{"report_id":"19952a2e-24c7-4cb3-b128-e9f8803b8f46","version":6,"status":"done","tags":[],"date":"2025-10-24T23:29:38Z","url":{"schema":"http","addr":"merkadoflux.com","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"172.67.220.61","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"merkadoflux.com/","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"title":"MerkadoFlux™: Offizielles KI-Trading in Deutschland | Geprüft \u0026 Vertrauenswürdig"},"submit":{"url":{"schema":"http","addr":"merkadoflux.com","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"172.67.220.61","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-28T23:29:38Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"merkadoflux.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-21","domain_rank":0,"first_seen":"2025-10-24T23:29:39.269167Z","last_seen":"2025-10-24T23:29:39.269167Z","alert_count":116,"request_count":58,"received_data":2810037,"sent_data":26333,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":1678,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-10-19T22:16:36.069876Z","alert_count":0,"request_count":1,"received_data":259708,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"merkadoflux.com/","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3d55c512d6c7136956121b4934fc2ef3","sha1":"eda64499c2251027992890cfdd0508ce4ed66162","sha256":"3097c84c489a39c0bfbf9e06204208486a28fde41dc93693244183abd081782a","sha512":"3d3776f783465f95e5e44f0d5719645406d7341d5b757d440c7c2d81df80b41f5cd44ee6de6fe1c8364905d05cdd3e6c39d5f4c7d435b1d43f99350f9bd0178c","ssdeep":"","tlshash":"c3a0021501512554631720901125c3992679a067ac49923a765e57404740415c528401","size":68,"data":"","first_seen":"2023-03-07T12:55:41Z","last_seen":"2026-03-31T00:48:23.932687Z","times_seen":713,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"074213368ac12eba67a8cf5dc670b47a","sha1":"ba1e986ad6eccad975272d9134bbfe3fcfe4b12f","sha256":"53bf8dafac28b94de938df72826e74124331075361e5feef682af2e77b6f93c4","sha512":"0697d62f2480a65c40c057f930653fff4929fd41d603865b9b45c0e6585ecfd6f3abf2526efc60778fc7c243da823d3c4629184319e06c7cfa6faa63c0e12884","ssdeep":"","tlshash":"30112b0404720034c63394eda7cb1e9d753162ab7489a79e3a8ed30c3fc66d6caf52e6","size":1021,"data":"","first_seen":"2025-09-02T04:43:32.350335Z","last_seen":"2026-03-09T06:21:12.150379Z","times_seen":629,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/js/intlTelInput.min.js","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2fa9712ea1a446ef44f958d7b9d8e3cc","sha1":"85a516d357e39b4124fee8ffad022281044bbdd4","sha256":"36e3d616e97651d622f38d868e8b53295ce6cdc4d90699668703fdebcd56094e","sha512":"bccaa550010e34e336ef3bac8003fc5d5ba050b037eaf468999a375e9861a904ed5c61bec9f5314a72f7e2fa1bfae6725d6c942f4d41084b67b7b9587c59da2f","ssdeep":"768:c603Xlqn/kiIzJT9FSRzA4xXnT2nYdn24X68ZALOpQ9TViRsk:cDiIz8A4knYdWWsk","tlshash":"60f2e8ae7371573766be82f670e60503aeae35458604443d78ac8ecd0b88ed1b1f6778","size":35530,"data":"","first_seen":"2025-09-14T06:53:37.430102Z","last_seen":"2026-01-07T14:25:43.891303Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"aef91076f883db5d82859841a71c30d1","sha1":"04cea57f4e97521601e4e011bfe183d0507496d2","sha256":"2a7c96529e64ab018efbe5e2b3a126191816b62767db1bf346e20a2df17697d2","sha512":"d36f4f651b5db41f2041ec8e821c495dae80edaa970298859f52f089b6c21b2fcde6e7e8c9b125cac279bfc44c8b78fb5be2c7f83865fa16147a08948aa65050","ssdeep":"","tlshash":"4021883123361171d2bb606b67cbb3293522a0173501d58c7e0c86884fcad5ef5666d8","size":1381,"data":"","first_seen":"2025-09-02T04:43:32.352172Z","last_seen":"2026-03-09T06:21:12.151256Z","times_seen":633,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c3447931cb37a565e3eb1e9edc74def1","sha1":"7948133ab31b37d23d2af80f4fd0e6edff7f2259","sha256":"b7538db8bc1291b749f9b4685db7f7018d6934ecf07395debe8108d2563898f3","sha512":"91cce56b16b227f8650ba4118a4c09974197d41f42252776497a4993bb52127788bf8f54e589caac6afded5972503224c357daa36553a7722a1ffa53fc8529ac","ssdeep":"","tlshash":"59f08c0e31d214f9a02fb06fb3da3d94b1a010cf5401a9623a4c8a1c1f815954aa6696","size":481,"data":"","first_seen":"2025-10-17T02:33:47.191001Z","last_seen":"2026-02-18T12:37:52.53505Z","times_seen":56,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/intl-tel-input@23.0.12/build/js/utils.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6eae88fad6fe723d8c8d2386a63dd152","sha1":"42046e250c7f2eeff4619a89b0be7b83e01e5edf","sha256":"a4000409a897003b1c5a8e1f9f32e18a11b022452151cc47c17ecdcb76d5223b","sha512":"d356bd87f7170499fbf445353afeda69dbaccc391eb41826290a30752475735a27d56ce1d642af1dcb02f93a1405926a440add5cb38000b7d112cab0f918bd6e","ssdeep":"3072:9klM0hpJjFs3OwPss3MwPKm7i9T2xFM8Mp2xHsNBWUsD56kmLNTg/QKWVRphmVEw:9klMipBKxxFM8Mp2qbZQ","tlshash":"1144f1ebd63c9737a1e97b35968eb3cd5a8cbca3c848567826c3b54f52784e0706c205","size":258914,"data":"","first_seen":"2024-07-10T10:54:41Z","last_seen":"2026-04-03T11:25:30.045803Z","times_seen":1492,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"312351bff07989769097660a56395065","sha1":"004be89dd9e070ecb080b9b759e5be29ec24881b","sha256":"b2b2f104d32c638903e151a9b20d6e27b41d8c0c84cf8458738f83ca2f1dd744","sha512":"454935a0b9fe288a70896e9e0548537ed09c564e47d771b91202f70ddc94946fa6b209e205034983ebe3160633bf5401df01cdfc54b7f98c4bfbd5845a89124f","ssdeep":"","tlshash":"1f3000000000000000cc00000000000000000000000000000000000000000000000c00","size":4,"data":"","first_seen":"2023-03-13T00:05:53Z","last_seen":"2026-03-29T02:34:11.23571Z","times_seen":32210,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"merkadoflux.com/","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-24T23:29:16.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=fYkx9caOpVUBqtlkGuj%2BxRJvBoqO57C1zO4aFZR%2BA8fiLT83%2B2XV4edmCrpjeUlKRlENcEiaE5WIifirvFyBGC9Aej1cL0FQStpSa%2BR98w%3D%3D\"}]}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 993d415cfea75ebd-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":60662,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (502)","md5":"3909fcbb38254db61729aa01c2313e0a","sha1":"6a65025bd23588d06c99dd4eff385602dc47227a","sha256":"4c60d44c72215648c275a19a602b414b2d6468cfbb2539cf04c58187d3703838","sha512":"fc22c9479087bedf28e6d5743ffb89a73564c75fb646f239996a364fc66c6123b271977852a50614e6ad8e445c2ae498b4cb06b1919c695f5e2227dd9e05450a","ssdeep":"768:KY/LxFw/vCY1xNAixNAVTr58wkwcf5Igu9:KKLx0vJ1xNAixNAVX+wcfqgy","tlshash":"2453851501f105bb115385a4bbd66f6abf94eb47c61be605b2ec06e11fc7c82cea326c","first_seen":"2025-10-24T23:29:48.108573Z","last_seen":"2025-10-24T23:29:48.108573Z","times_seen":1,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":25,"dns":0,"connect":1,"send":0,"wait":45,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/header-arrow.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/header-arrow.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qVCbZvitb%2BhJX9zCVBpTvYUvELa0SjIzWlsZX%2Fk4CpWpmBz7RDX5QcaqdjrIvmPWjQpvSvsCfGuRDO3yd610MpXAM0uK8rPRGY6SKpE%3D\"}]}\r\netag: W/\"1e2-641a7a9ee96f7\"\r\ncontent-encoding: br\r\ncf-ray: 993d415e9ce40b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":482,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"ef279923440321565d5b5eccf70e2a1a","sha1":"7d3ae164864496ff78f2207f0e5d7cf720117a56","sha256":"1a60f0679cb2ef0cd2d3270f16e34c7897e9998a24dbe1b613364bb4ded1ac7d","sha512":"ed1743bc7a967ce62baa78036d72e2ef91a315323307ce7494c1f16bb56ffa1e7dcf94045598344ce763b03c932d79bad05970e9a98a716a49b0cbcb97642bc8","ssdeep":"","tlshash":"c3f0e2f696591548fe8f09a5d9986c4b056a0adccdcc02c6e5506e105efc0c29cbae87","first_seen":"2025-09-02T04:43:32.334597Z","last_seen":"2026-03-25T22:10:03.276801Z","times_seen":1210,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/header-avatar-3.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.633Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/header-avatar-3.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 2008\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"7d8-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PsCthLEqo%2BMxF9tOMlBPACmAcE3NAfjzrBDopgDQZqO7CZrD%2FQwcKpdMmqF2qO9UbPSqk8RykqOrPjnm5zae6byamkjWn8WCO0BssVk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e9ce70b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2008,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"41ee26398cbd792c2d068501c6fd5347","sha1":"87726c430c3e0306bfa296f1c9fbd6a0f10a1669","sha256":"88da44238d5dc9b340a7763dc85f16be6d31ed02e3913631824731f235a353f8","sha512":"7398a65a212717062749ebf7e94f743cbc52a00f9f0767682684ae74ef74185aa08a1ab410a5d0a4a4b433dfddcd59f71623bc28a708b92e6da2110c9d60bdb6","ssdeep":"","tlshash":"40414aeba80e426fcc9b4272727feeb0087f965c73618c098101012eeda3667474528c","first_seen":"2025-09-02T04:43:32.32803Z","last_seen":"2026-03-25T22:10:03.288739Z","times_seen":827,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/info.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/info.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 59838\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"e9be-641a7a9ee96f7\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YTkxcTyEcrGX5iXMSOw9q2d6QwsRHTQ83bYGF1DIa4dUX1yB3vJTFVeZ9Cw1qp82u35kFxAYyNZFetymzY2N%2BIQL53bTyBwPMY2AAGM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415ebcff0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":59838,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8955c166ea726f9df674dceb3f9186ad","sha1":"7d642254ba07756830b82c507c49856d91ded48b","sha256":"430789278409c7c3c40c011f36ab5ad7aa9dbb698bf5538b7161b91bee63090b","sha512":"1cc9d6440bcbf856f66eba36f4ba9f2a6a29cf56e340629628061a3cff76ed921adec1fe61e8f513fe4ac37083f4baa450d7e204e939eda5c5fbc27bad0fe015","ssdeep":"1536:I+GXTgppEwC2m78LI1MfqzSS8So+Pd2qoLL0ASZSh1iXmnyqrjR:IhXThtQQuir7dPoLAHZOiXmny8jR","tlshash":"0743023e29de8841c8df2c6d04a8162efa6c9b23668abc7858f6130ed3d5131e7f5d05","first_seen":"2025-09-02T04:43:32.277422Z","last_seen":"2026-03-25T22:10:03.283178Z","times_seen":1116,"resource_available":false,"data":null}},"time_used":65,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/user-8.