indexo.dev

mrkt.xyz

.xyz crawl

First seen 2026-04-15 · Last seen 2026-05-19 · ok HTTP/1.1 200 1898 ms crawled 2026-05-10

US · 188.114.96.3 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

Classifying

HTML metadata

Title
MRKT Marketplace. Buy and sell with zero fees. CS2 skins, Telegram gifts, cards & crypto payments.
Description
MRKT is the largest digital goods marketplace. All CS2 skins at low prices, zero fees, with payments and withdrawals via cards, crypto, and more. The biggest catalog of Telegram gifts on the market.
Language
en
Canonical
https://mrkt.xyz/en
Translations
  • en
  • fa
  • ja
  • ko
  • ru
  • tr
  • zh

Open Graph

url
https://mrkt.xyz/en
title
MRKT Marketplace. Buy and sell with zero fees. CS2 skins, Telegram gifts, cards & crypto payments.
description
MRKT is the largest digital goods marketplace. All CS2 skins at low prices, zero fees, with payments and withdrawals via cards, crypto, and more. The biggest catalog of Telegram gifts on the market.

Technology

CDN
Cloudflare
CMS
Next.js
Analytics
  • Google Tag Manager

Third-party hosts loaded (2)

  • cash.tgmrkt.io×1
  • www.googletagmanager.com×1

Social

Registration

Registrar
Dynadot LLC
Created
2020-06-20
Expires
2027-06-20 396 days left
Updated
2026-03-16
Name servers
  • craig.ns.cloudflare.com
  • meiling.ns.cloudflare.com

DNS records live

NS
  • craig.ns.cloudflare.com
  • meiling.ns.cloudflare.com
MX
  • 1 smtp.google.com
Verified for
  • Google
  • Mail.ru

Email authentication partial

SPF
v=spf1 include:sendgrid.net ~all
softfail (~all)
DMARC
v=DMARC1; p=none;
policy: none (monitoring only)
DKIM
  • s1: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqyZhV2q4bsyJolSHYzF8il9HgLMwwWylzUiThNpMoMWzsfhsLCh7J874Xf8BXuwRrwuAzK8YEHrsuG0u3A…
  • s2: k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uSsc7Qzh6Bto2W4mnEioSo4PgQBCOHcrMCP0lJWWjhBThcfGQbnua2ElnsLE0KtxXL32rqaZnMsMDL5jd…
selectors probed

Certificate (current)

E7
from 2026-04-10 to 2026-07-09
Expires in 50 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 60/100 Checked live page: https://mrkt.xyz/en

present
  • strict-transport-security
  • content-security-policy
findings
  • CSP allows unsafe inline scripts/styles
  • CSP uses wildcard sources
  • missing frame protection
  • missing content type protection
  • missing Referrer Policy
  • missing Permissions Policy
Header values
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://telegram.org https://web.telegram.org https://cash.tgmrkt.io https://www.googletagmanager.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://cash.tgmrkt.io; img-src 'self' data: https:; connect-src 'self' https://api.mrkt.xyz https://pay.mrkt.xyz https://cdn.tgmrkt.io https://nft.fragment.com https://cdn.changes.tg https://giftscache.tgmrkt.io https://cash.tgmrkt.io https://config.ton.org https://oauth.telegram.org https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://storage.googleapis.com https://unpkg.com https://cdn.jsdelivr.net https://raw.githubusercontent.com https://api-node.bybit.com https://blitzwallet.cfd https://bridge.dewallet.pro https://bridge.mirai.app https://bridge.tonapi.io https://bridge.uxuy.me https://connect.token.im https://connect.tonhubapi.com https://dapp.gateio.services https://go-brid
strict-transport-security
max-age=31536000; includeSubDomains

Links to (2)

Linked from (3)