2.jpg?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:45.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2026-04-07/c4c57c29-cacd-43cc-947a-8d42dbfa2603a4d4b96d-1a6c-4284-b750-6386fad89ac2.jpg?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: dWSRhHp+Rqvb7wNF/42h8PC1LPLrvTs6EEhA1vC7ET7DEVhMfcm1Q7235lR4u21XDTNg3FuArvyXsbNtlOyMnjG9aIYiNOxO\r\nx-amz-request-id: ZNXXE6B3SQ6D5PVE\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Tue, 07 Apr 2026 23:48:09 GMT\r\nETag: \"ad172b9b1e11b1b63b5d9cab0ff4b9df\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 39329\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":39329,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1179x456, components 3","md5":"ad172b9b1e11b1b63b5d9cab0ff4b9df","sha1":"396e016e68c86595a0ce8dbae335e7cfcf4581fe","sha256":"47a56414f9259046a37dd86342c630d438e9b43721db83d4255667dce0336f17","sha512":"fce1e84febd959ea7708cc1324177ac358489ec43fde2cd60b15285c0dd5533203a393c50094f314e88d476b5bb8ca2f0906e80156511853aada0bb8fc66836f","ssdeep":"768:9kTUIikTYp0s1EsAsfaD6tQp+3cED66C71JoHnTABDK60saPS07763gH:6Ta1EVsfaDdwceCQnfn7+3gH","tlshash":"7003e1c56b2a4989e3b647702cdd5632bd491d1808272afbf9c1dfe038cceb45e640e9","first_seen":"2026-04-22T17:43:43.810492Z","last_seen":"2026-04-27T17:21:18.522197Z","times_seen":6,"resource_available":false,"data":null}},"time_used":223,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":99,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=lead","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:38.785Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/getMt5Amount?coin=lead HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":263,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=lead","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:39.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/getMt5Amount?coin=lead HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlang: en-US\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"63d47ae36f0cff2c8f65767f1a9c7c19","sha1":"60e81cd3b6254959722f9b7dd111b6f12241d94d","sha256":"f30b9de5510f99a54de676bcc22c7aeae42ad38b4f7a3fb6a90771e42f5c58fe","sha512":"59d5a3e4ca15de9a95b2560093d7a94769338760d787a7a8b088f485cf9ef3aac65fb366b4ecafcfca47a81b55ac06f6a31840513bc1fb6fe26783b05e733cc1","ssdeep":"","tlshash":"199002595c1c8642a8c320a5d50a120501243561266596494c59512580881a62044c59","first_seen":"2026-04-27T17:21:00.551347Z","last_seen":"2026-04-27T17:21:00.551347Z","times_seen":1,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/fac01627-6f55-4ff0-bcf8-b7666ecf0402echo-pro4e8405e5b84a4168b6783ea22b62c4e8.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.476Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/fac01627-6f55-4ff0-bcf8-b7666ecf0402echo-pro4e8405e5b84a4168b6783ea22b62c4e8.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: i6RP3z9NA80qe+bteWi7aphTtBxDAr04JmRwhvh+3emD602G29mZZr+eP4Kqu4hwcP/O5JMETAIcCBBMIrovnF6bF2qDcHqG\r\nx-amz-request-id: VZMA6VRBWB2VXGKP\r\nDate: Mon, 27 Apr 2026 17:20:45 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:35:06 GMT\r\nETag: \"b35a18e38905abe1d3d3b871e2759272\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 2135\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2135,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"b35a18e38905abe1d3d3b871e2759272","sha1":"ade27caf3a03b2845a8562838950e7013fde61c8","sha256":"3827072abc60359bed56aff5596ad0fa608b105eb3903a5046ba32fef54e1547","sha512":"19d4ae86ebf2efcfcc84884fd3cbc6add9e24496d13bf2fdf2286c9a1e647f8f549563fd462d077da41ee5a0db7fc6c2e70d25309f57f82c7024e214c1474749","ssdeep":"","tlshash":"d641e94a77915882631d255a05d742634f230dc0e9d4f07478cfd4290e203fa489facf","first_seen":"2025-07-19T12:16:33.429496Z","last_seen":"2026-04-27T17:21:18.478037Z","times_seen":38,"resource_available":false,"data":null}},"time_used":745,"timings":{"blocked":347,"dns":0,"connect":0,"send":0,"wait":128,"receive":0,"ssl":270},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/37bf66d5-b9e3-412c-b823-bb37770cef10echo-proc689bd081e994bc7ae23260a3e5c9eb5.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.494Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/37bf66d5-b9e3-412c-b823-bb37770cef10echo-proc689bd081e994bc7ae23260a3e5c9eb5.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: JkP1HZsKeTJWjLuAWyaf5w1iq3IwRGW4CVKpFqhrp/ga+G0j9LVRTXVxZfGMeWfUHLJxdMfpuDhnhdsUwrGfB3AWOourlOUA\r\nx-amz-request-id: ZNXQE8BAX2BGT5TR\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:38:48 GMT\r\nETag: \"122aa57dd9538429059cbd42ee99a59e\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 1437\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1437,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"122aa57dd9538429059cbd42ee99a59e","sha1":"e6d44defdb86a01caa67f663529aa0d70f7b6065","sha256":"4344191b60975b2acbac5c8168e581a89a2104d0b8ec789f63dbe67a600b172f","sha512":"94910eff5eb6449954b7dec9903e3b779201bed8b71dce794245f4810337f05348205209a5a26b4849256cbadc6f89b9c09a016baed9b09b1fc3b7feb4e4d148","ssdeep":"","tlshash":"0c217606faa57881528c9d5324f291634d670544dfd4f5ea78cfc52e1d203f687994cb","first_seen":"2024-12-08T15:39:09.743393Z","last_seen":"2026-04-27T17:21:18.557336Z","times_seen":73,"resource_available":false,"data":null}},"time_used":596,"timings":{"blocked":473,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/XRP.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/XRP.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 953\r\ndate: Mon, 27 Apr 2026 11:18:23 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:28:04 GMT\r\netag: \"92f9d15be55070c0f267e7b9609211da\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: QRK6OD8vVyictvg2hsHVXOfI_qefjrI8\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: PynTL_YF-OU4g29IQbnRl0TgiPfoJm3dwSQQPfpeoTxJZU6n_w3GVw==\r\nage: 21742\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":953,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit colormap, non-interlaced","md5":"92f9d15be55070c0f267e7b9609211da","sha1":"d25e8395244487e169b16cb9508e434ea1ea61dd","sha256":"0e7d0965ce52308846834de79ad8305ea31542444a1ba54888843fc0214418f4","sha512":"d39d1087b689cf8f8d543a282dfc802e0e996ddbdb0553b7376958b0be63dd8f6230451cc3cd3df7d63748ab2165e8e82433c35d4131a7a2c137445ecfeee95b","ssdeep":"","tlshash":"e91188a14b659e01632bcd7fcb2a0142b20b22efb465d716a88f533d0795d871059f85","first_seen":"2023-05-07T19:16:40Z","last_seen":"2026-04-27T17:21:18.564572Z","times_seen":1450,"resource_available":false,"data":null}},"time_used":39,"timings":{"blocked":17,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/resource/fonts/DINOT-Medium.otf","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.535Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /resource/fonts/DINOT-Medium.otf HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mexcuehs.com/assets/index-84a63188.css\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: application/octet-stream\r\ncontent-length: 73096\r\nlast-modified: Wed, 01 Nov 2023 13:05:30 GMT\r\netag: \"65424d1a-11d88\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73096,"size_decoded":0,"mime_type":"application/octet-stream","magic":"OpenType font data","md5":"ab876400560626fbe045633dc44f0748","sha1":"85bbfb1729e86f40ddc9af7197b5f54ed6136226","sha256":"5888b24f6b65ff7c989b4a258dbeb5d997320d61417371210da0258be21d854d","sha512":"82e96ade51b0570c1f691ba45d1a3c0802015dad7598954675c4abe2fa8a9fc705adbe6eb5e677aa5cc03b6704e594cfe99279c678855ebbbcbade6d5028dbd6","ssdeep":"1536:TlK/cP2D2oV7otQjBG1+acfZZHHDEdom1hvd5JItkB7k3Z:TKQQtG1yZSdomrvpIqcZ","tlshash":"0b636f031d4fb9548de4513a52de4ea34bb39ecc1ca493c30ae12d938fece6657152ae","first_seen":"2023-08-16T00:37:20Z","last_seen":"2026-04-27T17:21:18.64033Z","times_seen":866,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":269,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/charting_library/charting_library.min.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:35.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /charting_library/charting_library.min.