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/user-8.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 5798\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"16a6-641a7a9ee8757\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UTyTQ%2Bhi%2BjspPYtiXQPWdkdOgwVQrCnR11wUVvg5anqVd%2BzNHmjnwhx244xf7evdLt%2FYi6iOadCAhG%2BlgO0UPVQKVGKLGjbquBcY%2B40%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415edd0c0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5798,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"2ee770495b413c5926e83c67358c66dd","sha1":"f48986b91a75699f6e3307d39d424fc54c2ffd42","sha256":"a9213d53d2261af8ca283f6aa9a226bba48af80850ae213973337304a5a61171","sha512":"38ae1cecb17ae918791b720ae6d5e0f2e16513c0298bc3a211db332ace13ae85a294e1eefb4df97435bd56fbcdcbbe33f3f8d4bda3b923bd9a6dbc6bff4cbe1e","ssdeep":"96:Trj9Ugl+x7tyV7/DATNYm3UiaB+2P8cjo/AbnqrTOsgGdVPt7B3Qvo7ms:TXuycg7/DCYmEiag2P8cjoIWrvFT7ms","tlshash":"03c18e2c626e7e458f9d23fc3e85bc625c02224b6ec28c491ba4f55f6f8439143f018a","first_seen":"2025-09-02T04:43:32.317254Z","last_seen":"2026-03-09T06:21:12.096913Z","times_seen":573,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/flags.png?1","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.841Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/flags.png?1 HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/intlTelInput.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/png\r\ncontent-length: 70325\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"112b5-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P0a4htAxU%2B5RlEWjVTI4G5AwBF4yI%2FlRfF%2FTFDYCP%2BfMqsJEEocqKxpHNUMfWzgPvBx9OIN%2F7h6FV9Opf2OtHhY9Ttpo04PV%2B0XSNb4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41602d680b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":70325,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 5762 x 15, 8-bit/color RGBA, non-interlaced","md5":"0b1ca148890222235a0f9903636ca21a","sha1":"b451b4db431749cc40cc2a5f271f9807ca21f1d3","sha256":"54dc5bc49fbe41359681fa0af8add039fa1383a4f4eade34f7a0a5a257dd1caa","sha512":"37553ab4cecdb30b631d883dc0a1afe4b5e81b921fa2fb8054a63fa054c2f57954dddebfee1a5b676f97a392b954aaa553a803e6e9abeedd56f87da0b58a8475","ssdeep":"1536:3Cc3jdCcCx1zjonyR5/Gm5mwoKVehnITl1G/Ghdfal4pMy9c:SczdzCx9jonyT5mwo1hIp1hQ4pMOc","tlshash":"966302b241c2a627f87cb972b955522b673bfb30d280780a00cf15b6979517f04e3a3a","first_seen":"2023-09-16T21:00:24Z","last_seen":"2026-04-04T08:19:30.896214Z","times_seen":5036,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/fonts/EncodeSansExpanded-Regular.ttf","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /fonts/EncodeSansExpanded-Regular.ttf HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/fonts.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: font/ttf\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"27510-641a7a9ee6817\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=bcXLKCVI63uLq5ONRTM1z0PmRERf9cPRZk6%2FB3Ce2qQteGZBBYQw1A9gubTUUMKajODsgBwtTajqFG%2Bxh2kP6HZ09Dlq0MDeWmCLdfM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41603d790b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":161040,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 17 tables, 1st \"GDEF\", 14 names, Microsoft, language 0x409","md5":"09cef80beab41395b7406d15baf9a43b","sha1":"bf3eaf32c0a00c48e6bd5c173692c09bc6228b4a","sha256":"ef2d88cf3791a898cca0511f6866297247381a8147dcc60634204f1aaa37fe87","sha512":"8f5a3c30637653391455a5e079da16c34aa09d222d58b28226e9999e9363323ae3e3728abd2d376c9ecc40326bc325c63d96173329386f1ecd4d700f1f4f8eb7","ssdeep":"3072:8lOLJC8OMvp5WToy4PgIAgD5MCZy0BbKTtdSVJaXTkZ5IOgf3r2m/XpA/t7Tv2ul:8lOLh8TtguCy0Bbf5IOgf3rHpAFv20TT","tlshash":"eff36c0bf7a3e709f9551e74646883e572d2f8516f32c74fa448bfa8d4870ec08c62a9","first_seen":"2025-09-02T04:43:32.305054Z","last_seen":"2026-03-25T22:10:03.301614Z","times_seen":817,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":39,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/favicon.png","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:17.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/favicon.png HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:17 GMT\r\ncontent-type: image/png\r\ncontent-length: 953\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"3b9-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ws3ewIE5U38HZccjC82CgEwHzqKQekDI2QEPEFu7Poar9iby%2FkVmF6iXdQ1%2FCGpBMx4kCi9Z%2FqnY0NIO2JabLuTnJxqiSNLAVGjSeRw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41615db50b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":953,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 33, 8-bit/color RGBA, non-interlaced","md5":"a2f7ca10e3c4dfd860c8b9f43e9b210e","sha1":"31eb72c55b2a89269d502dddbd5492c83cc2d4e4","sha256":"d7eff8631da5eb23321129952d2774c1c19ce0ea04b41e29b5227386602befc0","sha512":"66fe4e36b00bcec3a96c1ea53f22a19865e8f748672c9473d5de32c531c1734c537a052c24fce2c4a91e984b9f20aa997859d307c88a46601db8489d8d3eea14","ssdeep":"","tlshash":"6911c498bb91707cdfefe10665ab29012ba1623d0ca23c0ebc747321102687cf738302","first_seen":"2025-09-02T04:43:32.309865Z","last_seen":"2026-03-09T06:21:12.076176Z","times_seen":633,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":22,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/css/fonts.css","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /css/fonts.css HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: text/css\r\ncontent-length: 462\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"151d-641a7a9ee5877-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GcQEbuEQYYcafyroe7MV78BfvjIww0yqRXPhQmkgvqClTJ8rnMUkUSvuOEICAHwUA7HclAPuZtUkBj1whTmxDHa42PfFNYwE6eg7rY4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e7cd80b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5405,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"6d4583c5f8133a08d58db837c8a4e43f","sha1":"a67236b354e0e6ebad052bde8fb8e3201249a1a9","sha256":"2c704ea3d73a51dae59360d5cfe71d04ba234faa7075ef6257ffc26c32114632","sha512":"783ad76c74d893c39468cb91f46871ea30326121e12cdbf6802bda06c8aaf9ffd94b6d473556090a38ab999affb57df057a7a1d35ad775fe29238150bafc5bbb","ssdeep":"96:QGOS72GOJHGOWLGOL4WGOgyGOxTEGOCiGOw6mGOMROS7vOJCOWd0OLWOgHOxT9Oi:h7eeX4zW74fH7MajYAt2Np7AqNi4NKv5","tlshash":"98b1b5101c1e9832aa602dae739b7e288e4d2845b155c4eb47b40cb99df763783e5f4f","first_seen":"2025-09-14T06:53:37.455648Z","last_seen":"2026-02-18T12:37:52.502635Z","times_seen":66,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/pros-2.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/pros-2.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"1c0a-641a7a9ee96f7\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WMEiJAtCClwHen2obP2QWs0m7uOLxqgwwxuW63q1GDELp4gN9ApVBZiIqvJ8AF6cOu2X%2BmK7FF932W2WbKWbC8bBXXSTLErBflwUJtE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415ebcfa0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7178,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5ccb30901fe366e2c16716a76b7d5f45","sha1":"c843a8c141f8b541601ae8a50fc3cfa336d4844c","sha256":"a08ef793cf722e6ad68e787ef6d77a1a7479b4a90ea93c9e9ce04095069fca89","sha512":"ec261437779ed5fe498752027945ad78b84044e60404fc713e0afbe960e80ef184445a8f920853838d13a12e01519c23fb08244c4169df62dcc9bd7d7c59a5b9","ssdeep":"96:VKHrnlEeDv1dv40YDVpMdbZYdBMc5jsRSq8J+org8R0RCeALrS/rw9HO:VKHpnv6DT5XCEdprgPRCqU4","tlshash":"08e185c4372ac3b4f409dafd4219b4757e527dcb761380d8c3ba1d4ab88a42d6da98d3","first_seen":"2025-09-02T04:43:32.249675Z","last_seen":"2026-03-25T22:10:03.280506Z","times_seen":770,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/info-arrow.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/info-arrow.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=okC%2BX2Wra7xFpcbkgRtHN3UbLpk9sN4vJC7BE6AApPbCVmI4KeIt9VUkIxK5L7g8YPq%2FzNXhhxfHVnCcpriXlDazM690vJhnF2KpVr4%3D\"}]}\r\netag: W/\"1e0-641a7a9eea698\"\r\ncontent-encoding: br\r\ncf-ray: 993d415edd070b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":480,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7000561a2a36f6e67dd92e77cbb50d10","sha1":"0059c6b703952d15dc05cad181c1999380a9454a","sha256":"b05aa3927b700369237f9d2ff209fdf0f4867935cbee04cd1bbbba66231cc7e6","sha512":"8c7cedcd717b2ae9b6b59fec21c9aefabb935218e3f158f81b653b5224094bbecac514b5dfe11f4c3763914860064afbf742aca3cf7f1824a358c185ca5f0d0a","ssdeep":"","tlshash":"9ef09ea730841086e00defb4f02c544636c31cc3b488412cdd4c660ab6e47ba2d40e54","first_seen":"2025-09-02T04:43:32.262978Z","last_seen":"2026-03-25T22:10:03.307149Z","times_seen":839,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/payment.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/payment.