blog.merklescience.com Open in urlscan Pro
2606:2c40::c73c:6702 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Submission: On December 12 via manual (December 12th 2023, 2:41:16 pm UTC) from US — Scanned from DE

Summary HTTP 104 Redirects Links 25 Behaviour Indicators

Summary

This website contacted 26 IPs in 3 countries across 20 domains to perform 104 HTTP transactions. The main IP is 2606:2c40::c73c:6702, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.merklescience.com.
TLS certificate: Issued by GTS CA 1P5 on November 21st 2023. Valid for: 3 months.

This is the only time blog.merklescience.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2606:2c40::c7... 2606:2c40::c73c:6702	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1	51.11.20.152 51.11.20.152	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a02:26f0:350... 2a02:26f0:3500:18::1724:a29a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2620:1ec:bdf::63 2620:1ec:bdf::63	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	2606:4700::68... 2606:4700::6810:88ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:e05d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:350... 2a02:26f0:3500:887::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
9	2606:4700::68... 2606:4700::6811:eff9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:4fe4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	2606:4700::68... 2606:4700::6810:4dba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:589a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:7e0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:22e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:801::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:a07d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:ad5d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	216.58.212.131 216.58.212.131	15169 (GOOGLE) (GOOGLE)
104	26

29 2606:2c40::c73c:6702 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.merklescience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.11.20.152 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

secure.glue1lazy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:18::1724:a29a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::63 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:88ce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:e05d (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3500:887::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
imgsct.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

lh6.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lh5.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700::6811:eff9 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4fe4 (United States)

ASN13335 (CLOUDFLARENET, US)

f.hubspotusercontent20.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4dba (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:589a (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7e0c (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:a07d (United States)

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:ad5d (United States)

ASN13335 (CLOUDFLARENET, US)

merklescience-19526976.hs-sites.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.131 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f131.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	merklescience.com blog.merklescience.com	804 KB
16	gstatic.com www.gstatic.com fonts.gstatic.com	768 KB
10	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4435 forms-na1.hsforms.com — Cisco Umbrella Rank: 7062 perf-na1.hsforms.com — Cisco Umbrella Rank: 5595	18 KB
8	google.com www.google.com — Cisco Umbrella Rank: 2	72 KB
7	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 5191 app.hubspot.com — Cisco Umbrella Rank: 5546 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4978 track.hubspot.com — Cisco Umbrella Rank: 2246	38 KB
5	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4340 consentcdn.cookiebot.com — Cisco Umbrella Rank: 4841 imgsct.cookiebot.com — Cisco Umbrella Rank: 5073	114 KB
4	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5536	19 KB
4	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6767	683 KB
3	hs-sites.com merklescience-19526976.hs-sites.com	188 KB
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1230 syndication.twitter.com — Cisco Umbrella Rank: 1549	132 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	1 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4726 forms.hscollectedforms.net — Cisco Umbrella Rank: 4810	26 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	89 KB
2	googleusercontent.com lh6.googleusercontent.com — Cisco Umbrella Rank: 804 lh5.googleusercontent.com — Cisco Umbrella Rank: 169	345 KB
2	linkedin.com platform.linkedin.com — Cisco Umbrella Rank: 3771	321 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2129	4 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4727	88 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2128	21 KB
1	hubspotusercontent20.net f.hubspotusercontent20.net — Cisco Umbrella Rank: 47748	11 KB
1	glue1lazy.com secure.glue1lazy.com — Cisco Umbrella Rank: 694292	321 B
104	20

	Domain	Requested by
29	blog.merklescience.com	blog.merklescience.com consent.cookiebot.com
9	www.gstatic.com	www.google.com www.gstatic.com
8	www.google.com	js.hsforms.net www.gstatic.com www.google.com
7	fonts.gstatic.com	fonts.googleapis.com www.google.com
5	forms.hsforms.com	js.hsforms.net
4	forms-na1.hsforms.com	js.hsforms.net
4	static.hsappstatic.net	blog.merklescience.com consent.cookiebot.com merklescience-19526976.hs-sites.com
4	js.hsforms.net	blog.merklescience.com consent.cookiebot.com js.hsforms.net
3	merklescience-19526976.hs-sites.com	js.hubspot.com merklescience-19526976.hs-sites.com
3	track.hubspot.com
2	fonts.googleapis.com	js.hsforms.net merklescience-19526976.hs-sites.com
2	js.hubspot.com	blog.merklescience.com merklescience-19526976.hs-sites.com
2	platform.twitter.com	blog.merklescience.com platform.twitter.com
2	connect.facebook.net	blog.merklescience.com connect.facebook.net
2	consentcdn.cookiebot.com	consent.cookiebot.com
2	platform.linkedin.com	blog.merklescience.com consent.cookiebot.com
2	consent.cookiebot.com	blog.merklescience.com consent.cookiebot.com
1	perf-na1.hsforms.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	app.hubspot.com	blog.merklescience.com
1	js.hs-banner.com	blog.merklescience.com
1	js.hsleadflows.net	blog.merklescience.com
1	js.hscollectedforms.net	blog.merklescience.com
1	js.hs-analytics.net	blog.merklescience.com
1	syndication.twitter.com	platform.twitter.com
1	f.hubspotusercontent20.net
1	imgsct.cookiebot.com
1	lh5.googleusercontent.com	blog.merklescience.com
1	lh6.googleusercontent.com	blog.merklescience.com
1	secure.glue1lazy.com	blog.merklescience.com
104	31

This site contains links to these domains. Also see Links.

Domain
www.app.merklescience.com
www.merklescience.com
careers.merklescience.com
medium.com
twitter.com
www.facebook.com
www.linkedin.com
t.me
www.youtube.com

Subject Issuer	Validity	Valid
blog.merklescience.com GTS CA 1P5	`2023-11-21` - `2024-02-19`	3 months	crt.sh
secure.norm0care.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-10` - `2024-07-06`	7 months	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-06` - `2024-04-06`	a year	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2023-10-07` - `2024-04-07`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-16` - `2024-05-15`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-17` - `2024-04-17`	a year	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-20` - `2023-12-19`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-28` - `2024-07-26`	a year	crt.sh
syndication.twitter.com R3	`2023-12-11` - `2024-03-10`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
hs-sites.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Frame ID: 25BAE95165330FE770FED15B12900521
Requests: 68 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: ECA29EDF0CDB9C28210D943B2719703C
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.merklescience.com
Frame ID: A3C2D8BF0BBFF7080933A44CF6534379
Requests: 2 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/v2.js
Frame ID: 386595A56C860D90A7AFCF53899E09D1
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLm1lcmtsZXNjaWVuY2UuY29tOjQ0Mw..&hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&size=invisible&badge=inline&cb=j0ifnk4w8qba
Frame ID: 504EE80D6B865A1D633ADE9526F882F1
Requests: 8 HTTP requests in this frame

Frame: https://merklescience-19526976.hs-sites.com/hs-web-interactive-19526976-127037957654?utk=9c47a74edbba3592f4cfabe66f70a535
Frame ID: F57C793040EC521C525EA05D2D30FC92
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: 45B3C5FF38E785154581F16649F23B3A
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hack Track: Investigating Conic Finance Flow of FundsShare this blog post on TwitterShare this blog post on FacebookShare this blog post on LinkedIn

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

Page Statistics

104
Requests

100 %
HTTPS

88 %
IPv6

20
Domains

31
Subdomains

26
IPs

3
Countries

3740 kB
Transfer

8857 kB
Size

6
Cookies

25 Outgoing links

These are links going to different origins than the main page.

URL: https://www.app.merklescience.com/accounts/login/
Title: Login

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/platform/transaction-wallet-monitoring
Title: Compass Identify suspicious transactions, prevent fraud & comply with AML, KYC & CFT regulations

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/platform/cryptocrime-investigation
Title: Tracker Forensically analyze cryptocurrency transactions, track stolen funds, and investigate crime

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/platform/intelligence-reports
Title: KYBB Perform due diligence, flag risky transactions & generate risk reports

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/training-certifications
Title: Institute Training and certification for compliance & investigation teams

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/about
Title: About Us

Search URL Search Domain Scan URL

URL: https://careers.merklescience.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/partners
Title: Partner with us

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/resources
Title: Resources

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/glossary
Title: Glossary

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/privacy-policy
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: https://medium.com/@ConicFinance/post-mortem-eth-and-crvusd-omnipool-exploits-c9c7fa213a3d
Title: port mortem

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=I+found+this+interesting+blog+post&url=https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Title: Share this blog post on Twitter Twitter

Search URL Search Domain Scan URL

URL: http://www.facebook.com/share.php?u=https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Title: Share this blog post on Facebook Facebook

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/shareArticle?mini=true&url=https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Title: Share this blog post on LinkedIn LinkedIn

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/platform/compliance-investigation-training
Title: Training

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/terms
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.merklescience.com/knowledge-base
Title: Knowledge Base

Search URL Search Domain Scan URL

URL: https://twitter.com/MerkleScience
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/merklescience/mycompany/?viewAsMember=true
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://www.facebook.com/merklescience/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://t.me/MerkleScienceOfficial
Title: Telegram

Search URL Search Domain Scan URL

URL: https://medium.com/merkle-science
Title: Medium

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@merklescience
Title: YouTube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

104 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request hackers-drain-over-3-million-from-defi-protocol-conic-finance Show response
blog.merklescience.com/hacktrack/ 61 KB
14 KB 553ms
428ms Document
text/html 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9af90e463680b5bd2273abffa8e139716b8df941ef949b07f60590ff4c38dc04

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10800, max-age=0
cf-ray: 8346b9f7fed2bbc1-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Tue, 12 Dec 2023 14:41:08 GMT
edge-cache-tag: CT-126785052953,CG-49861501209,P-19526976,CW-48920755040,CW-49090286638,CW-49255893831,CW-49260849056,E-49255893830,E-49256168225,E-49256373152,E-49259726485,E-49259826962,E-49259872097,E-49260535925,E-49260675082,MENU-49085698312,RA-49260725684,PGS-ALL,SW-2,GC-49039232797,GC-49090374307,GC-49256016813,GC-49260846392,TS-49259809176
etag: W/"2edc99ceea05ecf5b8884b32e88ca565"
last-modified: Mon, 11 Dec 2023 22:23:36 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ppij2g3xjOGcz08ZOIUasIXg6mv4sLSZxBRF%2Fkaf2rMWCZc%2F64wVaFr8SiKwKQGF9pYx%2FYZHpm%2F3a%2BDyrQPGa8jvwsKB6Vqq%2FPaXMDZ6nZBpiLXZdpl0%2B7Iyw9%2FaPDDT%2FRhQ8BWeQamHpj3OgeIOj3BdLXw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: MISS
x-hs-content-id: 126785052953
x-hs-https-only: worker
x-hs-hub-id: 19526976
x-hs-prerendered: Mon, 11 Dec 2023 22:23:36 GMT

GET
H2 200 project.js Show response
blog.merklescience.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 68ms
68ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 d72cc6b7011ac53cd6e4d65e0d9f5ac4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 980029
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ExrN%2FkB71xYHTNeGQqvYWAL%2BwjZl3xtlOnR%2F2LY5TW0UiPUoswyH%2FhRZEiS2LSMru3h%2BkRHHp%2B35zofSUREv2BtClr4zrc18H8ANBqRJgc%2F8pq3V%2FksXPZqTboTJpTstQYRMg9OyNCnI94TLxHHwxE%2BkZiw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8346b9faab47bbc1-FRA
x-amz-cf-id: lwl9cGmAfm7CklzFACagF3GeS0SXL7R4ixq0awHrpqCdAwLlg-eR8w==
expires: Wed, 11 Dec 2024 14:41:08 GMT

GET
H2 200 main.min.css
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49259872097/1680507229369/Merkle_theme/css/ 18 KB
5 KB 69ms
68ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49259872097/1680507229369/Merkle_theme/css/main.min.css

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

36214efdcc9274cca7639e17d7856d94283d9148f5e178ecc7d724c6e8826127

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 8EDNSS8R64C0YB3Z
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"6da750897948b609ee26db2cd44553e8"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680507230073
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: G6WiJXV.2Dg8t0gCh0Mhgs9VjJJ4Y.Oq
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 180ac172-0074-41f7-8d8e-99263f0f9f81
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 335
alt-svc: h3=":443"; ma=86400
x-amz-id-2: B1ZPRTxw7ZUXTw3Fcifqkops6wuyqGtNJodi7x+Ue+E5sevOfIcnAc2EWzO899GmDKsIKpCGZ7w=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 180ac172-0074-41f7-8d8e-99263f0f9f81
last-modified: Mon, 03 Apr 2023 07:33:51 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L6QDO4XCERv7X8SIQZK7KlP484cA8cCXo0V1gFA3D3JhtoTWzJeaOzehYoBk15hV%2BhKSHStqQux9yj853vCD9DArZXHW6FE7BmH0TJRASJ7GPqL8Pj22I5vVtI%2BEAkKyPHolCdVh5FkSVQq6TA25se9NJ6o%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-5sf4f
access-control-allow-credentials: false
cf-ray: 8346b9faab4bbbc1-FRA
x-amz-cf-id: FT2NmNwdcglMkPfBghsIlcHyw8q2j9kSs7vLnf8W4UN93DgrUsUMzg==

GET
H2 200 blog.min.css
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49256373152/1680513307617/Merkle_theme/css/templates/ 9 KB
3 KB 69ms
67ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49256373152/1680513307617/Merkle_theme/css/templates/blog.min.css

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2990ede7e15ca9061ae605aaf9919fb1bcd880500f60ce3b235deb56ba5ea2c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 7ASEQX6KY65TF5G0
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"b800b4dd18a223c93e30d14e43ecd1f1"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680513308234
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 5eb5e19c1a78889d10ff38f1551ed2aa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: JkaM.K.H__Kfepybl2GP5Ofe1HmpeKF5
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 51459443-6da0-437d-8acc-4614a0d46890
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 211
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 22mfBM2GevSjfOQrl5/E2C/ZaTaqUYJoOjo3OY7YbZYm1Miij+kj43R6BUdtkUVKSeFfShd2LQ4=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 51459443-6da0-437d-8acc-4614a0d46890
last-modified: Mon, 03 Apr 2023 09:15:09 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1QnOpYPs0IDY486xG4tOPqS6TLocPnC%2BpxUHn4Icd5GnK8AtgX0rsD2IgvDOYe240jVyRkKxFQzpJX2v7%2Fdn4G08OuozFV9RCpTgzaIhOuXNSzAIv1uh5v%2FIQHU3OAWlRTsMLNeukHcNk5O7eTbMo8H4afQ%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-ffb8c87d4-92bq4
access-control-allow-credentials: false
cf-ray: 8346b9faab4cbbc1-FRA
x-amz-cf-id: kbjHviiB34-NZdTS0h4ZVDKDbKSYVFNGpiEF7aaPeDLMvievr3-llw==

GET
H2 200 theme-overrides.min.css
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49260675082/1680507228737/Merkle_theme/css/ 14 KB
4 KB 57ms
55ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49260675082/1680507228737/Merkle_theme/css/theme-overrides.min.css