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:37 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Wed, 01 Nov 2023 13:05:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65424d1a-2a6b\"\r\nexpires: Tue, 28 Apr 2026 05:20:37 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":10859,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (10857), with CRLF line terminators","md5":"2a5fa40461c4e10123b62c021ab0a4ed","sha1":"527b4a35104eda6479c5ac876f57b5375ab00f51","sha256":"bcee984fd52b4a82bd6b23543bb33f6472e076c125edbdd8756d29ca230628cb","sha512":"51c91bff846f3825a21d6b301b1e4615d05bb27defef6c39c622e647f5d0262fdb0382924c9245c4a18a11cd32b60e4c913ed451b6f4b2fec1c87ce871eb874b","ssdeep":"192:9fdWSo7ktFUnoBelr6lw2LfnzuIQPlaJ1i10K+Ei/ISJhvHIheu5Ph3Ffa5:vWS2ktFUnoIlD2LfnqIJimK+5/ISJhvB","tlshash":"58224f58ed2478720acb54f0427f180f8239e278d84944ed3c84e6ec59fd44a6a6fbb8","first_seen":"2024-07-11T15:08:28Z","last_seen":"2026-04-27T20:33:57.356554Z","times_seen":877,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"wss","addr":"api.mexcues.com/ws/994fa1af-3e08-44d2-904f-d6ee419515f6","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"GET /ws/994fa1af-3e08-44d2-904f-d6ee419515f6 HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://mexcuehs.com\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: +xr2UGF0dBtusUapx6q0ug==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 \r\nServer: nginx\r\nDate: Mon, 27 Apr 2026 17:20:41 GMT\r\nConnection: upgrade\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nAccess-Control-Allow-Origin: https://mexcuehs.com\r\nAccess-Control-Allow-Credentials: true\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: yxERdjwnF1MGedfmJvO9zZd8J1E=\r\nSec-WebSocket-Extensions: permessage-deflate\r\nX-Content-Type-Options: nosniff\r\nX-XSS-Protection: 1; mode=block\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":2527,"timings":{"blocked":0,"dns":850,"connect":1122,"send":0,"wait":275,"receive":0,"ssl":1122},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-98b51ac4.css","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-98b51ac4.css HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 07 Apr 2026 21:29:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d5773c-2789\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10121,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (10120)","md5":"ab6273592c0cd75fd5e533d38eeb78cb","sha1":"9307e6feead161af2626f08e32e07482cee2dc72","sha256":"1f2630d5bdafc74ac09a0b05c333b36ba42d01d85d43ff9dbaa60309e761a213","sha512":"f34d7a0737f1638250be6a75e134e1440bd38d1af38f7e421b8fe0c34e976f9d3f3697bc4bc6f20479f8aab0f8c1e8b3dcae633adeebdaefe0056609e6ac273f","ssdeep":"96:AXyGGKFezOETj8XMp5mXUVM2tL0a5OfUUe62rrpHj44bbz6Lw9TgzP:A3nePfpYvhm54Sbz6Lw9TK","tlshash":"9622742df6a42638ac37e165bbc84acce229ba11d653dde4f6a7953308db5e3163005c","first_seen":"2026-04-22T17:43:43.822041Z","last_seen":"2026-04-27T17:21:18.550468Z","times_seen":6,"resource_available":false,"data":null}},"time_used":6161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-12343a89.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-12343a89.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:40 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 776\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\netag: \"67f79128-308\"\r\nexpires: Tue, 28 Apr 2026 05:20:40 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":776,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (775)","md5":"1b80b165889968d1c4b4bb1fc672d986","sha1":"8965ad64fe2d17df220dcebe27de8983d338a8d0","sha256":"21076cfdeafab3a04db633a604b92634e56937ecb2c743fea258df1585ea5307","sha512":"dcb5d98bd218fc52a2f3c3f334a6bcfa54e4e8366d71b9c976a049fb5662b3703642af9310b8ad1a76a400cdec37374f699901b84dbcce923bf32d6b3ad71cfc","ssdeep":"","tlshash":"a901b8f8fd0d8ebb1ea20a4541d13601140a2fedfa1419e198867e6a1be4990dbde72d","first_seen":"2024-07-24T17:37:42Z","last_seen":"2026-04-27T17:21:18.497889Z","times_seen":31,"resource_available":true,"data":null}},"time_used":6414,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6414,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-ffbaf533.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:43.820Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-ffbaf533.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 07 Apr 2026 21:28:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d57717-36b1\"\r\nexpires: Tue, 28 Apr 2026 05:20:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14001,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (14000)","md5":"e716c9ebf484dc22003269bf390b9d7c","sha1":"07e25fae802bf231bb2433d5335f82ab21c9bcfc","sha256":"abf5994d0cbe2ac6820c63c2854948e9ebfe3c3d797a2c7a1b7abccdf071e584","sha512":"86877dad7d1c28475e316f990e00f5a15cedcfb88d7dfc140057a422508a940a36cc0fc626f425525cd6c203a86d4b514e4c3811930d2dd19827414d1fde9bbd","ssdeep":"384:JQEnt3hRxSJUFAFtAfU+Cs0K8+YmFuZ36kXMMzprhQhdCR+SD:JFgSWtAfUFqbAprhQhdCsA","tlshash":"1952d865f902d93cf5fba05140880050b66a7ffb401989e6b9bc6d4b3356eb8b78d718","first_seen":"2026-04-22T17:43:43.775122Z","last_seen":"2026-04-27T17:21:18.509Z","times_seen":6,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/type/defi_activity_type","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.143Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/type/defi_activity_type HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang,language\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang, language\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":287,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/53abf262-8f41-4829-886a-692dd0330abfecho-proc867f38c2e5647cd850d77b91059d1aa.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/53abf262-8f41-4829-886a-692dd0330abfecho-proc867f38c2e5647cd850d77b91059d1aa.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: Q5Ucd/Vc8QyfOgCVUxwcl0QEpZcTlMDJdX7jDA3hPhilkxFX0QBGtFNX2X73AUdGqjtCNid9/upXDt7RbZRnSkosDNyHAYgr\r\nx-amz-request-id: VZM75AD5NCZM92CY\r\nDate: Mon, 27 Apr 2026 17:20:45 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:35:44 GMT\r\nETag: \"d5976ba8379b358e534ace5a52b53242\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 1997\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1997,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"d5976ba8379b358e534ace5a52b53242","sha1":"5edc63b7d064ba413750aa1fb041ec51de5e198c","sha256":"4210321132295a31f6710115146adadc92f74bcb1004c6a8a1b3a271597f5838","sha512":"9ce9ee37f060c4e73a8ec179e16fdd68673df3c6bb43ee34919090a3562cb2a892f8ceed20b43134580238db597481bcf8a3a5d69b37401ae0d8d25dfd7c7b8d","ssdeep":"","tlshash":"0f41c8ccaa657f51c304d91290fac167a9530a80c9d0b07a78ced61b09722fb641ebc7","first_seen":"2024-12-08T15:39:09.801273Z","last_seen":"2026-04-27T17:21:18.533815Z","times_seen":70,"resource_available":false,"data":null}},"time_used":793,"timings":{"blocked":364,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":289},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/489ad0c0-8cca-4674-b1de-7e831332df6becho-pro6c57acf5e15c4a38bec2f69a37c99c16.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.498Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/489ad0c0-8cca-4674-b1de-7e831332df6becho-pro6c57acf5e15c4a38bec2f69a37c99c16.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: DYk5NJQqGJw6uI+XavKr/0b/tuzjgArNBvezy7nBVp08rhkivTzaiEpFr5uQXsytvJ0GxqHS9vCDxTqZydj3w5RbwCQAzzpw\r\nx-amz-request-id: ZNXM8F0CCCXWTBDV\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:52:17 GMT\r\nETag: \"cd9639c040f59589fcb5d6ed983201f1\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 4196\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4196,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"cd9639c040f59589fcb5d6ed983201f1","sha1":"dbdb74d71fb5cb16b7b8da75f94823dd95fc9d5e","sha256":"e1a782a8916940e24b67ef01c954ac6f353f2ec32825445e34a14fed70411b92","sha512":"2dd972fb315d7ed8bf431ddc91f62d14d2d9be2c1e993aa88f35f8db85ad59df74c93a3192c1f8b15e15e4f5ef4b32c08af2273065b068dee92f77cbc44f75e8","ssdeep":"96:YZCFp42ks3eAyPPPeWmWqK617l2WsRWsRWsRWsnu19TLOJYdRGYgcyTEs:YZ6p42ksryPPPzmx1h2WsRWsRWsRWsW+","tlshash":"0c815c66ce0136dd8c50a03c0b6401fe7df816e8be22ef65999477b56a9f6340814bf7","first_seen":"2025-06-06T01:26:06.899814Z","last_seen":"2026-04-27T17:21:18.53931Z","times_seen":37,"resource_available":false,"data":null}},"time_used":611,"timings":{"blocked":488,"dns":0,"connect":0,"send":0,"wait":122,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/d14e7108-82cd-49ee-8c82-45b448f0cd19echo2.052f8627951f94c28a147ef1a57083863.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.455Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/d14e7108-82cd-49ee-8c82-45b448f0cd19echo2.052f8627951f94c28a147ef1a57083863.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: QKINJq2aHXfaGQ1/ri2fnmuF+FpnMu2Xq9YH+OoTNZdJSwkhf4+81ehNiVTSXNRyqG7bPTXGn+pYZBok5TeAYObQb9YgvoBN\r\nx-amz-request-id: VZM7MSVW9JTWHCZT\r\nDate: Mon, 27 Apr 2026 17:20:45 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:43:27 GMT\r\nETag: \"b61f1ca72c14930cc6204ceda9d4a1a8\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 1476\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1476,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"b61f1ca72c14930cc6204ceda9d4a1a8","sha1":"d4fc6e900b4f0491c9e21b5bd87abb3a5774d197","sha256":"177ef0c77ae4e4dc8e7ecadcd84bb6e7532cb427ec8d1354cf1128521cfa8af2","sha512":"7cd45adb9967aa94bbe9b31e192eec3de548262312428e260296eb69cf49a68e5aa120ea96733d90c5b7d32bab97e2329d469aaeb260e151b6216686e8128aa2","ssdeep":"","tlshash":"8d31855ce3209852e205ee9320e6506b985304c0dbe2f0aae0cbd9925a303f745cd9cb","first_seen":"2024-12-08T15:39:09.775069Z","last_seen":"2026-04-27T17:21:18.464556Z","times_seen":68,"resource_available":false,"data":null}},"time_used":800,"timings":{"blocked":367,"dns":0,"connect":0,"send":0,"wait":152,"receive":1,"ssl":280},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getAllSetting","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/getAllSetting HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:40 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":1333,"timings":{"blocked":534,"dns":1,"connect":262,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=wti","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:39.