urlscan.io logo urlscan.io
SecurityTrails logo

www.inky.com Open in urlscan Pro
199.60.103.254  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2...
Effective URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?ut...
Submission: On October 08 via api from SE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 39 IPs in 5 countries across 31 domains to perform 142 HTTP transactions. The main IP is 199.60.103.254, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.inky.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 7th 2021. Valid for: a year.
This is the only time www.inky.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 104.18.31.105 13335 (CLOUDFLAR...)
1 1 104.18.10.52 13335 (CLOUDFLAR...)
68 199.60.103.254 209242 (CLOUDFLAR...)
5 104.19.147.8 13335 (CLOUDFLAR...)
1 152.199.22.144 15133 (EDGECAST)
1 104.17.243.204 13335 (CLOUDFLAR...)
2 104.21.78.7 13335 (CLOUDFLAR...)
1 216.58.212.138 15169 (GOOGLE)
3 172.217.16.136 15169 (GOOGLE)
4 142.250.185.163 15169 (GOOGLE)
2 157.240.20.19 32934 (FACEBOOK)
4 93.184.220.66 15133 (EDGECAST)
4 104.19.155.83 13335 (CLOUDFLAR...)
2 142.250.74.206 15169 (GOOGLE)
1 2 142.250.184.226 15169 (GOOGLE)
1 2.16.186.10 20940 (AKAMAI-ASN1)
1 35.168.195.200 14618 (AMAZON-AES)
4 3.223.38.51 14618 (AMAZON-AES)
1 104.18.1.92 13335 (CLOUDFLAR...)
2 8 18.66.139.50 16509 (AMAZON-02)
1 151.139.243.18 33438 (HIGHWINDS2)
1 18.66.112.122 16509 (AMAZON-02)
1 104.16.18.94 13335 (CLOUDFLAR...)
3 104.18.21.191 13335 (CLOUDFLAR...)
1 104.17.69.176 13335 (CLOUDFLAR...)
1 104.17.128.171 13335 (CLOUDFLAR...)
1 2 108.174.11.85 14413 (LINKEDIN)
1 1 13.107.42.14 8068 (MICROSOFT...)
2 142.250.186.162 15169 (GOOGLE)
2 54.90.31.9 14618 (AMAZON-AES)
1 206.19.49.24 7018 (ATT-INTER...)
1 74.125.133.156 15169 (GOOGLE)
2 142.250.185.99 15169 (GOOGLE)
1 104.19.154.83 13335 (CLOUDFLAR...)
2 104.244.42.200 13414 (TWITTER)
3 172.217.16.132 15169 (GOOGLE)
4 142.250.185.227 15169 (GOOGLE)
1 52.18.183.31 16509 (AMAZON-02)
1 104.16.88.5 13335 (CLOUDFLAR...)
1 157.240.20.15 32934 (FACEBOOK)
142 39
2    104.18.31.105 (None, )

ASN13335 (CLOUDFLARENET, US)
d11dxp04.na1.hubspotlinks.com
1    104.18.10.52 (None, )

ASN13335 (CLOUDFLARENET, US)
hubs.li
68    199.60.103.254 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
www.inky.com
5    104.19.147.8 (None, )

ASN13335 (CLOUDFLARENET, US)
script.crazyegg.com
1    152.199.22.144 (United States)

ASN15133 (EDGECAST, US)
platform.linkedin.com
1    104.17.243.204 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
2    104.21.78.7 (None, )

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
1    216.58.212.138 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f138.1e100.net
fonts.googleapis.com
3    172.217.16.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f8.1e100.net
www.googletagmanager.com
4    142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net
fonts.gstatic.com
2    157.240.20.19 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-frt3.fbcdn.net
connect.facebook.net
4    93.184.220.66 (London, United Kingdom)

ASN15133 (EDGECAST, US)
platform.twitter.com
4    104.19.155.83 (None, )

ASN13335 (CLOUDFLARENET, US)
app.hubspot.com
track.hubspot.com
2    142.250.74.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f14.1e100.net
www.google-analytics.com
2    142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net
www.googleadservices.com
1    2.16.186.10 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-10.deploy.static.akamaitechnologies.com
snap.licdn.com
1    35.168.195.200 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-168-195-200.compute-1.amazonaws.com
cdn.callrail.com
4    3.223.38.51 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-223-38-51.compute-1.amazonaws.com
tags.srv.stackadapt.com
1    104.18.1.92 (None, )

ASN13335 (CLOUDFLARENET, US)
trk.techtarget.com
8    18.66.139.50 (United States)

ASN16509 (AMAZON-02, US)
s.adroll.com
1    151.139.243.18 (United States)

ASN33438 (HIGHWINDS2, US)
cdns.canddi.com
1    18.66.112.122 (United States)

ASN16509 (AMAZON-02, US)
assets.convertiv.com
1    104.16.18.94 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    104.18.21.191 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    104.17.69.176 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
1    104.17.128.171 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
2    108.174.11.85 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-11-85.fwd.linkedin.com
px.ads.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
2    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
googleads.g.doubleclick.net
2    54.90.31.9 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-31-9.compute-1.amazonaws.com
sp.inky.com
1    206.19.49.24 (United States)

ASN7018 (ATT-INTERNET4, US)
apt.techtarget.com
1    74.125.133.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f156.1e100.net
stats.g.doubleclick.net
2    142.250.185.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f3.1e100.net
www.gstatic.com
1    104.19.154.83 (None, )

ASN13335 (CLOUDFLARENET, US)
forms.hubspot.com
2    104.244.42.200 (United States)

ASN13414 (TWITTER, US)
syndication.twitter.com
3    172.217.16.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f4.1e100.net
www.google.com
4    142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net
www.google.de
1    52.18.183.31 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-183-31.eu-west-1.compute.amazonaws.com
d.adroll.com
1    104.16.88.5 (None, )

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
1    157.240.20.15 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-shv-02-frt3.facebook.com
web.facebook.com
Apex Domain
Subdomains		 Transfer
70 inky.com
www.inky.com
sp.inky.com
1 MB
9 adroll.com
s.adroll.com
d.adroll.com
78 KB
6 twitter.com
platform.twitter.com
syndication.twitter.com
148 KB
6 gstatic.com
fonts.gstatic.com
www.gstatic.com
114 KB
5 hubspot.com
app.hubspot.com
forms.hubspot.com
track.hubspot.com
3 KB
5 crazyegg.com
script.crazyegg.com
26 KB
4 google.de
www.google.de
895 B
4 stackadapt.com
tags.srv.stackadapt.com
7 KB
4 linkedin.com
platform.linkedin.com
px.ads.linkedin.com
www.linkedin.com
64 KB
3 google.com
www.google.com
784 B
3 doubleclick.net
googleads.g.doubleclick.net
stats.g.doubleclick.net
3 KB
3 hs-banner.com
js.hs-banner.com
16 KB
3 googletagmanager.com
www.googletagmanager.com
160 KB
2 techtarget.com
trk.techtarget.com
apt.techtarget.com
2 KB
2 googleadservices.com
www.googleadservices.com
15 KB
2 google-analytics.com
www.google-analytics.com
20 KB
2 facebook.net
connect.facebook.net
78 KB
2 fontawesome.com
use.fontawesome.com
86 KB
2 hubspotlinks.com
d11dxp04.na1.hubspotlinks.com
3 KB
1 facebook.com
web.facebook.com
2 KB
1 hsforms.com
forms.hsforms.com
520 B
1 hscollectedforms.net
js.hscollectedforms.net
26 KB
1 hs-analytics.net
js.hs-analytics.net
20 KB
1 cloudflare.com
cdnjs.cloudflare.com
3 KB
1 convertiv.com
assets.convertiv.com
30 KB
1 canddi.com
cdns.canddi.com
418 B
1 callrail.com
cdn.callrail.com
312 B
1 licdn.com
snap.licdn.com
2 KB
1 googleapis.com
fonts.googleapis.com
1 KB
1 hubspot.net
cdn2.hubspot.net
2 KB
1 hubs.li
hubs.li
631 B
142 31
Domain Requested by
68 www.inky.com d11dxp04.na1.hubspotlinks.com
www.inky.com
8 s.adroll.com 2 redirects www.googletagmanager.com
www.inky.com
s.adroll.com
5 script.crazyegg.com www.inky.com
www.googletagmanager.com
script.crazyegg.com
4 www.google.de www.inky.com
4 tags.srv.stackadapt.com d11dxp04.na1.hubspotlinks.com
tags.srv.stackadapt.com
4 platform.twitter.com www.inky.com
platform.twitter.com
4 fonts.gstatic.com fonts.googleapis.com
3 track.hubspot.com
3 www.google.com www.inky.com
3 js.hs-banner.com www.inky.com
js.hs-banner.com
3 www.googletagmanager.com www.inky.com
www.googletagmanager.com
2 syndication.twitter.com platform.twitter.com
www.inky.com
2 www.gstatic.com www.googletagmanager.com
www.gstatic.com
2 sp.inky.com assets.convertiv.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 px.ads.linkedin.com 1 redirects www.inky.com
2 www.googleadservices.com 1 redirects www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 connect.facebook.net www.inky.com
connect.facebook.net
2 use.fontawesome.com www.inky.com
use.fontawesome.com
2 d11dxp04.na1.hubspotlinks.com 1 redirects
1 web.facebook.com connect.facebook.net
1 forms.hsforms.com www.inky.com
1 d.adroll.com s.adroll.com
1 forms.hubspot.com js.hscollectedforms.net
1 stats.g.doubleclick.net www.google-analytics.com
1 apt.techtarget.com www.inky.com
1 www.linkedin.com 1 redirects
1 js.hscollectedforms.net www.inky.com
1 js.hs-analytics.net www.inky.com
1 cdnjs.cloudflare.com www.googletagmanager.com
1 assets.convertiv.com d11dxp04.na1.hubspotlinks.com
1 cdns.canddi.com www.googletagmanager.com
1 trk.techtarget.com d11dxp04.na1.hubspotlinks.com
1 cdn.callrail.com www.googletagmanager.com
1 snap.licdn.com www.googletagmanager.com
1 app.hubspot.com www.inky.com
1 fonts.googleapis.com www.inky.com
1 cdn2.hubspot.net www.inky.com
1 platform.linkedin.com www.inky.com
1 hubs.li 1 redirects
142 41
Subject Issuer Validity Valid
hubspotlinks.com
Cloudflare Inc ECC CA-3		 2021-06-17 -
2022-06-16		 a year crt.sh
www.inky.com
Cloudflare Inc ECC CA-3		 2021-06-07 -
2022-06-06		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-05-09 -
2022-05-08		 a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-09-10 -
2022-09-10		 a year crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2021-06-04 -
2022-06-03		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-07-18 -
2021-10-16		 3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-05 -
2021-11-09		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2021-06-26 -
2022-06-25		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-07-15 -
2022-07-20		 a year crt.sh
cdn.callrail.com
Amazon		 2021-03-26 -
2022-04-24		 a year crt.sh
*.srv.stackadapt.com
Amazon		 2020-12-09 -
2022-01-07		 a year crt.sh
s.adroll.com
Amazon		 2021-08-02 -
2022-08-31		 a year crt.sh
cdns.canddi.com
Sectigo RSA Domain Validation Secure Server CA		 2021-09-12 -
2022-10-13		 a year crt.sh
assets.convertiv.com
Amazon		 2021-09-23 -
2022-10-22		 a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2021-09-16 -
2022-03-16		 6 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
sp.inky.com
Amazon		 2021-02-18 -
2022-03-19		 a year crt.sh
*.techtarget.com
Sectigo RSA Domain Validation Secure Server CA		 2019-10-25 -
2021-10-24		 2 years crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-05 -
2022-02-04		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
www.google.de
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
adroll.mgr.consensu.org
Amazon		 2021-09-09 -
2022-10-08		 a year crt.sh
*.google.de
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh

This page contains 4 frames:

Primary Page: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Frame ID: 40BAE89A9D1CD51348C3E2972898798D
Requests: 136 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html?origin=https%3A%2F%2Fwww.inky.com
Frame ID: 39048DB6584A682AEBE43BE6172EDD17
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.58065ae230495f5d9e4b6a916472b2c1.en.html
Frame ID: B4A0250A12899709F18286FCF3086786
Requests: 2 HTTP requests in this frame

Frame: https://web.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df14ab55782c076c%26domain%3Dwww.inky.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.inky.com%252Ff35654e87b72ce8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials&layout=button&locale=en_GB&sdk=joey&share=true&show_faces=false&width=120
Frame ID: 90C916D06803A2EECC26929AF4CAB1CD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Attackers Impersonate U.S. Department of Transportation to Harvest Microsoft Credentials

Page URL History Show full URLs

  1. https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV... Page URL
  2. https://d11dxp04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW... HTTP 307
    https://hubs.li/H0XtR7G0?utm_campaign=2021%20Brand%20Awareness&utm_medium=email&_hsmi=168463... HTTP 301
    https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-micr... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"
Overall confidence: 100%
Detected patterns
  • (?:a|s)\.adroll\.com
Overall confidence: 100%
Detected patterns
  • script\.crazyegg\.com/pages/scripts/\d+/\d+\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

142
Requests

100 %
HTTPS

0 %
IPv6

31
Domains

41
Subdomains

39
IPs

5
Countries

2374 kB
Transfer

4901 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7hRDrKW6BWQc81NcjGnW5KkBlh8mJKQjW4Ys2hY8Sps3wW4RQKZ14rF7ryW8bR9q86XCNMMW8CLS7B63qpzfW17rBjC66GQDYW4bSxPB65-CyvW61RhWs4mPTShVD-q-H2VrfWtN7y_vPldLs_T31Qw1 Page URL
  2. https://d11dxp04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7hRDrKW6BWQc81NcjGnW5KkBlh8mJKQjW4Ys2hY8Sps3wW4RQKZ14rF7ryW8bR9q86XCNMMW8CLS7B63qpzfW17rBjC66GQDYW4bSxPB65-CyvW61RhWs4mPTShVD-q-H2VrfWtN7y_vPldLs_T31Qw1?_ud=76ba8462-cc09-4025-91ee-bee5abc58888&_ch=p&_pr2=p&_pl=3&_lg=en-US,en&_dr=p&_ts=p HTTP 307
    https://hubs.li/H0XtR7G0?utm_campaign=2021%20Brand%20Awareness&utm_medium=email&_hsmi=168463925&_hsenc=p2ANqtz-8lA8u1P7U8bab8vbGcI-dAc67hy4xRYZd1oJyICsFarJU-17AT95D8RF0pwiPRaxS2DpeVDv7ywk2UAjMSrIhlOniRQGHnIODo7ga8aeHl0FlMbTM&utm_content=168463925&utm_source=hs_email HTTP 301
    https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 100
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1303356&time=1633702277811&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1303356%26time%3D1633702277811%26url%3Dhttps%253A%252F%252Fwww.inky.com%252Fblog%252Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%253Futm_content%253D180073276%2526utm_medium%253Dsocial%2526utm_source%253Dlinkedin%2526hss_channel%253Dlcp-10363650%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1303356&time=1633702277811&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&liSync=true
Request Chain 102
  • https://s.adroll.com/j/exp/VE72WIA6JJAITAM4PZOSV5/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 103
  • https://s.adroll.com/j/pre/VE72WIA6JJAITAM4PZOSV5/EO6PKOTODNGPVLDZHH27JW/fpconsent.js HTTP 302
  • https://s.adroll.com/j/pre/index.js
Request Chain 124
  • https://www.googleadservices.com/pagead/conversion/829684701/wcm?cc=ZZ&dn=18337274659&cl=KSYMCJfT_oYBEN33z4sD&ct_eid=2 HTTP 302
  • https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18337274659&cl=KSYMCJfT_oYBEN33z4sD

142 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7...
d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7hRDrKW6BWQc81NcjGnW5KkBlh8mJKQjW4Ys2hY8Sps3wW4RQKZ14rF7ryW8bR9q86XCNMMW8CLS7B63qpzfW17rBjC66GQDYW4bSxPB65-CyvW61RhWs4mPTShVD-q-H2VrfWtN7y_vPldLs_T31Qw1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.31.105 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
d11dxp04.na1.hubspotlinks.com
:scheme
https
:path
/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7hRDrKW6BWQc81NcjGnW5KkBlh8mJKQjW4Ys2hY8Sps3wW4RQKZ14rF7ryW8bR9q86XCNMMW8CLS7B63qpzfW17rBjC66GQDYW4bSxPB65-CyvW61RhWs4mPTShVD-q-H2VrfWtN7y_vPldLs_T31Qw1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Fri, 08 Oct 2021 14:11:16 GMT
content-type
text/html;charset=utf-8
x-robots-tag
none
referrer-policy
no-referrer
vary
Accept-Encoding
x-hubspot-correlation-id
99f3a651-1b7f-4c7b-8bee-1e09d3ff1cdb
access-control-allow-credentials
false
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
69aff5188e444eda-FRA
content-encoding
br
Primary Request attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials
www.inky.com/blog/
Redirect Chain
  • https://d11dxp04.na1.hubspotlinks.com/events/public/v1/encoded/track/tc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R...
  • https://hubs.li/H0XtR7G0?utm_campaign=2021%20Brand%20Awareness&utm_medium=email&_hsmi=168463925&_hsenc=p2ANqtz-8lA8u1P7U8bab8vbGcI-dAc67hy4xRYZd1oJyICsFarJU-17AT95D8RF0pwiPRaxS2DpeVDv7ywk2UAjMSrIhl...
  • https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
101 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Requested by
Host: d11dxp04.na1.hubspotlinks.com
URL: https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7hRDrKW6BWQc81NcjGnW5KkBlh8mJKQjW4Ys2hY8Sps3wW4RQKZ14rF7ryW8bR9q86XCNMMW8CLS7B63qpzfW17rBjC66GQDYW4bSxPB65-CyvW61RhWs4mPTShVD-q-H2VrfWtN7y_vPldLs_T31Qw1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
78e9692792add64aa8fb3866cfe91a0336544268cbd70dd6e2c21136039cb047
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