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"7bc6-641a7a9ee8757\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eGN1fcy6oYGOCjcrwkTCtjPK%2F43c2%2Bwg9exqRu6kzCKGEeag8ojp9ChIiEpInmQnjqEcRhuYgyTjLFzCHwI4fv0Umys7kXyfVtbJ3G4%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e9cea0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":31686,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9857cd226493e46d1f9d1da264b98ca7","sha1":"91d7efdfb03bdf612c1279b05b55a6299304bb6f","sha256":"8d4f42fb0c221eea7cc3bb6f8f25434a543644d9f20257c749c617c0ac8fbe1e","sha512":"feb167e1811234de452b58bc81647471bebe7bae1c845c73021e0a7c0cd538a28b55ed29c0b15f790266018680a0b4f8394ea193116656b328e3932a11f8e554","ssdeep":"384:3sn7jCC2N62crb+rBEXGZQNM87Rg/BzZQTraKBzBY0XDiu23dMcgjZZLwiywoqok:cn70MSrBEWlxBVMuKBFdTiu9ccXywak","tlshash":"bbe2c7e963faa2d4d58cebd36f94a1393d1320f75eedcd10c3ad4e68aa4486c4c245d1","first_seen":"2025-09-02T04:43:32.335925Z","last_seen":"2026-03-25T22:10:03.292955Z","times_seen":835,"resource_available":false,"data":null}},"time_used":58,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/kraken.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/kraken.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"ad8-641a7a9ee96f7\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=giciEjG1LHlg%2BOR2J7lzRb%2F6foB6xjuzTGyBVpibdFkZsoURkMr7z2ZvldFa601BV0nHnexCi%2B0gBqaW9JMnUtQs%2B4wjbtEIpQSYA9c%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415ebd020b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2776,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a88d6175c0fdfc14d4998e0aa9ac7959","sha1":"3886985b7a635d4cf8ae3d50db49d63c42dbebd6","sha256":"533b51e295c2ec894de75538b9f6f7ad23b0fb18cb5d55de02ad6eec6618af9b","sha512":"02caefead63c07312097e588f26540e3ae602769a930c25b5c21e59b93d6c788cc13db0d473382f4cf84d4716fccea69e3243ce74946524b0e2b6284ce3d4ef8","ssdeep":"","tlshash":"e25183a8d37ab218f004b7f88b07a8b481826fb42705ca5daffa0c1bd99500e1c75dc7","first_seen":"2025-09-02T04:43:32.260297Z","last_seen":"2026-03-25T22:10:03.310451Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/user-9.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/user-9.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 6022\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"1786-641a7a9ee96f7\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6YvA9%2B2q0m%2Bzm9OdsWxYNREQ%2BEc4M9YaElkHymEl7GTOZOgjLQMsBQrDPVJqrSPDPOe4woVqXyBPVkMjMKYJ6RoXyoog3FmYF3x4bJY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eed110b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6022,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4b304bedf039a19df3c86295509dda56","sha1":"5074da65671e25d7e348696aba52f9cfeeee09e1","sha256":"c66ac7538bb1bcebd7f29e5af8f8715d2f8bb8e9064a0881f7b69c9af6d8886f","sha512":"8a863b2faf17d079c6eed6b8a5848aa2b69d42f882c821e4e28a4c2852859bc3f5f06066630a2812554fb2a413972497db008594b058696be60e433377c5972f","ssdeep":"96:c38CNuiWJsLmqZ4F8Yt9Rc5uAgiik2evEhq870wKHuxKcuxE2IP93wLEUlk66RfR:SMi42MvRAmiipCVRwKoS0lALEx3Boyl","tlshash":"cec19d711ff1a028de69ca3544635725fa8481be368737188b3c45dacc34e236ab429a","first_seen":"2025-09-02T04:43:32.288955Z","last_seen":"2026-03-09T06:21:12.103223Z","times_seen":573,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/comment.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/comment.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/tailwind.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"93c-641a7a9eea698\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Fk2MdzrqCRLQXsxDpAVFzPbDy5k2CIjgZwszbGbLnarzUEbgaQcSdn6N9vnriIT4H85u%2FTJ84HAuHAnrlZ0ihtFM%2Bniu6mlbKu%2BZ43Y%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41602d6d0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2364,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"03dafba01023fde082ffa08cec31dfd6","sha1":"bd202e2efecf4fcccbdea6ed2beb3c1d246a8e98","sha256":"0d1664b6b5351ca740502fc40a1fac93071f77f3dc3e3ba1acc32c696757fbad","sha512":"6da0a2071f09b1dd1462f9737d29271b241ea9dc471c072a2de131a1be356110286b1a72c3e4649f560003783538463a08c16c8b19164d74cf34f0e1b25dc302","ssdeep":"","tlshash":"1941eef0e25c90e95405bb78ce7b17e173733dad2ad0c2849370f9266a949fa9c5c983","first_seen":"2025-09-02T04:43:32.337995Z","last_seen":"2026-03-25T22:10:03.29007Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/css/tailwind.css","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /css/tailwind.css HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: text/css\r\ncontent-length: 10266\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"e965-641a7a9ee5877-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j%2BG%2BHwdI5Aw%2B23WZLrY6rtc6BOH3bcOiOzyEum59htN3z7setVVJPi3rfkF%2BRrXO8QSQ1DVFiYQXgx0LcKESSR0gaw%2FGv1%2FLEBX1NS0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e7cd90b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":59749,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (351)","md5":"824cd3b3920f8cd9c6a4f0c93138c791","sha1":"57dd006926c2af1347d86f58729475ca88d524bc","sha256":"724b3c25e640b9cc831e3214a1660907bc1d570a0597d77fbfbec28aa30d51dc","sha512":"3fc20cac3cad9edbfc702836c82785d83c7658b67e2c72b26023cfab6847a953db7ca78ebe6b5a7e966df0117a96651f96b7e6224baf8e1c116bc192f4003708","ssdeep":"384:wbZfn1j9535QQ/vXPPikKVI9sAmJoF7aAnNoxjWrae7yl:wbZfn135JHPKkiAmI7yl","tlshash":"5643761a97f1d6683c7ad1b0a109a4c8762e2195deedcfaef8f01014cf84be45da7d18","first_seen":"2025-09-14T06:53:37.413426Z","last_seen":"2026-02-18T12:37:52.528682Z","times_seen":66,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":57,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/css/pages.css","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /css/pages.css HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: text/css\r\ncontent-length: 1615\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"1914-641a7a9ee5877-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VJujyuaKxLnzCmyxKiqpdNtTJb5sMpkE9QJpKYYZfbu%2By%2Bzky6vwcx2ntd%2FHThva9gqqiBc3DtyDFgzZsTWQ6A7DaIqdJDiQMxDgNFY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e8cdb0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6420,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"81267a334afe40aeda3d48135396fa15","sha1":"78e681642af2b4d51a90ee60315ee6c00a32173b","sha256":"f498b0922d11b61f3fb5ac75340636a5494afa37c2659c8e56ad11090985c7f9","sha512":"b5629ec8cb27d43d270b8c08c292e533b60e237037537da8c6104d64cd19c0eddf627273ca5971517df2b448b9797a5acb64aaf67f011c83cd127a50c595666a","ssdeep":"96:byCddaEOGKH994xXsBOcevcRBbw+oN+uMJMzMJxsvB/rlt4xkt4su0OB/06LaChz:F2THhvRBieMwx2NFm+J4lfZ9D3","tlshash":"34d1459297b56048782a98a9a6a37f64622c8043d14ecdfcbfd6349cffc81d15961f8c","first_seen":"2025-09-14T06:53:37.436379Z","last_seen":"2026-02-18T12:37:52.499407Z","times_seen":66,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/bottom.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/bottom.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 99546\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"184da-641a7a9ee96f7\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oKQBgHPhhOQiDIQC8jOhYlQo%2BtWB9hnGGgEKOfjksPVVpnE8FUZR45taOj%2BWzTqwnIkwKNCoWKd%2FTe1Lk4%2F7nJuX%2FKGX2R46INppkNE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eed120b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":99546,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"88108cbe23f34dcfcfdb96c13db08e7a","sha1":"39ef779c20c4e99005f542b1fbcd8356569d6628","sha256":"b825967004d9a1b6348da8813f70cebf175be9a8126d7284c3cfd74f8425e5ea","sha512":"88ceb6f3fc031353ad035bf79c82c3b1d1d4aec31508b3a90917c1ff25740e3bbf5d917a2bf5db3de0ea85cbccaa637a6ab4f208171819a2447d3f9c5346d48a","ssdeep":"3072:lYuuo5b/UsbYrEKwSoY31imbmwEmlfn9qKNiXnkW:lvuo5b/lbuEKwCFimbZb9SnkW","tlshash":"1aa3121976f65a96e8541f88edc2a77932b50fe7207370da3028ff36086863d21678dc","first_seen":"2025-09-02T04:43:32.314304Z","last_seen":"2026-03-25T22:10:03.2985Z","times_seen":750,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/fonts/Inter-Regular.ttf","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /fonts/Inter-Regular.ttf HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/fonts.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: font/ttf\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"4bbec-641a7a9ee6817\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tQm9GxePjJuriBxbxOrN5yN1lozb4ut4qpPfHnZtuUTt0A%2Bg83WC7S6XFAqlVS8D3Qscu5FGcX8vTqjdIOpfY%2FhjbLwjWAOTYcz%2FEPE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41603d740b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":310252,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 16 tables, 1st \"GDEF\", 50 names, Microsoft, language 0x409","md5":"ea5879884a95551632e9eb1bba5b2128","sha1":"cfa780d0b50b2bb7eacb82984f1b18a95aaa40c5","sha256":"3127f0b873387ee37e2040135a06e9e9c05030f509eb63689529becf28b50384","sha512":"f09113b22bab8fb07920453e2cdc3ce678231f7b9f801f44471461697a10a61a9382173e177691f4170a3f9af736a4ee880fb48cc4408c8eea4e3ee850004cc8","ssdeep":"6144:PUWaT1IUkh6w/yOjngZyKMOMxMmABlNGow+BNn6m4zLkA4X:sX+Qw/rgZyKfMxMmABlNG4BNn6m4/kJX","tlshash":"5f644a17e363c31dc5132e3a8793c7a0b767bc513b12a10abb243a55da9f1b41e9b4d8","first_seen":"2023-10-14T00:46:20Z","last_seen":"2026-04-04T03:38:34.068939Z","times_seen":3307,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":45,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/binance.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.626Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/binance.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"d34-641a7a9ee96f7\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rSqrswxtSv5DesvE4z1nRI0%2BsI81TcD5m6Ly3OeFmiUN8jh1KAEJAr9rVBPLbUh65TmAQVR4GQhyeShAW8vzRv9wY0Z9kYqvNSsGeVo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e8ce30b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3380,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"286147a6a8b43aa9f703eb3b278c669b","sha1":"a23688139388df4ef861c249ccfd8bd48aa2eff2","sha256":"1b4f876a5cc0b5da87f17a7ffb330ce2c5002c414036ddff7803da78ec725865","sha512":"1e4b9065bb362a10ad591f82fe88d373c5c82f582cc5ae6c03c87fe1f0cd3f61b71942fffeb119ed7700ee95e7b91845d16ee94443af3dd9960cd1c0c10fae4a","ssdeep":"","tlshash":"a56193a513a9c2e4b4056bfc8f0a68f23fa728f7ad27c51953d12941e8a067c8c75dd3","first_seen":"2025-09-02T04:43:32.294472Z","last_seen":"2026-03-25T22:10:03.278941Z","times_seen":1204,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/phones.