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/getMt5Amount?coin=wti HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlang: en-US\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4ed80020ace51503e917dac8fc21b44c","sha1":"baea29061207d70edf07278ca93fa5dd17b686b8","sha256":"282cf6859c25d5941af8bbb9a57eefef6084bbb58924bc07ed39774dbd3a0c45","sha512":"594a8ee740ca07cb4c52eb332c0aaaa7e5d0ba063bf0345fcd5ace238fed613a4cad49341ce4d959df5bcfe807af9f4caaaa756799066c912a05f1b85123d404","ssdeep":"","tlshash":"c69002555d1c9342a8c300a5950a260404243160266492484c599225c0881b27044959","first_seen":"2026-04-27T17:21:00.583114Z","last_seen":"2026-04-27T17:21:00.583114Z","times_seen":1,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/filters-11dec132.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/filters-11dec132.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-c1e\"\r\nexpires: Tue, 28 Apr 2026 05:20:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3102,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3101)","md5":"487bf81ca2caaf3f47666e79c3621f2e","sha1":"cddf12e097d077059e50493bc710a4aec193574f","sha256":"5b9b2f2a66da241622acb5d6c73baebc6b8f1ddbed98f8d2a49f184bd79d9538","sha512":"3f093eaa7283df55c3ebb347d04607050a02dd1909ab154d21137251a1183776f2f16d7475e20bf501b3e78a911bb02c62a96b8c01049706b3ca65ef29196fa7","ssdeep":"","tlshash":"a05135fdfdd7613356ea6ef944288414728ebe20686e0a4df54bd0455933888e07f778","first_seen":"2026-04-22T17:43:43.776094Z","last_seen":"2026-04-27T17:21:18.579479Z","times_seen":6,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/BTC.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.513Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/BTC.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 1125\r\ndate: Mon, 27 Apr 2026 11:18:13 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:30:33 GMT\r\netag: \"75f196b437f9d87fdc198bc904c66c4c\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: KEU_GNz.cEPy87FxxsLaGlv3ekYfu6Aa\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: 5ukj7H6hAaMFbtNQ-LG33rVmXi9al4ZmcfTjnK9IDhNColNJ3b4ldw==\r\nage: 21752\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1125,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit colormap, non-interlaced","md5":"75f196b437f9d87fdc198bc904c66c4c","sha1":"79b6e300761520f7ad41856878999dbc1fafc137","sha256":"f72b9a231c13012613217eec2bec27b923204e8c6cebc2b2ae51485d2b5d679d","sha512":"de4633885db64868d13a4a4699631acf0b00af0b2cda542c5be26b4dce3a1f8b4e071949280ddd9f3c59eb7a236d5d8d7003ffcb9633e0749fb62d46c780ac60","ssdeep":"","tlshash":"2421f9d3df09102ec4029c9cd4730c6bcc287a963410445b5f7c823fcc0b6496864b67","first_seen":"2023-05-07T19:16:41Z","last_seen":"2026-04-27T17:21:18.47216Z","times_seen":1560,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":8,"send":0,"wait":13,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/ETH.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.515Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/ETH.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 1100\r\ndate: Mon, 27 Apr 2026 11:18:23 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:30:28 GMT\r\netag: \"8658d5935ab59ee39d15c39226279d46\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: fcMwz_FrxevnVgNtIlzpA9y6vfUJIaPK\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: CaYivQQgzy7SWqF9Cbw09nn5PlukW2Q52oqp7ViF-VvkPnI7uK4JIA==\r\nage: 21742\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1100,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit colormap, non-interlaced","md5":"8658d5935ab59ee39d15c39226279d46","sha1":"27463866eb9fa6fe4b6d2bd2cd3d6fd88392cb43","sha256":"595a7c97f329934d40fa297958ccbb31d3cd101c2965b02a32a7c96fd49c9e11","sha512":"0179fd67c6baa7d46fba32986a8f6fe1586f2d9d3c57161bc33ecae609d6e608e8d9bfcdad0459bf41ba087843955a45ce5daca8ea223cb33138de6b4c8b13db","ssdeep":"","tlshash":"f211b6b64261eec7905c8a22da820b38ed2d9718f01c3f06ef73efb39225b045105d0a","first_seen":"2023-05-25T23:01:30Z","last_seen":"2026-04-27T17:21:18.541677Z","times_seen":1574,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":19,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/SOL.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/SOL.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 404\r\ndate: Mon, 27 Apr 2026 11:18:23 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:19:36 GMT\r\netag: \"5e22a9302a4383454bfe530f0ddffb53\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: .y99HULHsmBO8l5_Ll.XajXf2q2ZdJQz\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: GdM5BEe7IquRO_hLhvIcKTzqladiQUnVflzkGyC5xj6HZ94jNXwNsQ==\r\nage: 21742\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":404,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"5e22a9302a4383454bfe530f0ddffb53","sha1":"be5b706cd340c21bd9be3a3ce56647ec384d6624","sha256":"b4f74a2541dbe53158395e8b054ec169ffe18124b55a0b5e027ebd9c22b5ba11","sha512":"0d94a417d4f0c678faea64e59463ab5c6cd582168ae7e744d44c1d6878deffec49dec89d5b5ca176bb15767eae10cdf9aa1691d4b033367becb08caf8ec56889","ssdeep":"","tlshash":"c9e0f1f27d245ca97f5642050fe80ff2d03c66f515119c861db2ca2d554105545d5453","first_seen":"2023-05-07T19:16:40Z","last_seen":"2026-04-27T17:21:18.519293Z","times_seen":892,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":8,"dns":0,"connect":0,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/notice/list?key=ROLL_NOTICE","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/notice/list?key=ROLL_NOTICE HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang,language\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang, language\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/filters-11dec132.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/filters-11dec132.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-c1e\"\r\nexpires: Tue, 28 Apr 2026 05:20:40 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3102,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3101)","md5":"487bf81ca2caaf3f47666e79c3621f2e","sha1":"cddf12e097d077059e50493bc710a4aec193574f","sha256":"5b9b2f2a66da241622acb5d6c73baebc6b8f1ddbed98f8d2a49f184bd79d9538","sha512":"3f093eaa7283df55c3ebb347d04607050a02dd1909ab154d21137251a1183776f2f16d7475e20bf501b3e78a911bb02c62a96b8c01049706b3ca65ef29196fa7","ssdeep":"","tlshash":"a05135fdfdd7613356ea6ef944288414728ebe20686e0a4df54bd0455933888e07f778","first_seen":"2026-04-22T17:43:43.776094Z","last_seen":"2026-04-27T17:21:18.579479Z","times_seen":6,"resource_available":true,"data":null}},"time_used":6414,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6414,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getCoinList","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:38.472Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/getCoinList HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlang: en-US\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:40 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22497,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"901a0af6b0522d10d0023789a8ad619b","sha1":"10f11150bcf968b297d6fc4ff6cf35807e6fd614","sha256":"8b17a2f6a2d98e57c658cab063834d7c3b8ececf39b29b52126acd46a4dd2278","sha512":"52fb81a0c9f0612c523afc0991c7845cd8bd4f7d716a95a58454a784b60df0ed269efacefc130791f286834675cf5f0c9715268f547ed520ff9c5ea0f52164a0","ssdeep":"192:NBgeXXBQQgeXX29geHXdDgeHXRK1XC7Xa5SX4v0XPsX0NpXjQSkgucwXuwYTK7EN:Ggf411n","tlshash":"76a2ff59512cd4bdd97dc0d11eaf7d22a19d323facc58e2bd2ce4d888dd4ab05a0af02","first_seen":"2026-04-27T17:21:00.59576Z","last_seen":"2026-04-27T17:21:00.59576Z","times_seen":1,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":285,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/3f47bd81-e2e4-45b2-9cdf-c839bc5ba4f7echo-prob1dd369e88f84bbbb5403ae1f583871a.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.460Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/3f47bd81-e2e4-45b2-9cdf-c839bc5ba4f7echo-prob1dd369e88f84bbbb5403ae1f583871a.