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bc90b7fbdf8a7c6ecf980a22c978b2a6258b34f29bfd469fa2404edd880378f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 2BT8GAPPXP9K26QA
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"55eb76a0357da1c2eee27e22a00f0ed6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680507229690
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: g_2F0McTL40UqhVml_h9.cCDWudKlI_r
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 4c5a9133-f806-40a6-a870-3c69cb138395
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 216
alt-svc: h3=":443"; ma=86400
x-amz-id-2: yuOhLAjbs+xjDCJU/dmPBQIJR66HlXOn9Qo+dvt5av6qiDtJSQGLOIHI0Ah4LQSpW9Ipc/bDgu8=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 4c5a9133-f806-40a6-a870-3c69cb138395
last-modified: Mon, 03 Apr 2023 07:33:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RKQuuJVE5QjlM4lOUoseEjG2vJF9GYAdk19j6aaIGEgDa5K4l9MMGV9gPbH6sRM8M9pzXFDXQj6q4gA6fWbM4AnVdvqdjsd3pq1UsRM5vVesPBAui8Z59zVZXqy75LoK4yZjpxjCiJjGxrngrg8tuMcR3e8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54d77d98d9-wbfjx
access-control-allow-credentials: false
cf-ray: 8346b9faab4ebbc1-FRA
x-amz-cf-id: 68QrrWMxOh5N3VlixpWiWJfBad_epkZRs_hig486jDUM641Psi-M_w==

GET
H2 200 module_48920755040_Header.min.css
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/48920755040/1701932384294/ 10 KB
4 KB 81ms
79ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/48920755040/1701932384294/module_48920755040_Header.min.css

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a08ed90c1aed6f1f90cc275dc8b67d8e8c94740a0cbfe922c5e6d2cb8fcbef7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: FB67CP47Q9W0QD2A
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"44b186b1ec5fb16f26e8ffde33db3979"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1701932384294
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 7f7e359e1c06a914d3d305785359b84c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: xQfcI3k2UnK1neRHcLzY6sOMw_9g6tpR
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: abdc47d9-0683-40ea-878c-392133f8cf19
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 242
alt-svc: h3=":443"; ma=86400
x-amz-id-2: JtsJuUYSJwDWjdH898BSP+ku9w2N/F2AaW62hovaaN9zLKMTXQmMOIaPXnF06rVTx0NelSbgU+LL0K5TvyCOo9TQ53O9bHN4X+9LRwenCGg=
x-evy-trace-route-configuration: listener_https/all
x-request-id: abdc47d9-0683-40ea-878c-392133f8cf19
last-modified: Thu, 07 Dec 2023 06:59:45 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IB9N%2BQzxtxh9BmOPMfZqLkKikDM2w3ivulLzCOItCeo779u1GD492aa%2Bt7%2BXw3YcSb92O2%2BEXdyArZ%2BvunA8qRYIpmZV9Pdabhf5j6OEv7KdYIsDODSGfvKmXFoW8ysaQPUCd7f7Hz1JnYF4d6CjRPLhgu4%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-ffb8c87d4-m7jlw
access-control-allow-credentials: false
cf-ray: 8346b9faab51bbc1-FRA
x-amz-cf-id: dfm8e-AdSxRwz9hnsZ64owCIfAMHLbRU48D6Pw15gJFFW75_yCy59Q==

GET
H2 200 module_49260849056_menu-section.min.css
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/49260849056/1624371913087/ 3 KB
2 KB 91ms
90ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/49260849056/1624371913087/module_49260849056_menu-section.min.css

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfad04a05cf8cca805c9d5b3965f4f0f08f42f94223f2b0f2d0440f05d30065a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: 898XTAV6EVB9RFHM
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"687ff0f97bf90711ef120be5db06cb2e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1624371913087
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 041a4887d523cabe8177e269cc358162.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YbI2f3I_vrvnn1nF5C1ZjchUoySDMGwu
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: a8d0f3c9-795d-4900-823a-26320106efab
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 165
alt-svc: h3=":443"; ma=86400
x-amz-id-2: lNG7aiA4vDzp4c9bz76+5fCAvtN8aJgfmuUQxJnQi7EXbLtqYsOE00BURY9o9PXd/AFIQXTm2h4=
x-evy-trace-route-configuration: listener_https/all
x-request-id: a8d0f3c9-795d-4900-823a-26320106efab
last-modified: Tue, 22 Jun 2021 14:25:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KcDFXqsm53s14DtcrqYl%2BldlOoXPLHFa%2BoJIwepOXYGHPTGcZOhxSOQezsdu0pYDNIL8nJA0HgByfeOErFu%2B%2BYrmFJCCbUQEr8wLhcX48rXuYjGxqUSlpM4jWZR5FyFD%2FfSe%2Bi9GoHe8VZYJZShkp3Mj3Lg%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-ffb8c87d4-n248f
access-control-allow-credentials: false
cf-ray: 8346b9faab53bbc1-FRA
x-amz-cf-id: Rd9H659DJDLZUoqoBg9x73eWP4ihFujlXBcz3iJN6lRvQn2L8ogV2g==

GET
H2 200 module_49090286638_Footer.min.css
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/49090286638/1700646510976/ 5 KB
2 KB 58ms
57ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/49090286638/1700646510976/module_49090286638_Footer.min.css

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b00b0e07aab17f5a26a07570ad5b985a991cce2c5315e54b69182f47b139b8d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-request-id: E42FEDQEKM7H01JN
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"c105309d3d70270555136d4f378821d6"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1700646510976
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 936f33bed45438343f0ef2adff442814.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Rcml7wMn6r2GupNTcKGhMyGLQhBy2sHJ
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 5bc95041-9235-4006-b894-2ea72aeb0158
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 195
alt-svc: h3=":443"; ma=86400
x-amz-id-2: QuhO+DINBlVeABx+3Hto6YqCi7HJaeLAcvTe22719SokUmbZoKvlqbkYqrh5bBOzPH7W+VKUxkg=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 5bc95041-9235-4006-b894-2ea72aeb0158
last-modified: Wed, 22 Nov 2023 09:48:31 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ExD4HY4Qvh23sbrXvXxFwuwxHpajMiW2G6uFaUh59Kx3OM%2FfuvXydEzoWRj3%2Fp%2FYg2LqcAffFz6h9aO%2Fikz1y4MQWlsrqueZ%2FKK9opgasXeMr4UHFnmv5coj%2BQzzG1Fic3Bx031jvwVQZQTaLQrXBuJIOa8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54d77d98d9-mdhhg
access-control-allow-credentials: false
cf-ray: 8346b9faab54bbc1-FRA
x-amz-cf-id: 87AKzIDZW9hL6vlRq830UcQxDA2Yp9psxKxz2q6WG_9C6ACa93Tqdg==

GET
H/1.1 200
OK 215876.js Show response
secure.glue1lazy.com/js/ 16 B
321 B 133ms
24ms Script
text/javascript 51.11.20.152
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.glue1lazy.com/js/215876.js
Requested by: Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.11.20.152 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4e9126c0347aa2dd43ddce874ce38625ac0e2958f30fd57e6143e8d3addb3c2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 14:41:08 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: public, max-age=86400
Connection: keep-alive
Request-Context: appId=cid-v1:abe8a76f-f1a2-4b2e-9017-0ea36ffb5c20

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 108 KB
33 KB 327ms
245ms Script
application/javascript 2a02:26f0:3500:18::1724:a29a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: cad53afdb2f3f8d8d5781fdd825eaf42f2a1ec41dce83713959578d16ff23439

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
date: Tue, 12 Dec 2023 14:41:08 GMT
content-encoding: gzip
last-modified: Tue, 12 Dec 2023 10:57:40 GMT
etag: "0ea446ea2cda1:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-expose-headers: Request-Context
cache-control: public, max-age=812
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 33864
expires: Tue, 12 Dec 2023 14:54:40 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 70ms
31ms Script
text/javascript 2620:1ec:bdf::63
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:bdf::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ee773ef677420cdeb136e974fcef8ed7c10c1302fff8a9846acd53434cacb8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AZUR
x-cache: TCP_HIT
x-cdn-proto: HTTP2
content-length: 163638
x-li-uuid: AAYMUAEqrgUD0ak1bMtXKw==
x-li-pop: prod-lor1-x
vary: Accept-Encoding
x-azure-ref: 20231212T144108Z-50hqzznqzx1bd6eb3ykd2sqz2g00000000q0000000008npx
x-li-fabric: prod-lor1
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Tue, 12 Dec 2023 14:26:56 GMT

GET
H3 200 Logo+Text%E2%80%93Blue_%26_Black_1.png
blog.merklescience.com/hs-fs/hubfs/ 2 KB
3 KB 57ms
57ms Image
image/webp 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.merklescience.com/hs-fs/hubfs/Logo+Text%E2%80%93Blue_%26_Black_1.png?width=220&height=27&name=Logo+Text%E2%80%93Blue_%26_Black_1.png

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a29f55d77e89c71c1b875129d6108c53a6efdb8c968c0ec556ee9ab94997125c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-48792747953,P-19526976,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 2164
cf-resized: internal=ok/m q=0 n=603+0 c=1+6 v=2023.9.8 l=2164
last-modified: Mon, 14 Jun 2021 13:25:40 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfjzaYuMc3dAOaJFte7F68h-74taB4gZlcArsVKyGtDQ:9181b88b549b9cd61e4f5447e71995fb"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PMtiGxZH%2B423fLawewWPcX8tklIfcIyOV1n5TDAxNeNAi5EzcqjsMcdIrAXjW6xs8i9buRW%2FAhf377psElb5ZYlnWkUfzDSwDkx7DSuAWjP0JQMl5eq9Ztr7h06NDAck07vnV6ukOt7i9VzUUncnVURjphw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8346b9fc0c5665be-FRA

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 532 KB
171 KB 138ms
123ms Script
application/javascript 2606:4700::6810:88ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bec065ae320fed4bb93d09440a473e82958293c8daf9371354588ece80588d15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4270/bundles/project-v2.js&cfRay=8346b9faba209202-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"fc9d6a2cfcf42118865e200cd34d3672"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4270/bundles/project-v2.js
date: Tue, 12 Dec 2023 14:41:08 GMT
x-amz-version-id: RBYY3BIyY8WMd_yGkQbPFvGfcq.KKRed
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 79be6a4b-c6ca-4bd9-9d46-819d5a55cf52
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 79be6a4b-c6ca-4bd9-9d46-819d5a55cf52
last-modified: Mon, 11 Dec 2023 15:17:46 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8beFvoIJ156fHrbMQxCknlA8XtKBNRr2AzeIXjIcX27EdjmNTcFO%2FXeysnyh4OqAYmckfjPThmu37z%2BgkD46ur5Cq8qPyWAvo8Rr9PSEomQBz8sFLmQzjdwEOME%2Fe%2FTE6aTZNmLk92TSb7sp"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-59k59
cf-ray: 8346b9faba209202-FRA
x-amz-cf-id: OM98VjJd-npsUcZuwYiBv4v-zGvDA9jftvcChh8s-2faa0hrwzS6BA==

GET
H2 200 Hackers%20Drain%20over%20$3%20Million.png
blog.merklescience.com/hubfs/ 535 KB
536 KB 108ms
108ms Image
image/webp 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.merklescience.com/hubfs/Hackers%20Drain%20over%20$3%20Million.png

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ba983303dbaf3c9b5048cdc778374588c5146689ccfa5e366e4dd325051a532

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-126784054950,P-19526976,FLS-ALL
x-amz-request-id: HV0EPK9JWG97Q348
x-amz-server-side-encryption: AES256
edge-cache-tag: F-126784054950,P-19526976,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Hackers%20Drain%20over%20$3%20Million.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "49062d02a615b3301022eb928f0d8608"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1690215591476
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 3e74b0c89b562282a810c16f34372bd4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: RqdWkhV5Eejwcf2TDLqaBM92qn7IVm_d
x-amz-cf-pop: MRS52-P2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=839477
x-cache: Miss from cloudfront
cache-tag: F-126784054950,P-19526976,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 547448
x-amz-id-2: pgCRwHmN+Vd6UXIp/FATvZBQR7Z1MmuxznfUU6fT+0cOZF/xEW+CMaEOVRg8QbGKYH/3EYy/i2M=
last-modified: Mon, 24 Jul 2023 16:19:52 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nstZlvHQ6BYcwBnlhxPUE9ZV65e6Aij20xALp%2Bv01QIYQkFdU5XcL6p0zKZoVvtvontoS8HbV%2Fv1hjE1JkN8CYAmxB2xsqhA7xgVteIjkw%2FOT6P%2FtFfaGJicvOlGyMdYiGj%2BCKoFd3DGVQnDwSgIMGfK344%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8346b9faab56bbc1-FRA
x-amz-cf-id: -_cax8qCWl6K0OSyhaB1AmktMWFZk6xMzg95Ya_MuRlbtVsf_4_VBw==

GET
H3 200 white-logo.svg
blog.merklescience.com/hubfs/ 6 KB
4 KB 100ms
100ms Image
image/svg+xml 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.merklescience.com/hubfs/white-logo.svg

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

be80a025e17d0fc4075b4a9976d22ce459de4a1e809826e2175ae908c2597781

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-49090210309,P-19526976,FLS-ALL
x-amz-request-id: R66X4NY8KAB3A8TY
x-amz-server-side-encryption: AES256
edge-cache-tag: F-49090210309,P-19526976,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"335bb0ce10c51790921e3e4f60f9e533"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1624103103980
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: UjJPKfvd4hI8irNqMrVtto9t7wBtcazt
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-49090210309,P-19526976,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
x-amz-id-2: ebPT7fxxP/C1udfJ/jeW0FFaTW4Vx42HxXDySoZrZCcYlsF2S4GAfZcx0DFORZTdSrjVEbOwkpk=
last-modified: Sat, 19 Jun 2021 11:45:04 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pfF1%2BaHvIWOMhpfs3Ww5wRvFbHc6bw%2B1BoCaupUhDb5ePY5nzhjSTkY0pVRFW6U%2BUWFo5o0m%2BOxLKyFAs%2BcVZORUQNfuZmkkgHe22nqkWHQtn%2BqawHDkvDvo8Q%2BpkKULwy8FZiAVtAivnfFv5qDeRTSg8jM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8346b9fc6d1c65be-FRA
x-amz-cf-id: 0ygRUVo0JugToESbkfYlJUy0A6xj1BRl4FYhMy3miQJWyZXa7qc8IQ==

GET
H3 200 twitter.svg
blog.merklescience.com/hubfs/ 1 KB
2 KB 76ms
76ms Image
image/svg+xml 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.merklescience.com/hubfs/twitter.svg