:method
GET
:authority
www.inky.com
:scheme
https
:path
/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7hRDrKW6BWQc81NcjGnW5KkBlh8mJKQjW4Ys2hY8Sps3wW4RQKZ14rF7ryW8bR9q86XCNMMW8CLS7B63qpzfW17rBjC66GQDYW4bSxPB65-CyvW61RhWs4mPTShVD-q-H2VrfWtN7y_vPldLs_T31Qw1

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-type
text/html;charset=utf-8
cf-ray
69aff520dc5343b8-FRA
age
285
cache-control
s-maxage=7200,max-age=5
link
</hs/hsstatic/AsyncSupport/static-1.94/js/post_listing_asset.js>; rel=preload; as=script, </hs/hsstatic/HubspotToolsMenu/static-1.109/js/index.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
strict-transport-security
max-age=31536000
vary
Accept-Encoding
cf-cache-status
HIT
access-control-allow-credentials
false
content-security-policy
upgrade-insecure-requests
edge-cache-tag
CT-54734389294,CG-5913297540,P-4660171,L-14051831279,CW-14051610622,CW-14053561211,CW-44231347507,DB-4024336,E-14049870587,E-14051298449,E-14051610620,E-14051612624,E-40877894021,E-44231830628,E-44244669578,E-44244669595,E-44244669625,E-44284682773,E-46932362324,E-47113205407,E-47485630295,E-47691030292,MENU-14457366733,MENU-14457367717,MENU-44285776184,MENU-44632186250,PGS-ALL,SW-2
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
referrer-policy
no-referrer-when-downgrade
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
x-hs-content-id
54734389294
x-hs-hub-id
4660171
x-hubspot-correlation-id
becbc6b9-05c5-42a8-bd9d-99fcfe05e785
x-powered-by
HubSpot
x-trace
2BA07730A885236395D06E199CAA876F9B91D432A8000000000000000000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SAYx%2F9x7xT%2FiPAf1MvxDb8MTtKs8F3WnrtFXVt85vHzsW7yxlEfqU%2FEi%2BeKb8F9m%2Bry6281JZaJdzK5ObGRVibdhKOaBIEIEygHME0Ul1itpPGMZmLzBrib7miLHYA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277; path=/; domain=.www.inky.com; HttpOnly; Secure; SameSite=None
server
cloudflare
content-encoding
br
cf-h2-pushed
</hs/hsstatic/AsyncSupport/static-1.94/js/post_listing_asset.js>,</hs/hsstatic/HubspotToolsMenu/static-1.109/js/index.js>,</hs/hsstatic/cos-i18n/static-1.37/bundles/project.js>,</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>,</hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js>,</_hcms/forms/v2.js>

Redirect headers

date
Fri, 08 Oct 2021 14:11:17 GMT
x-trace
2B2497C75A45D2F1ABDE26C07613FBCA3969528273000000000000000000
x-robots-tag
none
link
<https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650>; rel="canonical"
location
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
referrer-policy
no-referrer
x-hubspot-correlation-id
a00b69d9-df26-462a-bfcf-431331d48788
access-control-allow-credentials
false
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
69aff51ddb16e003-FRA
post_listing_asset.js
www.inky.com/hs/hsstatic/AsyncSupport/static-1.94/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs/hsstatic/AsyncSupport/static-1.94/js/post_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a7d6a52225baae5c38ae3c75b025f025798ab05aed480fa2d4650fb94efc90e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 24626a7ea6ae1a3cf25ff10af1f89348.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
17255336
x-amz-server-side-encryption
AES256
cf-ray
69aff5212cf943b8-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
MUC50-C1
content-encoding
br
last-modified
Thu, 04 Feb 2021 19:41:00 GMT
server
cloudflare
etag
W/"a058929d27817bc3ab980554f0b7b6b6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9qzieqvWxALDoGCdKozjkK8R1r9ICLhr7rij3UaWfy7n3xXNt3%2BMAJlJo3eATCN%2F%2FP80aFy2TbTIWauDr2c5BU%2BuGJfumTa0tkh1TlU6poY9pNqTL%2Fl4MD9CvVHmkw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
vw6NHeRjFw2qMsQaM2YHLdRjrqNqs.9g
cache-control
public, max-age=31536000
set-cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277; path=/; domain=.www.inky.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
SSUK95VZ4VGcB9b7vQuND4qtWnweAiakv60LVA4b9BjMLPPIWA_IOA==
expires
Sat, 08 Oct 2022 14:11:17 GMT
index.js
www.inky.com/hs/hsstatic/HubspotToolsMenu/static-1.109/js/ 		52 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs/hsstatic/HubspotToolsMenu/static-1.109/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
43ac0ae9e90f01a0afabe35cc0aaa377336aac90759e74770251de89db0af44c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 9ab847fabb8c9edbd39cff57c2a2f4c0.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5165248
x-amz-server-side-encryption
AES256
cf-ray
69aff5212cfb43b8-FRA
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
FRA50-C1
content-encoding
br
last-modified
Fri, 06 Aug 2021 19:39:07 GMT
server
cloudflare
etag
W/"d0801ffff23e81a99fd8046c0846ba93"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dj9Uy3TWTf%2BKO9fMedqF5AC5gty3kwg3ewscMZVqJfSy%2B1Kn7dKkogF%2FO1CGL4WpkVq2LJfgnZhuEWt8l4pWPE1W1HATxkugM0omNn92tVylGNHg8BS5HMhvqoisOw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
WCB.Owk3aP2vvRplDI.5pUwB8LkSH.e_
cache-control
public, max-age=31536000
set-cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277; path=/; domain=.www.inky.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
pSsLw65tntFDEdA1Wfzw2gZ1r1sYewn82AJ23gwJ4tbHPJEd6QN2gQ==
expires
Sat, 08 Oct 2022 14:11:17 GMT
project.js
www.inky.com/hs/hsstatic/cos-i18n/static-1.37/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs/hsstatic/cos-i18n/static-1.37/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 e1e056e45a0f8d6bc22b223900511170.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
9673515
x-amz-server-side-encryption
AES256
cf-ray
69aff5212cfd43b8-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
FRA2-C2
content-encoding
br
last-modified
Mon, 14 Jun 2021 16:41:38 GMT
server
cloudflare
etag
W/"6c562b3f1d6a0148fda97d4847422c6f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6kPtQA12JVsUA3sXzm0oAL1XHTjfrK88G6wdPWyUeg%2BjWxmNlGcx%2FQnzvjLXHltqoI2TunWcKjCx4YMdQmllSHTLAABSY0cBUi5zxu%2FdVqHjG0kisRr9gB3l5BU7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
M9oUePGbwt7hrJpARSIQzQLaIi7kmGEy
cache-control
public, max-age=31536000
set-cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277; path=/; domain=.www.inky.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
DUXbRLuhPxzxlhKqx2KMF2WMfvTtTR6IQDORvdAyUi-gNVGhIKhf-Q==
expires
Sat, 08 Oct 2022 14:11:17 GMT
project.js
www.inky.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 ae3f020e2e89e632d339db198e9ba75b.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
17255411
x-amz-server-side-encryption
AES256
cf-ray
69aff5212cff43b8-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
MUC50-C1
content-encoding
br
last-modified
Wed, 19 Aug 2020 22:24:11 GMT
server
cloudflare
etag
W/"ef84f26c310485299d6b75777414eddb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M8jK2EHWtzzBUlCgJjtGtKwwQSV8WnrbObnleRtFnMnirAwO5Wl2tuHwRwdYZm1XFj%2BXj%2BUIQH7P1VfeZVf9Sn6UQ75b9QQuAv06Tjk3KzNscAhIKx%2BBLf4R5tPjyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
gEenO44eZUewxnIWfgj9q6LB.g9OszNv
cache-control
public, max-age=31536000
set-cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277; path=/; domain=.www.inky.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
cqvrxixsJGu7xknZVpeNZIIugPJs9Gybqb6Ts_bfIy_dZMvA-0Dp7A==
expires
Sat, 08 Oct 2022 14:11:17 GMT
jquery-1.7.1.js
www.inky.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ 		92 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 89a45b9ac94fb6c6e52c37fdd89a6cb1.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
17255411
cf-ray
69aff5212d0243b8-FRA
x-cache
Hit from cloudfront
x-amz-cf-pop
MUC50-C1
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2itdlFFNoDyGCZrfP47kKPl%2BvcpPrB8zOWwHE0ytGMDuK%2B8K3H4zHotRp0ZxkDrYOSQhcnzHG6kewfljLK%2B4RGfMSM%2FgPE%2F1UZ2xNTVn1UyQqGmDsIJEEBTRjFr1Sg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
set-cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277; path=/; domain=.www.inky.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript
x-amz-cf-id
uvar5S_Za3dK85YyzXeF9Juu2xF5FRZKLPmzTFmNHquwiPqBpBjL9A==
expires
Sat, 08 Oct 2022 14:11:17 GMT
v2.js
www.inky.com/_hcms/forms/ 		563 KB
143 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b98b770ede13e084c8799f8cb498b3828fccc59369d98c94d1fa9e3ae601c3f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 613faec4b883bfe2ebdd8a74d5006f4c.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
493
x-amz-server-side-encryption
AES256
cf-ray
69aff5212d0443b8-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-cf-pop
IAD89-C3
content-encoding
br
last-modified
Fri, 08 Oct 2021 09:40:13 UTC
server
cloudflare
etag
W/"7eccbdac62489e20d8aafc3562477770"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F9UxxKC4UkQFlngMkebuJ07HLoSVjIgEHGH3u9EmgwkqmE%2BSda4P1r1ppl31Q84VJAOhPCaFGtKdvKFZKWMcnO4zlEt%2Bd68CDZJ4vo4dD2bIAXWBxLYay4KzJkIKTg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
vRAPJlXNMJQkuMakJt1dm4JoYD3l2O9A
access-control-allow-origin
*
cache-control
s-maxage=600, max-age=0
x-hs-cache-status
HIT
set-cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277; path=/; domain=.www.inky.com; HttpOnly; Secure; SameSite=None
content-type
application/javascript; charset=utf-8
x-amz-cf-id
SQzG3giGC1B2RhCU2nH1nTOx4eoaiEjPMc9-781xt6tkQxlMMJehDw==
x-hs-target-asset
FormsNext/static-5.378/bundles/project_with_deps.js
mjfw_styles.min.css
www.inky.com/hs-fs/hub/4660171/hub_generated/template_assets/14049870587/1630090673182/Custom/page/mjfw/ 		186 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs-fs/hub/4660171/hub_generated/template_assets/14049870587/1630090673182/Custom/page/mjfw/mjfw_styles.min.css
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b23385c2f8745fffba70643c884aacbfeb0fc5c9e0ac6d2bc95098b055d6ca85

Request headers

:path
/hs-fs/hub/4660171/hub_generated/template_assets/14049870587/1630090673182/Custom/page/mjfw/mjfw_styles.min.css
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1630090673591
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2339
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
9DPRC7MM51D8D6G9
x-amz-id-2
PaBUjmvgKDY0z1D3bwhlpEP8n92oJ6zshgTqft7OG8kUONh8jch4d+j0a32Smu0Ht/xQrf2Rwhs=
last-modified
Fri, 27 Aug 2021 18:57:54 GMT
server
cloudflare
etag
W/"fd4547ffa6c0a30f146402f84ce06108"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGfMAS8dX88O5O7pc0lSE%2FGkzoDucevG3J0duJbln%2BpFBhahLcGVMmmgcKE8sO0dAJM22q7v3QFvWzi66XX5%2Fhyzd8yEAqIeue8F9ow6bjE1wAOdD00XfKn45Mhttw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
Ij6qnAJ8sczqsZv4eYmwV6Q5hWPZB5Ov
x-amz-cf-pop
IAD89-C1
cf-ray
69aff5215d8a43b8-FRA
x-amz-cf-id
V85LaCrXR2u8sbljJIMrjb9VgwogISmfMKOv9etcMCmjn5QWZEybOA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
mjfw_client_styles.css
www.inky.com/hs-fs/hub/4660171/hub_generated/template_assets/40877894021/1611255799871/Custom/page/mjfw/ 		0
559 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs-fs/hub/4660171/hub_generated/template_assets/40877894021/1611255799871/Custom/page/mjfw/mjfw_client_styles.css
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path
/hs-fs/hub/4660171/hub_generated/template_assets/40877894021/1611255799871/Custom/page/mjfw/mjfw_client_styles.css
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1611255799871
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2339
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
cf-ray
69aff5215d8d43b8-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
0
x-amz-id-2
rCnSZreF7nJkVuo76UPjX8jHreX3dS4kWfg0q3bPPEMN8HPQt53jNLixA1sRQFtG4kkHAPEw3pM=
last-modified
Thu, 21 Jan 2021 19:03:20 GMT
server
cloudflare
etag
"d41d8cd98f00b204e9800998ecf8427e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVlmbOmXtRuwfkj6b%2FnKgxkYivVokKkP%2Bvu24aPQjs94E6oC7R2Vog4Lrh88no0nN6Zi0B%2BR9n2n74hYxmVM%2BJpmAOEQDkMcLZiXCUEvhb77MjD6HryScM2ANf8tHg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
FS9XY8HH9BG8WPP6
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
Ll5i_.tfyEvBsDdD4m8_haxfgkOWFKVu
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
content-type
text/css
x-amz-cf-id
erGoTkkgRstLjCS0z20AgSdy41ND7-JGkRcGiRH5PhBx04PYKSSTug==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
project.css
www.inky.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/ 		720 B
792 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/hsstatic/BlogSocialSharingSupport/static-1.16/bundles/project.css
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 598adc26bc2de491984cda2fac7d893a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
17255337
x-amz-server-side-encryption
AES256
cf-ray
69aff5215d9a43b8-FRA
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
last-modified
Wed, 19 Aug 2020 22:47:10 GMT
server
cloudflare
etag
W/"a81c70764750950eb72d4537c41e781f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1bzXbihw0QN6uhc28pTPMTL%2FxR7NEAIunctUbtPjUBdZJo6GXo5AOURsftQUMCvZxI8MBqguciG4EZCL%2BbGUuk6I0XdU873mAcMg8lGoOG5B73KIwOS3sahZZuxtTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
7bzlyDLBPgFUhJmnx6rYCRN4B2XAfbkA
cache-control
public, max-age=31536000
x-amz-cf-pop
MUC50-C1
content-type
text/css
x-amz-cf-id
C1QYQzIrUr6wL_HnnXmvwId3PB9c0oHl860nzNf9NTYHpTUFTxpndA==
expires
Sat, 08 Oct 2022 14:11:17 GMT
rss_post_listing.css
www.inky.com/hs/hsstatic/AsyncSupport/static-1.94/sass/ 		910 B
852 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs/hsstatic/AsyncSupport/static-1.94/sass/rss_post_listing.css
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

:path
/hs/hsstatic/AsyncSupport/static-1.94/sass/rss_post_listing.css
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 dcc00cbe52c84a141576f927caec03b4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
17255337
x-amz-server-side-encryption
AES256
cf-ray
69aff5215d9c43b8-FRA
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
last-modified
Thu, 04 Feb 2021 19:41:00 GMT
server
cloudflare
etag
W/"e1b521ec14a912d6d385c21388ec7d79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CNUFbWHkzC%2BdZP5gCR39sKv%2BcU%2FUA3dJCa5q1DmqVpngQZtYH9gDv23f7y9DRfDdZUjXjzM78NTcGBd8%2FZz73UvAxhuRt6HCaENuznV9Htd%2Brp%2FLkZcmK3R65JYAEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
poR_HfzOwGppYdgImYO54h7K5fIDNnah
cache-control
public, max-age=31536000
x-amz-cf-pop
MUC50-C1
content-type
text/css
x-amz-cf-id
E6ptRXvKKgleBu_SrTZiKJtFtjHViszYqCwwZcfSle-bFFHN5g5cZg==
expires
Sat, 08 Oct 2022 14:11:17 GMT
5986.js
script.crazyegg.com/pages/scripts/0078/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/scripts/0078/5986.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
cf-cache-status
HIT
last-modified
Fri, 08 Oct 2021 12:17:05 GMT
server
cloudflare
age
6852
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=86400, s-maxage=86400
cf-ray
69aff5221d626949-FRA
content-length
0
in.js
platform.linkedin.com/ 		201 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.22.144 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frd/E2D7) /
Resource Hash
79c1af1bac5243f1ea3b6930ffed18caa0dd80096fa54d7b56f519a2f9bf7ef5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
x-cdn-client-ip-version
IPV4
x-cdn
ECST
age
3527
x-cache
HIT
x-cdn-proto
HTTP2
content-length
62394
x-li-uuid
ul/vhVsQrBbAXMzfJSsAAA==
server
ECAcc (frd/E2D7)
last-modified
Fri, 08 Oct 2021 13:12:30 GMT
x-li-pop
prod-edc2
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
accept-ranges
bytes
x-li-proto
http/1.1
x-li-fabric
prod-lva1
expires
Fri, 8 Oct 2021 14:12:30 GMT
layout.min.css
cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1633668651731/hubspot/hubspot_default/shared/responsive/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/7052064/hub_generated/template_assets/1633668651731/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.243.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1633668651801
date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
33293
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-edge-origin-shield-skipped
0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgQLVDq9bGTOa1gVjLdRd6zbVb10T5D%2BrdeLZbJC87g71ed7u4u%2FejpaVhnARo%2B59QdehC%2BsCJCsMUhslyzVUOmMngtLRvTAjYSEYymo9HlnGew9eG%2BU1x%2FdX2NwDs9qraM%3D"}],"group":"cf-nel","max_age":604800}
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
last-modified
Fri, 08 Oct 2021 04:50:52 GMT
server
cloudflare
etag
W/"0b0c633d59ab0af9553a98c0e7d97349"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-cf-pop
IAD89-C1
cf-ray
69aff5218acbc2fe-FRA
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
all.css
use.fontawesome.com/releases/v5.8.1/css/ 		54 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.8.1/css/all.css
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.78.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3