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: eY/CwFXYRxZORGL+LlLTF1PMKrXIAZEvc6pmLDX1oCOth1F/AukWZjSe9sjdFPZmsHeMJrgpBSJxQO8fzdMDXNL3N0fMvgYu\r\nx-amz-request-id: ZNXX6K66NXVNKZZ8\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:47:42 GMT\r\nETag: \"29e13d8e4019a00e982e57ef7489ef07\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 1962\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1962,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"29e13d8e4019a00e982e57ef7489ef07","sha1":"7d6d22ad2b6239016dfa816b6cbb882669c35812","sha256":"068208afea55acd5b734b27889300a913b381c1aecb2d3f7a7b737a4b0b3b8d1","sha512":"86ccce1ff50162734c2110da2546b122d49c7dc214ad5d68fbc8c1de4bfa1a4539720b4704ca8a020fb87e011976045e1b9a6b7f3ee83065c8fc72266284760e","ssdeep":"","tlshash":"ac41ea05e9c16e83828c9a6510ef90a2cf6742c0dee0f925aacec51506353b5456d4db","first_seen":"2024-12-08T15:39:09.787655Z","last_seen":"2026-04-27T17:21:18.514501Z","times_seen":53,"resource_available":false,"data":null}},"time_used":764,"timings":{"blocked":648,"dns":0,"connect":0,"send":0,"wait":115,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getAllSetting","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.787Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/getAllSetting HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang,language\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang, language\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":264,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/notice/list?key=ROLL_NOTICE","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.830Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/notice/list?key=ROLL_NOTICE HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlanguage: en\r\nlang: en\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:47 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":628,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9b68d78a550903dbbf86b158243aedb2","sha1":"8b4c825ba15cd25529ee97598d6dff67e657b9fb","sha256":"a395df80bd57459e8fde8eaf6fe352c912f74c9081a8128e95f542b39f8f4b31","sha512":"ae7587a7d654930f607240127a7a4170853c257428d30a19c431d81fbddc1b137266bd43d633bfdb581dec350a4f82f6e4b48f5919b03f6125be8f46c57f2346","ssdeep":"","tlshash":"bef0780f4a788d71080648cb11cdbccc957f1683e660cd38855bcf1c82f42fa2a1b948","first_seen":"2026-04-22T17:43:43.808563Z","last_seen":"2026-04-27T17:21:18.484145Z","times_seen":6,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":275,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=copper","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:39.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/getMt5Amount?coin=copper HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlang: en-US\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"68bea596eedfb9affa87498ce3e3c1e2","sha1":"82559a6c50afe655607f28132b51916feb7fd90e","sha256":"eb970824dadb30c023c2f98ec5ce9c0cf669001ccb0cb1a3fe0c615b3a373ce3","sha512":"31be8b5be9b3c1304b880b6ec51cdfa6f548bb22f30b6650e880eb33fb95280e10933926a87a0fc2c3d864e0bfef6fdc9fd3164d88e90e5018cb180951e708c9","ssdeep":"","tlshash":"db9002555c1c8256f88304a5aa0a121500243160262492594c59512581c81e32044898","first_seen":"2026-04-27T17:21:00.604152Z","last_seen":"2026-04-27T17:21:00.604152Z","times_seen":1,"resource_available":false,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=xauusd","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:38.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/getMt5Amount?coin=xauusd HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":267,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=xauusd","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:39.055Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/getMt5Amount?coin=xauusd HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlang: en-US\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"9bda5e9c7a448536a65e2cb07e7a06e3","sha1":"0fe3c46fd66788fa2b6688ea54d9208931c2a8f9","sha256":"661f9f219e32b3f895b6381b6185ff332652a1485119b63513544f26b60cb8a8","sha512":"630dc838bc4152867c85d2b034244f9be40d5c3a79cb72a95174188b60b382eb58a70ab88c836e8d9f8ddc1736eba36227bab01ec3cbee006b9801f6926a67a7","ssdeep":"","tlshash":"939002555d1c8642a8c300a5954a120801283164366692484c59513680881a22084c58","first_seen":"2026-04-27T17:21:00.610345Z","last_seen":"2026-04-27T17:21:00.610345Z","times_seen":1,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/resource/svg/light/zu447.svg?2.0.1744277799644","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /resource/svg/light/zu447.svg?2.0.1744277799644 HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 420\r\nlast-modified: Wed, 01 Nov 2023 13:05:32 GMT\r\netag: \"65424d1c-1a4\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":420,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"23b51e86174e8f6920f0afedc42bb423","sha1":"cdd01b04898627077aff5bfcfe4c8d1729d89397","sha256":"3a30987fe9e27f43c0c43f5aea739a13a599a6f633131b6f042f039f15de83e7","sha512":"4c3eae2304dc9d458aac7064d93cfc502fca1543b29bd5490adb51fb806dd0596a2c854b560f605d99a78243e8cd1fe60cbd6b09b663594d4333beda3820533c","ssdeep":"","tlshash":"fee05c16cc15100e51010e95c3d11f68a47ff183c2a508aefbe0127b4ab5c0a6cbc32a","first_seen":"2024-08-19T15:53:11.170684Z","last_seen":"2026-04-27T17:21:18.599688Z","times_seen":355,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=xagusd","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:38.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/getMt5Amount?coin=xagusd HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/vendor-cdb74f29.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:35.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/vendor-cdb74f29.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:38 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-d69db\"\r\nexpires: Tue, 28 Apr 2026 05:20:38 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":879067,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6345e3d8458fadedf8b878bfbf63cfda","sha1":"a33d5a56cc1d51acf04a2f67a1a3ee8e83e09fce","sha256":"85225714a39f2a0dbfaaa10116ed7c76fc331487ec5ba33c09140332f4f5b83e","sha512":"43e1eb582e16c9feb5ffd7e3505a72a153ca79c57acaac2cb601052ae52a5b05403b392b37c181e31b2b3249fe8c97a22bb892ca8b89a26a32719d50f58691f1","ssdeep":"12288:Mv6NLEg6h1uVDwbV7VPY+L668W/LGDV2e8qwnWkOukK4a2V9:Mv65Eg1VUh7a+J/LGD8ownWkOusa2/","tlshash":"151529c97292f06147ab24e240bb0006f3396e59744e84a4f16d98db7d7ad89e277f3c","first_seen":"2024-07-24T17:37:42Z","last_seen":"2026-04-27T17:21:18.573059Z","times_seen":31,"resource_available":true,"data":null}},"time_used":474,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":474,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-bc011be9.css","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-bc011be9.css HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: text/css\r\ncontent-length: 397\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\netag: \"67f79128-18d\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":397,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (396)","md5":"5353ff252ee4a5e7a3d0176de6a6c712","sha1":"c83942b5dfdb4aa8be53f26b39e53b0b257595e0","sha256":"bc011be90fd6cd33a399912151a5f69ba0d8e394563c71c4c1bea7a4ec032516","sha512":"9a17506817918ef0c9a5d0caebaed8f603641dc1015a726bdf247645a7e0a988b543756d7254abafa18dd4cd9d27c9a198300632156faf59f05c1e27f0a5e30a","ssdeep":"","tlshash":"5ae092c890d6927fb62b607d267c931ad425ac88d8007bb8e67fabb146c7ac53172215","first_seen":"2024-01-05T03:21:29Z","last_seen":"2026-04-27T17:21:18.506136Z","times_seen":604,"resource_available":false,"data":null}},"time_used":6164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getAllSetting","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:38.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/getAllSetting HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlang: en-US\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:40 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":14384,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"814b44f9d3717821581d1c308d674fcc","sha1":"e3106a5075571c42e3dcaa2e03dd30b26356e4e4","sha256":"023bab9af4f5e1ad0fb56d1ca9dab38d78bc10a9fa92868efd17f6f1b6d74ccf","sha512":"e2738b430f1771bc8343c9ee7dae138be4395e82cbd6041fd346168c174ecad26d2bfb3a7f8a404c6e4db187148c720263d669fd833b87c0fa4c1dfbcc180ef7","ssdeep":"192:c0alafId3MhOSp/tV0YCD+RbJuy2hzwv76hv3kLxA0uXG54D6/2smXfMNk1QoC9R:R2Mueusu3YZ2HM7oCOhX0NYCKw","tlshash":"985231ca33ec9c7c668652c290eb7f9e747875b3d8e4e845e6b6fe4999819308c07049","first_seen":"2026-04-22T17:43:43.805529Z","last_seen":"2026-04-27T17:21:18.500672Z","times_seen":6,"resource_available":false,"data":null}},"time_used":279,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":279,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/0b1cafde-7164-4e24-975a-43c04a2791ddecho-proc5bbc55628ed4e069f8b6652eefa50b4.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.496Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/0b1cafde-7164-4e24-975a-43c04a2791ddecho-proc5bbc55628ed4e069f8b6652eefa50b4.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: OHPUUkYsQ2R0S8/Q2WsQwGVBCo5h9jg53NVRhX66f/Zg2QsSXX52LlINoMLYosVLZF+O4/kOv7e42HHVnRs9x3nntKYkDy1M\r\nx-amz-request-id: ZNXGDPP0AVE1ZMX9\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:38:57 GMT\r\nETag: \"4b3ef8c62b99a5c2073e57dcfbfacf29\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 1830\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1830,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"4b3ef8c62b99a5c2073e57dcfbfacf29","sha1":"edb4b395b6adc8d884777339788e59f75da00d08","sha256":"ddd504d154b598383eb31999c85e0d678ee28004f2db2138fe4731db99daa6dd","sha512":"f4d13b854ae3139a998768426be833c8149851ce1227b120abcf87fc75d41bd75015554677cdddec9683d4a4e78d683973d3be2e7eb561b353890eb5bc3bbc7d","ssdeep":"","tlshash":"6231d50aea40bac1538d850270fb41675e6314888ee8f579a88fc12c3c353bf55998df","first_seen":"2024-12-08T15:39:09.749558Z","last_seen":"2026-04-27T17:21:18.55977Z","times_seen":115,"resource_available":false,"data":null}},"time_used":601,"timings":{"blocked":479,"dns":0,"connect":0,"send":0,"wait":121,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/DOGE.