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c37f7689196987685e9f5796ba50d468b10da6b4217a14366c234aa82791f2c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-49090374758,P-19526976,FLS-ALL
x-amz-request-id: R66T6RYRFPBV51EA
x-amz-server-side-encryption: AES256
edge-cache-tag: F-49090374758,P-19526976,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"38fd849c1c9c1cff595877fe8123c71d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1624105525038
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: yMbzehw_WjetXYtj7K2FZMfxfZpyypIJ
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-49090374758,P-19526976,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
x-amz-id-2: H2AwSsgId0xnvBbQcROvcCMFp51ciKUpGLjg2VJBJI1VCzh8WWLov5xuVM+misuLCpqJnVdO5GM+t69QCItm6g==
last-modified: Sat, 19 Jun 2021 12:25:26 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p9GyAoIojABcZhBqXjVJ%2F1YCsxV27TM6f2oOVNF7mC10DHMfZuFk%2FSNQA4wLE6O682VCky3cvIPt%2FY2JimFWhlwMaYeWacn8He9Kr6hJJSm3wM6Wf1N7girboM3gRng9nP7Xn6QzWlWnjG5OSdlSl3lXl6Q%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8346b9fcbdd465be-FRA
x-amz-cf-id: AlLCMOTAaWMguY-1Q91aibNIslP6W9rI80s7ipol_0rb8H3yqfnUiQ==

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
6 KB 42ms
26ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:08 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 fc486e72455da7c1d3be4472dd5ba8b2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 1066815
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i1Vb8eqG%2F0quGVLFo8qBJRcjXdI0TuEUEXq1gQvC%2FvEKfRxwzrwbJDgWbh4JWIme0XVoDW3whHvjkN6ziQ7kdUZGlPKBKC6P05ytSvDwNFAW%2BEP0Xd09bFgL8u3QCGmjyvppaXi%2FCt3XHSeVPg4mJKEA3Ts%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8346b9fcdd072bb5-FRA
x-amz-cf-id: aBSQ1kI-mQ_eEY62oKN6THNwB_spe_PubU77n29TgvkHHQG4zQuHSQ==
expires: Wed, 11 Dec 2024 14:41:08 GMT

GET
H3 200 main.min.js Show response
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49255893830/1680507231921/Merkle_theme/js/ 1 KB
2 KB 50ms
50ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49255893830/1680507231921/Merkle_theme/js/main.min.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

db949bcd5493c11ceacbe4eb58c6e0c8879d5728823be2b115ea12e02df1d3f1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1012
x-amz-request-id: JVXYC8HJ5ZMRDGAS
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"1992736dfdf7d049838d3bd4a1b2289e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680507232065
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 19a26748942db0d3fcb162b26019f692.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Py_1ctYeqCQ5vc53kTPwHRrABA0LYXgN
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 65f6f38b-b195-4cba-b34c-d5aeaeef2b88
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 178
alt-svc: h3=":443"; ma=86400
x-amz-id-2: juBWXGs61yvnmMlMdm81J5qt/vCa/wgsPSKyyCOPkCk3Givtq6gDvXP+tYb6KEc0mQwoERLOvRg0+E/7w27VsDXvIu7xCDQk5dv9HiuRBLg=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 65f6f38b-b195-4cba-b34c-d5aeaeef2b88
last-modified: Mon, 03 Apr 2023 07:33:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nmga5AcX%2F5uuuQmOwKqNqJujFqD4p9gSNXSi4QV3vEEpPDArCh%2FMA4cKE3hO22N9F5dMMjvOeDjhfpzj9Q237Tm8oWcdjSRr%2B7R87tDjYehe9s7Pa6DFlGTcqkNbmnuBcMCyBfj05JIB7xXHFIs1Yr0AY8o%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-vbm4n
access-control-allow-credentials: false
cf-ray: 8346b9fb6b8b65be-FRA
x-amz-cf-id: ZVNVfcl_XdrMJbBfAU2lhmFaJxR1dZxN-ipUTZX24LD9OrYf8dWD2A==

GET
H3 200 module_49260849056_menu-section.min.js Show response
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/49260849056/1624371913023/ 7 KB
3 KB 43ms
43ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/49260849056/1624371913023/module_49260849056_menu-section.min.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4634b4ca5bddc17936a30d28ca693f195ea317a271722b08c2a43dfa5e87ca87

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1012
x-amz-request-id: 1FX5HJRQ059C8221
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"994119dfafd2fe136e1fe5f6b7c89f86"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1624371913023
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 7af6fcba5fc7d18afd4c6d456b52e886.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 8kne7qi7fjEB4JDzKeGsBhWhXE77dZGn
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b7a5ba43-2870-40e3-852e-2a68f31e1a71
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 177
alt-svc: h3=":443"; ma=86400
x-amz-id-2: RzGBCq0zyD3TbeZUtUgbe/+jWBV0W5Tqua72GFmqrs9Qf2ToEhLH/ppmxsnrQKf53HXlmUgbE70=
x-evy-trace-route-configuration: listener_https/all
x-request-id: b7a5ba43-2870-40e3-852e-2a68f31e1a71
last-modified: Tue, 22 Jun 2021 14:25:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TGDJnbDr0fzNfAQqt9wPX1w%2BDBJSigPJOgygWWpAtm2C8bRkoB1XJS0o%2BoeYcdlb6KEga%2BMGKLOkei40%2B4A6NLfu7uVpDSjCCeEYFE0YDvJJEV%2FWbuqyhn4DLBbLaVZX6vjanEv%2BNuyabqNzCAjyTec1n%2FA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-c8l2v
access-control-allow-credentials: false
cf-ray: 8346b9fbcbfd65be-FRA
x-amz-cf-id: qaYpuG8RWHRHbZifUurEaYLaUFIBUnJqTT7rg6pvLkH1CyF5LS8ARw==

GET
H3 200 19526976.js Show response
blog.merklescience.com/hs/scriptloader/ 2 KB
2 KB 364ms
363ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs/scriptloader/19526976.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

979ac57cebfc873ad20348fd26e87974c749c3a103a1d836923a8ac4470c28b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ad26837d-6f40-4b92-9279-b2181dc25d26
content-encoding: br
x-envoy-upstream-service-time: 16
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ad26837d-6f40-4b92-9279-b2181dc25d26
last-modified: Tue, 12 Dec 2023 11:11:01 GMT
server: cloudflare
x-trace: 2BF336E8F73E1C9DCE6FE470892E734168C0CE8BBF000000000000000000
vary: origin, Accept-Encoding
access-control-max-age: 3600
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.merklescience.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6ffdd984b9-2zrsz
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fqs9x9UGN26OWPRPZfWL3SbasSkGigVkr96CQWszWfMPPTd9NiixO2elt2Rq1%2BydVPuo1VZszSow4dll5DtUOHRYVv%2FB6XhY35mHO%2F%2F5ahffW%2BON4lDmlcxUUThOETQcgFPhEOjXnBcf15HY2WLxLsSm60I%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8346b9fccdee65be-FRA
expires: Tue, 12 Dec 2023 14:42:08 GMT

GET
H3 200 index.js Show response
blog.merklescience.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 72ms
72ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 04a40fe66992666426f66bb0ade3912a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1170310
x-amz-cf-pop: TXL50-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TmsZhMw8Lthrks2sxmtgXD8OVUYpxa%2B%2BVejwu3zva7QxrhG3AvP3pjo1rlerES7%2BOvDDH2PM1InT6jbONTTcu4tFIuxS6%2FCj7clraabPfLlh7YmQ3raUK%2BzODQjbgFl9FyOBltaWhCkP7aWgsRhAFTo8nFI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8346b9fccdf165be-FRA
x-amz-cf-id: 8NRs2Wm2ubi5t9HUvpgx9SMwAJYAnsUpgxBkSQl1rau6_0XB0E7nLw==
expires: Wed, 11 Dec 2024 14:41:08 GMT

GET
H2 200 configuration.js Show response
consentcdn.cookiebot.com/consentconfig/d65caf34-3a4c-483e-a010-e2b6901c427f/blog.merklescience.com/ 2 KB
923 B 126ms
112ms Script
application/x-javascript 2a02:26f0:3500:887::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/consentconfig/d65caf34-3a4c-483e-a010-e2b6901c427f/blog.merklescience.com/configuration.js
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: de3147a77ca7a0b0c635b457b3ad39ed65176476d2a4b0d53dda9e196c1c889d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:08 GMT
content-encoding: gzip
last-modified: Wed, 10 May 2023 09:16:40 GMT
server: AkamaiNetStorage
etag: "78ec6fe7160ce243e17c7c092388d316:1683710200.384041"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=19213
cross-origin-resource-policy: cross-origin
server-timing: cdn-cache; desc=HIT, edge; dur=79, origin; dur=0, ak_p; desc="1702392068607_388276619_236523940_7861_631_5_9_146";dur=1
accept-ranges: bytes
content-length: 536
expires: Tue, 12 Dec 2023 20:01:21 GMT

GET
H2 200 cc.js Show response
consent.cookiebot.com/d65caf34-3a4c-483e-a010-e2b6901c427f/ 269 KB
78 KB 347ms
347ms Script
application/x-javascript 2a02:26f0:3500:18::1724:a29a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/d65caf34-3a4c-483e-a010-e2b6901c427f/cc.js?renew=false&referer=blog.merklescience.com&dnt=false&init=false
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a29a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 529008fc82fc662095ea98fdb285d36ddc0ee92faf882ee4d7c36cb75cad1163

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:08 GMT
content-encoding: gzip
last-modified: Tue, 12 Dec 2023 14:41:08 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: private, max-age=1200
cross-origin-resource-policy: cross-origin
content-length: 79640
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef

GET
H3 200 regular.woff2
blog.merklescience.com/_hcms/googlefonts/Poppins/ 48 KB
49 KB 71ms
71ms Font
font/woff2 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/_hcms/googlefonts/Poppins/regular.woff2

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

078a838f0e1e77b39512df1902c5197ac824cfb8d6f13e988126a8bdf597edb2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 26 Dec 2023 14:41:08 GMT
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 4f41a6860ab116e6fd0a110c5ba1420a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: VIE50-P1
x-amz-request-id: BF9QEH51JFAJXA7H
x-amz-server-side-encryption: AES256
x-amz-version-id: 3PciyrGhSXRxkj9pAFU3stm15k0hyI8S
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 49652
x-amz-id-2: 7tK1X7lE/ISa1C5RMbh/WdHGJDuA8GLv6uP3wb782akjniyhMzldMDD9oRlXJCRF4vAYuenCKAs=
last-modified: Tue, 17 Jan 2023 19:08:48 GMT
server: cloudflare
etag: "46ff920efe7721f9087376e8131619e8"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Srw0o38mO1SmYZ55YWjL766S25%2Fzrwvly0GCFKtYe3buKXcuckw5WdUF1LNKBmEJcvc6zuZNc3EE%2BKKH3BnDKS80njgdY2%2FSq4vZywrmghXJS6XNSsd4dCc1%2Fpql0xFPHGK5%2FfQI8GzemF8qyQykAL68F3g%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 8346b9fcde1165be-FRA
x-amz-cf-id: iYxkfRN_r1RDrKxHiPriUrvJ1wErkz7sb1Atvtm6h42qutJFkL-68g==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 500.woff2
blog.merklescience.com/_hcms/googlefonts/Poppins/ 48 KB
49 KB 85ms
85ms Font
font/woff2 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/_hcms/googlefonts/Poppins/500.woff2

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

72d422ca01aa5059f41ff11b170fe69f993a39c7b0b06dc17fd072866b187d83

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 26 Dec 2023 14:41:08 GMT
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 745bd6e0dfe1d054bf9397c4a6fbc612.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: VIE50-P1
x-amz-request-id: 9TY9XJB6NH0TZAGT
x-amz-server-side-encryption: AES256
x-amz-version-id: MYQg6ao56VNvUdP0V72DHUw0ZJFFCVpn
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 48956
x-amz-id-2: UKXfc88lMbusukRtc8E1BS7K9IH8KMMcVgiFEVpysThSQdMHZTz0zVDkHklhz80mziUnWpCMpV8=
last-modified: Tue, 17 Jan 2023 19:09:04 GMT
server: cloudflare
etag: "3a0a14dc7381ee5200cadbe0af4ee7de"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vm6WOYBWMqgIcairgx4th5IgwfGmWRPC0Ji8sbE7%2BstysgXlU1bpGZlITll%2BUrU9UnMdCJ6QaqNL%2FJLVaS4t%2FMP482oepwrqWFJxXbgvSlqXps6T0pbpAKVV17lC5jnoJw6PMl92xbPJSNeOnQKvUOZq%2FoQ%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 8346b9fcde1565be-FRA
x-amz-cf-id: rbmcU76FqwQVKF0P2KfvgcCNa6z6e3RBViMEpH83LFXsrJ1q-bY3iw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 Compass.png
blog.merklescience.com/hubfs/ 3 KB
4 KB 86ms
86ms Image
image/webp 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.merklescience.com/hubfs/Compass.png

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

76396f18d71b5e1d7d37fbfa3258a1a81565df85802c123f52eb15390cfbd046

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-74347341997,P-19526976,FLS-ALL
x-amz-request-id: T0A64S10BQ2ZEJZ5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74347341997,P-19526976,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Compass.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "46658160b4bfefdf4bca0c422516c341"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1653372214045
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 57ba1933a852bdb178dbe4a1e2e3a5fa.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: khAJwzOtO1S2MGGhPMwSMtGktAdl6Jcp
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=3323
x-cache: RefreshHit from cloudfront
cache-tag: F-74347341997,P-19526976,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2712
x-amz-id-2: SrnCiFWPsVUfEQuhgPYdJ3CN+X8hRzxZ7LLiYs76jnndu+80LWzMYS6jv5u5SCM5OIMEYshjYhY=
last-modified: Tue, 24 May 2022 06:03:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TVqs5k6dB4%2FxO7k6Zc%2F6e05JM6xHBlsWaxIkCXezFmoqlavM8JxwY6%2FB4NNx4mvvPJt4myQASHJmoYRF9WfhMiSGsPZoji%2BgDM34ZGc2a1L9NH33wgcsblHgot04ZOsCS7nmpPp%2BcDCoKPozBcPnOyCSHaQ%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8346b9fcee3965be-FRA
x-amz-cf-id: eaFWIegErFnMipLkzXp6En4IzacaSXzYBWleNpuCIfblUBC1y9db2Q==

GET
H3 200 Tracker.png
blog.merklescience.com/hubfs/ 3 KB
5 KB 87ms
87ms Image
image/webp 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.merklescience.com/hubfs/Tracker.png

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5f093f8260fef06b267dfac6fa678a8cb47d930c7c9c85465937914a3f1a9d8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-74346044833,P-19526976,FLS-ALL
x-amz-request-id: ABEG1KQ8NGKZW9TC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74346044833,P-19526976,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Tracker.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "56205120b0749d42f805460804a01902"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1653372213994
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 aa89236c3ef628703c4b8322e4ce6d96.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: gBKG6Uj2ffu.mvP04gl1ZBxha9KCTjcp
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=3937
x-cache: RefreshHit from cloudfront
cache-tag: F-74346044833,P-19526976,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 3366
x-amz-id-2: g4qA//FumvhoRvTEa1IGQ5EBBwFlTIYUy7IfLCamdSC91ob5hg4dAUdnEmna60u+a7Xd/Kh9bT0=
last-modified: Tue, 24 May 2022 06:03:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FmzXpwZWX%2B2fXLQQAHgK7MCWCka3yV9r9yobhdSJt6%2Bk81xiNWD6RKNsGasQR%2FNOobmKqSN0PGomGtOJibLksGVQOydlWhw1yB1RrKxPLaB8lV1ycWOhevg7CbCIjDPRtJeMZdnHWObaf3pIbi4d65EyFTg%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8346b9fcee3c65be-FRA
x-amz-cf-id: HHmlgE0-0iLzfu5eVvC1cBkz8lYg_lBh9I8zRzi12lJigXIkfMZiBA==