Request headers

Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Origin
https://www.inky.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2016613
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-amz-request-id
JDDYHW19Z2NZ8R0Z
x-amz-id-2
mjbsur3BBtqmvUGAmra43aboxmcTBnQSFwMIpRC8gag+cLexwi4yryfa9+hPPC3SoPZ7wrypjKQ=
last-modified
Wed, 30 Jun 2021 15:46:39 GMT
server
cloudflare
etag
W/"e4c542a7f6bf6f74fdd8cdf6e8096396"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sjMQL3Sfqhy%2FQOkorL2fvhsKl4FbOrUUHfrvI7EXhTazH8SpZxWaaOjWnpNAhbC55ou%2BYuOMHI8zEt93Lbj53yTT3u1lQj0Z2th6MQm0vPo8wC3e3yO8CeJB0i%2FPYcSKgSz%2B0a9S"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
cf-ray
69aff521b889278c-PRG
logo-on-light.svg
www.inky.com/hubfs/mjfw/logos/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/mjfw/logos/logo-on-light.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ac089f5f1fe40dc6f4279ed44a86244800edf020b5f5add666467ec026fbddf

Request headers

:path
/hubfs/mjfw/logos/logo-on-light.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-16962397085,FD-16938974358,P-4660171,FLS-ALL
age
1163584
edge-cache-tag
F-16962397085,FD-16938974358,P-4660171,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
7A34NT9XZTYW6243
x-amz-id-2
8+AJWLVY06xWP8Wo42vEgFmo0aobbu0pPpNCczqaCO8SBT21pll3UH18ew1B3Y/1YwajKvVxfzM=
last-modified
Thu, 03 Oct 2019 14:22:49 GMT
server
cloudflare
etag
W/"327d2b8dd7e69df5e6aca1f4bbde475a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fupxBPJ%2FbKUs1o9%2BiJg9ylcRGZv%2Brvkf7pkpUVpj8f5cavXoJ19uvnm8vNF0ZaYYjXRT23IFZGEMcOLz7Lgh2ZMK81BKXNjmqxZD%2BS1Ny%2FJE8DojJxS5mw8N80zMYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
bZ9bSBaVVlbilrmPxinDr1_TYLe0TbBS
x-amz-cf-pop
FRA56-C1
cf-ray
69aff5222f7043b8-FRA
x-amz-cf-id
LVa46P3SdjjazkVEFtztU7-NR1S7scYOZiGZ9mkpxMLSU5-Iktat7A==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
logo-on-dark.svg
www.inky.com/hubfs/mjfw/logos/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/mjfw/logos/logo-on-dark.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5066eb8c5e597263405f571bf0e8ae80bab9fbe2322c2f95f0b8d76e3b1a8ca8

Request headers

:path
/hubfs/mjfw/logos/logo-on-dark.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 6def1f0ddc805dce17407cce01d5b32d.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-16962397087,FD-16938974358,P-4660171,FLS-ALL
age
1163586
edge-cache-tag
F-16962397087,FD-16938974358,P-4660171,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
7A3FN8SR2PVYYSZ7
x-amz-id-2
5YhqNMVpfT1GBahhwa+wbxgZvP1csK93VPeWGJc7ErJWPvfgwC7VzIiJrYHVaQjkeBpoanJGtn4=
last-modified
Thu, 03 Oct 2019 14:22:49 GMT
server
cloudflare
etag
W/"d1870bfd5cc0c5ad3601986369a45cd8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UZjvngn1JyiSOydy%2Bp16P874e6Lcxizv6IpSwZX%2Ft7hnK4UqT1jmyQsShI6fGJUWdYrqygRhq%2FLeVB3%2Bzllk2z5Na1FgdMb6rmaO%2F0E%2FvlHtJ8%2F3AoW5pR9AV%2B7YTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
BIZeU1B5ZsrfaGrz7w03QzzBrmvLk2XL
x-amz-cf-pop
FRA56-C1
cf-ray
69aff5222f7443b8-FRA
x-amz-cf-id
kZtF36iLMMa62D7EkDLMCXx0C0x0pjuwlbBp8hCUobNU8WkP1OPHcg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
Inky-Logo.svg
www.inky.com/hubfs/Image%20Assets/ 		7 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/Image%20Assets/Inky-Logo.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
564970ca3723a64d7b53f0013336ac0c9ce98095092b146db1d3e715af9d1bff

Request headers

:path
/hubfs/Image%20Assets/Inky-Logo.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

access-control-allow-methods
GET
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-meta-cache-tag
F-13284613313,FD-6467782979,P-4660171,FLS-ALL
age
379502
edge-cache-tag
F-13284613313,FD-6467782979,P-4660171,FLS-ALL
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-encoding
br
x-amz-request-id
TYR895ZM342C834R
x-amz-id-2
3ZTHHAgBml2rhW8QfBR/Mf3f5BPOMAFMdyIZml1ETEmmRunqee8zfWyRE7B/ESgX5kfT2YQ8ZdI=
last-modified
Fri, 13 Sep 2019 16:44:41 GMT
server
cloudflare
etag
W/"9b543ca17e2d8e55c271a5b4e68e694f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yXmvlp%2Bbrgrc1moOU46Wzu2jMEqgus%2FlXrVVdiiz97aHEpWOjqzdy9ifHzhP6leYp%2F0AMPAl8Gx%2Bj4ZfhScl2mkFdHHOg2O1IqwK8RkcN08SyB2U7cm7g%2Bn9puJDng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-amz-version-id
SGKckX83Adno1czoPeDlKlvhkAqADBY.
x-amz-cf-pop
FRA56-C1
cf-ray
69aff5222f7543b8-FRA
x-amz-cf-id
Fd4avsIYMGTyxPCehlV6w4VN6Sh59gSlp1uF67F7Qs_vs7Hjj7L6uA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
inky-website-icon-svg-27.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-27.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e6b47492e567f24365b69bb93c3baeb22e28b994d8aa78c2bd6d7463a533d24

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-27.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46529105934,FD-46529105695,P-4660171,FLS-ALL
age
1163585
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46529105934,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A3BDZPR2TNWV1XR
etag
W/"28a404a3f7d2a40dbec29f001ca845bc"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182471
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
fqXaUUahCtnDWP3FRWaaHPOt29Xzza8wXLQ70ZuuZbhHntWJ/VqZWTsMEU7AQWUt/n5Qaldb0cc=
last-modified
Wed, 05 May 2021 16:14:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DMsuLw7gi1Ars5jlprV5e%2BChAaE5cDf45rCc0R4FHVK70zAIZmze5cIRA1g1xTb1RXskZ7tX4FJQ0g%2BoOpRp%2Bg%2FAgOMNgQ1q18usNuLbQ0XIxVKw8vUA6ZzfblOxJg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
qQhtSZy1u5YZlI9jKzW1sNF4exK3zBwE
cf-ray
69aff5222f7743b8-FRA
x-amz-cf-id
OHhbZlgjtQ3PYavc0Ldlm6zzoQXLWdQiA4bBXARKd6Z3QVed1wi6sQ==
inky-website-icon-svg-14.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-14.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
74f9ed2313caf906226892361688adc61b60238a59f25af65d9743355eee815a

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-14.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46528971648,FD-46529105695,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46528971648,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A37AG5223WT3YG6
etag
W/"6c2f036affd79d751451d53c4d9a9ac0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182430
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 7e513424eee237ee26467e8fd5656ec1.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
7mv0mNEzUdll6EDQG+uWObmWH7CBcB5uv4krOYb20DsZuNNnP18HOuxjSjBeqfhMWyDh9i2gjrI=
last-modified
Wed, 05 May 2021 16:14:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25gy4xnSJbGHQwntnr4ya%2FjgPD6hOMS%2Fm8qOINk9brfiGxBPyCxRnTQWqiTUZY3%2BplZAHyis77Iq8AFv%2BTQNi5b0fPpSrEK6KG0ivPeBn9Q8P8MfqMP68F9tg%2BO4Sg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
Z0bmdDunA.87vV_e_RYbfYMUYpfXvr4T
cf-ray
69aff5222f7a43b8-FRA
x-amz-cf-id
rDqLT3K4AyjsSkvgLfIsN7YWj2XHXomPMcx9YWzZ_HicWBbTP7Os8Q==
inky-website-icon-svg-8.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-8.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9f709d853d98fcc7f55df3d2d0081362c673c937379e30db281b8cf48e8fbf8

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-8.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46529010808,FD-46529105695,P-4660171,FLS-ALL
age
1163586
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46529010808,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A34TD0VHCEMPKQ9
etag
W/"31a80a71de8952d2a8419eeddfcb2623"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182667
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 1c5b98f7bd5001d6fe1040daa237afc6.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
CwsncCd2PO0NujmaY6vGYcNfD92J0Wlhsi/LLtdMFGAdkVkHsSi5ePr1tgh5/JZ6nJ4TLHcrrDs=
last-modified
Wed, 05 May 2021 16:14:45 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0SF6NxrrKX2P2sSRytMC3CYBu9rDOQgi17cLR8Nlq0BUvADmIn%2Fr7WUnjgBPNeALbrYUt3zyX1M92QTyeRfdqSj9Dpt57MKXEEjDXA67DrcVMmcq5aZtwPFq4IKOxA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
VWXtysGcDqZw6QQMbhSDCEwkDtX6UkNc
cf-ray
69aff5222f7c43b8-FRA
x-amz-cf-id
muoLjl7mxSIchMrlk2-U9S3gGw7iKH8lHVINPTscf3lpyweMh7SV2A==
inky-website-icon-svg-79.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-79.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
047b9b74686c6a74e926097d28820ddf0b10994f0ba0932f8edc986bf8a1d8ba

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-79.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46546800959,FD-46529010872,P-4660171,FLS-ALL
age
282162
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46546800959,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
438833RM3ZM544MC
etag
W/"a961667d00f183d1dc980e43b8e2d036"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348270
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
Cky1lmfj9MtvMgun8OHw6s4esoEvbYjOqGGiDlWTiFN3Xc3lmAwZb8RuazxO8yhQRbn/gNIN7AY=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DzxqJsZG7tCl5LO8hHI9REtYPbXCTWbDmIJiQ4IcYPIs%2B0KA0oaO%2FIejj5As67aaOgS8fmBQe7UoGlQHpkZ%2FsUC1%2FS%2BrTyuS5x5jo5Wum72nkvF5z4hIXqnkWANXwA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
i4WUzMUCU8._e.a8pMScr8qh.Tl5fExk
cf-ray
69aff5222f7f43b8-FRA
x-amz-cf-id
jczSNemMVJQiXCVWJQUFmRR5FAkYyZSXBo9pYmMZdN7ncNMFqwIWfA==
inky-website-icon-svg-119.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-119.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e668a8c0f1ed837da184d25114f1e5577af320932407a9c1b4337fea9f5cd46f

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-119.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46596776088,FD-46529010872,P-4660171,FLS-ALL
age
1163585
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46596776088,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A35DQDA5N3H91WB
etag
W/"90d9686ed454dc795a73649ea74457f8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620311580582
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 f58d1aa3b3b084adbea41c7523e2047f.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
eD5K/0DUxD8tCmQUTHS0mkp6BMZnk7H79IVEwlWnJLwGqMFIwCFToRhBM4N3tny6i7Jk0GodPNQ=
last-modified
Thu, 06 May 2021 14:33:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pQeSF3gL91OkKXt1d6ANDvapNLARHsNcWaDEPqbVfPiKcCvEsvJ2IFuRKvlES31Dsqq1PH2OFWA9bI4GFRe50nKsrViXz0VxXeuhFLtJ5J6EGDjUEAsCLM3LyPkLhA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
oLPNJ1Gyl9.zv9TnkbzgbKpKvxu7Z5PR
cf-ray
69aff5222f8143b8-FRA
x-amz-cf-id
JSQ6xwK__6kyhXbInmUyY-Dyu85aaRMmbtnV3bl2Bs2YJw851-7GlA==
inky-website-icon-svg-101.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-101.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
92ee88f405da44cb713427ec8eda9e9c41f3f764442f98cb93c76c6329e657a2

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-101.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46596779800,FD-46529010872,P-4660171,FLS-ALL
age
1163586
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46596779800,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A38NPFB31XAGZ9V
etag
W/"db01002705461213934f10ece6924be8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620311580611
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 6165dcc1fdf84ac65e8204c05709f1cb.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
faPwBkIp4DyJZkzVncQCcQXy4pX3zU8srlCkTOgqloYPllTHFUwQhgnyGE4eSXGH23ghOunYJZg=
last-modified
Thu, 06 May 2021 14:33:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BgjMTMQhAiBR2HK7dEKwEs3%2BF9h4oi0Ch31R0kw91zC10HdLDp0Tlw3Q4juyy4Az%2BcNWJ4KzrARs6zE8RUsP6xKtKKiRSF2wC%2BxoZE6WKDnwru6I4JUlH6sc545ufw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
n7iWNAQXSCj650oSzFS2EUwaBfOvSC92
cf-ray
69aff5222f8243b8-FRA
x-amz-cf-id
vY8_4uu2o7CJj5NsGzA4qLottp64Ebw6Z6qtp0KryOSEGRrXbb8sgg==
inky-website-icon-svg-52.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-52.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce20bf6892926586223505a0013107cff17c27cfcf4d6064f3ec1bff95e72d20

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-52.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46528971657,FD-46529105695,P-4660171,FLS-ALL
age
379502
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46528971657,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
AGGXFP998Y2H6YTE
etag
W/"31ea624ce84a927ae13fb203b4bf854a"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182806
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 47a7b8b932d91b0edbfc42f1ba94ebc1.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
hFYpjBmPzjtc3H/CqlRwl03hOaI08hnqOvPA0ENUc1JK22baI/KV0kkP7ZA6byisfGJUIxFghGY=
last-modified
Wed, 05 May 2021 16:14:45 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdsd736qLYynes65XscGZcVrxYLiT44KRa0XYITa1VH1zo%2BwQ7A%2BlidIltKHrX7nKqgOlHg9u26uSVlEJEXkN9xo7s%2Btb%2BPN9yhY%2FrAMDrGX0APvZWA2XpUP9ipF9w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
ZZSSfJOiOEin0Q9FUTwHAcPkFIgO3ypy
cf-ray
69aff5222f8643b8-FRA
x-amz-cf-id
VGJ8jxzi69QBEBh6sPKkRilUs-Gak0opiGps2SYfsN5j4OhecZuXuA==
inky-website-icon-svg-30.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-30.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
92fe9226922b323ea1ecdfaff17d5ba6f15955730888c9fb33c6b6b3421bd6c4

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-30.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46528971655,FD-46529105695,P-4660171,FLS-ALL
age
1163585
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46528971655,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A3B6PWCCYQ46G5Q
etag
W/"47c08bddbb822b11809b8707821a8602"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182747
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
PCNIHiD1vAO6ecUfrOTqe6W5CSe/IFH1YiOXdtKl4HvE4sZd6ONkmblWuZppma7kkWi02n4uqNg=
last-modified
Wed, 05 May 2021 16:14:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Etd4fhp8%2FrSzsaXy6n9xOpFo2wT3y2%2F17IVXj6kUFkj48nh3PaLagncDpphGi7o4fyzEzDTVIb85yqQr8BKuVFHtCmhbVLWdBaTEKb6yC036AAig4aKUkMc%2BrC7JdA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
dB17DgxHVL.cmi2sPPvM1DX4K9Wu9J9w
cf-ray
69aff5222f8843b8-FRA
x-amz-cf-id
GV9QFJxOuwPllJlPZjBPPv6gYOn5jo2goqUq9cmXmSiwvyFGjtA-wA==
inky-website-icon-svg-98.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-98.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7836e6e99b38cf5429a2780f7c5e13db1247e39503d6cd228d2fbd27ecf217c

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-98.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46596809482,FD-46529010872,P-4660171,FLS-ALL
age
741996
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46596809482,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
EWXEC37XC41ERWFD
etag
W/"83c6d046bcdb34a9e5544e04203dbc84"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620311580567
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 980059f199bdd603b925d049efedf130.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
BJEnCJih+V4a1Ax1gAd324QLim7YPzkYjcjgAsrvbZN330A4XTeBfUYqm53uEi6EcwlGUBhnYFw=
last-modified
Thu, 06 May 2021 14:33:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KhRgPrCeVHeZ8AkmRuWGAIJ%2F%2Fl2FjiX9X2exEH8l7iczAICuOM%2BCfew4Wa%2Bb0IDOQz7okk3V3pRIhpeXylBHqh%2FupOGvz4IXBFfKvo4MnRsHRmEQdyzDoaZLHnFmHA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
eNO7c0GIQTzT6Cg83IAnMxMiLVQAMJjz
cf-ray
69aff5222f8b43b8-FRA
x-amz-cf-id
WqxWo02jVyFph4U77mo1fgmVtyj2HUXPRDKu-IBHOcl4jwI1GS4JfQ==
inky-website-icon-svg-16.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-16.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
51583a0cf96be11c2e6f966f1575c9804dbeb09b10c2906eca870b319dfec9e2