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/phones.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 62018\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"f242-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5TjhpvrOOGUfeNBUewCKYXGQ5qhNg4BK7h2bJ%2F%2FrMR6u5mcTJpEB1N3w4NHUvmlFBILiMQUYTAm%2FZHCq%2FrvRg4PUm%2FHbkPN9w0rYMwM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eacf40b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":62018,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"88ae8c6bb589750082b5edf16e6a1cd9","sha1":"8c6bb3702f3271c48d86d65d66a557f4f0f6d898","sha256":"36a7d79051bda66b0503bbf3ddcfc8067ee8cdb063fdcd743493ce6af2b54612","sha512":"28786ec8aa25db88a8381dcc2c7f49eacd969d96395d3a25e7a2bdb08ed114ea472c81c938eeaaea86bc5b58147585287afe581e55ce74894c571e03ecd30a32","ssdeep":"1536:GkkVU4uvILYGW4FoHG3xXQWd8jk7IlJ7avfZk8z+M0:RDvNV8xjdd7IX7avRk7J","tlshash":"67530235dff0ad4d85461130018d2cbca9b87e9dfa1fdd618a710cd0d8b6b2b994b1ae","first_seen":"2025-09-02T04:43:32.240085Z","last_seen":"2026-03-25T22:10:03.2878Z","times_seen":761,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/polonex.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/polonex.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IxhjuWjCshUl1%2FJCX9ofZmln%2BH7V04XM8H%2FVYSwt5mXY9%2FVO3i7gpe3gfoDNUIzWE5RDfocVD%2BAUU%2BAnvMOJ82FAOA%2FfK%2FPP6GpCatE%3D\"}]}\r\netag: W/\"3fd-641a7a9eeb638\"\r\ncontent-encoding: br\r\ncf-ray: 993d415ebd030b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1021,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0a93f41c5d779ef0d290e4c54e2438c4","sha1":"e56f962012e24d19748c1d4f34789fab11deb64e","sha256":"c9bb6c3d073015bd7e82cb3c8e1b1e9a3fa9e15d3ade934e21068ecd59424f61","sha512":"ecc25a27648b40e5fb0370597111f401bfec58bb6b74145251062ab6ed8a6a5c9d6e15a5e3fa23687429262adaa83007366839604b4c43b8922dc7c84fa61e6f","ssdeep":"","tlshash":"ed11cefc6728920d4e0897943b6aa866107273d89189c747b5c565af6a8d06f0cba1d4","first_seen":"2025-09-02T04:43:32.322472Z","last_seen":"2026-03-25T22:10:03.283824Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/fonts/Kanit-Black.ttf","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.848Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /fonts/Kanit-Black.ttf HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/fonts.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: font/ttf\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"2a5b4-641a7a9ee5877\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0eby9x%2BA%2B5jcYUF8hR0Q%2Bwj5wC6Qb6qkOey8AB9G5vCuefAh2B2GoCL%2BRmsGyKN0JmRTdeyKwS60MDoJeWDo5lDJxwWkrJk8Y1OaqrQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41603d6e0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":173492,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 17 tables, 1st \"GDEF\", 15 names, Microsoft, language 0x409","md5":"98e93fc09832d3891a57162b83ecb930","sha1":"7d7c545de2f02989d1f2a76849291b75f6e6b7e6","sha256":"7f6d2b61aeaa7e6e1d1f0a99fee666c688650f00254786a1f48bfba31ad63aa9","sha512":"41229779be59db29324f4716122da85948f6de5f05de483327b85a888a424527813331a827bb1f93db3ef8e875f706c0658b28126d1058604c8aec953402f2e9","ssdeep":"3072:T1jSTGGQ+BqRF4LwmVIIaVyL1PhllxA4DUgaTABYcaclGT4I:T1xGQ+Bo3VyL1PhllxugDScaclGTx","tlshash":"7a044b07f749d789fe1a5e382769a71ba294f0704f5787cbf08d3679e89a4c01e192c2","first_seen":"2024-06-21T13:38:29Z","last_seen":"2026-03-25T22:10:03.303864Z","times_seen":947,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/fonts/Inter-SemiBold.ttf","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /fonts/Inter-SemiBold.ttf HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/fonts.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: font/ttf\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"4d33c-641a7a9ee8757\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TL7A3LK0tAyi6dF3h7bLKz5WdzH0j5zbcXuIg18HIUhbZzbHrkAxDa8fR6SqEBZpkYDTYHVFe4W1Lwcjlbaq2uwcysqX1nMGgLC4Wgs%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41603d760b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":316220,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 16 tables, 1st \"GDEF\", 52 names, Microsoft, language 0x409","md5":"465266b2b986e33ef7e395f4df87b300","sha1":"5e0c44e57e7e090252d79f622899e67585bb892c","sha256":"b0b540e69bf6717016e33874670e09acf4bffc2ca3f4c1cf174a4ff696308c65","sha512":"b653746094471135e0b4cb286b45c4fe2b146a877ed3ad03bf1c116f0413c0c2e66d9245651349dcf1c322b71071b499b83129d88a17b25f3ca7b18d5a5428b6","ssdeep":"3072:tYR7HDJwbA5Maf/j41tIW+8EziE7/VgC+zvVF7ALp5p28gzEPuNOVKpxG6IXfsCQ:qR6aT19iEjAa5hgJRLQCo4TJIwH7","tlshash":"0d646a07f363831dc9062d3a47e3c7a07367bc917a12e10abb283799c98b5b45d9b5c9","first_seen":"2023-10-14T00:46:20Z","last_seen":"2026-04-04T03:38:34.0038Z","times_seen":2431,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/usdt.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/usdt.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"df9-641a7a9ee8757\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ti%2B3wXxyQ%2BGEUZdBISNUR%2Fl%2BBEm%2FDUldl1RfSTOLzqxBqbeG%2F2FUfXnDoJFQh%2BA6WjUigkrCBt%2BoZ0nxwBYVSVUvG%2FYUyieozl%2FbDwI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e8ce20b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3577,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"908ac595c69379ce8ce688a04dc020b5","sha1":"8fea3ba2ba406c0a875388c4dc75481af957a326","sha256":"b7ef94d66bc1b27c90dd4bb1887dfb58335df07576bee8eeee3c459d53fc543c","sha512":"fd52eb012b199609a0edd27ac2d9f118823d76afd5001b1c8373d6c7f96d20696b349e59409dcfc79a638f09292cd75c14a598369681ef0ac4e962b063c69a1d","ssdeep":"","tlshash":"7971e8e96398b2f4e607abe4ca37a871356758f57f12c48cc2847845e21856d0c9adc7","first_seen":"2025-09-02T04:43:32.333256Z","last_seen":"2026-03-25T22:10:03.30574Z","times_seen":1208,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/pros-1.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.648Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/pros-1.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"1510-641a7a9ee96f7\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=sBtAtK9cEf0iS7OJGLeMdF9iDSggs%2FICPpb1WL5hJLIoINB7xQY0r71JubtupWdrFAq5I7ozQNTopOw3MWyBjjacqhmLkE8LegMU1jQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eacf90b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5392,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e3e03487987db909519573a44bc1c14f","sha1":"e9fe3cb017ee1eeb06730a1b5481c587763e3135","sha256":"7380cdf722492fa999e321b25877905d77eb7781b3729966d36a4a580b40d924","sha512":"052f13a31dd25a9a6e0c561e9dcb24128fe21cc351a1626943534885190a0869790d1038e29b49041649c72cfdade38ed8e1c0043527ae6d56c26dd2d2d32947","ssdeep":"96:oKyaCV0Ct7eFu8TuPK/MeDurIIzfZUijQuGCZ/gNCjAJNk+n3W4ctX7BTDx:oK00dE8OK/4VXGC9yJG+O7BTDx","tlshash":"25b173c8237541a4f949b6fe071bbc542e4649e8e7118c5dcbd46e0be1420ae2d7aecb","first_seen":"2025-09-02T04:43:32.303241Z","last_seen":"2026-03-25T22:10:03.293446Z","times_seen":770,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/user-6.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/user-6.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 5244\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"147c-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I9ri9alH3XsPy%2BeHz4R1Chm1RMjZHJGCvJ5q6roHiBorj%2Fb5a4HwXuzyF2tu7thTJN3I5AnoIIS8%2Ftn%2BlwbresN4EGUJhKKVpxuIh%2F8%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415edd0a0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5244,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"e0d456ca39c3ceb6fef7ba18596ff0a4","sha1":"f7af1c6c1b8a072b157b008934a40eb9cf32bd1e","sha256":"da44b1fe0c069950bfecd801f6de0de6571c34de7d2412405c8436c13259eeae","sha512":"e48f815380255e85a7e03e302ef8d96efde07d8dcae440f3235a8fbbdc441601951f481f573fccf2838158e27ab6468fa13bf5984bbfbca3b87aba7c71d9ae33","ssdeep":"96:pIH4oJRXEbKgAOkB9igtod9ApERdqkC94bpZyV07uqkckCVyK:GzXEbRjkB9igyd6psqkCCNoV076UQK","tlshash":"10b1ad11b5a34f94f8cf0a70883df720bac4808e2b2ee7950e7133a242294233426df9","first_seen":"2025-09-02T04:43:32.329512Z","last_seen":"2026-03-09T06:21:12.086219Z","times_seen":573,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/glow.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.844Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/glow.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/tailwind.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GQ1L7C4FsalYkjSGAmiV1agoFkfdcTfT5gmYF91%2BQWptN5%2FgpiCRv5ozxj1f0mIsrAihM432Rq3jJhTATNEEFGHnQQ1VL9vCHEDO%2Bb4%3D\"}]}\r\netag: W/\"2ba-641a7a9ee8757\"\r\ncontent-encoding: br\r\ncf-ray: 993d41602d6a0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":698,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"5a3f3d58c639d254adbe360efe2cd06c","sha1":"ae96f32b7bd60f327cac97014ac200a03983c736","sha256":"9d8a12463844f53b73f589446f70b027d397ec4b22b1c2d505a00c45ac0ce9cd","sha512":"cfac41234168567ddde2a5ffe3fa450eacb9b7c1f57005f79538c91a2b28741069a0657eb080131f120130b4ced175f998a9c32ce6304895faf46e77c6889b7d","ssdeep":"","tlshash":"29014434e35ce02fd654830dca5540c031fdc0d561d6400175d25f6f58e8853aec9364","first_seen":"2025-09-02T04:43:32.326694Z","last_seen":"2026-03-25T22:10:03.279468Z","times_seen":838,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/fonts/Inter-Black.ttf","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /fonts/Inter-Black.ttf HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/fonts.