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.530Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/DOGE.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 2808\r\ndate: Mon, 27 Apr 2026 11:18:13 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:23:16 GMT\r\netag: \"d55dd75446d505958e5210985b246bed\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: 4UYcBvJMh_uo_yVng7x5Db27Q1WSKk7g\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: jWTcc0sMxSe9DKr3XC1Ij03G1cXlOCUO7L-FRECqVRrKfreGy8fkfQ==\r\nage: 21752\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":2808,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 96 x 96, 8-bit colormap, non-interlaced","md5":"d55dd75446d505958e5210985b246bed","sha1":"df83b77aa8f8647f67f478e02c23f864a592f6d6","sha256":"8abf24f47bc3b4def59a6e6441a9f2dbb8d20c953c2c5373f219ab614a8f208d","sha512":"b65c5b9eca2ac0bef1dfdf742eb6ce365c3368650b37cd847ce12b955e683d3843cdeab9ec25beed31976e9b3ab571e59d4c66431e44345e7c57347a72bb758f","ssdeep":"","tlshash":"a6515c150736fcaac55846a3889f0970c8ee362be160571a7664cc17ff949494a17743","first_seen":"2023-05-07T19:16:41Z","last_seen":"2026-04-27T17:21:18.433052Z","times_seen":873,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2026-04-07/efd6db54-758d-4223-94f0-017b7a46ec0f43fa9cfa-d171-47ea-ac7d-b917dceed345.jpg?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:45.298Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2026-04-07/efd6db54-758d-4223-94f0-017b7a46ec0f43fa9cfa-d171-47ea-ac7d-b917dceed345.jpg?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: 3vwIIWy3XkeKo81r5kuuvSB/z21T9wKPvTF8qsS0gRHMVJWm+6CvHuvKOf90MVZP1MpYKLUltsOIbvh0Vm5TiDbTD0odzC+R\r\nx-amz-request-id: ZNXZB6DBK3103HN6\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Tue, 07 Apr 2026 23:46:53 GMT\r\nETag: \"cdd869c286a1272bcbf654d24cf34be8\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 31723\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":31723,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1179x425, components 3","md5":"cdd869c286a1272bcbf654d24cf34be8","sha1":"58d6646ca20ebfa016ff6945993b92573cf98cf6","sha256":"5abda0dc13281be895be69a803e44d2ae841e299e8e66bfc2e89c73c6cc110bc","sha512":"eba670589ea1709cd8c9616246905ffe3874f745d656f9ffd12c534cb48ed8a23ea16e91f1c9c2ebde712d8d09cb39547d94b15d78c6a3df749add990541826d","ssdeep":"768:h5obX8TGnn8dWwPaCYoyYjag9PYdncttHv3+ENriYrR0G2ZZ62/:hIn8EeuP0agsw+ENOE0GOZN/","tlshash":"d7e2e1468b285293fab87b321cea2ee561292e0b25f410ffd27611f4849fc7449403ee","first_seen":"2026-04-22T17:43:43.779984Z","last_seen":"2026-04-27T17:21:18.567964Z","times_seen":6,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":94,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-ffbaf533.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-ffbaf533.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 07 Apr 2026 21:28:55 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d57717-36b1\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":14001,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (14000)","md5":"e716c9ebf484dc22003269bf390b9d7c","sha1":"07e25fae802bf231bb2433d5335f82ab21c9bcfc","sha256":"abf5994d0cbe2ac6820c63c2854948e9ebfe3c3d797a2c7a1b7abccdf071e584","sha512":"86877dad7d1c28475e316f990e00f5a15cedcfb88d7dfc140057a422508a940a36cc0fc626f425525cd6c203a86d4b514e4c3811930d2dd19827414d1fde9bbd","ssdeep":"384:JQEnt3hRxSJUFAFtAfU+Cs0K8+YmFuZ36kXMMzprhQhdCR+SD:JFgSWtAfUFqbAprhQhdCsA","tlshash":"1952d865f902d93cf5fba05140880050b66a7ffb401989e6b9bc6d4b3356eb8b78d718","first_seen":"2026-04-22T17:43:43.775122Z","last_seen":"2026-04-27T17:21:18.509Z","times_seen":6,"resource_available":true,"data":null}},"time_used":6161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/currencyItem-bd7d8e14.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/currencyItem-bd7d8e14.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-719\"\r\nexpires: Tue, 28 Apr 2026 05:20:40 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1817,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (1816)","md5":"232ac81983696a197cdbd76190021c86","sha1":"422727d8aba3096864ee74fe7aca281bfe8599eb","sha256":"01f3f3bd127f89d6a8f4a30628df7dcd4f8f0d58de60e1c1f0239d64e07ce1ac","sha512":"b4a2e606cce6429f1975bbe1f62246b7c7f5b50a67f68907ea3df171295f1446f9e21a013449d50944a9962a75226e3bcaf7af8a3c61d191f1421891cc604328","ssdeep":"","tlshash":"7e31be69ad02cbb5c6bd9562c1f80424535d7bca70028581fafa15893bd76fce324971","first_seen":"2026-04-22T17:43:43.751784Z","last_seen":"2026-04-27T17:21:18.60378Z","times_seen":6,"resource_available":true,"data":null}},"time_used":6414,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6414,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/c78e2787-8db4-47b4-a4f4-4899c3927a5becho-pro140ce76eee2e495682516529a8adf274.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/c78e2787-8db4-47b4-a4f4-4899c3927a5becho-pro140ce76eee2e495682516529a8adf274.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: tRL6NvzyGK8ZqwyKFqws7Oj2qfKv40sTep4eRZQfvkW7GKW8XI3rV0zDXXHaDMHLKbX8UXv1am24hJffmZqzwsZMPbbRsDK+\r\nx-amz-request-id: ZNXJA4Z4A31N964N\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:47:25 GMT\r\nETag: \"c9201d51bf4a685443c119177dcdda52\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 1428\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":1428,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"c9201d51bf4a685443c119177dcdda52","sha1":"cabb5ee298f65e78718b60bbb9f393d51c315273","sha256":"0d4a8d66fcc758267650dc6c039aaffdb405ee2c73e09e0e924ecbfee808d129","sha512":"ab4fd563189616fb5e1efcdc1c4af66e5396f5cb68bf43a98f76647fe592b40221772db7e4aa7a175bb5174471fd2112423b7c5e81c7ba7ff764cda86b0b8ff4","ssdeep":"","tlshash":"0c21748cd5c17c429389fdc130f7a0bb9b620a80dac1f475baeec41145202fe4a6a4cb","first_seen":"2024-12-08T15:39:09.783612Z","last_seen":"2026-04-27T17:21:18.615681Z","times_seen":63,"resource_available":false,"data":null}},"time_used":718,"timings":{"blocked":603,"dns":0,"connect":0,"send":0,"wait":115,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/MATIC.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.525Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/MATIC.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 988\r\ndate: Mon, 27 Apr 2026 11:18:27 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:23:47 GMT\r\netag: \"96661ae9839cb25d5ccd5ca628edfa64\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: fkOs0OGhd4avwv9InhksDpuxWprDb2su\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: nCLcs0jZjRy6CSNx2ZrmVMw0C3kecUhE2gt87Q9F-Zmr6SN8QoMYpA==\r\nage: 21738\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":988,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 4-bit colormap, non-interlaced","md5":"96661ae9839cb25d5ccd5ca628edfa64","sha1":"4b39c2aded636e57cefccf39d190d5274c26e534","sha256":"95ba109bb6073cfd498eddd377de0792a78027def314b0e6751d37d03773ef02","sha512":"1119ef04adc7aabb7ccd44154a2213d8ced88e85804b8368275569bfca34f6bb24c71ef2bc5ecd0bfba0232ea9510a938cddf2d7c4a4c6e11bf428a934c6855c","ssdeep":"","tlshash":"491154d7a5cdbd98df10d4f04e38cb8598b022ed9115bd832c5665119957302ddd2393","first_seen":"2023-05-07T19:16:41Z","last_seen":"2026-04-27T17:21:18.642864Z","times_seen":92,"resource_available":false,"data":null}},"time_used":36,"timings":{"blocked":10,"dns":0,"connect":0,"send":0,"wait":25,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/notice/list?key=ACTIVITY_NOTICE\u0026modelKey=HOME_ACTIVITY","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.546Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/notice/list?key=ACTIVITY_NOTICE\u0026modelKey=HOME_ACTIVITY HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang,language\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang, language\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-12343a89.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.156Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-12343a89.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 776\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\netag: \"67f79128-308\"\r\nexpires: Tue, 28 Apr 2026 05:20:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":776,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (775)","md5":"1b80b165889968d1c4b4bb1fc672d986","sha1":"8965ad64fe2d17df220dcebe27de8983d338a8d0","sha256":"21076cfdeafab3a04db633a604b92634e56937ecb2c743fea258df1585ea5307","sha512":"dcb5d98bd218fc52a2f3c3f334a6bcfa54e4e8366d71b9c976a049fb5662b3703642af9310b8ad1a76a400cdec37374f699901b84dbcce923bf32d6b3ad71cfc","ssdeep":"","tlshash":"a901b8f8fd0d8ebb1ea20a4541d13601140a2fedfa1419e198867e6a1be4990dbde72d","first_seen":"2024-07-24T17:37:42Z","last_seen":"2026-04-27T17:21:18.497889Z","times_seen":31,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/vendor-72ef657d.css","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:35.