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-16.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46528971656,FD-46529105695,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46528971656,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A3DJMN3BN0727QE
etag
W/"9aecf71a8ea592ceaeba2200541d27c1"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182747
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 29d33c5cd70a6501fde7bc2dba557906.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
CF5xufuShISNBJkB867M2OxhOOTEPLI3O2z0gB9fYdPodfxKEFGQbtApCKDGGQlAmC5plHRucLc=
last-modified
Wed, 05 May 2021 16:14:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UFxls4pGEBAkFQ88ffog6A1tVi%2FAisPVeV%2F0i%2Fa5WXO%2BDHLPqrzTyJG5xGCsmWJGsQ%2BRCP2hUsiFJiq47m8hI75LHLYNkYKiqpmdIBoixpnhqQGr77QNJoP%2BoDnDWA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
i1iXtKdheAgmgfpGeTu28Tn7QSjvDMhY
cf-ray
69aff5222f8d43b8-FRA
x-amz-cf-id
3rTYDakXQFAqMpjZOjrfeBTUn1LcObQd8uXmO4hl6vnVWJK0_8m9hw==
inky-website-icon-svg-74.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-74.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebdd736bacc0d5ec4a229edb007d4462882f24332a949d97f5d2ac8601399e91

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-74.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46546821262,FD-46529010872,P-4660171,FLS-ALL
age
1377638
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46546821262,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
AJWWCF1RARTVAYCN
etag
W/"6444e2e0964f9b7cf6789b294a45c935"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348330
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-P5
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
U2odT6IlddISs92SWVMZoTv8q1NJL7yM4IGtQfueW2snwp6agpMIJjDJ9cwHEQSjMXR+o07kc0Y=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aWAGVgmbXr7I1kNc59aB3NENY%2B3zVN%2B%2F2oaMSS9hnRdbHMatBYK1lkNhv1zVmAf8aJ9hkCz%2FrRfHGbADgpRRb5lC4eLOcHXUUOXE%2B%2F20eMhR38QvX%2Fqh%2BWvA7Vnaeg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
jiX4pSgypyg10POxJQy0fZCyUwfbYmqj
cf-ray
69aff5222f8e43b8-FRA
x-amz-cf-id
Z6NhepT9nH31E-OFQi8NbAh5WhLCg-O-x-sPOhiMJqjFdMWcVmJ55w==
inky-website-icon-svg-99.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-99.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5110806a76e601c5dae3cf1f0ccb3c8245f85c1fc45550b6794b87cafcc8b93e

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-99.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46596734210,FD-46529010872,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46596734210,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A3FY4FRA207QFW0
etag
W/"378d2ab0d9612556ebe6f27433426bd6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620311580605
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
VP5r13ak6XPbfsTdYyvof24VrwCWcWZH555eOxjc6fXRf/rz2wsnui9mQKKvbrOKtcP+VoWe+LA=
last-modified
Thu, 06 May 2021 14:33:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FhiIAgTe3uiZTbzb7JMeQ6k9UMUKL%2FZgzlacggxgxN0Wj5mR1vIwmRyO%2FdM5IS4DXGsrzDf09LYBSL%2FH%2FOLeQeDfcJq0n87a3HcHhWhTKuNGuP9p7YjguYlfoQcXWA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
fu9GKy9WmBjNKJADAxEhwipr0IKG8G_7
cf-ray
69aff5223f9643b8-FRA
x-amz-cf-id
popkMd4ZGbqdtM83lrm4jKeFfU2lH2oih5nFdh2gOoMp3wGPk_pTig==
inky-website-icon-svg-21.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		862 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-21.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a58db67a5dcde12662868bde321be853777eecc5a973a09a963e50dee7e8507

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-21.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46528957862,FD-46529105695,P-4660171,FLS-ALL
age
1163585
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46528957862,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A30R3K5E8CVQTQ7
etag
W/"886f03b85882eafd96d3947e8c9cb347"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182487
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
e9ACJ5PyZkjhdfT0R+lmoNZuWjp3IxfHZyJ2sm2ecwjZiw9YkWENnLozOG2cwCN2Kp5JpTj14ho=
last-modified
Wed, 05 May 2021 16:14:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dY9v%2F9D%2BWKL5DdPSqvHeXEAcNkRxpbeq2vKRsMFqIKt9tOe62v5Z06kaImZPQmXALNiuDa7NkoAItVFUDG%2B0PqEQcZ1Zvt33QwhQ%2Fc%2F7BMUitKwyXEm7i%2FLS72NgRg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
8TrCn6.o7o3L_btsm4AXUAL3IW_E8XhZ
cf-ray
69aff5223f9843b8-FRA
x-amz-cf-id
grDa6zKFAmhKoWB46xspNUI_OxWRiN_ZUEdCv-sZoEnJDcNRdelPvg==
inky-website-icon-svg-34.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-34.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8689a4fccbe5d28d8091fb32c8decbed5159d30861dee3ed604426038907cf10

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-34.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46528957866,FD-46529105695,P-4660171,FLS-ALL
age
1163585
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46528957866,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A35R78RDD1DA093
etag
W/"7e9520ff81ae32af6eb10647dcd77f3c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182641
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 cae542650fb32c773cc494fc6e7e71e7.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
dugL1/ijF625JKItA2c0sMyOxZjQPFPMhVaxXDY35/VYe9gQzcLoKwSFsKbCi8WZIlsC1Py22uY=
last-modified
Wed, 05 May 2021 16:14:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9InQHM38vscKpULFKFWq2LBA4wXLq2tg%2F6nlCMbhQBlwxwUucztRlDhL%2BCR1XAn6En2dyD7H5yp08YA6wbf%2BvfLjNF2Gknxuz%2Fo1UsvII0dGG81k3SqR3lfnIAmrXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
wY7OUgp88aM_cjAXUpdg4alJEQWT0UKm
cf-ray
69aff5223f9a43b8-FRA
x-amz-cf-id
ABlCT4xmuIf1STh0eky34Bo9BQX6gFHrMavo8rHivNrL0Sjq6AtD4Q==
inky-website-icon-svg-12.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-12.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ecb285028473354835a3f78befd9d0dca8ea9aeea3e07f5368b565e927a7a04

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-12.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46529000011,FD-46529105695,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46529000011,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A3CZQ7R6C4NBH65
etag
W/"e04176568f138ff73df7c8895d2a6da6"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182768
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 547a50460a0cda7ae3dafb1c0b6d0e1a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
BgchUcdJQDa8z+8KEXZNuXqUiNbqtrriohCHzdK3B0ss3zbE+BzZHrdh46zSQmLvu9xsNCyRZEk=
last-modified
Wed, 05 May 2021 16:14:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KOaiOlSWQ3fdSQj5BV1HOpJKD7dNbsVe2Gh4Q5hpBTwAoNSzc2czpPHprIF0%2FB1DpioTF4WElkBVTgDkRVv3uJC%2F4SvXOffF9v%2FECsKerCeFVi97lvmSV5LGSMICfA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
Z5R9xNtZu6gnM7ViqTv06CjDbKgekZh_
cf-ray
69aff5223f9b43b8-FRA
x-amz-cf-id
27QzUR3lJflKhTXRDhNtqqIsClZIDJFRcIADzkvJM032w3KoNTeNsA==
inky-website-icon-svg-88.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-88.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5789f099c795bde2831ced3eed1236ef4a21e99cdfdd48856ef3d8205a6f1fa

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-88.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46547475205,FD-46529010872,P-4660171,FLS-ALL
age
379502
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46547475205,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
VAMQW4Y7YX40FTWY
etag
W/"6e6922bf5ceef446c91a4a9a3550a10e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348356
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 4874e0c922f34c928345f4c183ea11b4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
RmRonFQYyS+UENzxIcElqmpbcPDzfmiGQoPYwU+MEzX8JJmy1bT6ipNBIKUN5dWNLao+QtokeG0=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QA%2FEYgVpLDxxphmPZkxA%2F2Qpg5nbxS1MLb8%2FOVqdDNSnkf%2FXnmtAOlP4xsBZ030VKJmQ%2FX1U5YKry8IEyM27nEFqZDGluxWHqUVGUPn4uGy2UQy9pPvV0%2BQjxT41mQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
Copsa2R3JOuiVfX.OrApKeEgLNZ4viSq
cf-ray
69aff5223f9d43b8-FRA
x-amz-cf-id
_XrI9IDRNzJ3jM4tX2p_zr8fNu2Qh1_HBI-5E55-NOiHT0AAAQGcow==
inky-website-icon-svg-76.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-76.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
54df0148d6da489c160a781a5ecb6ba67611c27405bf2c047997af62a16caede

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-76.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46546800962,FD-46529010872,P-4660171,FLS-ALL
age
1163585
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46546800962,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
WAYWS1SFR6X4VCGF
etag
W/"9062e94b58eeb77b7fbc2d43678d6db9"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348359
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
O3ZUTHsXxWS79WUNDmmnUQ03vyY7DtEb1u7AcMDvQSvBVnMLp5aNjXemAZUJIGD664buTR6nNcA=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UXWbA5TuTaq6vAxwjlI1K1hoMYtoMlJnmrHMWeaW7bTjPylKB9bXg7lKDcZUH5QJkbKrlX1tKWXmEZso1iUgbzEECpUTtQNVkSvtevRv%2BoVusClaF4SLJD5i65mCiw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
BD5O97jlQaBGlHqAIacyPt.Ky5L09yJh
cf-ray
69aff5223f9e43b8-FRA
x-amz-cf-id
NM0rTzc1bfbBpp2RuwUXWkkT02Mk5ucCxHBxk0AK5PRHcQY3bQGhHA==
Automotive.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/Automotive.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cc423b713042e7f031abea5d376fbe260ffe404204d006da97734cb2271f426

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/Automotive.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-54302934185,FD-46529010872,P-4660171,FLS-ALL
age
235035
x-amz-server-side-encryption
AES256
edge-cache-tag
F-54302934185,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
D74EJKHC14Q7JPA0
etag
W/"e5b4872c8eaa7d135d9088787e50653e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1630507444982
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 c2b4a332b09677da722930ae336c8bfc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
DE8acsPCfgxH80T9Ut2aW7mSA0n7pI4W3Dgtl6AUbAvurmc5ETeGE4mtyskPPMEz39+tsd1/Zbo=
last-modified
Wed, 01 Sep 2021 14:44:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DnsOGxIRSHJ%2Fab2oyOgD57iuI3vypyEQq8uxk%2BlmBQDTsoblZPuCtxOV4%2FCGNO0hILHab213NHPrYHIqW8D4%2BO6g0xPti8T9V%2B1LexhVnAd8TwdVhVziPNBdiWuSeA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
kMxJaFQbujILU3IED7D07WlpgKj9_W5a
cf-ray
69aff5223f9f43b8-FRA
x-amz-cf-id
Jf5YRxlV3Fb-YqV4S4bFFh-cWgbccPeweTNuq6563rxTDQyxCwKu8Q==
Construction.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/Construction.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a0375fbb1b1cf7fbf3ce7c5014a75ddc974325d029f2bfcac652da23b8016ef

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/Construction.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-54302398548,FD-46529010872,P-4660171,FLS-ALL
age
1377638
x-amz-server-side-encryption
AES256
edge-cache-tag
F-54302398548,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
S3ET773H2Z3VDD41
etag
W/"e567948a88fd821b236136f687a50eaa"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1630507444987
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 eab88762658052b4a1e386f8521a38cf.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA2-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
UsJaRyOTJUdclZBS9QJ01IktyS9TzpXtXEGl8KNjIYvAlP36POya6uhrc7cxMK0HOs3TyW0WtGo=
last-modified
Wed, 01 Sep 2021 14:44:05 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xyY8lkzuS7jdyxSpZIjWCAbsuACYj0pq1ExTxY9cknPvvRhEUT%2Bsc8hTA8AqX1MUCEO3iE3tcnix3lWT2WKclwIVpcC1g3jYYXEtIksJSuE4g%2F2cvXSM8cmb7cwn6w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
eAXX9ImtfKY1jKnkQlO66GHfMD54jBfK
cf-ray
69aff5223fa043b8-FRA
x-amz-cf-id
tdtoTMrj11g75vYRj-aYEhg6dzOqdLZNvAqtXC6INY5G53-H20vd3w==
inky-website-icon-svg-59.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-59.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f9d91a354279ae9600088ebac84ee928b90ee6ed2d87a2d9d188747a7ff22f3

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-59.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46528971651,FD-46529105695,P-4660171,FLS-ALL
age
282162
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46528971651,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
WJNZQCZJCYC4Y35H
etag
W/"56e5c348ae70727a755554e458a2edae"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182479
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
1oDV4p5PhIfABLMPUgEM4ztkMDV98UPXapCOBlexSRjwM9tT2/FHDQLZ0Mg72D8DNE8QnWjcpZw=
last-modified
Wed, 05 May 2021 16:14:46 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F3p1JReu1BAbyAqZs9oiUvSP7onfpIfR0%2FjWHRt7SMRdL36OT3sndbZmI%2FxrkqyUO%2F7iB7t9BPQ6PsmghHRwsSyKHRdiIDtGvAL2119uAzYIO%2FI0G3PjAEecQPckUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
Fz63y6D3oloNPQqPunuHqwA.2xQS0Ofq
cf-ray
69aff5223fa243b8-FRA
x-amz-cf-id
MSpa6vEklx-gtU-E1UPKwEyJuC8v1oXRYOq5jpTHZem2RCLKvOBqNw==
hospital.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/hospital.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f35c52596780faa647385b4c22e232e3bdede90af7c80b234be63ea55d9918cf

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/hospital.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-55256503219,FD-46529010872,P-4660171,FLS-ALL
age
235035
x-amz-server-side-encryption
AES256
edge-cache-tag
F-55256503219,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
G6ZJHYDQW4NR1QA9
etag
W/"52d05323304809a66f064a70a8f859c8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1631648093917
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 547a50460a0cda7ae3dafb1c0b6d0e1a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
mNQ/TEcE/1ndKW90cUn5aXGy4UUAHGIfB3VnDmCOvXwztHJdsO1fFkAnC+tg/YhYeiIJVP35wwA=
last-modified
Tue, 14 Sep 2021 19:34:54 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iBdSjWIsZ9Klgc2%2F13%2FwO4IFieeUFKAA6r%2BnmegNK0eyqbw4EqM25MsVg04zwuu7ROMAGLMTcaFmZSvTD8vUqOsP0SguzjokcbEyJrfKnIOsAz%2FdBuma5ElmOJx5fA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
WNsMEIAKYuwHYQy.7ouHTfhB5rz_hdlb
cf-ray
69aff5223fa343b8-FRA
x-amz-cf-id
pU6ja64gOwGMe2DFsGRV8VJS9x8JrDWBRhAFSkfk3WcID5YXN6ZVZQ==
inky-website-icon-svg-57.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-57.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1534e7ec1f21224f153911b3fdb3107dd589e0f46fd06b52aaaa65c51805004

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-57.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46529000006,FD-46529105695,P-4660171,FLS-ALL
age
379502
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46529000006,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
YFQPEDFVYRH40JER
etag
W/"45133be914ee3b2db675f52a11108eb0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182570
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 d947c3ab534102b2c9a7f0a4541d2ed9.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
rwjGkJIzs+04qCvLqpO/Z0Gi3WDMilND8eDkyJthAJ7/NilubVlybErA3ElQPk2KvJUBaV/5YFI=
last-modified
Wed, 05 May 2021 16:14:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T9XglfbRy6d0koQdeWByR7gjQzOwHTw3SpN05zjNFdQPNH52Noohe7EPYUo3Qktw%2BFD9%2F0XtRxI8Tql15qEKgCcwbX6xX46o%2B6hj7yFzbRiGtfkk7giPDASeMycqHw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
5SoTMukd2Gm0cHnh42stmrrimWP5NoEY
cf-ray
69aff5223fa443b8-FRA
x-amz-cf-id
x-bVJxZ1bYPf0ZA-enO1OH4ismEa0HacnzCGf8IGBOUqeUuU8bW8xA==
inky-website-icon-svg-58.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-58.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d578112caf732d2d87102fc27471f76c5fc0ea43a2ca27e2e8500820cea5138

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-58.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46529010807,FD-46529105695,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46529010807,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
6YJDGFFDK7Y1RBPZ
etag
W/"f31ce6baaf62c217186a066a5ef2a9b8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182625
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 58b39782bf40f627ace295c1c6f59840.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
qKgD9aHsiADMRbZEpOSZCf9Sl+qlMpAHS3BT3EaSk4AQVeuVxGa/gmK5L9dhA7waryqiz1P6ZV8=
last-modified
Wed, 05 May 2021 16:14:45 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zbyCja0ss7gPcfN8HJQKJSJLK9NTitHYzuzCba7bzWLt9UyU9Z9dSYjFZ0UXZQT7TqemIwKXI2N%2F0w3wrnTp3Cd3psL0QovttISTOUnwnFs5510DswY%2FJUg6HboEiw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
AKfNAUu0PFuEIm73n5EVABJiZqcowYMf
cf-ray
69aff5223fa643b8-FRA
x-amz-cf-id
--nLHcwfoR2kgakyX2pc0CWehV_u798JPMY5ouQma36G58eNbWfBhw==
inky-website-icon-svg-65.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-65.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
92f06aa0c08d9c33784919876a0bf62eac35390b0d6f5d514131c209b4e05324