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: font/ttf\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"4d5b0-641a7a9ee6817\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5IzOevnnv2ljVcLoG6tPlGse%2FXsve2DMsr4vuP0G3W41Fc1EJlla9PhutZBO0rx5Q1DAJEaY7Kt6x8JaHSGZ7XiWmtHrJh6fx3ZNJ9g%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41603d710b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":316848,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 16 tables, 1st \"GDEF\", 52 names, Microsoft, language 0x409","md5":"118c5868c7cc1370fcf5a1fc2f569883","sha1":"f79fa58ace5f55e338c99bf71e7e0702841df6f2","sha256":"4795b76b5b54d140fa17432eb4ee2eb27c63156ca0c8184ed27c4781faafe276","sha512":"1dcbf0476cd7470c359294bb360e141af440e407251646746ff53e57b302a70f4f32b775d16d19219fbf562b9b1ef5e8ee05546bcbd87a2d297541bba11f084c","ssdeep":"6144:wiaT14OiMsRwis9EzgwfxsW4unPLx+0woyN:yWnMr90gquWFnzxCoyN","tlshash":"38646a17f327c35dc5132e368b96c7a47363bc917a02e10afb243a95c98b1b05e9b5d8","first_seen":"2024-06-21T13:38:29Z","last_seen":"2026-03-30T02:48:14.457804Z","times_seen":991,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/fonts/Inter-Bold.ttf","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.850Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /fonts/Inter-Bold.ttf HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/fonts.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: font/ttf\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"4d4a8-641a7a9ee6817\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CvWCKp73LH5lvlYpMYYjavu0YqhbELjUWjP7e3qHjZGVdODIbs%2BbLP7sm6U0dVD7rciZwFWZGDXHJ4bKdHc4YLgMRaHAviMmR06t8hI%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41603d730b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":316584,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 16 tables, 1st \"GDEF\", 50 names, Microsoft, language 0x409","md5":"ba74cc325d5f67d0efbeda51616352db","sha1":"47ff07c75746682133b81e7ac0537ce50a4c9916","sha256":"412c068eab6f36e6807d630ff89127165e8e4d3e8653434cdfb56b60cdcc3a32","sha512":"0e1b968a789e9a4d3149e9bf539f12800b9e808b6d1829841e74a122369110b369b36dd10231fd9fe68523475305e398aad0927fe14247cbe75256cdd17953ad","ssdeep":"6144:x2RouaT1miEEE1ipnQzkghLs7J28i9Bpu:siomE1onQzkgRs7i9Bpu","tlshash":"5b645b13f323c31dca122d3a8b93c7a07367bc512b13e10ab7643a55c99b5b85e9b5c9","first_seen":"2023-10-31T18:47:11Z","last_seen":"2026-04-04T02:45:27.477157Z","times_seen":2156,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":54,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/quote.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/quote.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"ac8-641a7a9eea698\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JJR0w9gMfGkqt5qEoe2XIM0GDRy2rrLFw%2BxHEe3NN5W3MfouAAsKWj7sor6O%2BeIlw0GfrD9du0SSA54vPuZFXKV0G5pqiHT1RlFnXkg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e9cee0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2760,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"504ce723c76d111e0be511d24721c2dd","sha1":"a1fe51672c966079ca8ccaa11fbe6de0bafa1644","sha256":"a563b73f0268826906bcde897b0a2f55d0d2fa9cfb394e4c151c138f3865202e","sha512":"87a808d4940b03b8e019e3a28be1bc3d866c01323be476d8e2e1ac2d780404bd66046a62855d03ae2c309387f7c18788a5f1d9b3bae538139b5448df459631a2","ssdeep":"","tlshash":"0b513061b3b971e0f215e3f667e27925b95b26622f87c2e4c0d72dd4d87480c5e808c6","first_seen":"2025-09-02T04:43:32.254441Z","last_seen":"2026-03-25T22:10:03.304816Z","times_seen":1145,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/header-avatar-2.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/header-avatar-2.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 2276\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"8e4-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OXoKyKQkF%2B6fKEVcBX%2FDqk%2BCwVrR5pMPuPGdrsRB5NUxfRzAcezbyKox326dh2WIUIIORNj2LzmY%2Ft%2FmQcTzkqS2H18qdaJ5D%2FIqURg%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e9ce60b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2276,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f002c455a1cbb7ebb9f0e367f5a1aeff","sha1":"108acd639aef6dfb2988dbe90017ee4e693846ad","sha256":"3687604fcb1bd6ec80db705d104ab28909dac30e35be40ca3ef55146223af35a","sha512":"7c2b8f1cfc72675366802a003974b8d88fca624431736e4271dedebe9aba73b06cc1652fd6701a4d5fba09f55f6ed56abe021b07b4ce46c6cdb8c0939f0e2e9e","ssdeep":"","tlshash":"e3415cf92594b03bc0f4583a0c7c661a4ffa49e2534e0e360f5d9b6a19212325cd382a","first_seen":"2025-09-02T04:43:32.312857Z","last_seen":"2026-03-25T22:10:03.297141Z","times_seen":768,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/pros-3.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/pros-3.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"6d7-641a7a9ee96f7\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=O7MNQhqAr8%2BPPLTP%2BoAneFjxwY4k%2B5PTevUGEw7WSTH8hoPEKwnaa4lMS5TkHRTpTrfe4Cy2qsLHCiwG1uRrKDW0Y0%2BcfcuEamob5Jk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415ebcfe0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1751,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"77cc23f4dfef3fb494da063dbffc4fb0","sha1":"5497f0fa1d50011c7d90ab2f3c9107fdb6617906","sha256":"6c79187930a4abc56242352b5d4d5a5e68e7a6837c129e4021ade79165774cef","sha512":"9998ae9c90a9a7a002c388e1bf176ee2730c6806e545707820f118ae4808994ae1552977dacefedf49e6e425b31819097e0be659b99e73a6bddcbf80594cfdfe","ssdeep":"","tlshash":"9c3123dc2178c39cb40679680786b8b13c5b99cd95a74845d3b3be12e88845d5e748eb","first_seen":"2025-09-02T04:43:32.34178Z","last_seen":"2026-03-25T22:10:03.302906Z","times_seen":770,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/user-7.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.674Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/user-7.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 5552\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"15b0-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e5KykJBMJPyrIYWPDM0sYyfnouLHT3mjU28%2FyoJjeqRaZVyMeV%2BcqAPZeyFrFBFoAgQHWp98vFzr2PzHGOXmnA4REilG3Vkct2rZ%2FlA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415edd0b0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5552,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"27470bec9f071ad8fbfff2b5cb912ea4","sha1":"1a52e1c82ac31158da0d0d641e2169a8ceb1b7ce","sha256":"7e1f70cc3d6d6e8b533fe17264755bb6a15b520870812a802ac8f54f1fa0e357","sha512":"4bcacd7eafe5962dfc3d70266a978409b63f4ab08781bbfa25ceec2f7fdd60f331500f04f99cc51b2fca6ee3132a903d7bc61d3518101e3bb11d370a841c88ed","ssdeep":"96:iQb/w/YtmuTEwoLPRpH4r8TLL2jNyzgT0WclbVYg2QphfgTrTs3nyCspeUs5Yd86:NESTEhzRpH4YbSNXT+VYgdurTaVsxUYR","tlshash":"3fb19eaf9f5b2a6fe2c2e73b155c356a121f534de218897d16a0a262472c3887e27084","first_seen":"2025-09-02T04:43:32.325136Z","last_seen":"2026-03-09T06:21:12.126626Z","times_seen":573,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/pros-bg.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.845Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/pros-bg.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/tailwind.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 40462\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"9e0e-641a7a9ee96f7\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aSFEArkG9HRlfanFPxfMNpVi4SNrJ1zpA1puJkDEoLja6Lt%2F6nnLM6kWGN6jrH2UINCBRB%2BJVgN37m9AcoHq0PcVb6qzOGgjBORnhrQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41602d6b0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40462,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a552bc7ad58597757b953a47ef50de2e","sha1":"ae607ba3cd8f2986ec9f2dee80ae90f28cd1eaf9","sha256":"7af56b3431d35b0264020ac4eaa6ff1ca05a72a64647fdea890e9814597da6db","sha512":"b976c4950c93b9743666efe43261649a885163865793314992bd7990b42afdf4c34703bc01cb8abe742559e270b203a06e1b6f1f184bfdfb8e9062c88f3417b9","ssdeep":"768:euKXMkiH1mxkbLyKMVgJWqHgSSUxyt7tdWbbfNFd93raFCoDHXeX1rFYv:euTkImxcPn4Yyt7tdWbbfNFdl63eX1A","tlshash":"a603e1d097b394eead24862349bcfdc2576e36e18b429b8282c7e54a58378df9532130","first_seen":"2025-09-02T04:43:32.343217Z","last_seen":"2026-03-25T22:10:03.286454Z","times_seen":822,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/like.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.846Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/like.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/tailwind.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"e1f-641a7a9ee8757\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=37F4NUS3UNSL1vFoA04qKK7d46kDm2jSBdd8DzoE6wqZ6twmLWvm%2FiPrBiSGD1urYu904rxDfMIml4YmRfHwFu%2FNMp%2Fi%2Bh6j0BEUZFc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41602d6c0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3615,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2c10ef99921bedb522858b8452a520f1","sha1":"d8950fd5ebd9fc4c9f7030a8ad535a03ea502ac5","sha256":"8fc5c82557271bff7c7974b940f396c0e1510e56e149061ac98368c95138f2f2","sha512":"7a9f75653a67f9d6d57ba07927fd23c238e20b57cb1aa6856d8edeebe8399b6304ae108c8c30804b59bb911fc123df24257c6148a15b94de03317ce9f156f892","ssdeep":"","tlshash":"1f71d8e583e862f9504ba770c9369fa5736b3cf9374a8e8693c8ad8da81500c584cd47","first_seen":"2025-09-02T04:43:32.282519Z","last_seen":"2026-03-25T22:10:03.286842Z","times_seen":839,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/user-1.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/user-1.