GET
H3 200 Explorer.png
blog.merklescience.com/hubfs/ 2 KB
4 KB 88ms
88ms Image
image/webp 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.merklescience.com/hubfs/Explorer.png

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

62a858e232d5ce3f0fc614ff57bb931465c62efbbed062faa13e45a20c46e746

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-74346265749,P-19526976,FLS-ALL
x-amz-request-id: T0A3RNJSXM1W61HQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74346265749,P-19526976,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Explorer.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "dbabc88f9aa4add4f61c5084df439af4"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1653372214043
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 9b7b71910b45e646f6476bbd270127a4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: TOm9DqDd4eG5FFLygz8.Fp45_2Ax_js.
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=3054
x-cache: RefreshHit from cloudfront
cache-tag: F-74346265749,P-19526976,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2418
x-amz-id-2: n4GsaGcS0LoHNywoTAuJhpvI1+Ko7CQarhKhyEx8LV9eWy3FCb1RoyQHeSOytBTKGH+btNS8x6g=
last-modified: Tue, 24 May 2022 06:03:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jh2RFKjixIflhCG4m6TRAA6SbWrxmc4tLFn%2BvxHTBRFmreV9eczSsXa%2Fk9H0M7zSfo4PX9RWM2z7i6N%2BLGPrQPf1EYx%2BYUjEG6dZTFScB9zHcjLR0RQF1Bz6F1ZwIBF5X50Hn%2BcuSbgDtFGv3Pu6xNeU%2Fs8%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8346b9fcee3f65be-FRA
x-amz-cf-id: z-2kWY7Pk_Yu8rAN5l1J3EBCwKQRDqEDzOWlE8ebXa5XE51aAYBEtg==

GET
H3 200 Institute.png
blog.merklescience.com/hubfs/ 3 KB
4 KB 89ms
89ms Image
image/webp 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.merklescience.com/hubfs/Institute.png

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea5a7047f3c770bc7890c2120666b2100ea49b12ea23bee0498e8660e3c21120

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-74346265750,P-19526976,FLS-ALL
x-amz-request-id: T0A5M0QR1W2C66JE
x-amz-server-side-encryption: AES256
edge-cache-tag: F-74346265750,P-19526976,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Institute.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "127fa8ed3aa84817ac224c3225282501"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1653372214617
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 8b8626ca944cc316c9f369d8a33098d6.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: PJYpfpO7WASfov2T9gEEkcY.KP0Q4kfL
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=3244
x-cache: RefreshHit from cloudfront
cache-tag: F-74346265750,P-19526976,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2620
x-amz-id-2: qQqc6agfo17RcbEeGSgvsQEHzCbQDG3ubgkm2OcXTG0chOzziuTOvuDwdegFthZLWqkPyf7ry4k=
last-modified: Tue, 24 May 2022 06:03:35 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Q6C9IxoJaq8Vd59quiOsu7%2FDgmaipbpFhvVKyXUNlQVNDurIONK593atsRlpmiTyraqIQ7jfJhDzMuOMv7CuOajgjQWeJa6%2B7ZE6mj2YYiZkl4uQrRLiHpkGojTglwqp6hMrrA0sCeqNx9FiW56eymIbnM%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8346b9fcee4265be-FRA
x-amz-cf-id: FLY61nLkp1iYMf-robE226B19uojEpK40Vzyfj60gPK1G76wewuWsw==

GET
H3 200 Logo%E2%80%93Blue.png
blog.merklescience.com/hubfs/ 6 KB
7 KB 90ms
89ms Image
image/webp 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.merklescience.com/hubfs/Logo%E2%80%93Blue.png

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

19e75eaeea97b121932d5b44d8e8741b70c244680dae076cd9685e664886a3a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-49320879935,P-19526976,FLS-ALL
x-amz-request-id: M8B1413FE3T36BVQ
x-amz-server-side-encryption: AES256
edge-cache-tag: F-49320879935,P-19526976,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
content-disposition: inline; filename="Logo%E2%80%93Blue.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "ce0429930923b0d0d1d081ba0eba25ef"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1624442423188
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 47108d20696953c511efd289fb1b758e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: tJ5gdHAZxYqBhP2MZMlovT18jaxk1mKS
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=17976
x-cache: Miss from cloudfront
cache-tag: F-49320879935,P-19526976,FLS-ALL
x-amz-meta-index-tag: none
alt-svc: h3=":443"; ma=86400
content-length: 6358
x-amz-id-2: 7BeOosv6RWTmvQNY9UTfGyvfr94sQlXxupxJM3GPaL3wK2/7W4dyzJMYQJlYE3zw+0LoiQethPg=
last-modified: Wed, 23 Jun 2021 10:00:24 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1GYYvFkGgk7jMa98m7awKjTHLk6LQbjrgvVkvZQJLU44xgKw6pEi%2FQuPOIhR%2FYHd8JhKt36gA7b9CwBoNfeQ309GMA5eQCE64wKUSi%2FbuHvwhQG9mgU%2BET3hd%2BNqp54Kmo1PpZ3puj3cNQOwemaRjG0ZGU4%3D"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8346b9fcee4365be-FRA
x-amz-cf-id: ibo_s4_c_nzv_AYX66rGKZ5sgSFzJgTnlQj9Ay7jXGpcbEJoGsVeZA==

GET
H2 200 bc-v4.min.html Show response
consentcdn.cookiebot.com/sdk/ Frame ECA2 627 B
811 B 39ms
39ms Document
text/html 2a02:26f0:3500:887::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=30056826
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:41:08 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Sun, 24 Nov 2024 11:48:14 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1702392068722_388276619_236524466_642_883_5_0_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 6ZLiNCZr4H3mtTmEU5Xi6_QcpDr40svP4P0aF7_t1lYs-7N3eBKLSdlhgP_ymSpZkZwMGCciECEAOv4VDOhVlejkiYjup_pa-b_SKlmj04VOWi4nhpDmQIjsBV3uroVzrwKGUHBTS0zy8Y-ayzE4NZE
lh6.googleusercontent.com/ 40 KB
41 KB 622ms
512ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh6.googleusercontent.com/6ZLiNCZr4H3mtTmEU5Xi6_QcpDr40svP4P0aF7_t1lYs-7N3eBKLSdlhgP_ymSpZkZwMGCciECEAOv4VDOhVlejkiYjup_pa-b_SKlmj04VOWi4nhpDmQIjsBV3uroVzrwKGUHBTS0zy8Y-ayzE4NZE

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6b02bab3794bcca0f74d09c78beab341f44324ddb3fd912a4bc62029ad3a66f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Conic Finance.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41166
x-xss-protection: 0
expires: Wed, 13 Dec 2023 14:41:09 GMT

GET
H2 200 gh78zoVo36YZtZmBykvg8jw38LAVLaugR_OEh19uSMtb186ErRx80gU37eU1-BxBRsMcmnwOhHRTce37UYTA8-ze3HqlvfUmmY6F3TWRtbftQz97XpLesJXlAILvfBbFRRnkTptU0n8Sm15gfrGBsNQ
lh5.googleusercontent.com/ 304 KB
304 KB 1061ms
938ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lh5.googleusercontent.com/gh78zoVo36YZtZmBykvg8jw38LAVLaugR_OEh19uSMtb186ErRx80gU37eU1-BxBRsMcmnwOhHRTce37UYTA8-ze3HqlvfUmmY6F3TWRtbftQz97XpLesJXlAILvfBbFRRnkTptU0n8Sm15gfrGBsNQ

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f43629513a2a8b176c9e28babba727df8566992c7639500928cfc02ffdef4ea7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:10 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Untitled.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 311001
x-xss-protection: 0
expires: Wed, 13 Dec 2023 14:41:10 GMT

GET
H2 200 in.js Show response
platform.linkedin.com/ 510 KB
160 KB 17ms
16ms Script
text/javascript 2620:1ec:bdf::63
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:bdf::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ee773ef677420cdeb136e974fcef8ed7c10c1302fff8a9846acd53434cacb8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-cdn-client-ip-version: IPV6
x-cdn: AZUR
x-cache: TCP_HIT
x-cdn-proto: HTTP2
content-length: 163638
x-li-uuid: AAYMUAEqrgUD0ak1bMtXKw==
x-li-pop: prod-lor1-x
vary: Accept-Encoding
x-azure-ref: 20231212T144109Z-50hqzznqzx1bd6eb3ykd2sqz2g00000000q0000000008nu8
x-li-fabric: prod-lor1
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
x-li-proto: http/1.1
accept-ranges: bytes
expires: Tue, 12 Dec 2023 14:26:56 GMT

GET
H2 200 1.gif
imgsct.cookiebot.com/ 35 B
484 B 98ms
98ms Image
image/gif 2a02:26f0:3500:887::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgsct.cookiebot.com/1.gif?dgi=d65caf34-3a4c-483e-a010-e2b6901c427f
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
x-guploader-uploadid: ABPtcPrNi3gxedWZi2otu5M9_IVBPBIvCkZ_Jg5AqBoKEg4eUqALPL2dCcqOTgkLBKBXaPXEE8BnLQ1ZzDCHjYE
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 35
last-modified: Mon, 23 Oct 2023 11:39:32 GMT
server: UploadServer
etag: "c2196de8ba412c60c22ab491af7b1409"
x-goog-generation: 1698061172769999
x-goog-hash: crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public,max-age=1800
x-goog-stored-content-length: 35
accept-ranges: bytes
content-type: image/gif

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 532 KB
170 KB 17ms
17ms Script
application/javascript 2606:4700::6810:88ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bec065ae320fed4bb93d09440a473e82958293c8daf9371354588ece80588d15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
age: 1
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4270/bundles/project-v2.js&cfRay=8346b9faba209202-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"fc9d6a2cfcf42118865e200cd34d3672"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4270/bundles/project-v2.js
date: Tue, 12 Dec 2023 14:41:09 GMT
x-amz-version-id: RBYY3BIyY8WMd_yGkQbPFvGfcq.KKRed
via: 1.1 05133180bbd1649d4b8f97441bf305e8.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 79be6a4b-c6ca-4bd9-9d46-819d5a55cf52
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 79be6a4b-c6ca-4bd9-9d46-819d5a55cf52
last-modified: Mon, 11 Dec 2023 15:17:46 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sT95TpDYtPDcqC7RwbH4mWq4VMIDQLzVZVFEGAu1xWbtlR5I6%2Bq73iE9yARwCV3p68GZSt%2FCtsnaE21lVTpk3L6qVru0NEGIJhWRhRkCgRvUziTQhH4kGAMKd45V5KrjmTzSNyBX5kXTLt6J"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-59k59
cf-ray: 8346ba00786b9202-FRA
x-amz-cf-id: OM98VjJd-npsUcZuwYiBv4v-zGvDA9jftvcChh8s-2faa0hrwzS6BA==

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/19526976/b3854a1c-0ab5-4093-97af-cff47598678e/ 48 KB
7 KB 170ms
153ms XHR
application/json 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/19526976/b3854a1c-0ab5-4093-97af-cff47598678e/json?hs_static_app=forms-embed&hs_static_app_version=1.4270&X-HubSpot-Static-App-Info=forms-embed-1.4270

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

107421257f16d9e3ada526b40bd4bd20a4c7bb80e2bf5afa4b71f1b78dd14d9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Tue, 12 Dec 2023 14:41:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 5fc4b143-0c69-4db4-90a9-15ef793394fa
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 28
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5fc4b143-0c69-4db4-90a9-15ef793394fa
Server: cloudflare
X-Trace: 2B29E09418B694560D59BFEFEF4C720EF86F927E10000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://blog.merklescience.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 8346ba01088503dc-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-f8rcm

GET
H3 200 v2.js Show response
js.hsforms.net/forms/ 532 KB
171 KB 44ms
44ms Script
application/javascript 2606:4700::6810:88ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bec065ae320fed4bb93d09440a473e82958293c8daf9371354588ece80588d15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
age: 375
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4270/bundles/project-v2.js&cfRay=8346b0db5bfa2bd3-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"fc9d6a2cfcf42118865e200cd34d3672"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4270/bundles/project-v2.js
date: Tue, 12 Dec 2023 14:41:09 GMT
x-amz-version-id: RBYY3BIyY8WMd_yGkQbPFvGfcq.KKRed
via: 1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: ed9e0672-f07b-4bfe-b23a-82a167642775
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: ed9e0672-f07b-4bfe-b23a-82a167642775
last-modified: Mon, 11 Dec 2023 15:17:46 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UpVIPwThjFOOxp1mmYz6mOTsnvN0rmbooerHOFiyl5wDFfYNwarqOCpSiGLknxT7Shdp%2Fnw3XoB%2Ba1WWb0mhRaQwUS5DlStrVUowfcohD99LhHwc1UTeiLMCiIrA6DspoI%2BBy%2F5MFPlgbmFf"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-d59vm
cf-ray: 8346ba00fe842be4-FRA
x-amz-cf-id: t-5ZattcriWc6i0aO9q_8JYLT4G4oc8THpnWUYZjBaqgDxawf2escw==

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/19526976/b0d41fdb-1517-491c-aa51-b153076f4c9b/ 19 KB
5 KB 242ms
214ms XHR
application/json 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/19526976/b0d41fdb-1517-491c-aa51-b153076f4c9b/json?hs_static_app=forms-embed&hs_static_app_version=1.4270&X-HubSpot-Static-App-Info=forms-embed-1.4270

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b110522096134b90d8ef42c98b7d7e7963cba6b8814671193ae0db7cf9f50de8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Tue, 12 Dec 2023 14:41:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 9fa7ebd4-8463-4caf-acc0-4bd4c8fbef7d
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 30
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9fa7ebd4-8463-4caf-acc0-4bd4c8fbef7d
Server: cloudflare
X-Trace: 2B64865318835D6A6C0AC3584E42A1CDEC761456E3000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://blog.merklescience.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 8346ba01dcf9bba9-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-89rr2

GET
H3 200 main.min.js Show response
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49255893830/1680507231921/Merkle_theme/js/ 1 KB
2 KB 59ms
58ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/template_assets/49255893830/1680507231921/Merkle_theme/js/main.min.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

db949bcd5493c11ceacbe4eb58c6e0c8879d5728823be2b115ea12e02df1d3f1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1013
x-amz-request-id: JVXYC8HJ5ZMRDGAS
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"1992736dfdf7d049838d3bd4a1b2289e"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1680507232065
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 19a26748942db0d3fcb162b26019f692.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Py_1ctYeqCQ5vc53kTPwHRrABA0LYXgN
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: 65f6f38b-b195-4cba-b34c-d5aeaeef2b88
x-cache: RefreshHit from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 178
alt-svc: h3=":443"; ma=86400
x-amz-id-2: juBWXGs61yvnmMlMdm81J5qt/vCa/wgsPSKyyCOPkCk3Givtq6gDvXP+tYb6KEc0mQwoERLOvRg0+E/7w27VsDXvIu7xCDQk5dv9HiuRBLg=
x-evy-trace-route-configuration: listener_https/all
x-request-id: 65f6f38b-b195-4cba-b34c-d5aeaeef2b88
last-modified: Mon, 03 Apr 2023 07:33:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=inbjCFehsutn8A5mfOGdqZcQCbzs%2BUxmLP3YsoImO7aJLdfZkFKlx6PBlCaRzF7KMNKbh6uquRyUwgp66aAQ9WIF%2Ft6rNtsHksIv8elDFvDnSI20zqo3PmC7mSgsqPAH4DC3FMpLTaM6DgcAhXn9XYN5mU8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-vbm4n
access-control-allow-credentials: false
cf-ray: 8346ba01af4965be-FRA
x-amz-cf-id: ZVNVfcl_XdrMJbBfAU2lhmFaJxR1dZxN-ipUTZX24LD9OrYf8dWD2A==