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-65.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46546761292,FD-46529010872,P-4660171,FLS-ALL
age
379502
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46546761292,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
PZVSTEB746KXWY58
etag
W/"43912b3beff4b44b05b55396f231e509"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348332
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
1vGTG8A59TEdCMsq+10DXM+4kjM2Q2+WAwuuOa62AH+ujyHMmc803MN/Zp0a7WMu8eNFlMCuPeY=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Qn%2FYiGROENTwVQ7y7MJfMRq6m29z5kMeNnb%2Fnq2ZTuhSFctdQUzahcqusSHQAWLw3JvSDkVcQdFd%2FKh%2BcEps0%2FK4%2BgmGSCDJ28BOdPmKtZRieMSExAOleOHsfjTFA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
Gf_63eqdAWxsIdTqp55mc6SLo2LX6s6H
cf-ray
69aff5223fa743b8-FRA
x-amz-cf-id
LwFqTq4UfPXO7K40JjXQUaWiZw3_6vKG4tbrd0PYewehJcm2c6RkBQ==
office@1000x.png
www.inky.com/hubfs/Email%20Provider%20Icons/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/Email%20Provider%20Icons/office@1000x.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
efaae52b12a9929fdbfd305a883750ae365852ac6f031ed726c0eaa5c840ccb6

Request headers

:path
/hubfs/Email%20Provider%20Icons/office@1000x.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-46924787714,FD-46923782167,P-4660171,FLS-ALL
age
377597
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46924787714,FD-46923782167,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="office@1000x.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
8YBP2N3KXWYC1MNB
cf-bgj
imgq:85,h2pri
etag
"f3a9f4fa50cec01ef080febdd33be735"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620745442513
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=35697
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
16708
x-amz-id-2
RE/EgSMsgXcDz6LZUPexHgLtOAvuX0nTEIO7TCPU5MmrlbgPRXyJtVnRZJWI55etZ0vqz+wQecI=
last-modified
Tue, 11 May 2021 15:04:03 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mqBJMNTNt04eVoMTrEeuhXeXdMabsLfAks4z9fRzzlISq8uH1QolfkXLIRtwoie%2FikaF1Ep651M8ZnxtI7xmtAAr3hJ0uWuhGIYfpQBsQcmwqMM2cpyzkJOsmuVJbA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
f1caxXUO0AZ6nt4YreLTXSVc5Kbs1Iik
accept-ranges
bytes
cf-ray
69aff5223faa43b8-FRA
x-amz-cf-id
_aVK8ZsdYiiLMV3Q_q9rIH8gHtHnhDkuWFuTvjLKRAzBZaJCcVuQrQ==
exchange@1000x.png
www.inky.com/hubfs/Email%20Provider%20Icons/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/Email%20Provider%20Icons/exchange@1000x.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
33992895f60b3d46ed7f1b5d0f6e7bd5f1316a39349f7d50915eb48d766c5fa5

Request headers

:path
/hubfs/Email%20Provider%20Icons/exchange@1000x.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-46923783217,FD-46923782167,P-4660171,FLS-ALL
age
1367364
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46923783217,FD-46923782167,P-4660171,FLS-ALL
x-edge-origin-shield-skipped
0
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="exchange@1000x.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
0FV1982PJDF66R1G
cf-bgj
imgq:85,h2pri
etag
"844c05495bfea51528fb48634d2d6aa6"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620745442538
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 172e63b20fb363ed969de28ae3937e21.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA2-C1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=64800
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
37228
x-amz-id-2
1sEebvtLaqR5PR7FI+Rkq30Y5jMqieHHdYEiG63hoVyqSmNkktOtLmqu3I3X9BuaJhRLYMC2050=
last-modified
Tue, 11 May 2021 15:04:03 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DEjwUs8BInbQFcNqoNaDSm4zPdQIy2NVcLQsUHbdX89ElG%2F%2BfGtbDxart3X2fznrOyulq%2BWabkU1ntAzt%2FK3rZUiYYF1RQHtl7AdATXfdiQaOPboo1GCd%2Bi4vBJqRw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
wV0jtlBwgC49CSnpSd0FuSB1oL.scGO1
accept-ranges
bytes
cf-ray
69aff5223fac43b8-FRA
x-amz-cf-id
YjTWDFsYlWqt7sEs7YsTdTc3byleRKRE9WOSdy372OeO-dXooZVsGw==
google@1000x.png
www.inky.com/hubfs/Email%20Provider%20Icons/ 		18 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/Email%20Provider%20Icons/google@1000x.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
de631a39041884e8e3e9866b8c83000ecb2e25169717870e2a41b589604d25e4

Request headers

:path
/hubfs/Email%20Provider%20Icons/google@1000x.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-46924683932,FD-46923782167,P-4660171,FLS-ALL
age
758349
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46924683932,FD-46923782167,P-4660171,FLS-ALL
x-edge-origin-shield-skipped
0
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="google@1000x.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
GQGQCS329S6G79A1
cf-bgj
imgq:85,h2pri
etag
"18b72402b380ce448844903bc79db36f"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620745442488
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA2-C1
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=39543
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
18650
x-amz-id-2
93fzAb5d2dpVeOzKNSwIUglq4lXTLlJDgHse7ofdKNAqyth/lvvalYncfdMc+Cu7EVfnKPK6hY4=
last-modified
Tue, 11 May 2021 15:04:03 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LvA4HadT5PiP7BB33jEKxO%2Bx41ZaAWOqCHUM0gMiDHSRl38MpOqG4kOB1mPAWZmEkLeSmH%2FHPHbqBGX3kL7aJE01SWgkv3Zh5Gx%2FsPWipsXLHucVv6RBhHmXhadhw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
wj0IBr6tV31a04BJkW4OA5YPn00q5gya
accept-ranges
bytes
cf-ray
69aff5223faf43b8-FRA
x-amz-cf-id
3q3jNDcqr9StwhEGEHDXFr1FEISBbl1E_kYRFKZ6y20_pFFTBzMS3g==
inky-website-icon-svg-63.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-63.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
475b0d7206466f7697a94ce42f4d69d22ed7bbf34013be684093fa3393bed879

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-63.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46546821259,FD-46529010872,P-4660171,FLS-ALL
age
1163586
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46546821259,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A3CSQP2JC3BE60Q
etag
W/"aeb735fe38c692b1899b593243f0e528"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348219
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 28ccbefb54459137bb0b0d946fd75e49.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
9dknoC3kAPUNGe4aTQfu0MWBkdRCIDtmaTm4+qbWrWCPUPMSv//1aj1Hcv9vLE4w1D1j7hG7aFQ=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RUBwFcd77KImTQUrA26MpgRCpRrNlFaVY9jfpSTVWeVm0Wxc5knTYN2r21%2FhYWkHp1QrqvyeoNlxV0dZ20NCo5lzKqQVEUMTr04zMAO68gkB3zKqNEtI3AJczIEi%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
qPKAtoYHA_T1gPbP.g8Z87We49Xmzb92
cf-ray
69aff5223fb043b8-FRA
x-amz-cf-id
9ofBercxepW5-K7XSQL1oqC3GTa7WQAkxep57CUibkdUhMOm4paa9w==
inky-website-icon-svg-83.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1023 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-83.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7392ee4cf4273e3600833bf0c3f9b078072ebd01302b795a9d38dc622f3d455

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-83.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46546821258,FD-46529010872,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46546821258,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
WAYRZ9NKY89GKHSF
etag
W/"b5d7204fad2415ea8183733084f6fa27"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348217
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 2fc0d20914c32e5cd76477ed042298d1.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
5F6RixQqXr7NAXaQz3+L8oaibriOf8+1+iKlxKGy7tYMjhGhFe4NOIIWJ/Oqenxqt6beoJPk16E=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rPVZVM%2B7Dj6kkV83clCHVQGF9QB9bsy5jUgM2xK9T%2FPGPFP4PK9OYYO0jYP9Yz%2FRaeTI%2Bh8eh29q4xgYkrrmBpEqX4Sr40YF54ItjhCrz5qEC0LjGsB5imEHw9%2BVcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
AKDehTmEfxax9Aj6Nihs9bsK58LvJm_P
cf-ray
69aff5223fb143b8-FRA
x-amz-cf-id
A9iFswBLPR0pBIytTqPoLBsjJEgVtnB-mfcDDCNJk2ySgE9U4IUWzQ==
inky-website-icon-svg-114.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-114.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fb2d2b4efd9725057d87e960115ff137596ca2a73723688cbf2bd502ee28bbe

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-114.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46596809483,FD-46529010872,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46596809483,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A3DYVH3P0DFJ5N8
etag
W/"62e790b1efd67e408640442d72fbec6d"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620311580570
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 afcdbc9d4d397c4a65e6b312552ff7ee.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
mb9vEUGozBQSA7zMa7LP81F1n7uonn7jF5qJUiJm5BU3sxvy1DX91iaE6qDlhJwktdFlXgUurI4=
last-modified
Thu, 06 May 2021 14:33:01 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fGIiJyWHkx1mAQhEX37dSz3nZoXZvOaeMHGtajeVET%2FyokdGKxbJXuk8YS%2Fna9HL8LTFXuY904rU8OqHns%2BbZnfIgA5EmvTail3EC54Ev5wM2Won6ci9uOECJ5Tr6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
oLjzqpVfYnXxTpOLHhUVTX0_cIZuCLgA
cf-ray
69aff5223fb343b8-FRA
x-amz-cf-id
1ny7m3hwjS5zW3CwluHKpmZusxO5jbWn5lwQRcKuY5B9-DyZ_8z2gg==
inky-website-icon-svg-70.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-70.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
07bb44e69b9e0b890be4eb145632dfaa5c4d48cee258a7ec484f4d607b1fd16e

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-70.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46546821265,FD-46529010872,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46546821265,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A36PAXRHRQGVXR9
etag
W/"51bef1c6bdb15a23ed362eb37f5dc0cf"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348380
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 2a3a093b493a82493f3431437cb166ad.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
6PMQ8U/NRXMuW8xl6E7ex7BunVTQpQeOj0dH6eeUKirwAYypuX975nl8SmFAEnhjuzZG/zjVsrs=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NokdiHi5xOaFeRiMw23wqTOV7BGWdu2n4VXuNTmEyurkDOnXHJUEU0Sbs6DHtPksXs0BCFw2rKHSPMpJe3%2BgsBUadNZ5j3AWJFurxyTrrY9Iwv8w3yeVe4mXFh8HGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
EQ__607cEGnz5chvT9urPgOXTTspwi.3
cf-ray
69aff5223fb543b8-FRA
x-amz-cf-id
cZd_8CJKBBO5i_5z1rKCSDloUOw0iNlldrHybV8fbQkRWzlDAMJozQ==
inky-website-icon-svg-95.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-95.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cf469052f011566187feab5b6d3b5ca0b409998eae4900cad2f0c5ee224f076

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-95.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46546806167,FD-46529010872,P-4660171,FLS-ALL
age
1163585
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46546806167,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A30C1YE4HFN9K23
etag
W/"7a25247a5c59d3b8be5c9573bc504e86"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348389
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
0dF+6gpAqHhMnJplwhYt0ALACtXqSypur4+YVedxGkXiYlucmziufuE037Vp3/3wEq5FG2hx5fY=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TyfiWBq1BZvGjs5Kgf%2Fhh%2FO3NyVRQBufwXEC1AQTicK5F6c49LLZ6vDJ9U5Qzel1MwjmJW3wHGqMMUUyd4NpM67fQYtKLkyWaFNWCt5W1FHgeCSNQ2dXUPSlKWnCcA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
IP8lCXjvnGxlglwYWdkBXjmp9bRl5mYs
cf-ray
69aff5223fb743b8-FRA
x-amz-cf-id
DUvoxLi9h456yuK0CQ7auRRUTdelflzXtOc2uoffQDZY5uifztG_LA==
inky-website-icon-svg-96.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-96.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
98c73c2f42dfd0656d5af03420c651c0d76bee43e0ca0f5ca391d47b02d8ef52

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-96.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46546821260,FD-46529010872,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46546821260,FD-46529010872,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
WAYWHFYV1CYQKSS7
etag
W/"1180ab7f1325440b12c98437f2b32888"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620246348225
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 b8fb5d47d5536b63dd25111404e6e2e4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
Vz9MZBoZXNupl7HsuzHCPbf8XeynL1vv8T5GHC1KhM6/2j0NtUPftbJPfPr6kXnLwqAwivnF5vY=
last-modified
Wed, 05 May 2021 20:25:49 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b3XHesDyvMztptcCcRRO60gBgyqXOX6dzMuchcnOlpB52SZUiYq0jdTn4aC5B4MnvkM6rRRB2rvKNgvNKpM8jHsqAiuKnY3mGhP%2BFRgDqEioKFo5v9TjSvccNNVlww%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
NO9Ijoulef1guw8tYOlrYpNcVsWlX8OH
cf-ray
69aff5223fb843b8-FRA
x-amz-cf-id
knywYNcBK1Vv-X-C_f3dswRACcM_I1Z7YwbrfnLSfk0CSQ_RD3qflg==
AdobeStock_173745162-1-2.jpeg
www.inky.com/hubfs/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/AdobeStock_173745162-1-2.jpeg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
771324ae4a560483891a9bd337355ce91d26930c2776ef0d962af9bbe88eb901

Request headers

:path
/hubfs/AdobeStock_173745162-1-2.jpeg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-46475507882,P-4660171,FLS-ALL
age
76320
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46475507882,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="AdobeStock_173745162-1-2.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
B483DVFVPN65BZHA
cf-bgj
imgq:85,h2pri
etag
"c6d3bc9c56e729f4ed5fb33d5ea9f37c"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620159242874
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 e59bea79ab5f15feda92136bc7b74159.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-P4
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=128659
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
50674
x-amz-id-2
R0Z2DwTWHckaytovgqzrZxYiTsuKyqpY7Z9HrhCiCxSzMZsOpcdyBXVjT2hMEgF0Nsx1cszGGA8=
last-modified
Tue, 04 May 2021 20:14:03 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FaQekka2PudpDA4oEHd1d78kMh2mcGEli8z4atoHvvxxa6iAv%2BB2MPErU9HEGFGVH%2FV09ybE3folspB%2Bvk2PbAIE0UDXDCh0d%2BkmXA%2BJx4KIq0qmHfFMfcfA0Confg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
Ng4s_BXAKlgYANl7wgsXLYNcchH5ht8q
accept-ranges
bytes
cf-ray
69aff5223fbb43b8-FRA
x-amz-cf-id
W-z5kVnnkolvCzoAwtZy4SROcrQUF1Zvbsp_tdfbA2CcOsQEjEazlA==
inky-website-icon-svg-3.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-3.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3415c691c1a67536e3e43d1a30a3834a06bb75049955f753ca3d71f480f9ca0a

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-3.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46529105946,FD-46529105695,P-4660171,FLS-ALL
age
282162
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46529105946,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
8CHYMFCD8CP5Z5Z2
etag
W/"69f54792a382bfea5dc508bd1346ae63"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182835
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 9eb0e845437929074828e0cf53f179af.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
tIBZLb9NGA+nCgkC/9LbIKYCDyrlh80nPhBVnGgLz6+QeS3jX8RhGvu3o7nLpdFNFUVo2H3UqzI=
last-modified
Wed, 05 May 2021 16:13:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R4jQQVjw8Dfu3R4FbDJHYM37B6h7n3PGxrGBlysEkqbSUGe%2B2tPqCbFhHDwxHQw2sSIGXE9rnot0MXDaJScCDL4qI0V9TkyitrAwtPAg%2FQT7ul10Oxyij6EhhFV4tg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
cT05zeL.8g6U14.nvYiPBmvBFMzJEQfS
cf-ray
69aff5223fbc43b8-FRA
x-amz-cf-id
ozCex7xSGFFlNVXfhAhtP4KhO3XzURgd12IhphJJbdxbyzr1Vjq_8g==
inky-website-icon-svg-53.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-53.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6015b373b314875501f079b119da04a7c88b6b244ce333da1f8320869741306

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-53.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46529000002,FD-46529105695,P-4660171,FLS-ALL
age
1163584
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46529000002,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
7A3FPHE06MAVAJN9
etag
W/"99d824af94cfd843b7f8a1fe43409ff8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182476
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA56-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
FgngOjL8owUs0urma059TgwJqUIWEQdADyW0n+TVrDdbtkGGYPrumXQ+0LAR5Qzhf0OMWyPF2uc=
last-modified
Wed, 05 May 2021 16:14:44 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AK5bytBH3iPoz6aCYQP7YGdEoMjxtwJeOgU3VI7D5%2BahjwQkNtdofxCFtVO9FQeaQGCH4Y0scYpJImrwhNzLryS6CRfj1EbuHC%2BM4k47UsHVKnvoXNzx%2Fx2J3iWy6g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
iRbloSk0w8oGxlxvkI6f5ZhvY49uDi2j
cf-ray
69aff5223fbe43b8-FRA
x-amz-cf-id
1NVWKUKmFnhK3w2XRbRyRH8uxNVT4a7im03zh41deOUPaWM9NfHumQ==
inky-website-icon-svg-24.svg
www.inky.com/hubfs/icons/Icons%20-%20SVG/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-24.svg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
855d465f9d66780e276e21a5fd3eb9284d9902936a5b6977df68f6a1117150dc