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/vendor-72ef657d.css HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:37 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-16997\"\r\nexpires: Tue, 28 Apr 2026 05:20:37 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":92567,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65022), with no line terminators","md5":"b40940e3efd47e3e653fe1fbec0ab363","sha1":"3911d44e1bceb07e83746e6bc68de9dbb587b11a","sha256":"72ef657df5906e9f23040a4ceb49985bf894ddcb4324d7d873a0c20b15d3e864","sha512":"f3706c9146b2091fb1a864ab4180d0a1538e801686af21bab4c7231421859a99fba7dd694632faaf1c457fb06711fcb16809e2221fe692c16390e7e98ccbf4d5","ssdeep":"1536:ZTIyNBi3MFYaQj73rx3WqyrtpqoSWEDZEnX73:ZdN0rxmNH9yDWr3","tlshash":"0193c5a5e9c4a1fc6f26f6659b4766d8f13cf661cc01daa0f109512d0fc7bf50223a2a","first_seen":"2024-01-05T03:21:29Z","last_seen":"2026-04-27T17:21:18.547817Z","times_seen":210,"resource_available":false,"data":null}},"time_used":547,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":547,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-84a63188.css","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:35.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-84a63188.css HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:37 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-4aadd\"\r\nexpires: Tue, 28 Apr 2026 05:20:37 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":305885,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65022), with no line terminators","md5":"7dd3b8bf60ffa1366fb9e6189cbd2ec4","sha1":"c0bf551f16c75d5b258428812da1833745b66bcc","sha256":"84a6318841dc09814e85e181e6db5523a8372bab86c677299c0a0fec83ac3fed","sha512":"f5c11bfd5fb6ce611682a29759df4d1bf06dd9a888d5a86805c2e0414fd3bc8ef040617aa5089d45c9d19d5a5e4624347dd1a10701933ee9eecd81f295d459c4","ssdeep":"6144:nTN/9SpddBmkZ8w71ZACkFDS3vyf58rBeV05TG:TN/YBTZ8w71ZACkFDS3vyf58rBeV05TG","tlshash":"e254d7a9a59011bc6f27aa7597ce5ad8f23ce6719c118de8f201600a4fc3ff91363617","first_seen":"2025-04-16T12:28:13.896126Z","last_seen":"2026-04-27T17:21:18.618033Z","times_seen":12,"resource_available":false,"data":null}},"time_used":815,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":815,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=wti","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:38.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/getMt5Amount?coin=wti HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":265,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/platform/dev/logo_144.png?2.0.1744277799644","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:40.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /platform/dev/logo_144.png?2.0.1744277799644 HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:43 GMT\r\ncontent-type: image/png\r\nlast-modified: Tue, 07 Apr 2026 21:15:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69d57402-4412\"\r\nexpires: Wed, 27 May 2026 17:20:43 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17426,"size_decoded":0,"mime_type":"image/png","magic":"RIFF (little-endian) data, Web/P image","md5":"d5710ab3afad90c86d39a2272ee010eb","sha1":"3ed4fb13775f90633448e873bc7590f624cde115","sha256":"25fa374e3dbb92002bc517963d6da8b7e38daa14e8da4696d99738bf14dfa1de","sha512":"5f974a2794ae3727109ae4afb0a3fc60e6a83d270a4d188493def778eca4bb4dfd3cd7d0ffbc4872b5bf820fe29fa0cab650a000e196fcd2fecbd73faeffc820","ssdeep":"384:7+8wj0k72fVgmbqt+jxlpTA+IrFn1tjGseSky5hqUBwdW9+i:iLt7uzbqcM+IZ1tjGsedy5E2Fp","tlshash":"9672e1b0b8b2c4d318f440a2db04c7e561d90ad719b117e97106c61b39d42a3eaa7a9e","first_seen":"2026-04-22T17:43:43.757064Z","last_seen":"2026-04-27T17:21:18.457085Z","times_seen":6,"resource_available":false,"data":null}},"time_used":3283,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3283,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-1d5c1be8.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-1d5c1be8.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 510\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\netag: \"67f79128-1fe\"\r\nexpires: Tue, 28 Apr 2026 05:20:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":510,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (509)","md5":"8910f1aec449c03242910b473a8ec3b0","sha1":"31c86dfb080f2eefc3400ec4fb5df07e23de341c","sha256":"08267d5ccb286034ddeb20391bca3803ece6c6c0424f83bf56148aa33f29b056","sha512":"dac05a0d6729c46b1378ace5ec87d58a910fb2b356c96463492b538eee1a15496b5452736a76befabeeca54d8783a3965817b428b644bec650397094a0548db8","ssdeep":"","tlshash":"46f00e7fbd6a80722bf388eca1630820ba2d1b5a3754c4a4d9871e10d778cf3d12e624","first_seen":"2026-04-22T17:43:43.758306Z","last_seen":"2026-04-27T17:21:18.486903Z","times_seen":6,"resource_available":true,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/index-c0491bb6.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/index-c0491bb6.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-123b\"\r\nexpires: Tue, 28 Apr 2026 05:20:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4667,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, Unicode text, UTF-8 text, with very long lines (4660)","md5":"68ffe96da85152a4cef46128f2d76dd1","sha1":"37f4bbc225f657566f67bc6116fa7fc0d4768405","sha256":"5ce9a80fdb9a10c12b2445cfe397360a54d5e70a259cbdde039ddc3b6ec33efa","sha512":"2b9d0280d90d31956990b48377432cc8eaa34a745afae0b39dadceead3cae29f4239cf0e99cdfcbbea0f1a051c1b5d75b55e915443d8989599df93d63d88c605","ssdeep":"96:Do+CY/9Y6qD+wSX+wMyrtb6airIGbTP3hv+e3XFNahejA:c+CYFY6qiwSXrtb3qJfhv1XXhA","tlshash":"c4a1b899f80285bef9b71540088c0010219c7bfeb20548f1fbfdad4a77b8979d754766","first_seen":"2026-04-22T17:43:43.759152Z","last_seen":"2026-04-27T17:21:18.444137Z","times_seen":6,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2026-04-12/8a3c4f08-b278-4ec1-abd3-933e6ec5b096na222me-984b9acb.png","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2026-04-12/8a3c4f08-b278-4ec1-abd3-933e6ec5b096na222me-984b9acb.png HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: 5AWypCajxjy21H5EHCIGZ1ksOEwslIvRwsj1i9V1TUvuiG7JjPOPiQv/texNScOoaQ55oFnH4YOWep6/V7e8QySxbL+rb0mv\r\nx-amz-request-id: VZMEDTN9AMGC2QMG\r\nDate: Mon, 27 Apr 2026 17:20:45 GMT\r\nLast-Modified: Sun, 12 Apr 2026 08:07:47 GMT\r\nETag: \"e3647298ed17654e424e41d27b08170b\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 25871\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":25871,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGB, non-interlaced","md5":"e3647298ed17654e424e41d27b08170b","sha1":"6428ddc3ed3b0587a6dd8ddfa614301663b7d2b4","sha256":"7aaf20df416596c067ae7587a4120fdc010725a0b889663837c529eca297f29a","sha512":"2784205d2974000f2fc547ccf440931b78a34cc04324d40b9600311f4a905039a7f67f7e90bc0effd961fc943e9d29628e0e8cfa678494c1a22f150bee8db193","ssdeep":"384:h6DbRkfbP3iHuGoEQSDVnm45Gk0U+Cc+VKtgcQcXL9:h6XHqEnDVnr5Gk5+Cxzc3XB","tlshash":"9ec2afa1fcd531942c01953225e3a41e48b2898bef43dd82bbdd40aaef12f559c9f58e","first_seen":"2025-09-12T08:50:03.430349Z","last_seen":"2026-04-27T17:21:18.44053Z","times_seen":9,"resource_available":false,"data":null}},"time_used":853,"timings":{"blocked":360,"dns":0,"connect":0,"send":0,"wait":124,"receive":96,"ssl":273},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/5fc9aa08-0c69-4091-85ff-404849c3aca1echo-pro4bbbb465ae704739bda9de3d92331ccf.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/5fc9aa08-0c69-4091-85ff-404849c3aca1echo-pro4bbbb465ae704739bda9de3d92331ccf.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: qMrbNGNyDwiIjfQkTtb2tsi03O7yBmfj+avfTiYR+Wh2JZqi4hBW8s2tdOGK991m5YU9fMwDNoQuyS0P4pvs5ov6Mrk3QNZU\r\nx-amz-request-id: ZNXJZ5JPWE5HY44N\r\nDate: Mon, 27 Apr 2026 17:20:45 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:36:23 GMT\r\nETag: \"c7bfed8b9abf571aff4f7cdf282458d2\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 1442\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1442,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"c7bfed8b9abf571aff4f7cdf282458d2","sha1":"e2d63fb55659de66230d9b7ada2fd63bea2269ba","sha256":"c6504bd01f0a6c713a478be3f44a24b2f552e0f193ad7f002935390224428352","sha512":"59aa3a0c48ec5c12b8ee5d31c3eb46a147ff81b5d28d2c2cd08bc1ca033fe81559388abe00b466393c3abcac7078473e4d81880f820afee21b0f07d0c3af24e4","ssdeep":"","tlshash":"9121a74ff29069815289ec4204e6512398910890cbe0f1a1b9cac8262a703ff89099df","first_seen":"2024-12-08T15:39:09.735261Z","last_seen":"2026-04-27T17:21:18.610855Z","times_seen":53,"resource_available":false,"data":null}},"time_used":587,"timings":{"blocked":461,"dns":0,"connect":0,"send":0,"wait":126,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/f2420693-7447-462a-9c56-6680565dd883echo2.00d809560220c45909f5577edc669617f.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/f2420693-7447-462a-9c56-6680565dd883echo2.00d809560220c45909f5577edc669617f.