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
625 B 151ms
134ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 79fbba16-9800-4bce-8586-48f1ff310926
x-envoy-upstream-service-time: 6
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 79fbba16-9800-4bce-8586-48f1ff310926
server: cloudflare
x-trace: 2B64AABEAD688758EACE1631C4B8EA1555D7FF358B000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-9sgqn
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8346ba022f9d381c-FRA

GET
H2 200 enterprise.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 187ms
67ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_9eaabcc4_c80e_463b_91cd_fb6f1e1c1cf5&render=explicit&hl=en

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c35499bd7186b3cf6aa65ac248a2d8076e19ee23861e4dc81cbeddcba89d079a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 12 Dec 2023 14:41:09 GMT

GET
H3 200 regular.woff2
blog.merklescience.com/_hcms/googlefonts/Montserrat/ 39 KB
40 KB 64ms
63ms Font
font/woff2 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/_hcms/googlefonts/Montserrat/regular.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca725ff5868dd217cbeddea844518a637e23559ca5a3f57287a20e8a34d76b8f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 26 Dec 2023 14:41:09 GMT
date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: FRA56-P7
x-amz-request-id: 5ZSPZECPEZ08WYC2
x-amz-server-side-encryption: AES256
x-amz-version-id: Ju9HhmgWsxdqzo2ei9AioIS5RPk8bTSv
x-cache: Miss from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 39628
x-amz-id-2: XJScts9uXZ+3bVl4JYPWUenXToBrva0G8T8LC4g//XT1MYB6+zZaxVQVi+y+rjYhvTXzQTjuw8oyp9Twe0ObIw==
last-modified: Wed, 29 Nov 2023 19:40:41 GMT
server: cloudflare
etag: "da5f91039dafa3ef845164c1a163a26f"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rR7jbjmobcRaPpKzNN9cUcXK6%2FF4saO5G9WSwApijY4pe49CI%2BRfK6ZcRQyu21i7FhsD%2Faf2MxXRLWNr0VHvkB9D0C02otKVUreV0PYj%2BKoPKfqK9pbT9Xj39P8%2BpIAUoJeKmpQih797iy%2FCFLN02jeYXdQ%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 8346ba022fea65be-FRA
x-amz-cf-id: 7OnmsQKEKeGRH_ohYrRyCP6ixzxpuywVXHpLndAXerod3EZI54kjuw==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H3 200 300.woff2
blog.merklescience.com/_hcms/googlefonts/Montserrat/ 39 KB
40 KB 104ms
104ms Font
font/woff2 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/_hcms/googlefonts/Montserrat/300.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b69e7551f08f1ac9de61d1020ea26335ed136a2c3149408c0ddd581d1ef5d00

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

expires: Tue, 26 Dec 2023 14:41:09 GMT
date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 127e1ddb6224f10ae9e484392afd1b6c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
x-amz-cf-pop: VIE50-P1
x-amz-request-id: SEBRF7BN8H076MKG
x-amz-server-side-encryption: AES256
x-amz-version-id: xfw7h6jmmfTQljoqhbnCJvipd93AygU.
x-cache: RefreshHit from cloudfront
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
alt-svc: h3=":443"; ma=86400
content-length: 39528
x-amz-id-2: JJ8Cu9hY2f+Kk8s9qz4VLgiXYD1fS5c2Tcv+bh+nAfE4c4dCFLu8i2gDQTeTQ4B3Gze17EEvbHI=
last-modified: Wed, 29 Nov 2023 19:40:37 GMT
server: cloudflare
etag: "db456680a10985e9ec734f1818d3bffd"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x16svkbd5arVlMZmzKC%2B2TjxYCkoPv9kSlCFyoPiQTzjwbkEl47J0Zvjcr7W5ebjWH1eu5UjTwOOuF%2Bb22rc3lBH0uKKVSzHZVkD29xMzmU3TppY%2BSowYgg0dCR0INu1HN6y5HK9bgz6abVIXeyWHdLuok8%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=1209600
accept-ranges: bytes
cf-ray: 8346ba022fed65be-FRA
x-amz-cf-id: CddkBwRBmcE-YziC9PriRyeruhZin-sIbFNEL9Y0oreGfbX5jbaSwg==
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3

GET
H2 200 Untitled%20design.png
f.hubspotusercontent20.net/hubfs/19526976/ 10 KB
11 KB 118ms
99ms Image
image/webp 2606:4700::6811:4fe4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://f.hubspotusercontent20.net/hubfs/19526976/Untitled%20design.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4fe4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89992d848d634533bbd9c007775517c27608dd4b090843c5c36641161a4db6fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-48848267627,P-19526976,FLS-ALL
age: 75763
x-amz-request-id: 976R34ESEPWDRMKC
x-amz-server-side-encryption: AES256
edge-cache-tag: F-48848267627,P-19526976,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Untitled%20design.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "749a4a7f9f645a3d5ab26369d5c998f6"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1623759475018
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 8dc3ccc34d68ee81173fff2a80f72bde.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: ICYNLl2t_GRV.SeQQj9nXY4cfKJjBGA9
x-amz-cf-pop: FRA56-P7
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=20447
x-cache: Miss from cloudfront
cache-tag: F-48848267627,P-19526976,FLS-ALL
x-amz-meta-index-tag: none
content-length: 10662
x-amz-id-2: Pxh02WfIJ/iplY/XhzoxDD43wtMFMkhHVmBQed+L3dFN/TS+iEzIN3L6p1kNvo37b44S/qfelR4=
last-modified: Tue, 15 Jun 2021 12:17:56 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8346ba024b841cad-FRA
x-amz-cf-id: JTntNh53Yg1uwlsYjUjdoUVnh3e64zZxaiCvHm-7_Nj3_xlQt1tQ1Q==

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1016 B 201ms
170ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 14:41:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 04f6a51c-3e96-4ba1-bfea-67dd29ee943e
x-envoy-upstream-service-time: 39
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 04f6a51c-3e96-4ba1-bfea-67dd29ee943e
Server: cloudflare
X-Trace: 2BC38E3E1C81C56C4BD6AD00083BE76B67D95F53FF000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-cltdg
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 8346ba026a6139c2-FRA

GET
H3 200 module_49260849056_menu-section.min.js Show response
blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/49260849056/1624371913023/ 7 KB
3 KB 49ms
49ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs-fs/hub/19526976/hub_generated/module_assets/49260849056/1624371913023/module_49260849056_menu-section.min.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4634b4ca5bddc17936a30d28ca693f195ea317a271722b08c2a43dfa5e87ca87

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1013
x-amz-request-id: 1FX5HJRQ059C8221
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"994119dfafd2fe136e1fe5f6b7c89f86"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1624371913023
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 7af6fcba5fc7d18afd4c6d456b52e886.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: 8kne7qi7fjEB4JDzKeGsBhWhXE77dZGn
x-amz-cf-pop: IAD61-P3
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: b7a5ba43-2870-40e3-852e-2a68f31e1a71
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 177
alt-svc: h3=":443"; ma=86400
x-amz-id-2: RzGBCq0zyD3TbeZUtUgbe/+jWBV0W5Tqua72GFmqrs9Qf2ToEhLH/ppmxsnrQKf53HXlmUgbE70=
x-evy-trace-route-configuration: listener_https/all
x-request-id: b7a5ba43-2870-40e3-852e-2a68f31e1a71
last-modified: Tue, 22 Jun 2021 14:25:14 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NUHwg8mZ5tQD%2FDwT%2Fcgvkq5LO5TyeVPYHSAOSFGNAGfUFqERuvBZ%2FwP4gNKx3nXGegd8WLnxcO3yBcw7ELHZfGEBZCaMGTwVlb5Kp%2FTltRon7x205eKvbQPXREgAMZZhPdmHnG3RzAlksVRfzANVgeKyBCc%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5d487f56c7-c8l2v
access-control-allow-credentials: false
cf-ray: 8346ba02480365be-FRA
x-amz-cf-id: qaYpuG8RWHRHbZifUurEaYLaUFIBUnJqTT7rg6pvLkH1CyF5LS8ARw==

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 31ms
9ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f2e3b3ad5ce12b6ff8a8194399b67b63301f4aa7bd4ff7fb5beed53c88f8ec4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 12 Dec 2023 14:41:09 GMT
content-md5: kjLWWgX3xr7lJG+1nWViug==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
reporting-endpoints
x-fb-debug: 8K3MVSJd37m+cK7opk1BGOxXo1idsNSadaQxXMUhFukr4SfjTzfhU0pVAInD1Q+e+eqQ2cNBPnCebOgfXgH93g==
x-fb-content-md5: c2c456626207a5fc59126b555adcbe80
cross-origin-opener-policy: same-origin-allow-popups
etag: "51bbbd13e45823925e50d26f93dfc2cf"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Tue, 12 Dec 2023 14:58:14 GMT

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 91 KB
28 KB 67ms
16ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.merklescience.com
URL: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 14:41:09 GMT
Content-Encoding: gzip
Age: 1476
x-amz-server-side-encryption: AES256
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Content-Length: 27597
Last-Modified: Mon, 11 Dec 2023 17:20:28 GMT
Server: ECS (frb/67F2)
Etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
x-tw-cdn: VZ
Cache-Control: public, max-age=1800

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ 14 KB
5 KB 17ms
16ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 fc486e72455da7c1d3be4472dd5ba8b2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 1066816
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FF1NqM7aXXi0o%2Fkmn%2FWWKSRifLCujFu5rU3Ik%2FZU865CYFPVAt%2BJnQSkbrwY2r1H4Q5%2BxKsrF%2FXOBn4UUuaSsKqyztu88qaYST%2FrWhqsThv7GUb0LRUd7%2FXFiQj9RqY0zP9xF2yQlI9WIY%2BF6J5GiDRfv6U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8346ba029cb32bb5-FRA
x-amz-cf-id: aBSQ1kI-mQ_eEY62oKN6THNwB_spe_PubU77n29TgvkHHQG4zQuHSQ==
expires: Wed, 11 Dec 2024 14:41:09 GMT

GET
H3 200 19526976.js Show response
blog.merklescience.com/hs/scriptloader/ 2 KB
1 KB 86ms
86ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs/scriptloader/19526976.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

79f24cb999cabf0888cbca393a01b64aa1e0c021cc4376ce88fe7111db86b5ab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1
x-evy-trace-route-service-name: envoyset-translator
x-hs-https-only: worker
x-evy-trace-listener: listener_https
cf-bgj: minify
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://blog.merklescience.com
x-evy-trace-virtual-host: all
cache-control: public, max-age=60
expires: Tue, 12 Dec 2023 14:42:09 GMT
date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: ad26837d-6f40-4b92-9279-b2181dc25d26
cf-polished: origSize=2535
x-envoy-upstream-service-time: 16
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: ad26837d-6f40-4b92-9279-b2181dc25d26
last-modified: Tue, 12 Dec 2023 14:41:08 GMT
server: cloudflare
x-trace: 2BF336E8F73E1C9DCE6FE470892E734168C0CE8BBF000000000000000000
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPQmdpCE3joKMAjlf5klhcyXE268mKjSu2EckVVKKnCTTBuGegA8lJVVaQtraWmlug8C%2BGcWIxpjWuCs1DY5SEku%2B2BM9u5P5ePkAPXOKxduRtjrHSEsA12vm504ihliWwP2%2FzTmpkmqMPnqT6FYTyfvMZU%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6ffdd984b9-2zrsz
access-control-allow-credentials: true
cf-ray: 8346ba02b8a965be-FRA

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 304 KB
86 KB 15ms
8ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=e618cf631d6eba01b432db9ce29a1a6c

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

bd3805b227787879e59145148e2ec1647cd0b7a04d27072fc5f2bd477a9abd65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 12 Dec 2023 14:41:09 GMT
content-md5: U8TiY3/y6IUJn2AX1s85xQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87804
reporting-endpoints
x-fb-debug: GfiDXC6UiU94JJSJtbVNpcu73mIz47+GuxhcZHp0mP1Q2VfpS1uU/GuEjkmP2BKTOl8u4/pS+43vTuIGtDm3/A==
x-fb-content-md5: 45056f1c62659c313024680f936674fb
cross-origin-opener-policy: same-origin-allow-popups
etag: "a41d262717396a5b8f3148e95a170d5f"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Wed, 11 Dec 2024 13:22:39 GMT

GET
H/1.1 200
OK widget_iframe.2f70fb173b9000da126c79afe2098f02.html Show response
platform.twitter.com/widgets/ Frame A3C2 319 KB
104 KB 17ms
17ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.merklescience.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BA) /
Resource Hash: 70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 76768
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105429
Content-Type: text/html; charset=utf-8
Date: Tue, 12 Dec 2023 14:41:09 GMT
Etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified: Mon, 11 Dec 2023 17:19:49 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BA)
Server-Timing: x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary: Accept-Encoding
X-Cache: HIT
x-amz-server-side-encryption: AES256
x-tw-cdn: VZ

GET
H3 200 v2.js Show response
js.hsforms.net/forms/ Frame 3865 532 KB
171 KB 23ms
23ms Script
application/javascript 2606:4700::6810:88ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:88ce , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bec065ae320fed4bb93d09440a473e82958293c8daf9371354588ece80588d15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
age: 375
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4270/bundles/project-v2.js&cfRay=8346b0db5bfa2bd3-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"fc9d6a2cfcf42118865e200cd34d3672"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4270/bundles/project-v2.js
date: Tue, 12 Dec 2023 14:41:09 GMT
x-amz-version-id: RBYY3BIyY8WMd_yGkQbPFvGfcq.KKRed
via: 1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: ed9e0672-f07b-4bfe-b23a-82a167642775
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: ed9e0672-f07b-4bfe-b23a-82a167642775
last-modified: Mon, 11 Dec 2023 15:17:46 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DnbVN%2Ba9RevRcCcG1MzBKDsHH3f8eJNyEmJ99WHxHfjC5iUAx2d5%2FbCZP6o8yfaRNLdPxXvIFHEUkBAvQSMTlSaSRPbOJBuJjhOlbSh0YTqO2rRLwSMT%2BWngAgZ%2BTpzFRDVrOa4vK3oDs6zH"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-d59vm
cf-ray: 8346ba03498e2be4-FRA
x-amz-cf-id: t-5ZattcriWc6i0aO9q_8JYLT4G4oc8THpnWUYZjBaqgDxawf2escw==