Request headers

:path
/hubfs/icons/Icons%20-%20SVG/inky-website-icon-svg-24.svg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-46529000012,FD-46529105695,P-4660171,FLS-ALL
age
1740742
x-amz-server-side-encryption
AES256
edge-cache-tag
F-46529000012,FD-46529105695,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
13Y1Z8680VGQA1AX
etag
W/"ef063ea6ae738175f1e832cd9a33ca4d"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1620231182833
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 5721f7035c3fc934bd3f96dbb04ba1e5.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
x-amz-id-2
mWDFiGel+1pU2sbS1MrLCt1WFbJnAWQ4KUJHKPI4/+a7RVnnubJPrVHKyXteIDp/4aQBHkeGhK8=
last-modified
Wed, 05 May 2021 16:13:56 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDnAeifydc7ZnQ4ZadgOQJcqCqmlXmHMkG55jLjxnrP4zCCXN1kzkeb2thmUW%2BqQ%2FwAcoRTV1S%2BmSXIf7cIAmM37e1NsyFK1X%2FCD%2BzNgFs0MNb1JFn418RfWn0ZmrA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
6I2tGtEELCDmmDKe5pxnLERO8VI3c2HL
cf-ray
69aff5223fbf43b8-FRA
x-amz-cf-id
bGDqlyfT2zmAVr_E0CZ85E3X7HyEUmsCkZz2K9Q6H-OJ7AfRneo47Q==
AdobeStock_115453550-2.jpeg
www.inky.com/hubfs/ 		87 KB
88 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hubfs/AdobeStock_115453550-2.jpeg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
934034b9549a94b4bd62cf878d4230b45c68553addac60e23cc5d104eddb80ff

Request headers

:path
/hubfs/AdobeStock_115453550-2.jpeg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-cache-tag
F-48699113564,P-4660171,FLS-ALL
age
70268
x-amz-server-side-encryption
AES256
edge-cache-tag
F-48699113564,P-4660171,FLS-ALL
x-edge-origin-shield-skipped
0
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="AdobeStock_115453550-2.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
x-amz-request-id
FMTYYKWMSVTCF1NC
cf-bgj
imgq:85,h2pri
etag
"270c1530384e8713cd4b6b3fab5e156f"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
x-amz-meta-created-unix-time-millis
1623423074373
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
FRA50-C1
x-hs-alternate-content-type
text/plain
cf-polished
qual=85, origFmt=jpeg, origSize=108861
x-cache
RefreshHit from cloudfront
x-amz-meta-index-tag
all
content-length
88900
x-amz-id-2
YRH9UgPw/FcP9jbR4naljnLhpYYmv4NmbqnJgn2RVfQDL/DqncJS1nxQG60WD4IzhWu29fsRK0o=
last-modified
Fri, 11 Jun 2021 14:51:15 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xb32%2FyYCK4gccVHj6dkDq7pbnb2eQdkBBc7YJH025DKgaVu7Zu5BOtaY8o1KgHOjGmpSt5siU%2FsYfpMdTMp2MnVzTb71zVaZyx0iQslz59ImIfD%2FtXUG6%2BIFKTMH6A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
eZVIJt0128sv9R60Y6stw52NEdh79CKm
accept-ranges
bytes
cf-ray
69aff5223fc043b8-FRA
x-amz-cf-id
V697q9IcGrc0lcHavVvCOpuTVeDvC5h3JfxVXJjb4l4_bY3-9lK1Ww==
mjfw_main.js
www.inky.com/hs-fs/hub/4660171/hub_generated/template_assets/14051612624/1617898323263/Custom/page/mjfw/ 		96 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs-fs/hub/4660171/hub_generated/template_assets/14051612624/1617898323263/Custom/page/mjfw/mjfw_main.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
aafaa364e16ceee3bb02ae00305751a0a2600e60ce130ff3b1b2b28949a2dd8f

Request headers

:path
/hs-fs/hub/4660171/hub_generated/template_assets/14051612624/1617898323263/Custom/page/mjfw/mjfw_main.js
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-amz-meta-created-unix-time-millis
1617898323265
date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 6f35734da951dcb591462352ba037615.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2338
x-hs-alternate-content-type
text/plain
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 11
content-encoding
br
x-amz-request-id
NCJBSPZZX0CXP360
x-amz-id-2
HKQRenL/8jhgql70FVSpr2ULvNs79ohqX04BKVVxoAVJYZovwXbUMe7R/Lfk9XIc+1qO0v7eOnI=
last-modified
Thu, 08 Apr 2021 16:12:04 GMT
server
cloudflare
etag
W/"3bfd6747d08a886cbd30b05b087a7f57"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LSxtZr8DPqVxCT3gr3DUDPIEjtabDfuZ5Me1gJGb%2B1V%2BSEsaYVtolpWOwiCkKysmTAWW%2BLwKFF0aPZ8HzFX7bn%2Bj4V5RkQtYU%2Fj%2Ff2q0zAnQsniaBCPWUij9PSWWew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
7_voqS88Iao6u7PwUYqy5yD94bWhhmGa
x-amz-cf-pop
IAD66-C1
cf-ray
69aff521dea443b8-FRA
x-amz-cf-id
biWNeKODF0S9tj5cBD_pJHD2AFPTlzwcF4-NI_AahMijHJQP5Qf_WA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 11
4660171.js
www.inky.com/hs/scriptloader/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/hs/scriptloader/4660171.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
936f533627a8fd4e977ff14c8a3b98ee0c45569c6dbf62efb8bd8c37be46b5bd

Request headers

:path
/hs/scriptloader/4660171.js
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
9c771344-e906-409c-b218-a00c59dda7b7
server
cloudflare
x-trace
2BC33D286A08295D1F514C6ED58328820D9D807754000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lDXdl2LiZtPQOgOtdW8NWUlw02x37NEPG2x6abjLU65vDrrm6ikm0oJ9frZr2VX1NgW0XheFDfPuEC0I%2BZP2Jzc2idoGVW3zD3OjTnBpma2XATP9J366FCMYECy2dQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
69aff5223fc143b8-FRA
expires
Fri, 08 Oct 2021 14:12:17 GMT
css
fonts.googleapis.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:300,400,400i,700,900,900i&display=swap
Requested by
Host: www.inky.com
URL: https://www.inky.com/hs-fs/hub/4660171/hub_generated/template_assets/14049870587/1630090673182/Custom/page/mjfw/mjfw_styles.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.212.138 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s21-in-f138.1e100.net
Software
ESF /
Resource Hash
4b31dcd977f937aa7d0eef858a30208d41a0279dd35c25db4d1e795fed1ffdf2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/hs-fs/hub/4660171/hub_generated/template_assets/14049870587/1630090673182/Custom/page/mjfw/mjfw_styles.min.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 08 Oct 2021 14:11:17 GMT
server
ESF
date
Fri, 08 Oct 2021 14:11:17 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires
Fri, 08 Oct 2021 14:11:17 GMT
gtm.js
www.googletagmanager.com/ 		168 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W38C9T5
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
c2b0064ce70f717881e78e0a4cac9cf832347ee7650f4fe5ea32a120b97196df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60660
x-xss-protection
0
last-modified
Fri, 08 Oct 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 08 Oct 2021 14:11:17 GMT
gtm.js
www.googletagmanager.com/ 		176 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TG5VWM7
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
39680ab02e737649e76a8a0ec7c6231c652b2e691f9516b2022e637fa3ea45f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62964
x-xss-protection
0
last-modified
Fri, 08 Oct 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 08 Oct 2021 14:11:17 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,400i,700,900,900i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.inky.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 05 Oct 2021 04:13:08 GMT
x-content-type-options
nosniff
age
295089
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22992
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:57 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Oct 2022 04:13:08 GMT
S6u9w4BMUTPHh50XSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh50XSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,400i,700,900,900i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.inky.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 02 Oct 2021 16:36:33 GMT
x-content-type-options
nosniff
age
509684
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22572
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:56 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sun, 02 Oct 2022 16:36:33 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,400i,700,900,900i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.inky.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 06:39:46 GMT
x-content-type-options
nosniff
age
459091
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23484
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:19:01 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 03 Oct 2022 06:39:46 GMT
S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh7USSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,400,400i,700,900,900i&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.inky.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sun, 03 Oct 2021 15:49:32 GMT
x-content-type-options
nosniff
age
426105
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23248
x-xss-protection
0
last-modified
Tue, 10 Aug 2021 00:18:53 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 03 Oct 2022 15:49:32 GMT
01_whois_phishing_email.png
www.inky.com/hs-fs/hubfs/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/01_whois_phishing_email.png?width=572&name=01_whois_phishing_email.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
46659a98dbbff29b3caf14cdfc48b2192b10b652be2a1f7d19cc264156861060

Request headers

:path
/hs-fs/hubfs/01_whois_phishing_email.png?width=572&name=01_whois_phishing_email.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 ef6762d67d012a06d2761f42352c9e53.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=34708
edge-cache-tag
F-54738361381,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="01_whois_phishing_email.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
27498
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:40 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"be7dcb271b845bde0c3261ee79ab0ca2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sGSwi0CXc6jEZ3ECgcLmZR2zkWy0BfJM%2BESIrxx%2FWgRQxo2kQpgMc1jTGJFm0H3k2W91Rj59AAMeBBrd2KMlZaH%2BeuUwE9I4ZNrOCI0aS1Jv3UeK4z%2F85Lh3ZmBD1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522886c43b8-FRA
x-amz-cf-id
zPUeLuFekKannMcBzpPjgUsjZW8-ql7TrDCPHGlV2ugYUb5PG8nSCA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
02_DOT_phishing_email.png
www.inky.com/hs-fs/hubfs/ 		24 KB
24 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/02_DOT_phishing_email.png?width=583&name=02_DOT_phishing_email.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
10dcf8d83bb21b94367c1e8556c7790dacf0207e6c75c21736f90b9596e9e2b0

Request headers

:path
/hs-fs/hubfs/02_DOT_phishing_email.png?width=583&name=02_DOT_phishing_email.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 2ad0cde89ab58d454177893ae4447f50.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=54819
edge-cache-tag
F-54740181004,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="02_DOT_phishing_email.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
24510
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:46 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"ae10cc8e03b5ab116fee11c149e7efa4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gzgc8vxmHrRpcEUJyZynGmAI4kTcSSz7I4E2rGn5Vs5lqpwfkn5UiTadXxYwxYOQ4kxpMSgVsNSlpcUyZerFpivj5vslQz6nn8ln4pfK0sqQoh8jIt5Fvfuhjo3jQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522886e43b8-FRA
x-amz-cf-id
RA2Elki6y5jBJQWDXTESZNmQvK0RUBQG0u05HZwe8pw4RqvTIBHQ8w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
03_whois_akjackpot_site.png
www.inky.com/hs-fs/hubfs/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/03_whois_akjackpot_site.png?width=578&name=03_whois_akjackpot_site.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e5488ce329a7175e745579f61343e9ede8b574e081ceaa34220893700aca624

Request headers

:path
/hs-fs/hubfs/03_whois_akjackpot_site.png?width=578&name=03_whois_akjackpot_site.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 6b7e1e42d74fd61097787cc6c1a37c35.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=27991
edge-cache-tag
F-54741655084,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="03_whois_akjackpot_site.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
21750
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:44 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"e6cb93a0841e715a33668979f4a9eca0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RxvS9oaorRD9EEp%2BfMLsYKvEzrXEISea9qn0OwgOwTuIvEbzpLU3FqRGEWZIrvQDuSe1iCr0wX3tHKrRqtflBBTT36mk6lAxFtujvjQ6IZXfj%2BepZeG0aYK35JubEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522887043b8-FRA
x-amz-cf-id
33Toq9A5GoJzlnfZUF4zyAQ7kB7DoJxNX3qoatoN_4uBcjfDWuKj_w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
04_dot_instructions%20copy.jpg
www.inky.com/hs-fs/hubfs/ 		141 KB
142 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/04_dot_instructions%20copy.jpg?width=577&name=04_dot_instructions%20copy.jpg
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ff8942b1c4c45a0f3bb104333da4c0d7dac507344aa7e7572bccd3e615a5f2f

Request headers

:path
/hs-fs/hubfs/04_dot_instructions%20copy.jpg?width=577&name=04_dot_instructions%20copy.jpg
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 5195de19cbc5ce842ac6538e9a6850cb.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
qual=85, origFmt=jpeg, origSize=189149
edge-cache-tag
F-54741655134,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="04_dot_instructions%20copy.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
144464
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:41 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"f07235377a932df3d23fac110039dec2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SM%2FlRxu3ZRloZd33xtgjlScIVt4bmkovvjhmSOaptV9JlJtlt2IHYZL%2BC25Em1htktNZqhM%2F5RHeHvEPIPSXRMZHZPc0abvLrQzfvFZfvIUpw6mWN9wF%2F7oelNrSyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522987443b8-FRA
x-amz-cf-id
OcFW6ZMO0Tkt9_IXlQABToWMEdN_GhLPrYq1nchY366TOizjLRoQ_A==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
05_whois_contact_mike.png
www.inky.com/hs-fs/hubfs/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/05_whois_contact_mike.png?width=571&name=05_whois_contact_mike.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c294f338b0418f3ef73876b50ff88fa6d1ddd318371e1c3c1ea5820dda0c4a1

Request headers

:path
/hs-fs/hubfs/05_whois_contact_mike.png?width=571&name=05_whois_contact_mike.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 1448f69604d5be1f9c9f0c64cfa90595.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=32290
edge-cache-tag
F-54740950401,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="05_whois_contact_mike.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
25378
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:41 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"27ee1fcf3746838fd595077809290d65"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4W%2FyU%2BbHToa0qBHPdjFAeR2hrg97owCGAkofNL3a3E%2BSEC5LxDRAC%2BFPa%2Fermz3Ya%2Fe7MpJLp8JMXQQ2XpECs7KhwyaOlSLBEP%2BYZNkI4KvRIIAy98jBUupFMyor2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522987543b8-FRA
x-amz-cf-id
YBSbmkziNdOWxqQRKH8L7CTgwmuas1JWqgOkxuwfnQoeuM7LlUZQPQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
06_doft_phishing_site.png
www.inky.com/hs-fs/hubfs/ 		136 KB
137 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/06_doft_phishing_site.png?width=573&name=06_doft_phishing_site.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
95fe2bfdec1ef05cff889bf30ed6fa79eb495b42354b7fab306d121e3af5804d

Request headers

:path
/hs-fs/hubfs/06_doft_phishing_site.png?width=573&name=06_doft_phishing_site.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 936f33bed45438343f0ef2adff442815.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=214458
edge-cache-tag
F-54740950434,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="06_doft_phishing_site.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
139224
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:42 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"03df08714569296f2d8c88459fb0ca87"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVLg0ytLqrGZwHaOpTi3A9aiFAXh44OUrXy1ihdCQ0T%2FQZHvKejwcY%2B%2BpvJ1u5ENI9wx%2Bca8DsP7nPpEcqY8sDBs%2FdPozHeqjasz6pQa8SozqvDtAybpUV86ybDEog%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522987643b8-FRA
x-amz-cf-id
MTA753aoHM0h8daJmVj-PgRyekJIcbPzMog68rp-qTvjK1ccg213-w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
07_phishing_site_dot.png
www.inky.com/hs-fs/hubfs/ 		113 KB
114 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/07_phishing_site_dot.png?width=574&name=07_phishing_site_dot.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
51628a2242a71fb512568853a2047ede1e68d28e947e0bb87073414214fc192d

Request headers

:path
/hs-fs/hubfs/07_phishing_site_dot.png?width=574&name=07_phishing_site_dot.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 7a99ed3f39c18af8fe138a695e5f657d.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=182136
edge-cache-tag
F-54740879006,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="07_phishing_site_dot.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
115438
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:43 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"9e68f13d94d7ed04f120b79b2bdf72a8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2K74KA75ETodHndHDgphEmGNUWzvCjBOfzltndeVO%2F8%2FoHDl%2FgY5WjAf1WiqBsfyBmPDWmOLkrDhrTHBJ3hak9UTEEbqyIf1uibOlHCTzzN1dw8Fsku4y1tDmkCSkw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522987943b8-FRA
x-amz-cf-id
33fsDEErfBZ2g3vU2tMZWzGOZ3BlODBF8WWGVP-WTNp6C6nbpjp27g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
08_credential_harvesting_form.png
www.inky.com/hs-fs/hubfs/ 		102 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/08_credential_harvesting_form.png?width=578&name=08_credential_harvesting_form.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a628ce53bf6868d0d084ac3b7143b7410d7361b5b741bcb5aa4b2d14760f6877