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: H8JrwCzD90Oyk6NBHd3s2b9NFAGO2ZpMf2FRlMDc1Ea8VrqEL16PmZvM97K+qKfxuTdwK7kVQkgpsbv80AyPER/qjyI6ULt2\r\nx-amz-request-id: ZNXKKVVQREEZCSW8\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:43:31 GMT\r\nETag: \"9221e774d8ace4f4acfdd46c1636f65f\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 1868\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1868,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 42 x 42, 8-bit/color RGBA, non-interlaced","md5":"9221e774d8ace4f4acfdd46c1636f65f","sha1":"821d92ba08c11b759068bd4d5e7982df937fe201","sha256":"a3fbde991df1d86ba4040d287a6e1a3d7de48bc72a82c08403faf48dc67d41c0","sha512":"9dd9a578f3636a27de204d6ea0ae2c3d59780bb2107ddb8674fe6b0da9b33ec718e6263c367d9feef554b51a29ce7ca90fa3b2926e7d6d689fdcd3165c12bd17","ssdeep":"","tlshash":"bc31d719ba7175c196c89e9214e6c85218a349408754e5e578cfc4a38a213ff476d0df","first_seen":"2024-12-08T15:39:09.785686Z","last_seen":"2026-04-27T17:21:18.494988Z","times_seen":52,"resource_available":false,"data":null}},"time_used":761,"timings":{"blocked":638,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=xagusd","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:39.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"POST /api/common/getMt5Amount?coin=xagusd HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nlang: en-US\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-credentials: true\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":47,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"02209d75b84951bf80660a8af2fb559b","sha1":"8d22d9bfee483c8bc2ad58fa2e5f47f1498d2dab","sha256":"66b5fae117d53177c1803fdc791fad1a50d3f3b1228438eed51de43860643f27","sha512":"884e8f84399f22c8ebc8a92862fb6bd3d24dc018b641c80025fbc36589c87233eb48a875ca5011435e42432703fc1f404ad89070667280bc51bc7b9c6e34a883","ssdeep":"","tlshash":"049002555d1c8282a8c304a5951a2608102831702aa4d2484c59513581882a22044858","first_seen":"2026-04-27T17:21:00.669062Z","last_seen":"2026-04-27T17:21:00.669062Z","times_seen":1,"resource_available":false,"data":null}},"time_used":274,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":274,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/resource/svg/light/zu29.svg?2.0.1744277799644","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.503Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /resource/svg/light/zu29.svg?2.0.1744277799644 HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 840\r\nlast-modified: Wed, 01 Nov 2023 13:05:32 GMT\r\netag: \"65424d1c-348\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":840,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a11daaf1382f31c1a57202739adf7748","sha1":"ef2b1485dde5d0c14809b2759acbd9a09c18af80","sha256":"9ae3a8a520a4491119fa30d193bc35d15d8a12cc1b62136ce1e89b3db3e71251","sha512":"9b8089fa1eca241be91a837da97c88ab917a50336f820d1d855343b9f8a86d63692bfd4ea3b22d408f748e47580107339b789bc9f4d243379a093b5348dad640","ssdeep":"","tlshash":"280112bf4736a3fdd6644a80aad42799343de042e17404ecb3817e177e2062a0abcd95","first_seen":"2024-07-24T17:37:44Z","last_seen":"2026-04-27T17:21:18.469171Z","times_seen":294,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bin.bnbstatic.com/static/assets/logos/LEVER.png?2.0.1744277799644","fqdn":"bin.bnbstatic.com","domain":"bnbstatic.com","tld":"com"},"ip":{"addr":"108.157.229.114","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.bnbstatic.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Mon, 25 Aug 2025 00:00:00 GMT","end":"Mon, 21 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"BF:AF:F8:16:BA:38:D3:92:CC:06:D0:21:3C:49:7F:84:25:DA:57:2F","sha256":"E5:53:5A:4D:15:73:C1:86:18:5C:67:94:60:62:42:8A:A9:EA:B6:AA:81:2B:BF:13:0E:E8:60:83:1F:BD:5A:92"}}},"request":{"raw":"GET /static/assets/logos/LEVER.png?2.0.1744277799644 HTTP/1.1\r\nHost: bin.bnbstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 690\r\ndate: Mon, 27 Apr 2026 11:18:27 GMT\r\nlast-modified: Thu, 06 Jun 2024 17:05:38 GMT\r\netag: \"4dcae47b7d96f2fbb2d801dfd47b5c1e\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-autocompressed: true\r\ncache-control: public, max-age=31536000\r\nx-amz-version-id: oACzLePdzh2djr7fhCtdz_tZCjL_rtOA\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 3130c9b603e4215bb05d32cd39e3843c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN56-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: vpmzB8Jx5IWnH-SCvZ4CGGjY5SjXPbvNZvl_WYgcsk2N7wPxv6hnWQ==\r\nage: 21738\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":690,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 64 x 64, 8-bit colormap, non-interlaced","md5":"4dcae47b7d96f2fbb2d801dfd47b5c1e","sha1":"29a20b523a063b8043f3b6e760496c8328c26e93","sha256":"695bf855827cc465acc27a004c5066ef17468d51d3afac72e8b6fd0a80b594cb","sha512":"79aa8c8acbaf7aa42b5cfb8e7ce99b7d21903e9c90fadcdd847ec80e16f9531a5c44446f5febc937053d13ba4a0dc6ada737ec0b229d8ece9346f6009c28c5cf","ssdeep":"","tlshash":"960144adc154a8b4f10e55216c9045c15931fee82888451e4564e5183396a10f6cf2df","first_seen":"2024-11-06T16:41:01.114719Z","last_seen":"2026-04-27T17:21:18.645378Z","times_seen":76,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/platform/dev/config.js?1777310437583","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /platform/dev/config.js?1777310437583 HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 394\r\nlast-modified: Tue, 07 Jan 2025 04:26:00 GMT\r\netag: \"677cacd8-18a\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":394,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"945c4407e2ebb40991241bd54af50e8b","sha1":"c83ca8c3a55b8d2472227c14d99ca7f306aebb4c","sha256":"fe08fe2646cf28b611f22664d9224cf38fcacf1af20343b9042dcdeafea2a5da","sha512":"71f47c7555ff48524c751684074b8c6f2a99f9087e87af2371bb951533308003cd862bd31c47418d2ebe3f5940a0aae2fa40d473f7728ec5708b77ff0f5b4857","ssdeep":"","tlshash":"a6e02b663228c03455b48b2a6dfc0d17f65767324d9c051bb8b495091e79d5420b8892","first_seen":"2026-04-22T17:43:43.793988Z","last_seen":"2026-04-27T17:21:18.62039Z","times_seen":6,"resource_available":false,"data":null}},"time_used":6186,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6186,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/currencyItem-667076a4.css","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/currencyItem-667076a4.css HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-6d6\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1750,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1749)","md5":"e5ccef29aa6c36cf83341230cd2bce8e","sha1":"4aab93d361e94664dc12aff6eabb4029a7b6af96","sha256":"667076a47d4164b3735b4408e3c136eef97d41d8e42d6678189a20eabf93246c","sha512":"c8c8e8620c53a162bde5b930eb533ccbba586d783cbdc31c092069c394d6f0261d602a6c0ee45c644a07f62fcffe2f5e2cee74d342b91b83f26f02919d2325e7","ssdeep":"","tlshash":"00315b64521503b4d93bc4877ea805c490583f81d487d5c9f88f2a672edfb932a609ea","first_seen":"2026-04-22T17:43:43.814974Z","last_seen":"2026-04-27T17:21:18.528149Z","times_seen":6,"resource_available":false,"data":null}},"time_used":6161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=copper","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:38.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/getMt5Amount?coin=copper HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":264,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":264,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/currencyItem-bd7d8e14.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.155Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/currencyItem-bd7d8e14.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-719\"\r\nexpires: Tue, 28 Apr 2026 05:20:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1817,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (1816)","md5":"232ac81983696a197cdbd76190021c86","sha1":"422727d8aba3096864ee74fe7aca281bfe8599eb","sha256":"01f3f3bd127f89d6a8f4a30628df7dcd4f8f0d58de60e1c1f0239d64e07ce1ac","sha512":"b4a2e606cce6429f1975bbe1f62246b7c7f5b50a67f68907ea3df171295f1446f9e21a013449d50944a9962a75226e3bcaf7af8a3c61d191f1421891cc604328","ssdeep":"","tlshash":"7e31be69ad02cbb5c6bd9562c1f80424535d7bca70028581fafa15893bd76fce324971","first_seen":"2026-04-22T17:43:43.751784Z","last_seen":"2026-04-27T17:21:18.60378Z","times_seen":6,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/b3977889-2f00-4b0f-8d60-743707c4bb5eecho-pro84a01d03db064de8a955c0845688a326.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.444Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/b3977889-2f00-4b0f-8d60-743707c4bb5eecho-pro84a01d03db064de8a955c0845688a326.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: RGLBxvGKJfxtsyvkLqPcw8sHTzr3O8t4Q9BIoOKBB4onsQFfaWbh72y439sIZRnkDWP1fLr4bnNAccRpenxKJ5Z/YhXlTujr\r\nx-amz-request-id: ZNXW49QMKN43CNSC\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:44:45 GMT\r\nETag: \"391fbd89746f7f45b2c39a932d284ab4\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 4876\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":4876,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"391fbd89746f7f45b2c39a932d284ab4","sha1":"c2655150e8bdf70659f0a8d12f2c1f09ab4d8c99","sha256":"844b60fb0e6702e21e24a697b162acf9ee771047ee306478940055e7abe4a047","sha512":"f67d627b7633bd785807c3c0558da2452f20d47a0b1b8fd9dedabcb0de0627fa5a7ca186843cebe2eafabb553c7bcd8478348026c2e64ce680f097ece25dab91","ssdeep":"96:TBBcGKmpoCXAcsguA7Kvs8dLAF63C/5SiDN979i7kkp:BKmv798daN/DN9RkkW","tlshash":"9fa18def22c1c9f816d5ab315ccef74132b268a689d4c508e3d34900a7b4a0a63f156a","first_seen":"2024-08-19T15:53:11.186752Z","last_seen":"2026-04-27T17:21:18.635306Z","times_seen":45,"resource_available":false,"data":null}},"time_used":770,"timings":{"blocked":635,"dns":0,"connect":0,"send":0,"wait":118,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"trading-order-roseccc.s3.amazonaws.com/echo-res/2024-12-28/6b346742-c5d5-4790-98bc-e2c9667a7baeecho-pro8422233c16ba42c98345a8c575247c62.png?2.0.1744277799644","fqdn":"trading-order-roseccc.s3.amazonaws.com","domain":"trading-order-roseccc.s3.amazonaws.com","tld":"s3.amazonaws.com"},"ip":{"addr":"16.15.213.120","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s3.amazonaws.