GET
H2 200 settings Show response
syndication.twitter.com/ Frame A3C2 869 B
658 B 129ms
110ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=6bc55ac11110ca860455c3ae30b64c8dfbac050b

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.merklescience.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-response-time: 103
date: Tue, 12 Dec 2023 14:41:09 GMT
content-encoding: gzip
strict-transport-security: max-age=631138519
last-modified: Tue, 12 Dec 2023 14:41:09 GMT
server: tsa_o
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
x-transaction-id: ccff3bb548784874
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
perf: 7469935968
x-connection-hash: ae80a50c0a89632ada0024b8540c9df66c9f54e9f1140f6838c86c7caff1fda9
content-length: 337

GET
H2 200 19526976.js Show response
js.hs-analytics.net/analytics/1702392000000/ 66 KB
21 KB 168ms
151ms Script
text/javascript 2606:4700::6810:4dba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1702392000000/19526976.js
Requested by: Host: blog.merklescience.com
URL: https://blog.merklescience.com/hs/scriptloader/19526976.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:4dba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7967f6623767c38bd0c698866476d05d20fb0308e6f05d8425226acaa7bbb971

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: MISS
x-amz-request-id: MR46KEJAAH1RB9R4
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 7e5cd05b-6d1e-4b99-9c32-f9ddb09a44a8
x-envoy-upstream-service-time: 33
x-amz-id-2: EQ5NghH5N4jJS9VC5K9gHzV4kHy+xuf8NQv0uMkBOor3imrxlXUAXGJz3Lu/ZPArIKOPnDstVIc=
x-evy-trace-listener: listener_https
x-request-id: 7e5cd05b-6d1e-4b99-9c32-f9ddb09a44a8
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 15 Nov 2023 17:41:03 GMT
server: cloudflare
etag: W/"623cdc7b3932f9fcbbdd60e6c64e67d7"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-fd6fb8679-ttvqr
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8346ba03be5830fa-FRA
expires: Tue, 12 Dec 2023 14:46:09 GMT

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
25 KB 166ms
137ms Script
application/javascript 2606:4700::6811:589a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hs/scriptloader/19526976.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:589a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ad17c7d661733bbf1cfe9bc6e85033bfed43c87c94cb72ba02f484adf1593c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
x-amz-version-id: qOShuUL.zI.RMIWwukZE0taADNX_1wuf
via: 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: MISS
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 4c6177e4-8b16-4f93-8e56-a1d44cdc9e49
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.444/bundles/project.js&cfRay=8346ba03c95d1c0b-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 2
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 4c6177e4-8b16-4f93-8e56-a1d44cdc9e49
last-modified: Mon, 04 Dec 2023 12:10:50 UTC
server: cloudflare
etag: W/"109b7665e389a0b17fbf732bf7a02089"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
x-hs-cache-status: HIT
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-klp44
cf-ray: 8346ba03c95d1c0b-FRA
x-amz-cf-id: i7P5Fysu0-LKqwfQMATVdMEs3Ujr3eT047ATOownvBB5ezve3odeLg==
x-hs-target-asset: collected-forms-embed-js/static-1.444/bundles/project.js

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 551 KB
88 KB 2161ms
2119ms Script
application/javascript 2606:4700::6812:7e0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hs/scriptloader/19526976.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7e0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a59a536f6a35976c81d050cc1f734740643674e9736ae066f85213a5535e7a0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1291/bundle/main/lead-flows-release.js&cfRay=8346ba03ecc5915f-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"c314aa317d74a89c787c3c4a9d2fd97c"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1291/bundle/main/lead-flows-release.js
date: Tue, 12 Dec 2023 14:41:10 GMT
x-amz-version-id: QUNwK0xemzsIqupWMH2b5phjsLRnkTKD
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: MISS
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 27ad5ab7-93c0-471b-ad47-8b8352e4d250
x-cache: Miss from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 76
x-evy-trace-route-configuration: listener_https/all
x-request-id: 27ad5ab7-93c0-471b-ad47-8b8352e4d250
last-modified: Mon, 04 Dec 2023 12:11:15 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-s6d6r
cf-ray: 8346ba03ecc5915f-FRA
x-amz-cf-id: qQtneGzB0zxDngsiS8hskWAqERzZXjQPOV_HkycfjSxUxqSuEAVLcA==

GET
H2 200 integrations.js Show response
js.hs-banner.com/ 7 KB
4 KB 55ms
23ms Script
text/javascript 2606:4700:4400::6812:22e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/integrations.js
Requested by: Host: blog.merklescience.com
URL: https://blog.merklescience.com/hs/scriptloader/19526976.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66746cd2b188106bedc2a274591c1c43282ef7a18eebf436d1ee24620b0a01fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 70BEAHTXZM9WADMV
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 05c8ec50-d255-4de3-8d00-ad7acad61bc8
age: 196
x-envoy-upstream-service-time: 82
x-amz-id-2: 4hrLFP2IM1XYuMlXNBahXLNyRnM79y8koO5dU2pn0Mj0MouyHNcHRODoibaWGs3d9uXEGPDFFiQ=
x-evy-trace-listener: listener_https
x-request-id: 05c8ec50-d255-4de3-8d00-ad7acad61bc8
x-evy-trace-route-configuration: listener_https/all
last-modified: Wed, 09 Dec 2020 23:18:28 GMT
server: cloudflare
etag: W/"364ddc8a79d52e0088e7fcd8bbf180b6"
access-control-max-age: 604800
access-control-allow-methods: GET,OPTIONS,HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: false
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-jgkmt
vary: Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8346ba03df1d3815-FRA
expires: Tue, 12 Dec 2023 14:42:53 GMT

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 79 KB
23 KB 152ms
122ms Script
application/javascript 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hs/scriptloader/19526976.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41f9004980b00e13d2550d0fd037632a83ba59f30f993b8e5d27f3cca0e3865f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.734/bundles/project.js&cfRay=8346ba03d8b8bbc1-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"b8124967dd80f2d2349f589abdec4132"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.734/bundles/project.js
date: Tue, 12 Dec 2023 14:41:09 GMT
x-amz-version-id: Ba5YbA2aSSiR_OQE9jNA17rSkHsfzfLa
via: 1.1 fb1dc2e3bf4105b403e3bfa3a5067970.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: b8efa66f-e62d-4341-aa12-26fa070ba0f2
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
x-evy-trace-route-configuration: listener_https/all
x-request-id: b8efa66f-e62d-4341-aa12-26fa070ba0f2
last-modified: Thu, 07 Dec 2023 15:50:57 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5B7xncQeuGHQXY%2FxRdPKk1Eqq%2FSCsttW5jkPgMj%2Bk%2BO30qP9L%2F%2FCOMtERRYsOZBr8LTCC1DU4OfBDdZjpVBLzHJRONNiMXZ%2Bu2iawRf1EFQE8VvPx%2B51rjxOBgVnqUMXfJXkB5AOe0gmKQXq"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-r5ffn
cf-ray: 8346ba03d8b8bbc1-FRA
x-amz-cf-id: XBGziONgE2PT03QQvsCj7Qk9-inj3268a2Qov1SSKpxRNh_Ksdw09A==

GET
H3 200 index.js Show response
blog.merklescience.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 11 KB
5 KB 50ms
50ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.merklescience.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Requested by

Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 04a40fe66992666426f66bb0ade3912a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy: upgrade-insecure-requests
age: 1170311
x-amz-cf-pop: TXL50-P4
x-amz-server-side-encryption: AES256
x-amz-version-id: inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 21 Apr 2023 15:17:56 GMT
server: cloudflare
etag: W/"0bbd63c0750f141fd5cec04a9393647e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=79lASB9KetC0ofImxwmO49XJ3kRlaKZGp7yFU%2B6HEywyz61vhlQGpzrcertwVACN1MzJcbL8Z0i%2BXSOT2S3uX3iydd5FdTZDR7A%2BzO2%2F%2FdTjdkv7vdtRIbfHaw%2B8qIBMMEZyx9I36kzSjgZrF1yXNhDU%2BQg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8346ba03a9e765be-FRA
x-amz-cf-id: 8NRs2Wm2ubi5t9HUvpgx9SMwAJYAnsUpgxBkSQl1rau6_0XB0E7nLw==
expires: Wed, 11 Dec 2024 14:41:09 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ 501 KB
201 KB 169ms
54ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_9eaabcc4_c80e_463b_91cd_fb6f1e1c1cf5&render=explicit&hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6788908efcff931e3c0c4fb54a255932414a22e81971dcc1427c8a4f459a1fbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 10:14:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16005
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 204921
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 17:08:31 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Dec 2024 10:14:24 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
589 B 131ms
131ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 750042c4-0d22-46ad-853f-61680eea0beb
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 750042c4-0d22-46ad-853f-61680eea0beb
server: cloudflare
x-trace: 2B12830E405F66985AB75FBA7DAFC73E3E610FFFA4000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-cltdg
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8346ba03b9cd381c-FRA

GET
H2 200 css2
fonts.googleapis.com/ Frame 3865 6 KB
1 KB 198ms
83ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=IBM%20Plex%20Sans:wght@400;500;700&display=swap

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8f58d0ae890ca47f7c1496be13d8ccd803fe7fa79c8eaa3721b36cd92e7b5aab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 12 Dec 2023 14:41:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 13:37:17 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Dec 2023 14:41:09 GMT

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
591 B 187ms
187ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 2060736c-e8b7-4729-b134-6f60a3d35cb1
x-envoy-upstream-service-time: 57
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2060736c-e8b7-4729-b134-6f60a3d35cb1
server: cloudflare
x-trace: 2B21CBBF3D4E2BF92DCF4CF6A99DF09917266B9E7E000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-mftjk
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8346ba03d9fe381c-FRA

GET
H2 204 has-permission Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 194ms
177ms Script
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=19526976&callback=jsonpHandler

Requested by

Host: blog.merklescience.com
URL: https://blog.merklescience.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8a1a46b3-c603-426f-a45a-cb4bb31df7a8
x-envoy-upstream-service-time: 3
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8346ba041f034d7a&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 8a1a46b3-c603-426f-a45a-cb4bb31df7a8
server: cloudflare
x-trace: 2B23E614F760AE0EE93441C567EE9B08D919B28350000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-59k59
x-evy-trace-virtual-host: all
cache-control: max-age=0
access-control-allow-credentials: true
cf-ray: 8346ba041f034d7a-FRA

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 1 KB
2 KB 196ms
195ms Fetch
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=19526976&currentUrl=https%3A%2F%2Fblog.merklescience.com%2Fhacktrack%2Fhackers-drain-over-3-million-from-defi-protocol-conic-finance&contentId=126785052953

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6bd20c0013312a1c79b2db14e7a45a81183339926ba0f9fd6fbc5c2c087c36f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b2c89069-9c7b-4d9c-8795-d8249d319691
content-encoding: br
x-envoy-upstream-service-time: 71
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b2c89069-9c7b-4d9c-8795-d8249d319691
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.merklescience.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G4itt20PRIQbnvntNTpEL08IVDxplc9qrnaM%2Br1ZoYEH%2FFiWBqTEjUpMhJko1dPBkBZFT308E5ADNQxXqHURSAq5nMIn29pAGvKsBc%2BczczbWDQJTu%2Boy9C%2FFVRqWbZFPmgLMgRxD6b8lXmZ7im%2BCxTturBZiusCsKQ%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 8346ba04a9fdbbc1-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-mftjk

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
947 B 184ms
175ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=813894649&v=1.1&a=19526976&pi=126785052953&ct=blog-post&ccu=https%3A%2F%2Fblog.merklescience.com%2Fhacktrack%2Fhackers-drain-over-3-million-from-defi-protocol-conic-finance&cpi=126785052953&cgi=49861501209&lpi=126785052953&lvi=126785052953&lvc=en-us&pu=https%3A%2F%2Fblog.merklescience.com%2Fhacktrack%2Fhackers-drain-over-3-million-from-defi-protocol-conic-finance&t=Hack+Track%3A+Investigating+Conic+Finance+Flow+of+Funds&cts=1702392069873&vi=9c47a74edbba3592f4cfabe66f70a535&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f530ee58-9e28-47ec-b7a9-2d16c7b03625
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 25
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f530ee58-9e28-47ec-b7a9-2d16c7b03625
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2FUrkW%2FXds%2FMx5ooOrHgym%2F8Am9RlxSwaVzsEGckXhaclVzB42jbeFcaHwX9iosdH2N1h5jS9e2eBfv01rJVrJyhXNXF7Uas%2FXTkFLR8u1EWX0%2FmyfaA6Sq0%2B%2FEv9knfLbCo4OBoX3EtztDyd4bB"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7556df69f8-lfmjw
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8346ba04c8244d7a-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
915 B 159ms
154ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=b3854a1c-0ab5-4093-97af-cff47598678e&fci=9eaabcc4-c80e-463b-91cd-fb6f1e1c1cf5&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=813894649&v=1.1&a=19526976&pi=126785052953&ct=blog-post&ccu=https%3A%2F%2Fblog.merklescience.com%2Fhacktrack%2Fhackers-drain-over-3-million-from-defi-protocol-conic-finance&cpi=126785052953&cgi=49861501209&lpi=126785052953&lvi=126785052953&lvc=en-us&pu=https%3A%2F%2Fblog.merklescience.com%2Fhacktrack%2Fhackers-drain-over-3-million-from-defi-protocol-conic-finance&t=Hack+Track%3A+Investigating+Conic+Finance+Flow+of+Funds&cts=1702392069873&vi=9c47a74edbba3592f4cfabe66f70a535&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 46ebf9e8-6c8a-4948-b1fc-d08d8a923f22
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 15
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 46ebf9e8-6c8a-4948-b1fc-d08d8a923f22
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PeTrQ1Bc2%2BjdXL3LI5tjgTLPLepFL9MzVF5thfVY9JVxxTl8tyPa3tUK5IDCOXScmPkVzNC355PawAv12QB9qTnqXrpbt2Wh3I0vJ%2FRzGGSvs7OMSl%2FK5bO06iYY1%2FLb91uubCesOlAD2GJFzflJ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7556df69f8-btqjb
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8346ba04c8284d7a-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
740 B 161ms
159ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=b0d41fdb-1517-491c-aa51-b153076f4c9b&fci=dd559d97-48d8-402c-a5f9-013611f24942&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=813894649&v=1.1&a=19526976&pi=126785052953&ct=blog-post&ccu=https%3A%2F%2Fblog.merklescience.com%2Fhacktrack%2Fhackers-drain-over-3-million-from-defi-protocol-conic-finance&cpi=126785052953&cgi=49861501209&lpi=126785052953&lvi=126785052953&lvc=en-us&pu=https%3A%2F%2Fblog.merklescience.com%2Fhacktrack%2Fhackers-drain-over-3-million-from-defi-protocol-conic-finance&t=Hack+Track%3A+Investigating+Conic+Finance+Flow+of+Funds&cts=1702392069874&vi=9c47a74edbba3592f4cfabe66f70a535&nc=true&ce=false&cc=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 42f34ff2-b8a7-4a36-887e-ab237e4c761c
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 16
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 42f34ff2-b8a7-4a36-887e-ab237e4c761c
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z1ScRNtENLL1VqkXpFD4hXnHxdtcd1O5lvKAN9b%2BwYGROo7H3iEcgmOCFgB5e2QNApeT6LuI%2FzyKxPHje33iKt5%2BCL6jt4TyCYjFwc4YXNiatJahlLxwaXXd7nf3iPYlCPuJm30Ml%2Bcvot7qOIpo"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7556df69f8-mpn29
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8346ba04c82b4d7a-FRA
x-robots-tag: none