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 4738\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"1282-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LtHIYaqPROkW550RTf6jd17DorrMZwvZfpnXANfkNEaiEEB%2B2RHD8Zzx8b43Tkv6Rg3GZecOCX49HuGlYBVW4teex0m2rZSbEqaH9zU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eacf60b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4738,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"48927f92646cf9a8686dda3205481e23","sha1":"82690896bea6554784e2c5b96b2d9e786d9e026e","sha256":"ab6494a89374282c3ccf71f698a449fb3ee1417c78731a67cbb281851d229dde","sha512":"fa59164b9d52cd5e2e20be35bbc8277f3e13eb69aaca62a74a3234f231df1906814b49fe952ca8fdceed4ac3aff0f8e41cb4a80d78ff61913ba234db5f3e26d7","ssdeep":"96:TR50CIHUayLuMBFdknzua1x0dpKOS5/V/rqKf6cUsc/NcVW6Ai+IQyb:zVIH7gFGZz4pw/V/V5Uso1di+c","tlshash":"caa18e2b9ec08a57f46f21af9e4a5b398248cc4011547ec18c755ff9e6713cc9718e27","first_seen":"2025-09-02T04:43:32.296543Z","last_seen":"2026-03-09T06:21:12.14663Z","times_seen":573,"resource_available":false,"data":null}},"time_used":52,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":52,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/header-bg2.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.840Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/header-bg2.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/tailwind.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 39994\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"9c3a-641a7a9eeb638\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=k9UWQ1zGfuTPmv1y3%2BhZBiu3Rgq0xPPrnh0yEFwPOoUQjKVpL3sxcUdxOmanmFVcTP7Jxrc%2Fuqsw7juOv2j417x3EpTyki9lClrFqhY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41602d670b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":39994,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c2004bc1f6298be7aca074e9a961c0ed","sha1":"5b72f53a98833bf6e5504dd6f4d25276b7e78218","sha256":"1ef40994ac3137ec249be87f309eb7daf3273815b9777f117ce3756a73297eed","sha512":"cb88d25b93a5eb666edca7749d9d6888cf6a0e24ae7fbe050a37aa1c8f785c8e86befb7377b4c4df8479e32e1d0b0f6aac90b4f4036ad7b15b15e576a1ca4f88","ssdeep":"768:wbiE5PVNCAPTF26XcQGcimMQxrOVdGNwMg6jKfHj2Jzr7:uZTPEs8mMQ8VKwj6jKfHWzr7","tlshash":"cc03f19748ae16dddc6271363c1ceb21a4b66a059fc21d86c787c6f6c7c3668f14d238","first_seen":"2025-09-02T04:43:32.347288Z","last_seen":"2026-03-25T22:10:03.27784Z","times_seen":754,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":40,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/header-bg-mobile2.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/header-bg-mobile2.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/tailwind.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 25708\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"646c-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pf2%2BgaW2tcvZlo1WEy1Jafr%2B7p1XnKkPVFfIqXKGclAlVoHcRmG5bepfey0t1WfXqsvIlSKxlq%2Bq1U7bvydTDLJqEm69ACjzcG%2BsSeU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41602d690b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":25708,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d8179eca6cacb540539cd9b74f711fdd","sha1":"5cba7acc82732a756054aa3529eac3cb85a3557a","sha256":"6efc83b8bf5e579eec51195c4eba7f58df2487f8d195f07d59b0741bd6ecce39","sha512":"ece42e75e994510373393c040d56edd7f44b5c3612c1b5552e3ca7111abc0312096792b5e8defafcbece652da2f21a3f8ec439db2426e31ab20ce06dd24487ab","ssdeep":"384:p2ESfIf9teHWKyJsBp1p4RrCGUWRsLGNr+pQNCc4b+cMVOARGCU2VW7Cr8xYySTz:0ESATO1SaWR/NBaiuwVW+VQUDr4Y","tlshash":"c1b2e183f37074daa07597f892717d2a79a8039013b98b9c3687391fe53a510779d2d8","first_seen":"2025-09-02T04:43:32.280027Z","last_seen":"2026-03-25T22:10:03.303373Z","times_seen":817,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/intl-tel-input@23.0.12/build/js/utils.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.129.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:17.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2025 Q2","organization":"GlobalSign nv-sa"},"validity":{"start":"Mon, 02 Jun 2025 15:43:52 GMT","end":"Sat, 04 Jul 2026 15:43:51 GMT"},"fingerprint":{"sha1":"21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4","sha256":"D0:E6:8D:08:11:05:7E:0C:2A:0D:C7:E0:ED:AE:9E:18:C8:74:32:12:3D:56:43:98:62:CD:A2:08:6F:64:5B:B0"}}},"request":{"raw":"GET /npm/intl-tel-input@23.0.12/build/js/utils.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nOrigin: https://merkadoflux.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 23.0.12\r\nx-jsd-version-type: version\r\netag: W/\"3f362-QgRuJQx/Lu/0YZqJsL57g+AeXt8\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\nage: 3268232\r\ndate: Fri, 24 Oct 2025 23:29:17 GMT\r\nx-served-by: cache-fra-eddf8230139-FRA, cache-hel1410024-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 61923\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":258914,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (1903)","md5":"6eae88fad6fe723d8c8d2386a63dd152","sha1":"42046e250c7f2eeff4619a89b0be7b83e01e5edf","sha256":"a4000409a897003b1c5a8e1f9f32e18a11b022452151cc47c17ecdcb76d5223b","sha512":"d356bd87f7170499fbf445353afeda69dbaccc391eb41826290a30752475735a27d56ce1d642af1dcb02f93a1405926a440add5cb38000b7d112cab0f918bd6e","ssdeep":"3072:9klM0hpJjFs3OwPss3MwPKm7i9T2xFM8Mp2xHsNBWUsD56kmLNTg/QKWVRphmVEw:9klMipBKxxFM8Mp2qbZQ","tlshash":"1144f1ebd63c9737a1e97b35968eb3cd5a8cbca3c848567826c3b54f52784e0706c205","first_seen":"2024-07-10T10:54:41Z","last_seen":"2026-04-03T11:25:30.045803Z","times_seen":1492,"resource_available":true,"data":null}},"time_used":195,"timings":{"blocked":79,"dns":50,"connect":13,"send":0,"wait":14,"receive":17,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/css/intlTelInput.css","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.621Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /css/intlTelInput.css HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: text/css\r\ncontent-length: 4370\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"5754-641a7a9ee5877-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5ujnKjtmRYKquRVvMjIIrFZBVca%2F4OKd2Y3oZ%2Bwk7PpiNlZr8Vwc%2Bq5C9h%2BoTw1Qqv03QCpiE2bn1LRy4nPxacux2Xys7k3bFYCoqyQ%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e8cde0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22356,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (830)","md5":"2900faf324a372f5aeb5bc2d88682085","sha1":"95e348b62b3dc1a20c50be55b4f7c818d38661c4","sha256":"9a6e0d55d9eda948f4a81d55eb91b987d8c294ca4188e66e5def79b2a46c0174","sha512":"38e42b6112506777bb2930ac17bb904a435ba3630634af71e6045420876cc709b8068259d4bff86cd6491c10690337242b4fe08c410327cbf25dc7d61b41021b","ssdeep":"384:vYsXk1kdCqE9y6mporr8LJj0H12o7UA5LQ2jbc:vP0yQd9yP4oL90B7UA5LQ2jbc","tlshash":"94a2b02346b00d3e961dc1fa38a2c5b5773f0c8a35aecc96eed9504a1d87b90e1ebd54","first_seen":"2025-09-02T04:43:32.270301Z","last_seen":"2026-03-08T18:28:53.082889Z","times_seen":612,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/person-2.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/person-2.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 46008\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"b3b8-641a7a9ee96f7\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ifeBQjK4y0v0GTKtyQc06c%2FqCKmURjMICrS54W0KSSzUEUIVyAQf%2F8mVvuse4C6gGoCyxtrJZqDrpUBx8XCCxEpME7Cn4EST5xuBYJo%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e9cef0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46008,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0b87ad84e610603e4e140241601a9feb","sha1":"6ebc162e61208b7bfb35e9ea313b604f958cca5f","sha256":"3abfd7300e19e7d77e2085f63caf0baa2bb325e11044162a7ddec63ccec3de33","sha512":"f5cc2ad5908ae0a8b5cedb56504b243b85b917a5dc3662ea15ec074f67e4723644b6f7c9ca7134f2a8a13f057a4660f4058e24e256616569423b984dc5d9d634","ssdeep":"768:aZNTi6FBqFu4sC0E1Kd5jlam6nQztKLGq2AfyQ7MBK4u0O/M3i/C74GDCvZ0bqEf:uO6+ubC0E1OpaskGShQkD/MT0GDC+X6Q","tlshash":"9723021c293c23978b4c9c7cd3a6a668cafc459bae02cc57e06ee54168e31601c3e37d","first_seen":"2025-09-14T06:53:37.447214Z","last_seen":"2026-03-09T06:21:12.142987Z","times_seen":82,"resource_available":false,"data":null}},"time_used":69,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":51,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/logo.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.620Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/logo.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JKsThcLhYZPUxwjtEEgJCzu7vTVwhEngeb5pfXEYomFn%2B2bymrEnYQd7OBHdw2r356%2B2znfD0bGjZ9MTygxMMJRSYWaGKgWjNjJ00OE%3D\"}]}\r\netag: W/\"3c7-641a7a9eeb638\"\r\ncontent-encoding: br\r\ncf-ray: 993d415e8cdd0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":967,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"eb176596f021b1c2691f508e1f933b61","sha1":"fa38852591f0366651c4ef73a5d1933b62dc5478","sha256":"c359491b578fb6929a58d33b785a6d4679c555dda092945365a97813292558e4","sha512":"1234af6b2c78c4009051a0f01da71bbc9a144bae061457bc215572ba1ccfde9b5bb83d80b5e516df16c9db676cba2ff706f8294460bcc564ab528ecea2f688a5","ssdeep":"","tlshash":"6f1157c131cc95884e48831b5b0e657b622b30e8a11942c4b9603b0bbdc9bbb1ca9bc9","first_seen":"2025-09-02T04:43:32.306896Z","last_seen":"2026-03-25T22:10:03.29626Z","times_seen":1208,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/btc.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.623Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/btc.