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 18 Nov 2025 00:00:00 GMT","end":"Fri, 06 Nov 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D4:87:03:14:FE:12:27:46:E3:63:CC:7B:43:A1:D0:D8:B9:17:AF:7D","sha256":"7E:BF:42:63:5D:C3:2B:CB:97:F6:0E:38:3E:E1:F8:63:39:AA:CE:A2:39:E1:56:B9:8D:74:1C:79:12:67:14:36"}}},"request":{"raw":"GET /echo-res/2024-12-28/6b346742-c5d5-4790-98bc-e2c9667a7baeecho-pro8422233c16ba42c98345a8c575247c62.png?2.0.1744277799644 HTTP/1.1\r\nHost: trading-order-roseccc.s3.amazonaws.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nx-amz-id-2: rHknzp5tt3hTgfVl5OkbDzzlQ7XiYoblwqeE3RSS2k2Gn1bOudgPpXp6/8u/KyFY0OTw1vTcM1+ZLM+QFMdrbSRmGd83PHLG\r\nx-amz-request-id: ZNXJ889FE60QJ1PX\r\nDate: Mon, 27 Apr 2026 17:20:46 GMT\r\nLast-Modified: Sat, 28 Dec 2024 13:52:39 GMT\r\nETag: \"7868e135f4fb3e4ad89ee43b86db40c1\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-meta-myval: test\r\nAccept-Ranges: bytes\r\nContent-Type: application/octet-stream\r\nContent-Length: 5649\r\nServer: AmazonS3\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":5649,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced","md5":"7868e135f4fb3e4ad89ee43b86db40c1","sha1":"67c9d8637f62dabae0f08f457b005d79a3eaa9b6","sha256":"d655384e170d34b37bf41e68f739eb6ae1c4c91d7990e108461e04581e0b30d5","sha512":"410bec54fd333bbe3875f1c8160651e68c4cb387c4756427d4e1186ef9b901be323c1fec497da7f5883be9ce12a58112174aceb4c7225bef06d9ff47569f495e","ssdeep":"96:97dhTVFvKPGSUZIxRn+yk+N6MXUoMeFgpsSvQnwMwaE1Jksxn596dqAAjXq0W5+V:97dhJYiexR+WUCMjvQna1r8MAz5+FZG8","tlshash":"84c18dbd0ab97a3cfc1bc6ef6caa4cb353149625bc84fdcea560d41040fc84649d55a7","first_seen":"2025-09-14T16:18:45.711993Z","last_seen":"2026-04-27T17:21:18.581622Z","times_seen":16,"resource_available":false,"data":null}},"time_used":670,"timings":{"blocked":545,"dns":0,"connect":0,"send":0,"wait":124,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/resource/svg/light/mengbanzu12.svg?2.0.1744277799644","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /resource/svg/light/mengbanzu12.svg?2.0.1744277799644 HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 802\r\nlast-modified: Wed, 01 Nov 2023 13:05:32 GMT\r\netag: \"65424d1c-322\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":802,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"184d38c97adf35302491834eaf17aee3","sha1":"a21f6508e3eb8b4bf52a510ac9dd219783f561bc","sha256":"5cdcdf5fb66c61d69b6c308a4569e093ff7b0e178fbb1c7d94a599473339bf99","sha512":"a88827fe8f336cb9f4de9cbaade38ff0026d003f03cc096dc443724052a51c417432d1b96b7006e21c49498791fac31678492626f5643eb09d5b94b32afdb9f0","ssdeep":"","tlshash":"d201f6764321c19dd2538b80c7d93f44927eb65bb2d00448b3a32aa74e34f7f55bc595","first_seen":"2024-07-24T17:37:44Z","last_seen":"2026-04-27T17:21:18.58451Z","times_seen":318,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":268,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/resource/svg/light/mengbanzu13.svg?2.0.1744277799644","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:44.501Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /resource/svg/light/mengbanzu13.svg?2.0.1744277799644 HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 01 Nov 2023 13:05:32 GMT\r\nvary: Accept-Encoding\r\netag: W/\"65424d1c-4b2\"\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1202,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2d850b982245ca50f3a2e230e0b1398d","sha1":"283d9ec8c786aa91786d80ba54164723bb6699b4","sha256":"852697a3439e4c3cb0d426221c5b3a345e333b69bd39ff63f731fe02a1a04826","sha512":"2884fe7d0dbc512dbc44a091be6f35bf6f66cb15c8ca1f763c60896d101df4b196c29ec631e040cc8116edc43dfdcf63b48c4a9c1b0c420940f32d960ec7a710","ssdeep":"","tlshash":"072144b9c510128a62814f8cdbd82b06623ef167f3f54d9db39016b20d78d9f11bca21","first_seen":"2024-12-28T13:26:38.912526Z","last_seen":"2026-04-27T17:21:18.651355Z","times_seen":288,"resource_available":false,"data":null}},"time_used":269,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":269,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/vendor-cdb74f29.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:37.550Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/vendor-cdb74f29.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:39 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-d69db\"\r\nexpires: Tue, 28 Apr 2026 05:20:39 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":879067,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"6345e3d8458fadedf8b878bfbf63cfda","sha1":"a33d5a56cc1d51acf04a2f67a1a3ee8e83e09fce","sha256":"85225714a39f2a0dbfaaa10116ed7c76fc331487ec5ba33c09140332f4f5b83e","sha512":"43e1eb582e16c9feb5ffd7e3505a72a153ca79c57acaac2cb601052ae52a5b05403b392b37c181e31b2b3249fe8c97a22bb892ca8b89a26a32719d50f58691f1","ssdeep":"12288:Mv6NLEg6h1uVDwbV7VPY+L668W/LGDV2e8qwnWkOukK4a2V9:Mv65Eg1VUh7a+J/LGD8ownWkOusa2/","tlshash":"151529c97292f06147ab24e240bb0006f3396e59744e84a4f16d98db7d7ad89e277f3c","first_seen":"2024-07-24T17:37:42Z","last_seen":"2026-04-27T17:21:18.573059Z","times_seen":31,"resource_available":true,"data":null}},"time_used":5135,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":5135,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.mexcues.com/api/common/getMt5Amount?coin=brent","fqdn":"api.mexcues.com","domain":"mexcues.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:38.780Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"api.mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:13:02 GMT","end":"Wed, 22 Jul 2026 06:13:01 GMT"},"fingerprint":{"sha1":"D8:3F:55:AD:8E:CE:A4:65:F3:42:40:D2:D4:28:41:07:B7:63:43:26","sha256":"8F:82:42:7D:4F:75:98:9B:1C:E3:66:93:CE:9A:A1:81:2B:EA:CF:D0:FD:79:BD:0D:CE:41:14:09:00:FB:07:48"}}},"request":{"raw":"OPTIONS /api/common/getMt5Amount?coin=brent HTTP/1.1\r\nHost: api.mexcues.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: lang\r\nOrigin: https://mexcuehs.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:41 GMT\r\ncontent-length: 0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://mexcuehs.com\r\naccess-control-allow-methods: POST\r\naccess-control-allow-headers: lang\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 1800\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-27T22:20:10.334261Z","times_seen":14297583,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":266,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"api.mexcues.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mexcuehs.com/assets/en-166baa00.js","fqdn":"mexcuehs.com","domain":"mexcuehs.com","tld":"com"},"ip":{"addr":"39.109.117.89","port":443,"asn":142403,"as":"YISU CLOUD LTD","country":"Hong Kong","country_code":"HK"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://mexcuehs.com/","date":"2026-04-27T17:20:43.818Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mexcues.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 23 Apr 2026 06:10:36 GMT","end":"Wed, 22 Jul 2026 06:10:35 GMT"},"fingerprint":{"sha1":"6F:86:AC:B1:EC:CE:FD:6A:D6:D1:50:B5:FC:3A:72:F9:BB:46:4A:D0","sha256":"59:6E:CA:62:31:64:0F:6B:A8:8E:4F:6B:08:9B:E9:09:66:A2:D9:35:5A:96:D7:4F:6D:EA:78:CC:4B:FC:95:C5"}}},"request":{"raw":"GET /assets/en-166baa00.js HTTP/1.1\r\nHost: mexcuehs.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 27 Apr 2026 17:20:46 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Thu, 10 Apr 2025 09:36:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"67f79128-9e08\"\r\nexpires: Tue, 28 Apr 2026 05:20:46 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\nalt-svc: quic=\":443\"; h3=\":443\"; h3-29=\":443\"; h3-27=\":443\";h3-25=\":443\"; h3-T050=\":443\"; h3-Q050=\":443\";h3-Q049=\":443\";h3-Q048=\":443\"; h3-Q046=\":443\"; h3-Q043=\":443\"\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40456,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (40433)","md5":"8918681ea0eb17dd06966e103d2c98dd","sha1":"631575fcc1e7a11251d471042807a222bd2605d4","sha256":"89dd0fe4225cfe824c787fce13fe9c1510fe501dff93bc670419d9f8afff51d1","sha512":"e398c1442a3919bd51c680cb58a96288527ee45a980dec008b130d6320a453ea7d52cc38f708cbdcae7f310f880c705deb67ce400e236b7fef86744d82baa7ab","ssdeep":"768:+GtZcEw/o7rKOdAFsifnAMC2rAaAMFVoP6+6sPG9w1mwO6fpk7aOLxd:iponKOdebE2rdFVLsPWwqLxd","tlshash":"f403d6893e1a989a04f3537674ce6e1120f60ac18255881f4fedc9fd53d2b67a367b34","first_seen":"2026-04-22T17:43:43.792367Z","last_seen":"2026-04-27T17:21:18.606133Z","times_seen":6,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":270,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-27","alert":"Sinkholed","trigger":"mexcuehs.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}