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 116 B
460 B 125ms
125ms XHR
application/json 2606:4700::6811:589a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=19526976&utk=9c47a74edbba3592f4cfabe66f70a535

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:589a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8630d0e97c92c24d332ac18c63c33ca06bba0ebe441df470e742ad0069ea49e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: b9a2b37c-0afc-480e-a40d-4d34971e4663
x-envoy-upstream-service-time: 9
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: b9a2b37c-0afc-480e-a40d-4d34971e4663
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://blog.merklescience.com
x-evy-trace-virtual-host: all
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-r5ffn
access-control-max-age: 180
x-robots-tag: none
access-control-allow-headers: *
cf-ray: 8346ba04eaf31c0b-FRA

GET
H2 200 zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ Frame 3865 19 KB
19 KB 170ms
55ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYXgKVElMYYaJe8bpLHnCwDKhdHeFQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=IBM%20Plex%20Sans:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 00:41:06 GMT
x-content-type-options: nosniff
age: 50404
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19156
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:04:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 00:41:06 GMT

GET
H2 200 zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2
fonts.gstatic.com/s/ibmplexsans/v19/ Frame 3865 19 KB
19 KB 188ms
74ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v19/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=IBM%20Plex%20Sans:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://blog.merklescience.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 09:05:29 GMT
x-content-type-options: nosniff
age: 20141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19440
x-xss-protection: 0
last-modified: Tue, 02 May 2023 16:08:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 11 Dec 2024 09:05:29 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
588 B 125ms
125ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 90173408-53a2-48be-8f66-fbb003cd8323
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 90173408-53a2-48be-8f66-fbb003cd8323
server: cloudflare
x-trace: 2B788F7512FC772CC7111B327D94D11BB3BA6D1421000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-mhl2k
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8346ba05ac6f381c-FRA

GET
H2 200 anchor Show response
www.google.com/recaptcha/enterprise/ Frame 504E 42 KB
26 KB 78ms
78ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLm1lcmtsZXNjaWVuY2UuY29tOjQ0Mw..&hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&size=invisible&badge=inline&cb=j0ifnk4w8qba

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

77c22883afbce04a6554dd525c1a55c1f92bd8d23923379a21a1348f72bacfa3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5pBwKvklBf4SS7ZgAAokxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-5pBwKvklBf4SS7ZgAAokxQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:41:10 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 1806ms
1775ms Image
image/gif 2606:4700::6812:a07d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a07d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Date: Tue, 12 Dec 2023 14:41:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: ae9289b7-184c-4e42-975f-cd391a2f77b8
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ae9289b7-184c-4e42-975f-cd391a2f77b8
Last-Modified: Tue, 12 Dec 2023 14:41:10 GMT
Server: cloudflare
X-Trace: 2B899C7AF1F077997C20F7ADE61BAC7EA7EE3FBB00000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-tqjjb
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 8346ba063f5a9a03-FRA

GET
H2 200 hs-web-interactive-19526976-127037957654 Show response
merklescience-19526976.hs-sites.com/ Frame F57C 20 KB
7 KB 1939ms
1898ms Document
text/html 2606:4700::6811:ad5d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://merklescience-19526976.hs-sites.com/hs-web-interactive-19526976-127037957654?utk=9c47a74edbba3592f4cfabe66f70a535

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ad5d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d04a7cb9c086e5df25dc0b7c09e261015b87b4484e9711c91b885a0183d6c2b3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=10,max-age=5
cache-tag: CT-127037957654,P-19526976,PGS-ALL,SW-2
cf-cache-status: MISS
cf-ray: 8346ba064fee3a66-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Tue, 12 Dec 2023 14:41:10 GMT
edge-cache-tag: CT-127037957654,P-19526976,PGS-ALL,SW-2
last-modified: Tue, 12 Dec 2023 14:41:10 GMT
link: </_hcms/forms/embed/v3.js>; rel=preload; as=script
server: cloudflare
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 49
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-hs-sites-td/envoy-proxy-5b8f8ff967-62dhf
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-10s
x-hs-content-id: 127037957654
x-hs-hub-id: 19526976
x-hubspot-correlation-id: 8168627c-1740-40f2-ab6e-630ed39e468d
x-request-id: 8168627c-1740-40f2-ab6e-630ed39e468d
x-robots-tag: none
x-trace: 2B9290749DE03628DE3684C5A03CD8A41041F07122000000000000000000

GET
H2 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ Frame 504E 55 KB
25 KB 716ms
38ms Stylesheet
text/css 216.58.212.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLm1lcmtsZXNjaWVuY2UuY29tOjQ0Mw..&hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&size=invisible&badge=inline&cb=j0ifnk4w8qba

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f131.1e100.net

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 07:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26188
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 17:08:31 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Dec 2024 07:24:42 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ Frame 504E 501 KB
200 KB 749ms
72ms Script
text/javascript 216.58.212.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__en.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f131.1e100.net

Software

sffe /

Resource Hash

6788908efcff931e3c0c4fb54a255932414a22e81971dcc1427c8a4f459a1fbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 07:20:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 204921
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 17:08:31 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Dec 2024 07:20:38 GMT

GET
H3 200 lEEM4ZLDLFuvATVvcnxglI8CLvLrSc6BLt7Ue_ua1SM.js Show response
www.google.com/js/bg/ Frame 504E 17 KB
7 KB 947ms
947ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/lEEM4ZLDLFuvATVvcnxglI8CLvLrSc6BLt7Ue_ua1SM.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94410ce192c32c5baf01356f727c60948f022ef2eb49ce812eded47bfb9ad523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLm1lcmtsZXNjaWVuY2UuY29tOjQ0Mw..&hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&size=invisible&badge=inline&cb=j0ifnk4w8qba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 03:06:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41711
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Dec 2024 03:06:00 GMT

GET
H2 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 504E 2 KB
2 KB 38ms
37ms Image
image/png 216.58.212.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f131.1e100.net

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 21:09:58 GMT
x-content-type-options: nosniff
age: 63073
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 18 Dec 2023 21:09:58 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 504E 15 KB
15 KB 994ms
993ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 23:26:56 GMT
x-content-type-options: nosniff
age: 400455
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 23:26:56 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 504E 15 KB
15 KB 1191ms
1191ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 21:01:27 GMT
x-content-type-options: nosniff
age: 495584
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Dec 2024 21:01:27 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/enterprise/ Frame 504E 102 B
134 B 938ms
938ms Other
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

153667004611f8905f074b17b69c32f43b8038f0d95d1341d00a88e48f990a6d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLm1lcmtsZXNjaWVuY2UuY29tOjQ0Mw..&hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&size=invisible&badge=inline&cb=j0ifnk4w8qba
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 12 Dec 2023 14:41:11 GMT

GET
H2 200 v3.js Show response
merklescience-19526976.hs-sites.com/_hcms/forms/embed/ Frame F57C 519 KB
173 KB 77ms
76ms Script
application/javascript 2606:4700::6811:ad5d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://merklescience-19526976.hs-sites.com/_hcms/forms/embed/v3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:ad5d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4173fd4a792a249a152c1b37f649a24d06ef5f5c9c86108bd440d73f3c6b2c1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://merklescience-19526976.hs-sites.com/hs-web-interactive-19526976-127037957654?utk=9c47a74edbba3592f4cfabe66f70a535
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 545
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4270/bundles/project-v3.js&cfRay=8346acc6076d3834-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"a1331683abd79f8ff78158fc61a7c2ec"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.4270/bundles/project-v3.js
date: Tue, 12 Dec 2023 14:41:12 GMT
via: 1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-version-id: TL165C3Q.7D9TMTQL2d52ewnHGuwd4KJ
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: af369724-213b-47cb-ae18-4e62c87f3bdd
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v3-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: af369724-213b-47cb-ae18-4e62c87f3bdd
last-modified: Mon, 11 Dec 2023 15:17:46 UTC
server: cloudflare
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-5qxdk
cf-ray: 8346ba1229dc3a66-FRA
x-amz-cf-id: 8Oc62lvhY3ejDJoFqge7vJ_80YcehgGIZ8ZqV_9SBfh746kkHHw_Tw==

GET
H2 200 web-interactives-container.js Show response
js.hubspot.com/ Frame F57C 26 KB
9 KB 25ms
25ms Script
application/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-container.js

Requested by

Host: merklescience-19526976.hs-sites.com
URL: https://merklescience-19526976.hs-sites.com/hs-web-interactive-19526976-127037957654?utk=9c47a74edbba3592f4cfabe66f70a535

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff40966c40171ef15ce1b463ffc6614fd18d5a627a7ecfd9b15f073ea104355c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://merklescience-19526976.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-encoding: br
age: 434
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-container/static-2.734/bundles/project.js&cfRay=8346af7cddbb4d76-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"ea3fdce89194934cf87436b0132147ed"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-container/static-2.734/bundles/project.js
date: Tue, 12 Dec 2023 14:41:12 GMT
x-amz-version-id: Ziwtvdn8AbjIeMLszjhdzqCHvp_Wghbp
via: 1.1 7c77abdf1c625c25627fe2a24e660a34.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 81dac9eb-594a-47de-a90e-94ab9b6f98b9
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-container-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-request-id: 81dac9eb-594a-47de-a90e-94ab9b6f98b9
last-modified: Thu, 07 Dec 2023 15:50:57 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MVjjoP79M014LEaNlbNh5rP3nmc1AbPsp5Cbg7BLSe%2BCkkMU7NFCRIhumbTJDORDpzYp1597RPC5nE32FWOVdZOfO%2FiNg0JV1MrOi1ryuY7m66dUzZR0F0hDURdRw%2FCkfjOem26tXEc1T0pf"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-b78fbd96d-klp44
cf-ray: 8346ba124e884d7a-FRA
x-amz-cf-id: 1X4rJyo-xash0FJgdE_oXh0kyz9wo0_9szLlhO46lrsVOeyqtD9Ktw==

GET
H3 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.388/ Frame F57C 14 KB
6 KB 36ms
36ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js

Requested by

Host: merklescience-19526976.hs-sites.com
URL: https://merklescience-19526976.hs-sites.com/hs-web-interactive-19526976-127037957654?utk=9c47a74edbba3592f4cfabe66f70a535

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://merklescience-19526976.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:12 GMT
x-amz-version-id: GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via: 1.1 146c0f4d7da9f5b3108ac41c3becbb82.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 290594
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Aug 2023 19:48:57 GMT
server: cloudflare
etag: W/"8741985292d64b839be39c64b14f3783"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YosinYIT5URXTm3QbkdY4wDONHJBiRGIBR2WRQw20hZdm7Fcm4AKivGN3VaB2ptkqAsPpvvANZy9t0Ag14JIy3jgar0jfts6So5T7Hkthn8nKCGCOtysATWF3552RaCuH0VKJ09txEextESL5q6Ye0I1rF8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8346ba12add25d39-FRA
x-amz-cf-id: ppDI2fVVjn9H1jQ1zgLMc3siIb_P-OchPddgUdUA-KB_zV9aIDwDsw==
expires: Wed, 11 Dec 2024 14:41:12 GMT

GET
H3 200 project.js Show response
static.hsappstatic.net/cos-i18n/static-1.53/bundles/ Frame F57C 1 KB
1 KB 34ms
34ms Script
application/javascript 2606:4700::6810:e05d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: merklescience-19526976.hs-sites.com
URL: https://merklescience-19526976.hs-sites.com/hs-web-interactive-19526976-127037957654?utk=9c47a74edbba3592f4cfabe66f70a535

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://merklescience-19526976.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:12 GMT
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
via: 1.1 218c6128df18321f9758e53ccc351448.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA60-P6
age: 1069983
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
server: cloudflare
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QV9tSIyXP1pSQZlLm8VYkip8W%2F84JTfh36d2cTnhOEAclio85R46Z2nSSXoHoYgUazi90Dc1Tay2cLTEBgsowgpn3prI9naUXDTjcKi2cOqhdsI9RR93gQohC8XiFIODppJcqJOHEsTAtsfyY04t7msfs6s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8346ba125d895d39-FRA
x-amz-cf-id: KD6ejsUOx7vO80pg-7J6M7VyxQt6eOrR9osF9k8iJlicpkUYhKsHUg==
expires: Wed, 11 Dec 2024 14:41:12 GMT

GET
H3 200 bframe Show response
www.google.com/recaptcha/enterprise/ Frame 45B3 7 KB
1 KB 65ms
64ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e88f6299588e3bc637ef6ba85851397d39a9fcf65f12f1e65580a5d6dd17e4ce

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-X0g5BgugrW_tt8Xt3SAabg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.merklescience.com/hacktrack/hackers-drain-over-3-million-from-defi-protocol-conic-finance
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-X0g5BgugrW_tt8Xt3SAabg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 12 Dec 2023 14:41:12 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ Frame 45B3 55 KB
24 KB 51ms
51ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 12:15:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8715
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 17:08:31 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Dec 2024 12:15:57 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/ Frame 45B3 501 KB
200 KB 68ms
67ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6788908efcff931e3c0c4fb54a255932414a22e81971dcc1427c8a4f459a1fbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 10:14:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16008
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 204921
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 17:08:31 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Dec 2024 10:14:24 GMT

GET
H3 200 json Show response
merklescience-19526976.hs-sites.com/_hcms/forms/embed/v3/form/19526976/7ea7ed48-c144-4577-be4e-44f21a8f0bb8/ Frame F57C 55 KB
9 KB 219ms
219ms XHR
application/json 2606:4700::6811:ad5d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://merklescience-19526976.hs-sites.com/_hcms/forms/embed/v3/form/19526976/7ea7ed48-c144-4577-be4e-44f21a8f0bb8/json?hs_static_app=forms-embed&hs_static_app_version=1.4270&X-HubSpot-Static-App-Info=forms-embed-1.4270

Requested by

Host: merklescience-19526976.hs-sites.com
URL: https://merklescience-19526976.hs-sites.com/_hcms/forms/embed/v3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:ad5d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

524c69ebd48049e37582329749af9fade080f80eee1d613ff989f3806f5a6f5a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://merklescience-19526976.hs-sites.com/hs-web-interactive-19526976-127037957654?utk=9c47a74edbba3592f4cfabe66f70a535
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-origin-hublet: na1
date: Tue, 12 Dec 2023 14:41:12 GMT
content-security-policy: upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 08b6bc39-1fdc-4c12-9e50-2049a31443ec
x-envoy-upstream-service-time: 63
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 08b6bc39-1fdc-4c12-9e50-2049a31443ec
server: cloudflare
x-trace: 2B8BA1E6CCC8DD5370766060ABC636EEC01448EEF8000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-max-age: 180
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-8mskj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
cf-ray: 8346ba130c849b86-FRA
access-control-allow-headers: *
x-robots-tag: none