Request headers

:path
/hs-fs/hubfs/08_credential_harvesting_form.png?width=578&name=08_credential_harvesting_form.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 0fbab52df0695e2a561cd26eb7f9484d.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=169008
edge-cache-tag
F-54740181390,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="08_credential_harvesting_form.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
104662
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:41 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"071c0d376a7c45478f605b110be22b2a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngFOH5baZ80tF07JM5Ugm%2BpTMFDhr9uIt4vjXGHRYBChe9xwyDS%2BRAtMpF%2BIZhJUbANDdQ5FWC6wABqwDMwLA7o4TB3fCrW%2BstQO%2BvgIiuKp5Lb0lT6dCmMFnVd7Sw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522987a43b8-FRA
x-amz-cf-id
3FVpv-3sETlX5Pq9bMQZlAvVKNSRCfs_OgFXf65VmfiUPXCFePo0bw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
09_ReCAPTCHA%20.png
www.inky.com/hs-fs/hubfs/ 		73 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/09_ReCAPTCHA%20.png?width=578&name=09_ReCAPTCHA%20.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1aca2fbcbb37a595532e449e6ecfe07ada9a85a6446da9fdca067f75b8c3f91

Request headers

:path
/hs-fs/hubfs/09_ReCAPTCHA%20.png?width=578&name=09_ReCAPTCHA%20.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 2ad0cde89ab58d454177893ae4447f50.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=131788
edge-cache-tag
F-54741655424,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="09_ReCAPTCHA%20.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
74794
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:40 GMT
server
cloudflare
x-cache
Miss from cloudfront
etag
"ec698cc390eea1296db88a82f6bbe134"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4PdEJROyXJP7ziZwX%2FPPV0O0bBRziX%2BhD46PemkhY7xqGO2%2BONEXffMeE98xJ2cITBVP2I269%2FotXT4UXI3spPvgZwewAV06xMed%2B9AH5B%2BhsmlhWMixnxJOvGnsQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522987b43b8-FRA
x-amz-cf-id
6wKEFQ8y6pqzfjwqxqteiYeZP88xgvXU_BMFm6Jks9PCWZghFEggPQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
10_error.png
www.inky.com/hs-fs/hubfs/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/10_error.png?width=573&name=10_error.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
706b682de3b146cb553c5873e127b951393fe17d72e2833ff04c35f09cad0c84

Request headers

:path
/hs-fs/hubfs/10_error.png?width=573&name=10_error.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 0fbab52df0695e2a561cd26eb7f9484d.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=129783
edge-cache-tag
F-54740181554,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="10_error.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
73652
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:40 GMT
server
cloudflare
x-cache
Miss from cloudfront
etag
"8aea736e682c28e8746ac8c01f329cd9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=75pdUYw2BrJKF8Jx1SKwUgmfjkBcdKpBHXEMObMHwAWp7OqbBUsdQWEMFKd6OcD79X0b3gC0E%2BTHLkOwrNKjoCx%2BuyeQ3ZGygP8z%2FcoNKV7b1Iq88bMPugMA9c79Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522987c43b8-FRA
x-amz-cf-id
USise362LG3uXBaWhf6AzGVEcFhYoSeemTb8WqKHNlMnqFDP2ABfTQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
11_real_dot_site.png
www.inky.com/hs-fs/hubfs/ 		171 KB
172 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.inky.com/hs-fs/hubfs/11_real_dot_site.png?width=576&name=11_real_dot_site.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
32ea30c5d4a13adccdb96eae3db7d8f03b226ee322e7a60a9f303194c68e2381

Request headers

:path
/hs-fs/hubfs/11_real_dot_site.png?width=576&name=11_real_dot_site.png
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 ef6762d67d012a06d2761f42352c9e53.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
284
cf-polished
origFmt=png, origSize=263916
edge-cache-tag
F-54740879360,P-4660171,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="11_real_dot_site.webp"
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 12
content-length
174788
x-amz-server-side-encryption
AES256
last-modified
Tue, 28 Sep 2021 20:51:45 GMT
server
cloudflare
x-cache
RefreshHit from cloudfront
etag
"c52c12f3ca7b2ebfe1e540fb9265a67b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=151APhPROA1gGZQjfO660%2F%2F3m7sXijmfSoFWdOi25qQ18I1DyxzB4gQ23%2BmUjP4%2FOlH84KpoKcVxNo9aZgVrS4ptQbcLjXhOzXfX3jUZiQVOUiMRlN0EZ1ImwAYyDg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
cf-bgj
imgq:85,h2pri
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
access-control-allow-credentials
false
x-amz-cf-pop
IAD89-C1
accept-ranges
bytes
cf-ray
69aff522988043b8-FRA
x-amz-cf-id
FWtWQKAyPbHFf8ylOGrKEiRDkq-BK8OW2COiNqx1M2tjqQPuzi8rtg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 12
b4cfb89a-2056-4f97-8bc0-402eb66e1434
www.inky.com/_hcms/forms//embed/v3/form/4660171/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/_hcms/forms//embed/v3/form/4660171/b4cfb89a-2056-4f97-8bc0-402eb66e1434?callback=hs_reqwest_0&hutk=
Requested by
Host: www.inky.com
URL: https://www.inky.com/_hcms/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
869fa98355097369ac7f0b1b93197bb6faeea82981566db90dd9c52b2ebde7d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:path
/_hcms/forms//embed/v3/form/4660171/b4cfb89a-2056-4f97-8bc0-402eb66e1434?callback=hs_reqwest_0&hutk=
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
ec7b2858-fc7d-4009-ab11-57095ff03028
cf-ray
69aff522c8f143b8-FRA
content-disposition
attachment; filename=no-rfd.txt
vary
Accept-Encoding
server
cloudflare
x-trace
2B334177146EC9352EE329A956F67CEEF897E958C0000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISEMKwC5AtCf0i5Ld4T9qd6aP3c2idkUe0Ss6UrOdGl4IVB8b66wblXEIc3kDjPefxCeiTgkfth0F%2Ff3il7yfZsSCJe3YHPP4Rg0NV9b2K%2Fpb%2Fwdde7UJVXu23AL3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
all.js
connect.facebook.net/en_GB/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.20.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-frt3.fbcdn.net
Software
/
Resource Hash
5761df100e8b9f3e5f2ab9dc11113a243196b7942a9e2b67bfb9e89b459c15f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
5ZyIeaiA0sfR0uEccagbZw==
cross-origin-resource-policy
cross-origin
expires
Fri, 08 Oct 2021 14:19:36 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
1685
x-fb-rlafr
0
x-fb-debug
1TnByayJJ7XiYVB5MSzPbkbw8cGHts/kIUSkRH1OhaZl/RlZmb7Qt0Z2VFyaRvcQ0aCbuYheLhj9GTaJxM0x7A==
x-fb-trip-id
686109401
x-fb-content-md5
bc2709203f7f92406ef32788648d1f1b
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Fri, 08 Oct 2021 14:11:17 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"46b03afd50593b27d9a4c22d5e2d09c8"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
widgets.js
platform.twitter.com/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67DF) /
Resource Hash
cfd3099998b0c37ace8024cbd802160585ba9be1c0047fefc172035184f074df

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 14:11:17 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Age
835
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length
28869
x-tw-cdn
VZ
Last-Modified
Thu, 30 Sep 2021 19:09:26 GMT
Server
ECS (frb/67DF)
Etag
"f9ab884058c9d8de47075baa622f0e7e+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
fa-brands-400.woff2
use.fontawesome.com/releases/v5.8.1/webfonts/ 		73 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.8.1/webfonts/fa-brands-400.woff2
Requested by
Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.8.1/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.78.7 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc64d7192f84497cacad5c10aef682562c24aa6124270f85fe247e223607f3ed

Request headers

Referer
https://use.fontawesome.com/releases/v5.8.1/css/all.css
Origin
https://www.inky.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
access-control-allow-methods
GET
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1294906
cf-ray
69aff5231957278c-PRG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
74768
x-amz-id-2
9l3JAilsrMUIuoC96Q015mZPvRq3k4EQrQyHB+CsJ6My45wQgWmte4QF2ECcbXa10RGgpy+ZLw4=
last-modified
Wed, 30 Jun 2021 15:46:59 GMT
server
cloudflare
etag
"5e2f92123d241cabecf0b289b9b08d4a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5xnH38tw05BjlcTryq3qfNehOiHR7U5kxPALrMENhP33NxYZRnEwptLATXGU4hRcNLzq7R7iyHlSw8lFNz8a5lvovDVMN9bd634cTHvJTM4OVm4aWvMLk%2BnB6U0oKWWL8HvAMT6"}],"group":"cf-nel","max_age":604800}
x-amz-request-id
BQZXR60RA0KGZ847
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
content-type
font/woff2
postlisting
www.inky.com/_hcms/ 		2 KB
987 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/_hcms/postlisting?blogId=5913297540&maxLinks=5&listingType=recent&orderByViews=false&hs-expires=1665237992&hs-version=2&hs-signature=AJ2IBuEiibrUEQKeHmMeJ5tPpRO4L3Tncw&currentUrl=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650
Requested by
Host: www.inky.com
URL: https://www.inky.com/hs/hsstatic/AsyncSupport/static-1.94/js/post_listing_asset.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e46a063657d2eaccc67935453d50b61efede7263118a5d50ef5cca449fefe8fc

Request headers

:path
/_hcms/postlisting?blogId=5913297540&maxLinks=5&listingType=recent&orderByViews=false&hs-expires=1665237992&hs-version=2&hs-signature=AJ2IBuEiibrUEQKeHmMeJ5tPpRO4L3Tncw&currentUrl=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650
pragma
no-cache
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
empty
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

cf-ray
69aff52349e943b8-FRA
date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
284
x-trace
2BCF5DD75209B82954852B66E1A2D1AA29B2171A9A000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KZjHO%2BMmich2ztcG67FTretxdjaDPu9IDsJocJEhYK2bT0tEImY9Xilw8VUbjNexOX6whsN0XSVT8fjU9VORYPQMoGVUTmP8TuQMcssFWf9CsLM7uhmwSIouwC2PyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-credentials
false
x-robots-tag
none
x-hubspot-correlation-id
35208667-0f9f-4f70-adf6-e39cefe09f18
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
770 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=4660171&callback=jsonpHandler
Requested by
Host: www.inky.com
URL: https://www.inky.com/hs/hsstatic/HubspotToolsMenu/static-1.109/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-hs-worker-debug-mode
false
server
cloudflare
x-hubspot-correlation-id
a48d93f0-6fb8-4233-8468-9a595ecc9e2d
x-trace
2BDF4215412B3DB5632419187E7C33A8EB4C40A78C000000000000000000
date
Fri, 08 Oct 2021 14:11:17 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
cf-cache-status
DYNAMIC
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
cache-control
max-age=0
access-control-allow-credentials
true
cf-ray
69aff5236d330605-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W38C9T5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.74.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
611
date
Fri, 08 Oct 2021 14:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Fri, 08 Oct 2021 16:01:06 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W38C9T5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
c7395cb3e42311d894b6f20d9877912ec71e9d81c63a1292455923588c6e803b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14394
x-xss-protection
0
server
cafe
etag
14335902481360483811
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 08 Oct 2021 14:11:17 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W38C9T5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2.16.186.10 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-186-10.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 14:11:17 GMT
Content-Encoding
gzip
Last-Modified
Wed, 29 Sep 2021 19:17:49 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=17720
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2036
2077.js
script.crazyegg.com/pages/scripts/0089/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/scripts/0089/2077.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W38C9T5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7da6db022fcbf3b2ca0a4d7e9118c6c94d76e42ac67a5a258621197e5988f074

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
cf-cache-status
HIT
age
6850
cf-polished
origSize=4899
cf-ray
69aff523d9d36949-FRA
ce-version
11.1.351
last-modified
Fri, 08 Oct 2021 12:17:07 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-bgj
minify
js
www.googletagmanager.com/gtag/ 		97 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-829684701
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W38C9T5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
ca07e3ffc6f3f2165defc67c685ec32f1fcaaa7b470754bf20d8db39404979f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39534
x-xss-protection
0
last-modified
Fri, 08 Oct 2021 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 08 Oct 2021 14:11:17 GMT
swap.js
cdn.callrail.com/companies/158776647/7d663d46157b46d8af9a/12/ 		32 B
312 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.callrail.com/companies/158776647/7d663d46157b46d8af9a/12/swap.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W38C9T5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.168.195.200 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-168-195-200.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

x-runtime
0.007627
date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
etag
W/"d18beba8a6db32dd84b24258cf6542ac"
content-type
text/javascript; charset=utf-8
status
200 OK
cache-control
max-age=3600, public
timing-allow-origin
*
x-request-id
3bbea2a7-2675-4df6-8710-e29e992563f6
events.js
tags.srv.stackadapt.com/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/events.js
Requested by
Host: d11dxp04.na1.hubspotlinks.com
URL: https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7hRDrKW6BWQc81NcjGnW5KkBlh8mJKQjW4Ys2hY8Sps3wW4RQKZ14rF7ryW8bR9q86XCNMMW8CLS7B63qpzfW17rBjC66GQDYW4bSxPB65-CyvW61RhWs4mPTShVD-q-H2VrfWtN7y_vPldLs_T31Qw1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.38.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-223-38-51.compute-1.amazonaws.com
Software
/
Resource Hash
9d3e33f1ac41519286a88b590c98f3d942b1b66c45876e0360661739d106c5f0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 08 Oct 2021 14:11:18 GMT
Content-Encoding
gzip
Cache-Control
max-age=30
Content-Length
4441
Connection
keep-alive
Content-Type
text/javascript
tracking.js
trk.techtarget.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: d11dxp04.na1.hubspotlinks.com
URL: https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7hRDrKW6BWQc81NcjGnW5KkBlh8mJKQjW4Ys2hY8Sps3wW4RQKZ14rF7ryW8bR9q86XCNMMW8CLS7B63qpzfW17rBjC66GQDYW4bSxPB65-CyvW61RhWs4mPTShVD-q-H2VrfWtN7y_vPldLs_T31Qw1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.1.92 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 30 Sep 2021 16:16:59 GMT
server
cloudflare
age
370
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
expires
Fri, 08 Oct 2021 14:15:07 GMT
cache-control
max-age=1200
cf-ray
69aff52418225b8c-FRA
cf-bgj
minify
roundtrip.js
s.adroll.com/j/ 		45 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W38C9T5
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
00a838051c95fd70f609e56b14160f3b11f9cc925ebf863b6b6d05aa05f18410

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

X-Amz-Version-Id
9NNHadHlPAJi_ZEEDzqWdczclsfujfUk
Content-Encoding
gzip
Etag
W/"42b7053581646365ea5fe1cf37686183"
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Access-Control-Max-Age
600
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Thu, 30 Sep 2021 23:17:42 GMT
Server
AmazonS3
Date
Fri, 08 Oct 2021 13:41:34 GMT
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Via
1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
hjopndsxGVG1g25rBm7UgrBQq6MS2Z8C6YD3-nku_fqplQvDD8mgdw==
d57d941c56ae95b874e95340beb17c30.js
cdns.canddi.com/p/ 		0
418 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdns.canddi.com/p/d57d941c56ae95b874e95340beb17c30.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TG5VWM7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.139.243.18 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
last-modified
Fri, 08 Oct 2021 13:55:38 GMT
server
nginx
vary
Accept-Encoding, Accept
x-cache
HIT
p3p
policyref="https://www.canddi.com/w3c/p3p.xml", CP="ADMa PSAa PSDa IVAo IVDo CONi TELi OUR IND DSP ALL COR"
cache-control
max-age=1800, public
x-server
dashboard-api-nginx-deployment-7f5f6ff754-qnsrm
strict-transport-security
max-age=15724800
accept-ranges
bytes
content-type
application/javascript
content-length
20
expires
Fri, 08 Oct 2021 14:25:38 GMT
cnv.js
assets.convertiv.com/sp/2.14.0/ 		98 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.convertiv.com/sp/2.14.0/cnv.js
Requested by
Host: d11dxp04.na1.hubspotlinks.com
URL: https://d11dxp04.na1.hubspotlinks.com/Btc/2M+113/d11DXp04/VWHr7B16SgN_W64JgLZ3bRx3zW78L4Hk4ypPj1N48YKbt3pl2yV1-WJV7CgTDDN20G_tFGx58HW2dh3jW8Vh_4SW6JmVyH5yHm2tW2mx5XG3R7dCNW2hhQzN12V6KnW2pLn4Q2mYByXVy_YR63KZkwtN72tND8NdlmvW10CrSn85FBnmW15dgGJ3mSj0yW70pN2c7hRDrKW6BWQc81NcjGnW5KkBlh8mJKQjW4Ys2hY8Sps3wW4RQKZ14rF7ryW8bR9q86XCNMMW8CLS7B63qpzfW17rBjC66GQDYW4bSxPB65-CyvW61RhWs4mPTShVD-q-H2VrfWtN7y_vPldLs_T31Qw1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
50cf303cfaa020fcbedd6ad1bf045a008cbb88dfc792f731f07235dd1ca13599