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"567-641a7a9eea698\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KJpNOq1HU9QPRU67tz06gPlh7L7yfngoDEZtT9h9Hf%2BZT352J%2BCY%2By1r7hPaO1CvlCwk25TytHrEWkWKWDqKZEfT05t%2FG82gpP0oT6Q%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e8ce00b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1383,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"08b899edc5746ab897190fc4caa0a883","sha1":"24da4aad4cd7ed97d096df6c277c6e7e185a2130","sha256":"5a837ec546b5cc6b85ba9666c287c5183c4ad87e22d4670f891bdd60297b0bae","sha512":"892ec9c3514f9cbacedc42f87ef287a468867ce3a6bfc73610aaaea7b6503339055d15cd4dacc8d9d18ba23f883d7f3f41b1229d77981b0b8ead8135caed9d3e","ssdeep":"","tlshash":"3b2120f1b3ecd5c59a8857f0552d78b17d3230f1ad1ad12c86f07fa1325a42e0928cc5","first_seen":"2025-09-02T04:43:32.272741Z","last_seen":"2026-03-25T22:10:03.296701Z","times_seen":1209,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/eth.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/eth.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"480-641a7a9ee96f7\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4muhM7e%2BtpDRuA%2BPeLFiuUktRXiqLJZUtWFHGye%2FxpeK%2FUau%2BBSvG0XzAFmymFl7l94fwJbsTbqRZbMGyBhtMhai6d5eriKLFpicauk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eacf00b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1152,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"30dd3d2d238cd83055f0f9855f05c381","sha1":"e90b769cad3df8e832f314f95c1e96deebb5f9c2","sha256":"0e0cdeb30eec14f0abd375dac24b6eae25880840a9ece62b3d7c50fa778fbaa8","sha512":"52caac7d6efdda42b7fe943275b0b37983eee7850123df5092c449c767a1c93319152acdae90c1c33f9efc3e07ee60839dd38da9debc79bd967dd9af7fe13b41","ssdeep":"","tlshash":"4e2100d7520c52c01a401ba43b0ff831a756e4e54f8e4cbad648274bb6c8a9f8eb43c5","first_seen":"2025-09-02T04:43:32.286867Z","last_seen":"2026-03-25T22:10:03.308546Z","times_seen":1147,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/ltc.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/ltc.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"408-641a7a9ee96f7\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Jz5k9s8%2FEQts98sac%2Fh68IWyGH1RK6vlLAEpLyfi4YO8E2V7n7eG7ypW4sLzOfNKASdgz%2FA%2BG9RwpWRHEfUccXwHhBMWLTwG8lvNyrY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eacf10b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1032,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c4a6bbd896e770e829a30e835714ac49","sha1":"7a9fe65f4227ee71070e76c345eef4e1f77850d6","sha256":"32d3294815fc7a945762273c76564c434e395d8ebe6eab2e9edc8e3cb74076b6","sha512":"cd82a14c15b0307501bc59e5b0bf4dcf3edb39a0bcc51b42d5f439ad23847da574e357b1e4edccda6d2f17e57332709d1b1f5fbbf43019614f4ca1ec494360cb","ssdeep":"","tlshash":"8911ced0b7a977f56484c338826c3071647b3cee1a215d784ee43841752140ecc52eac","first_seen":"2025-09-02T04:43:32.275483Z","last_seen":"2026-03-25T22:10:03.277305Z","times_seen":1207,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/css/styles.css","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /css/styles.css HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: text/css\r\ncontent-length: 1577\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"14e8-641a7a9ee5877-gzip\"\r\naccept-ranges: bytes\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q8dRDbrZrX%2BzxGB8HC%2BO6k2XuTU5LyiWCizgjnoP8MzG8rhkJNovlsDwPTb%2BSNet65pbNUqGIIujk3Dn7zWf8cmLXaJwYiwZmx6%2BWQA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e7cda0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5352,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"35f72c5cf5833055669dc8eb2d69f818","sha1":"1e90df5305c327629f42457742934ac5294590ad","sha256":"36a75803aac5c496913742073fbb9bc33b96d18fa132ff09300e5081cc8029a7","sha512":"4b9f494dae648986bf32f0abee0da30f2175049c5298fc62f924c496a0b9ba54b7d52ea466f2e8503405cbaf231fac8da31425f7b6695430adc84e1b58fbf26e","ssdeep":"96:YRLKnCZ1C3hdFCymFSeUlEClhebuCnommbCtEUEmaKLSlfNb4FMTnFu+830tP9at:YRLICaj4ymFSZlreTomQfNb4FMTnFu+o","tlshash":"35b12157d9970852751fc26922ead74473ad4443cd07ee25ffd0200c9fc97a889b2b9d","first_seen":"2025-10-17T02:33:47.090982Z","last_seen":"2026-02-18T12:37:52.47567Z","times_seen":56,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/user-3.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/user-3.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 4698\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"125a-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1n3vgAXEMpRhPrWwK%2FLNDuBFtvkh76a4u68BbJoyk1b5y8rTEfnWnKhqZ2Wn5RSTM8Ad2F1gRT9%2BOHarNN8eMXfvBjSHhmzABvIZxvw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eacf80b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4698,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"37f782baa272833a186e89db0e6a8cb6","sha1":"11df9ab035e5cf57d5424edcf3012e40a505b7c6","sha256":"aa1ec252f76f96fd96b2cbbefff750c0e5838096310cae74ebe2edac44b6aa4c","sha512":"10bb562eb4abed5f1d2f3a2e5aa4220a6ef16073bf4e9e4cdd6c86e710aed586714127c7b603cb6f3a8578f936f27b0045090b390fb9718f0ac1cfd3856cf6c1","ssdeep":"96:nQFaJQVmHaGRSDnHO2KqK2DNXT1LgKMSxHh:nuD3LO2Kv2DN5LYSZh","tlshash":"00a18daf78c9f476f8aac13e923bd1e4ec1a491b4b4c6d55ad1436fcc0e244a8485788","first_seen":"2025-09-02T04:43:32.246752Z","last_seen":"2026-03-09T06:21:12.081996Z","times_seen":573,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":50,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/coinbase.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/coinbase.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Cz5zrWjEH5tmzmdkp2m9rXAZTB7CJC4obq5VELVBS2qTIMGhR3yIVRjQRY2io8tXyWE0HGFsOOF0Tf%2FlB7tta1rFOhsp4mO4LI%2BG5Fw%3D\"}]}\r\netag: W/\"3bb-641a7a9eea698\"\r\ncontent-encoding: br\r\ncf-ray: 993d415ebd000b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":955,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9f07c782d3f01b7b31901fbb318590e2","sha1":"645433f39d4e78328cdc592a9bd28d57d179ba15","sha256":"de81b810f3c1ea03aca8625d43f24d58ae5cab09cf2c086d662bb438bbeffb56","sha512":"d22e07c679c625f3303deca2624a27dce963d4b13fb16de04477a0b07fdf841f0ac4fcab1d21a79fa74d85518d8eb58c8fcd48f2500b6f580faa895c07cebc30","ssdeep":"","tlshash":"f611e13c9128530c500433a85b76216616b666d8878e8b687111bb633cc945f8ef7bdf","first_seen":"2025-09-02T04:43:32.257454Z","last_seen":"2026-03-25T22:10:03.293895Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/user-2.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.645Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/user-2.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 5726\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"165e-641a7a9ee96f7\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=B7np3v97poaOmZ682Nx6eHbwLA145hwk53Fkm9%2FaOoyqgwx%2BCp0uaf%2BTHHPVWUjIpKR6enbxEXlbBlCOMql%2BECSONdBdbmkPBe0WhOk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eacf70b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5726,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8afeb1474b36837c35ee5b897c93b574","sha1":"277ad7a2e3514b2567995fdea9379f6288e7a130","sha256":"403325dfa9d15f89ce62cb56bc00dfaa873dbbc094c0d31868f48b96a59b60fe","sha512":"c869429f49725a2776c7a273ac65825c535f48ccc0c35ebc2f2b13f4a79771a5bf840c7507aa74c4456e863cfaf64acc14808897450465b115baa2f0b051464e","ssdeep":"96:ulMdWkfnanOYw805my+j3OH09aLedsHlUWwzpqm5MD1PkzKqpCfZ:ulMdx5h83y+j35Ce/zpqWMBPkzKGCfZ","tlshash":"dac18ea1f9d5a432f23bf53288a12eb5cadfc25246a7fd086c91ad7219272c033e5458","first_seen":"2025-09-02T04:43:32.243765Z","last_seen":"2026-03-09T06:21:12.080692Z","times_seen":573,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/js/intlTelInput.min.js","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /js/intlTelInput.min.js HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: text/javascript\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"8aca-641a7a9eeb638\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eRTfboRzOwsepup9rkVabcvM1mIboY26Ud4QtwEcnEjRmUBeXbvGU40QGPqPa50KP7NbquTRkYFfqWbs7yT7GI4c7CqxwTVIcfXxL%2FM%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415eed130b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":35530,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (29515)","md5":"2fa9712ea1a446ef44f958d7b9d8e3cc","sha1":"85a516d357e39b4124fee8ffad022281044bbdd4","sha256":"36e3d616e97651d622f38d868e8b53295ce6cdc4d90699668703fdebcd56094e","sha512":"bccaa550010e34e336ef3bac8003fc5d5ba050b037eaf468999a375e9861a904ed5c61bec9f5314a72f7e2fa1bfae6725d6c942f4d41084b67b7b9587c59da2f","ssdeep":"768:c603Xlqn/kiIzJT9FSRzA4xXnT2nYdn24X68ZALOpQ9TViRsk:cDiIz8A4knYdWWsk","tlshash":"60f2e8ae7371573766be82f670e60503aeae35458604443d78ac8ecd0b88ed1b1f6778","first_seen":"2025-09-14T06:53:37.430102Z","last_seen":"2026-01-07T14:25:43.891303Z","times_seen":33,"resource_available":true,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/fonts/EncodeSansExpanded-Black.ttf","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /fonts/EncodeSansExpanded-Black.ttf HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/fonts.