POST
H3 200 reload Show response
www.google.com/recaptcha/enterprise/ Frame 45B3 21 KB
16 KB 107ms
107ms XHR
application/json 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/reload?k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

71b62f7f7ffc2235cc737d794f81fb30d5728b195718361d637b03d13729ddc0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Tue, 12 Dec 2023 14:41:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 12 Dec 2023 14:41:12 GMT

GET
H2 400 css2
fonts.googleapis.com/ Frame F57C 0
0 68ms
68ms Stylesheet
text/html 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.googleapis.com/css2?family=sans-serif:wght@400;500;700&display=swap
Requested by: Host: merklescience-19526976.hs-sites.com
URL: https://merklescience-19526976.hs-sites.com/_hcms/forms/embed/v3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://merklescience-19526976.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ Frame F57C 35 B
589 B 175ms
175ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v3-DEFINITION_SUCCESS&count=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://merklescience-19526976.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c8bbaf27-72a3-48c5-996a-585da09f3d6d
x-envoy-upstream-service-time: 26
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c8bbaf27-72a3-48c5-996a-585da09f3d6d
server: cloudflare
x-trace: 2B00142CD04AC1D4EF56AFB6999451C07324685A7E000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-f8rcm
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8346ba149963381c-FRA

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ Frame F57C 35 B
590 B 141ms
141ms Image
image/gif 2606:4700::6811:eff9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v3-RENDER_SUCCESS&count=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://merklescience-19526976.hs-sites.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e2cc807e-0415-449f-9975-b25562243077
x-envoy-upstream-service-time: 13
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e2cc807e-0415-449f-9975-b25562243077
server: cloudflare
x-trace: 2B53C10D90EB8C74E34D86FF077ADCB3939F626C62000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-fc678f645-w8q7s
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8346ba149964381c-FRA

GET
H3 200 refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 45B3 600 B
624 B 53ms
53ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/refresh_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 23:35:24 GMT
x-content-type-options: nosniff
age: 54348
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 600
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 18 Dec 2023 23:35:24 GMT

GET
H3 200 audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 45B3 530 B
554 B 54ms
53ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/audio_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 09:05:07 GMT
x-content-type-options: nosniff
age: 20165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 530
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Tue, 19 Dec 2023 09:05:07 GMT

GET
H3 200 info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 45B3 665 B
689 B 54ms
54ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/info_2x.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 10:00:32 GMT
x-content-type-options: nosniff
age: 276040
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 665
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Sat, 16 Dec 2023 10:00:32 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 45B3 15 KB
15 KB 51ms
51ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 23:26:56 GMT
x-content-type-options: nosniff
age: 400456
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 23:26:56 GMT

GET
H3 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 45B3 15 KB
15 KB 75ms
74ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:34:06 GMT
x-content-type-options: nosniff
age: 76026
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15340
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 10 Dec 2024 17:34:06 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 45B3 15 KB
15 KB 55ms
55ms Font
font/woff2 2a00:1450:4001:801::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 21:01:27 GMT
x-content-type-options: nosniff
age: 495585
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Dec 2024 21:01:27 GMT

GET
H3 200 lEEM4ZLDLFuvATVvcnxglI8CLvLrSc6BLt7Ue_ua1SM.js Show response
www.google.com/js/bg/ Frame 45B3 17 KB
7 KB 53ms
53ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/lEEM4ZLDLFuvATVvcnxglI8CLvLrSc6BLt7Ue_ua1SM.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/cwQvQhsy4_nYdnSDY4u7O5_B/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94410ce192c32c5baf01356f727c60948f022ef2eb49ce812eded47bfb9ad523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 03:06:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 41712
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 11 Dec 2024 03:06:00 GMT

GET
H3 200 payload
www.google.com/recaptcha/enterprise/ Frame 45B3 14 KB
14 KB 63ms
63ms Image
image/jpeg 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/recaptcha/enterprise/payload?p=06AFcWeA5M8LEt-XZTdEb9P5JoyQ9w7qP0SKRCre3dQ51qzAP8HohR0pnky1TJbkzCFdYluTbL2gax_faLC6VaOAAO_Lu386_xt1_Va3_ZFD_2ZLtq4A40yMkk0NWAIJjzDxO_yITI08QJlAw0aK0z78rmidXdMdSCZSX_GOKmP0QLJcI_ldsCuN33qCmVdjvHGXkyp27WICEy5PZrGpjtvK1lQIAGg2ssDw&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3abc86b8eb84018bfa21ac0936ac039a87ba190117f13bb0981a270628b18b7a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=cwQvQhsy4_nYdnSDY4u7O5_B&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 12 Dec 2023 14:41:12 GMT
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: image/jpeg
cache-control: private, max-age=30
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 12 Dec 2023 14:41:12 GMT

Verdicts & Comments Add Verdict or Comment

90 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 21:12:24	Name: _GRECAPTCHA Value: 09APfP6pV-KJIl42yzAcgV8jvHWj1liAk6InaaFm1gNr48BIbIl7c6D3nRTvc92ylxL4BGlFH3INGphviShQ3hhXY
.blog.merklescience.com/	1970-01-20 16:53:13	Name: __cf_bm Value: CTP.Nu8cIvSj4vF5UWVPl5jm4azD6_ENJM5eeYn8r9s-1702392068-1-ATSFkbEu38zd32F/YSpsQWwygoBsxtPl+7eX16CqhNhVtDZTe4YRXsWgHzU+kdkgl1N/maNplNJ8WW4y4JYRFIo=
.blog.merklescience.com/	1969-12-31 23:59:59	Name: __cfruid Value: e39d2ac070c9dc9a9da8a3e1cc27d059b8fabf5e-1702392068
.hubspot.com/	1970-01-20 16:53:13	Name: __cf_bm Value: rXhk_NDw1uhaNWSeQU0C9gEJv6Af84rhJz.mc1CeIvk-1702392070-1-AdW99Jroxdf4aZ9YBQXn9ehcXQ0cJ0qZi4f1FsHpG1cqW+n7YTTTdt+NKPnAWKLoXrEX7Tn5UrghHucqfE6f7xo=
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: a4q2XjF5L29oAJm98dcb_xk1CmmdsNqkrVjNED81Msc-1702392070055-0-604800000
.hs-sites.com/	1969-12-31 23:59:59	Name: __cfruid Value: 59e922bdfde903294b145e5c147f9ad836591d12-1702392070

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://fonts.googleapis.com/css2?family=sans-serif:wght@400;500;700&display=swap Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.hubspot.com
blog.merklescience.com
connect.facebook.net
consent.cookiebot.com
consentcdn.cookiebot.com
cta-service-cms2.hubspot.com
f.hubspotusercontent20.net
fonts.googleapis.com
fonts.gstatic.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
imgsct.cookiebot.com
js.hs-analytics.net
js.hs-banner.com
js.hscollectedforms.net
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
lh5.googleusercontent.com
lh6.googleusercontent.com
merklescience-19526976.hs-sites.com
perf-na1.hsforms.com
platform.linkedin.com
platform.twitter.com
secure.glue1lazy.com
static.hsappstatic.net
syndication.twitter.com
track.hubspot.com
www.google.com
www.gstatic.com
104.244.42.8
216.58.212.131
2606:2800:234:59:254c:406:2366:268c
2606:2c40::c73c:6702
2606:4700:4400::6812:22e5
2606:4700::6810:4dba
2606:4700::6810:88ce
2606:4700::6810:e05d
2606:4700::6811:4fe4
2606:4700::6811:589a
2606:4700::6811:ad5d
2606:4700::6811:eff9
2606:4700::6812:7e0c
2606:4700::6812:a07d
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:bdf::63
2a00:1450:4001:801::2003
2a00:1450:4001:813::2004
2a00:1450:4001:830::2001
2a00:1450:4001:830::2003
2a00:1450:4001:831::200a
2a02:26f0:3500:18::1724:a29a
2a02:26f0:3500:887::f09
2a03:2880:f084:d:face:b00c:0:3
51.11.20.152
078a838f0e1e77b39512df1902c5197ac824cfb8d6f13e988126a8bdf597edb2
0ad17c7d661733bbf1cfe9bc6e85033bfed43c87c94cb72ba02f484adf1593c0
107421257f16d9e3ada526b40bd4bd20a4c7bb80e2bf5afa4b71f1b78dd14d9c
153667004611f8905f074b17b69c32f43b8038f0d95d1341d00a88e48f990a6d
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
19e75eaeea97b121932d5b44d8e8741b70c244680dae076cd9685e664886a3a5
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1c37f7689196987685e9f5796ba50d468b10da6b4217a14366c234aa82791f2c
2990ede7e15ca9061ae605aaf9919fb1bcd880500f60ce3b235deb56ba5ea2c0
2ba983303dbaf3c9b5048cdc778374588c5146689ccfa5e366e4dd325051a532
2ee773ef677420cdeb136e974fcef8ed7c10c1302fff8a9846acd53434cacb8b
302da628a6afc3e93f1b86bf7c65e4d6536d8283d78266964822a76d1c645aa4
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
36214efdcc9274cca7639e17d7856d94283d9148f5e178ecc7d724c6e8826127
3abc86b8eb84018bfa21ac0936ac039a87ba190117f13bb0981a270628b18b7a
3b00b0e07aab17f5a26a07570ad5b985a991cce2c5315e54b69182f47b139b8d
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
41f9004980b00e13d2550d0fd037632a83ba59f30f993b8e5d27f3cca0e3865f
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
4634b4ca5bddc17936a30d28ca693f195ea317a271722b08c2a43dfa5e87ca87
4a08ed90c1aed6f1f90cc275dc8b67d8e8c94740a0cbfe922c5e6d2cb8fcbef7
4e9126c0347aa2dd43ddce874ce38625ac0e2958f30fd57e6143e8d3addb3c2f
524c69ebd48049e37582329749af9fade080f80eee1d613ff989f3806f5a6f5a
529008fc82fc662095ea98fdb285d36ddc0ee92faf882ee4d7c36cb75cad1163
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5bc90b7fbdf8a7c6ecf980a22c978b2a6258b34f29bfd469fa2404edd880378f
62a858e232d5ce3f0fc614ff57bb931465c62efbbed062faa13e45a20c46e746
66746cd2b188106bedc2a274591c1c43282ef7a18eebf436d1ee24620b0a01fc
6788908efcff931e3c0c4fb54a255932414a22e81971dcc1427c8a4f459a1fbf
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b02bab3794bcca0f74d09c78beab341f44324ddb3fd912a4bc62029ad3a66f0
70c00445d6632039ed99af760731daf3bf60eb12061863ee61e2cd7276a54d18
71b62f7f7ffc2235cc737d794f81fb30d5728b195718361d637b03d13729ddc0
72d422ca01aa5059f41ff11b170fe69f993a39c7b0b06dc17fd072866b187d83
738e5435f2d18427d291a0d6289eee0ebbc87b596d6003919f255760ac293104
76396f18d71b5e1d7d37fbfa3258a1a81565df85802c123f52eb15390cfbd046
77c22883afbce04a6554dd525c1a55c1f92bd8d23923379a21a1348f72bacfa3
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
7967f6623767c38bd0c698866476d05d20fb0308e6f05d8425226acaa7bbb971
79f24cb999cabf0888cbca393a01b64aa1e0c021cc4376ce88fe7111db86b5ab
8630d0e97c92c24d332ac18c63c33ca06bba0ebe441df470e742ad0069ea49e4
89992d848d634533bbd9c007775517c27608dd4b090843c5c36641161a4db6fb
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8f58d0ae890ca47f7c1496be13d8ccd803fe7fa79c8eaa3721b36cd92e7b5aab
94410ce192c32c5baf01356f727c60948f022ef2eb49ce812eded47bfb9ad523
979ac57cebfc873ad20348fd26e87974c749c3a103a1d836923a8ac4470c28b5
9af90e463680b5bd2273abffa8e139716b8df941ef949b07f60590ff4c38dc04
9b69e7551f08f1ac9de61d1020ea26335ed136a2c3149408c0ddd581d1ef5d00
a29f55d77e89c71c1b875129d6108c53a6efdb8c968c0ec556ee9ab94997125c
a4173fd4a792a249a152c1b37f649a24d06ef5f5c9c86108bd440d73f3c6b2c1
a59a536f6a35976c81d050cc1f734740643674e9736ae066f85213a5535e7a0a
b110522096134b90d8ef42c98b7d7e7963cba6b8814671193ae0db7cf9f50de8
bd3805b227787879e59145148e2ec1647cd0b7a04d27072fc5f2bd477a9abd65
be80a025e17d0fc4075b4a9976d22ce459de4a1e809826e2175ae908c2597781
bec065ae320fed4bb93d09440a473e82958293c8daf9371354588ece80588d15
bfad04a05cf8cca805c9d5b3965f4f0f08f42f94223f2b0f2d0440f05d30065a
c35499bd7186b3cf6aa65ac248a2d8076e19ee23861e4dc81cbeddcba89d079a
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
ca725ff5868dd217cbeddea844518a637e23559ca5a3f57287a20e8a34d76b8f
cad53afdb2f3f8d8d5781fdd825eaf42f2a1ec41dce83713959578d16ff23439
d04a7cb9c086e5df25dc0b7c09e261015b87b4484e9711c91b885a0183d6c2b3
d5f093f8260fef06b267dfac6fa678a8cb47d930c7c9c85465937914a3f1a9d8
db71f8a28ad8501544fb4e7668e3c6d0b731760b6f20de3525ebaeba597f1922
db949bcd5493c11ceacbe4eb58c6e0c8879d5728823be2b115ea12e02df1d3f1
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de3147a77ca7a0b0c635b457b3ad39ed65176476d2a4b0d53dda9e196c1c889d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6bd20c0013312a1c79b2db14e7a45a81183339926ba0f9fd6fbc5c2c087c36f
e88f6299588e3bc637ef6ba85851397d39a9fcf65f12f1e65580a5d6dd17e4ce
ea5a7047f3c770bc7890c2120666b2100ea49b12ea23bee0498e8660e3c21120
f2e3b3ad5ce12b6ff8a8194399b67b63301f4aa7bd4ff7fb5beed53c88f8ec4b
f43629513a2a8b176c9e28babba727df8566992c7639500928cfc02ffdef4ea7
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
ff40966c40171ef15ce1b463ffc6614fd18d5a627a7ecfd9b15f073ea104355c
fff71a83690454ee6ea9014780a6797408918cb90cde1f0f3be65ea28a03c678

blog.merklescience.com Open in urlscan Pro 2606:2c40::c73c:6702 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

104 Requests

100 %HTTPS

88 %IPv6

20 Domains

31 Subdomains

26 IPs

3 Countries

3740 kBTransfer

8857 kBSize

6 Cookies

25 Outgoing links

Redirected requests

104 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.merklescience.com Open in urlscan Pro
2606:2c40::c73c:6702 Public Scan

Screenshot
Live screenshot

Full Image

104
Requests

100 %
HTTPS

88 %
IPv6

20
Domains

31
Subdomains

26
IPs

3
Countries

3740 kB
Transfer

8857 kB
Size

6
Cookies

104 HTTP transactions
0 data transactions