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: font/ttf\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"276d8-641a7a9ee5877\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=abQifygKzDlsk4dKFIl2iARO7QyS3sXGBBbSlD4oZ4o1STvTvE9GntS6p3BLtm7k%2BvkMFjbEuPJYuuNnFR9GL0DiKOW9Pr1rgG39Jz0%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41603d750b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":161496,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 17 tables, 1st \"GDEF\", 16 names, Microsoft, language 0x409","md5":"8d733c894ca18c1e271b8e648b605601","sha1":"ec5db396305437bdd280d2c5a857a507027e8d56","sha256":"de952ddb6b905cbddfca787502eadc44720735bbceb916264de6c427e58e89b9","sha512":"f4842689b731e5323b4d163abca8145971f1eb6fa30e88f1ca2d8467961342c90437a4965332eaa8ce74e75307ed0094164fd52913b3650838660ead87ec8e49","ssdeep":"3072:HokDRrC8OMv4GeLUoBhQI1LZrx0NrqRKoC+b1WxxEriV:HokSd1LZF0NrCKn+hZWV","tlshash":"f8f35a0bf783d735e9151e36a46893e573d6f450af36c38fa144bea8d8c70e428c52a9","first_seen":"2024-06-21T13:38:29Z","last_seen":"2026-03-25T22:10:03.281676Z","times_seen":947,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/fonts/EncodeSansExpanded-Light.ttf","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /fonts/EncodeSansExpanded-Light.ttf HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/css/fonts.css\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: font/ttf\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"27738-641a7a9ee6817\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dyrdlPrXMndjuRbgVfUqBScgOoEq%2Ft1kov96aX2hQgJXB9rO%2BmYkoYmf5yZ2YKhBpTm%2Fb9OhdrrGJn%2BNfDllZQ7kxO2yheBpamFaQkA%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d41603d780b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":161592,"size_decoded":0,"mime_type":"font/ttf","magic":"TrueType Font data, 17 tables, 1st \"GDEF\", 16 names, Microsoft, language 0x409","md5":"97a2a619bcef5d92ac7f66e17564887c","sha1":"2c6e03389700c030149924e5fdde5f0e9754cced","sha256":"875d0d2122e8bb59c73e1e03d3757b382046266f658df35c0053797e954295bc","sha512":"0b3ae4d454cd5d25800d242177e45719b1b4cd16393586b83d93f94072b026c5a9c3258521a08052f699b59564385d593f07182718e5aa1da9b3a806c69ad051","ssdeep":"3072:ZrdeC8OMvHv5MXeEr2IAEmbYMRbc+LkPjcHHgRlbf:Zrd++XeVgYooHHOx","tlshash":"dff36c0ff7a3db19f5150e35997c83d572e6f8512f22c64ba54cbe68d4870f408c62aa","first_seen":"2024-06-21T13:38:29Z","last_seen":"2026-03-25T22:10:03.282171Z","times_seen":944,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/header-avatar-1.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/header-avatar-1.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 2216\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"8a8-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Y1%2BLsCF%2FTnfeOutBcWEMLLMsuhUGGdE47UPZJbwEFuXyu%2BwR51nCP%2Fyo0ukAs%2BmYB6u2GYR8Y09qz9V%2FBeiKCQMqbZxhEePdNEyXkvU%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e9ce50b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2216,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d90034b2d291e94da6d0c65eb0f9f1a1","sha1":"fb72b31d8799e2e1c9cec12adb3c3e6a17422ef4","sha256":"f24ce3fbcc2eb49afb20cbfd787afd1dd2638481df578f3c2d18a72c73a3238a","sha512":"463b8cb134c6f7edcc23335a444e59f279fd31a61376d8f8677143807c76eca430bd2922da414b348784a1196b87171973d2043a68292c29c135bea5f25b205e","ssdeep":"","tlshash":"5f4129cac327d11ac0ab4e35440d0dc1928c8549ea96076caf4bf92b58ca65d3be23d5","first_seen":"2025-09-02T04:43:32.319544Z","last_seen":"2026-03-25T22:10:03.306221Z","times_seen":768,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/stars.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/stars.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: W/\"89b-641a7a9eea698\"\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gyYWAVKrgdu2YFGVcgLFswxtQGIHEUeIillNteddnANhZ09utbU5M44nxA44JsjOzJd2mI3m1RMAwn%2B46258fTheE5T%2BHpNDLjV1Wfc%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e9ce80b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2203,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b5f46c787a1e0651d75603195a101a46","sha1":"2e1b5eab0082dd1cde7729696f9aaea6ae00e171","sha256":"adfbc7c2eb5a7bd50ba738a956c98508155e845bee22dbd4ae2b6a28e5f82c52","sha512":"8c928c3cb1ce4c6e4a78af922a97367600a7ff1c6f84fd57c9919f807c06f8fc98be8572822376ca5efa53dec6eae031fe52c12029698321d197bcc838434ccb","ssdeep":"","tlshash":"844104a0731c93f49056f7f4fd29a96635203d7e9b8887f4c2d12a80d4b72a9d58fd88","first_seen":"2025-09-02T04:43:32.301529Z","last_seen":"2026-03-25T22:10:03.287334Z","times_seen":1209,"resource_available":false,"data":null}},"time_used":55,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":55,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/person-1.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/person-1.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 53182\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"cfbe-641a7a9eea698\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Mz1NKEinrrMk1pn4j%2BjbxGKzDcLfrRG5QHbAh8YvgPbL1RXjvb3VHp7AQXpkkwx1%2FJzlzbBYtMRQaonyFy249UdOKbrtpKkGRNDAG14%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415e9cec0b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":53182,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"80b8fc29db83984db393d1cdcee034aa","sha1":"529639a2aff7e017ab53b54c64bb40f71de45b75","sha256":"a5b22671056017d365e56f04e902650dbc859377d781ac901855a61d4043f8e7","sha512":"23b5875417da69a61c9d88171fe731831c9a61c48c8efe515f055d0b954b4c55fd8f0297f4202e27a1d6afb41ee776f1fb96ce93199e68849bd3c53cf41768ab","ssdeep":"1536:GUnRZI1NkWOOw0r8thshhdbcKREPsKKYI:GYS1qWTr8t2AsKKYI","tlshash":"bb33021ab1776190cd4364f1d3a8928d63d96392cfade2cb263071487ab8c7c7fd9a44","first_seen":"2025-09-14T06:53:37.382463Z","last_seen":"2026-03-09T06:21:12.07227Z","times_seen":82,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/user-5.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.663Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/user-5.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 6344\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"18c8-641a7a9ee96f7\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AFg0OdKbh6F%2FlS3%2BzVvEjGAn2PRdkNp7XEzOdA%2Ba%2FLIT91wbXRrG4fbP87xxOVSA4m3ncZLhjuI2uNIEVxSPr%2B%2BT5%2FZ71LlCYC%2Fp%2FXE%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415edd090b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6344,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"507dc1da713876f641615339555f7b66","sha1":"a750929cfb3a9b0ab2c28980b7ad3a1a48be619e","sha256":"f03aefcceafe0b9a3173328bb15113bf1b6cade7bf190056278a3f467856d5d1","sha512":"cf7f4d6c92807226563f3aabfec4c1116aa88e892d21a47de479f5839d18b91417cdc41d4cd7d9493b29073d2bdc75039d0f127ee4dca6d086772a19e113426b","ssdeep":"192:sVaVWed6VK1viXfbi2uuUF4G0ivNdpiLwq:asd6RiEUF4Jorp45","tlshash":"09d1bfa4d10c47b3f604a53e669df66246b6dc0177400a300a2b0a67b3b7527b7fe1c8","first_seen":"2025-09-02T04:43:32.323787Z","last_seen":"2026-03-09T06:21:12.147507Z","times_seen":573,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/bittrex.svg","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/bittrex.svg HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J8zJPJBZfKP6yfVQHfk3VyExWm9u19UjYIp4co%2B7X283a18oCdEmFMD7b9RN0fHa32PUn9Me%2FiBeXuiEdPPsVRzjiKzzNjhBVvwXSXg%3D\"}]}\r\netag: W/\"328-641a7a9eeb638\"\r\ncontent-encoding: br\r\ncf-ray: 993d415ebd040b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":808,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"df280930bc74ed9797630ef8fc49d3ae","sha1":"90880c4fea185cf1c65916a7f2c946e030170499","sha256":"bd78df4c565f16b918144f647ff9bb0dd258d448fc1c27079e93a0a7a073c994","sha512":"9b85a6a0ed231f251557790380bb6b203ce6b66e55a7bcca005404183c9a9882fb38637ee2b48c8742af5c9875f0f195beffe909ae992476e26f8058171569b9","ssdeep":"","tlshash":"4601f1f4f62c924d0e08534d2b7835395194b3d8c3c64b5d3940633b6c8d4271eb32e8","first_seen":"2025-09-02T04:43:32.308504Z","last_seen":"2026-03-25T22:10:03.291974Z","times_seen":1203,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"merkadoflux.com/images/user-4.webp","fqdn":"merkadoflux.com","domain":"merkadoflux.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"imageset","requested_by":"https://merkadoflux.com/","date":"2025-10-24T23:29:16.662Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"merkadoflux.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 21 Oct 2025 07:34:04 GMT","end":"Mon, 19 Jan 2026 08:32:40 GMT"},"fingerprint":{"sha1":"2F:0F:B1:A9:5E:05:E8:45:A1:7E:E1:35:DF:11:0B:38:2F:9D:F2:53","sha256":"77:6E:6D:A5:91:35:6E:59:C2:31:8C:12:13:F4:02:43:74:BA:86:B4:EE:25:25:BD:03:A7:AD:5E:DB:FB:F1:2A"}}},"request":{"raw":"GET /images/user-4.webp HTTP/1.1\r\nHost: merkadoflux.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://merkadoflux.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 24 Oct 2025 23:29:16 GMT\r\ncontent-length: 4458\r\nserver: cloudflare\r\nlast-modified: Tue, 21 Oct 2025 09:17:06 GMT\r\netag: \"116a-641a7a9ee8757\"\r\naccept-ranges: bytes\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nx-frame-options: SAMEORIGIN\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' 'unsafe-inline' https:; connect-src 'self' https:;\r\nreferrer-policy: strict-origin-when-cross-origin\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BFdutmf4jSy%2Blf%2F1MSGWGt40nqAY%2FyREN2vOIZwHXlgvCjZiH%2FxfhWH7M9keXxy%2F1KiT8AJRsdNfh0QhERrdAU1irTPGxp%2BIZy8eT6M%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 993d415edd080b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4458,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1b6521cc4283ef332bb2691783bb2124","sha1":"f4215511f86aa4e109db5c37661a85944184aef0","sha256":"f78c11fdcaed17dbc72681122cfd87919dc38489442f873c9e425b95036d74ab","sha512":"c6843d77382e21691ed745be283b7a031591921373305e0e20d99492797400e5f4e4a7eb555d3001f4982d538adca2c4b9a6297961a2642a632ce6e89c06f424","ssdeep":"96:KgNOagNgN1ImO7BohzCNmFXJMK+pdOaiSpbXHqOx:GarImO7B7IuKKfXKs","tlshash":"87915cc273c7c0a2b8e98d9853f98679459a7841c2facbae45c2fdba6478974059e804","first_seen":"2025-09-02T04:43:32.330871Z","last_seen":"2026-03-09T06:21:12.120913Z","times_seen":573,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-24","alert":"Sinkholed","trigger":"merkadoflux.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}