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 05:48:45 GMT
content-encoding
gzip
last-modified
Wed, 04 Mar 2020 07:48:52 GMT
server
AmazonS3
age
30153
etag
W/"8dba669b94e3865c9205ef8fd15ee4d1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
via
1.1 ab985bb6f3435d42701015dfa6015878.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
FIbTLoqYry0-4WXE1XM_N-ioSQAWI0qTNBAGk8D8L9jTaNaKZj0oSw==
md5.js
cdnjs.cloudflare.com/ajax/libs/blueimp-md5/2.16.0/js/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/blueimp-md5/2.16.0/js/md5.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TG5VWM7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f14f0efb563db7b23efaf394339a78bced6fd5ba649f049961a65476d928af5
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
74079
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
2546
timing-allow-origin
*
last-modified
Thu, 14 May 2020 01:29:21 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5ebc9ef1-2d27"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gsJtgb9%2BVnL9In3rubXL6rg0YPWTK3sVYsINQA98XlIAaj8hA%2BJhheRqySSLgMq0n2EUEHIPXrYxyRPWK8CPEpD%2Bpv1cY1Ht8Ed8PqZ970gdHxqUMLqgD93DeZueuOF2921JuCYo"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
69aff5242fba4ea3-FRA
expires
Wed, 28 Sep 2022 14:11:17 GMT
4660171.js
js.hs-banner.com/ 		61 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/4660171.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/hs/scriptloader/4660171.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.21.191 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18b4683501d54b788044d8887ab17cd96224cf707cd60dfec0d1b41b16a834ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
cf-cache-status
HIT
age
283
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-request-id
J67HQ706DE0VF4HJ
x-amz-id-2
GlooaWWoq2WSMriocTsazHlqcuInqkUWGSn2TdFn5NhPyIZusOK7SDdzdBPKBe6VFdm0Unjv+fM=
timing-allow-origin
*
last-modified
Fri, 03 Sep 2021 20:02:04 GMT
server
cloudflare
etag
W/"59049764dc6c34d99f32ce169ffba170"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
S14_ol5hOtm0gH9JmcOqsWj.NSHDCbfl
access-control-allow-origin
https://www.inky.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
69aff5243bea6997-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Fri, 08 Oct 2021 14:11:34 GMT
4660171.js
js.hs-analytics.net/analytics/1633702200000/ 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1633702200000/4660171.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/hs/scriptloader/4660171.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.69.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
409a96e192a73fcc1dfb6e207569844ba62d6d881c703e7652309af14cb66b42

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
F66E5B97JS14KS4H
x-amz-server-side-encryption
AES256
cf-ray
69aff5244ce12b16-FRA
x-amz-id-2
sN+tUBaSKSP/yLhdmX8JBB0B9Vyxq6phRMu2bluLmiEWGczTS3dchml6LDqjouEUBed7VXvYQtI=
last-modified
Mon, 19 Jul 2021 14:58:33 GMT
server
cloudflare
etag
W/"a1a0a0643e403cb9ef550143ca3a3250"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Fri, 08 Oct 2021 14:16:17 GMT
collectedforms.js
js.hscollectedforms.net/ 		81 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/hs/scriptloader/4660171.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.128.171 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0e8f49ce2aa1c4720cc187c184c8d800182aea43645aa3193c0614703d0c8f4

Request headers

Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Origin
https://www.inky.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
via
1.1 e89d95d090c0c86ecc7b8930e434625d.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
69664
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=collected-forms-embed-js/static-1.247/bundles/project.js&cfRay=69a95057794cdfbf-IAD
x-cache
RefreshHit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
69aff52448984eb6-FRA
last-modified
Tue, 28 Sep 2021 10:08:32 UTC
server
cloudflare
etag
W/"a5dc58d02593ddd2c3c6bbe2230fc074"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
s1CYAXlTSydz_cSjotzU3Em8FOsfSJIb
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
x-amz-cf-pop
IAD89-C3
content-type
application/javascript; charset=utf-8
x-amz-cf-id
gYolixfpflNxlsS_T5_w9LhHvFOnUyk85giuQaqsc3Bz7H-pmQEBJw==
x-hs-target-asset
collected-forms-embed-js/static-1.247/bundles/project.js
all.js
connect.facebook.net/en_GB/ 		270 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_GB/all.js?hash=1a4b4acf6ab0cd9a144a1f3a3e9c9478
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.20.19 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-frt3.fbcdn.net
Software
/
Resource Hash
e1b6f437256d0d7846227e789f9594612a89bcb9b8fb2d1979ce97de038950d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Origin
https://www.inky.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
iRjwXcLV4vIAc1ZZch6u7g==
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
77592
x-fb-rlafr
0
x-fb-debug
DaWdauUyARSJioKzE/YiN9su1Dhe9pFACFImMdULLN1omhTvw4rZoEHPpnYz1w6GhGh3uBkG4wC3KZEfNgH/9g==
x-fb-content-md5
4957900228221b14d3f82cfbd09b73d1
x-frame-options
DENY
date
Fri, 08 Oct 2021 14:11:17 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"1e6534d9e9aa1fcfd67e1ad147b9e74a"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 08 Oct 2022 13:59:37 GMT
widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html
platform.twitter.com/widgets/ Frame 3904 		319 KB
103 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html?origin=https%3A%2F%2Fwww.inky.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BE) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
322215
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 08 Oct 2021 14:11:17 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Thu, 30 Sep 2021 18:56:47 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67BE)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105433
collect
www.google-analytics.com/j/ 		2 B
22 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=1758028621&t=pageview&_s=1&dl=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&ul=en-us&de=UTF-8&dt=Attackers%20Impersonate%20U.S.%20Department%20of%20Transportation%20to%20Harvest%20Microsoft%20Credentials&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACEABBAAAAC~&jid=224699613&gjid=904636832&cid=1166997391.1633702278&tid=UA-91768532-1&_gid=200808065.1633702278&_r=1&gtm=2wga60W38C9T5&z=179448665
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.74.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s02-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 14:11:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.inky.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1303356&time=1633702277811&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-cr...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1303356%26time%3D1633702277811%26url%3Dhttps%253A%252F%252Fwww.inky.com%252Fblog%...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1303356&time=1633702277811&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-cr...
0
58 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1303356&time=1633702277811&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&liSync=true
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.174.11.85 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS
108-174-11-85.fwd.linkedin.com
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lva1
x-li-proto
http/2
x-li-pop
prod-edc2
content-type
application/javascript
content-length
0
x-li-uuid
j6lZAZETrBYgxPjyeisAAA==

Redirect headers

strict-transport-security
max-age=31536000
x-content-type-options
nosniff
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-length
0
x-li-uuid
AAXN1/P2SCjvh0nXlrfB5Q==
pragma
no-cache
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: DC235ACA55DC4FF5B79D70EF73701DF6 Ref B: PRG01EDGE1014 Ref C: 2021-10-08T14:11:18Z
date
Fri, 08 Oct 2021 14:11:17 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options
sameorigin
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1303356&time=1633702277811&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&liSync=true
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
2077.json
script.crazyegg.com/pages/data-scripts/0089/ 		7 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/data-scripts/0089/2077.json?t=1
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0089/2077.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f490a87810719d9fce4f0d169fb0cf1d74a006dc848f696a68026e72ccee6a7c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
cf-cache-status
HIT
age
6850
ce-version
11.1.351
content-length
1341
timing-allow-origin
*
last-modified
Fri, 08 Oct 2021 12:17:07 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
cf-ray
69aff5247aef4e55-FRA
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/VE72WIA6JJAITAM4PZOSV5/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
750 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

X-Amz-Version-Id
negMAsSEs.M1Zq1srV8VMS7DU8lxhds7
Via
1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Etag
"5816cced8568d223aa09d889f300692b"
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
28
Last-Modified
Mon, 19 Jul 2021 22:23:14 GMT
Server
AmazonS3
Date
Thu, 07 Oct 2021 18:16:09 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
jCwhgH8VRv4qXTEbx69cSxmg-Icl6y2clrvPnCz3IrcB8CuNR36VmA==

Redirect headers

Date
Fri, 08 Oct 2021 03:20:07 GMT
Via
1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P4
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Cache
Hit from cloudfront
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
X-Amz-Cf-Id
gN2DtAyCgr5JFeimNLs1SnkYesp3NOOqw5GKKKWyTBrvIJRZfacxUA==
index.js
s.adroll.com/j/pre/
Redirect Chain
  • https://s.adroll.com/j/pre/VE72WIA6JJAITAM4PZOSV5/EO6PKOTODNGPVLDZHH27JW/fpconsent.js
  • https://s.adroll.com/j/pre/index.js
0
721 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/index.js
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

X-Amz-Version-Id
nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via
1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Etag
"d41d8cd98f00b204e9800998ecf8427e"
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Wed, 15 Jan 2020 23:54:18 GMT
Server
AmazonS3
Date
Fri, 08 Oct 2021 04:39:04 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
Kv1yaba0rVcCIx1A2ldtq5znueo8ZR_fxTNg7Ot-yDC6LWPEMoUE6Q==

Redirect headers

Date
Fri, 08 Oct 2021 03:20:07 GMT
Via
1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Server
AmazonS3
X-Amz-Cf-Pop
FRA60-P4
Location
https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Cache
Hit from cloudfront
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
X-Amz-Cf-Id
6E4OjhyFseg3Ctx013iuTgoXozEmwdcAE43e9a_RZ2jwjOAof5LQPw==
index.js
s.adroll.com/j/pre/VE72WIA6JJAITAM4PZOSV5/EO6PKOTODNGPVLDZHH27JW/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/VE72WIA6JJAITAM4PZOSV5/EO6PKOTODNGPVLDZHH27JW/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

X-Amz-Version-Id
qRWyVuKZKphyz0RFzR1aYmbNfCGDg9lM
Content-Encoding
gzip
Etag
W/"33ed216ef4569e95a97e55fb39d91d38"
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Access-Control-Max-Age
600
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Thu, 07 Oct 2021 03:32:31 GMT
Server
AmazonS3
Date
Fri, 08 Oct 2021 14:06:34 GMT
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Via
1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
3X9oJEal68rh4A2rhRwbbTuvTf_euhSmsE4hqIT6X4Dgb0s0YD7kBQ==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/829684701/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/829684701/?random=1633702277819&cv=9&fst=1633702277819&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga60&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&tiba=Attackers%20Impersonate%20U.S.%20Department%20of%20Transportation%20to%20Harvest%20Microsoft%20Credentials&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
737685a301d8c1470e6e510b69098dd6c3a5e26c59df617c160674497dd3ae3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1153
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tp2
sp.inky.com/com.snowplowanalytics.snowplow/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sp.inky.com/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Server
54.90.31.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-90-31-9.compute-1.amazonaws.com
Software
akka-http/10.1.12 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.inky.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
content-length
0
access-control-allow-origin
https://www.inky.com
access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-max-age
5
server
akka-http/10.1.12
tp2
sp.inky.com/com.snowplowanalytics.snowplow/ 		2 B
334 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sp.inky.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: assets.convertiv.com
URL: https://assets.convertiv.com/sp/2.14.0/cnv.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.90.31.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-90-31-9.compute-1.amazonaws.com
Software
akka-http/10.1.12 /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://www.inky.com
date
Fri, 08 Oct 2021 14:11:18 GMT
access-control-allow-credentials
true
server
akka-http/10.1.12
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
content-length
2
content-type
text/plain; charset=UTF-8
activity.gif
apt.techtarget.com/activity/ 		43 B
464 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apt.techtarget.com/activity/activity.gif?activityTypeId=31&cid=16628935&version=2.1.1&ref=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&r=1633702277850
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
206.19.49.24 , United States, ASN7018 (ATT-INTERNET4, US),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 14:11:18 GMT
Last-Modified
Tue, 26 Mar 2019 18:30:29 GMT
ETag
"2b-5850384023492"
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=87
Content-Length
43
collect
stats.g.doubleclick.net/j/ 		4 B
461 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-91768532-1&cid=1166997391.1633702278&jid=224699613&gjid=904636832&_gid=200808065.1633702278&_u=YGBACEAABAAAAC~&z=480307528
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.133.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wo-in-f156.1e100.net
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 08 Oct 2021 14:11:17 GMT
content-type
text/plain
access-control-allow-origin
https://www.inky.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
loader.js
www.gstatic.com/wcm/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/wcm/loader.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-829684701
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:02:32 GMT
content-encoding
br
x-content-type-options
nosniff
age
525
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1339
x-xss-protection
0
last-modified
Mon, 15 Mar 2021 16:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 08 Oct 2021 15:02:32 GMT
11.1.351.js
script.crazyegg.com/pages/versioned/common-scripts/ 		67 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/common-scripts/11.1.351.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0089/2077.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
daab314890951d408604603cdd77b31b63ae2ca9cc3c313673ce259c1575f695

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 04 Oct 2021 04:51:34 GMT
server
cloudflare
age
8455
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
accept-ranges
bytes
cf-ray
69aff524dc146949-FRA
content-length
22342
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/829684701/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/829684701/?random=1633702277901&cv=9&fst=1633702277901&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaa60&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&tiba=Attackers%20Impersonate%20U.S.%20Department%20of%20Transportation%20to%20Harvest%20Microsoft%20Credentials&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
089607791727521335315a0290e4128263bbc0b9b7fcff30bc90e6288bc0f352
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1180
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
json
forms.hubspot.com/collected-forms/v1/config/ 		115 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hubspot.com/collected-forms/v1/config/json?portalId=4660171&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.154.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
26ad9839e159c14ec27a78d9d4c0dee34f81ed62b4c3e72a0f584f1329ffe609
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
75bda895-8c91-4cc9-8b03-b167f784ea69
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=peI5IzBbd79BVEmvi4BjTNmbAsQXyNltUjYfhYj2WItGzvCRJoVtlWWDu9osB%2BgyHx7%2B%2BL6eWgQSd%2BkZ5auT0txVJdulepubBXL%2BiW%2FwmFNrRpX84hGHnCMnqbLzKwAAYpFw"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.inky.com
x-robots-tag
none
access-control-allow-credentials
false
cf-ray
69aff52518e4693d-FRA
access-control-allow-headers
*
settings
syndication.twitter.com/ Frame 3904 		232 B
431 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://syndication.twitter.com/settings?session_id=75181682dd5cd2b3ca98f837a571da36f6616268
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html?origin=https%3A%2F%2Fwww.inky.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
last-modified
Fri, 08 Oct 2021 14:11:18 GMT
server
tsa_o
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
eab55c5632fee4d4b6ab5e4ba1c943e6015b2baaadb339988c69cf758cee6c71
content-length
166
/
www.google.com/pagead/1p-user-list/829684701/ 		42 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/829684701/?random=1633702277819&cv=9&fst=1633701600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga60&sendb=1&frm=0&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&tiba=Attackers%20Impersonate%20U.S.%20Department%20of%20Transportation%20to%20Harvest%20Microsoft%20Credentials&async=1&fmt=3&is_vtc=1&random=1556945389&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 14:11:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/829684701/ 		42 B
569 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/829684701/?random=1633702277819&cv=9&fst=1633701600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wga60&sendb=1&frm=0&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&tiba=Attackers%20Impersonate%20U.S.%20Department%20of%20Transportation%20to%20Harvest%20Microsoft%20Credentials&async=1&fmt=3&is_vtc=1&random=1556945389&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 14:11:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-91768532-1&cid=1166997391.1633702278&jid=224699613&_u=YGBACEAABAAAAC~&z=536117101
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 14:11:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-91768532-1&cid=1166997391.1633702278&jid=224699613&_u=YGBACEAABAAAAC~&z=536117101
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 14:11:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
VE72WIA6JJAITAM4PZOSV5
d.adroll.com/consent/check/ 		386 B
479 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/VE72WIA6JJAITAM4PZOSV5?arrfrr=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&_s=10633603166da64817306af2156a36db&_b=2
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.183.31 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-183-31.eu-west-1.compute.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
fd728cb08ada59cd3d3ec8bef3b2e6909eeeed49c7dbec172184368c568f5ef6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
server
nginx/1.20.0
content-length
386
content-type
application/javascript
call-tracking_7.js
www.gstatic.com/call-tracking/ 		54 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/call-tracking/call-tracking_7.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Sat, 02 Oct 2021 14:05:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
518747
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-telephony
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21020
x-xss-protection
0
last-modified
Wed, 03 Feb 2021 22:45:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-telephony","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-telephony"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="ads-telephony"
expires
Sun, 02 Oct 2022 14:05:30 GMT
2077.json
script.crazyegg.com/pages/sampling-data-scripts/0089/ 		640 B
328 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/sampling-data-scripts/0089/2077.json?t=453806
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.351.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0956150ea686524d63a1ce792a96fffef2c4c80d48c8ff07f8d2b078624a007a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:17 GMT
content-encoding
gzip
cf-cache-status
HIT
age
6849
ce-version
11.1.351
content-length
235
timing-allow-origin
*
last-modified
Fri, 08 Oct 2021 12:17:08 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
cf-ray
69aff5252cf54e55-FRA
/
www.google.com/pagead/1p-user-list/829684701/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/829684701/?random=1633702277901&cv=9&fst=1633701600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaa60&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&tiba=Attackers%20Impersonate%20U.S.%20Department%20of%20Transportation%20to%20Harvest%20Microsoft%20Credentials&async=1&fmt=3&is_vtc=1&random=1623926932&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 14:11:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/829684701/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/829684701/?random=1633702277901&cv=9&fst=1633701600000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oaa60&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&tiba=Attackers%20Impersonate%20U.S.%20Department%20of%20Transportation%20to%20Harvest%20Microsoft%20Credentials&async=1&fmt=3&is_vtc=1&random=1623926932&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 08 Oct 2021 14:11:17 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
wcm
www.google.de/pagead/attribution/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/829684701/wcm?cc=ZZ&dn=18337274659&cl=KSYMCJfT_oYBEN33z4sD&ct_eid=2
  • https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18337274659&cl=KSYMCJfT_oYBEN33z4sD
80 B
111 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18337274659&cl=KSYMCJfT_oYBEN33z4sD
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f3.1e100.net
Software
cafe /
Resource Hash
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
application/json; charset=UTF-8
access-control-allow-origin
null
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87
x-xss-protection
0

Redirect headers

timing-allow-origin
*
date
Fri, 08 Oct 2021 14:11:18 GMT
x-content-type-options
nosniff
server
cafe
location
https://www.google.de/pagead/attribution/wcm?cc=ZZ&dn=18337274659&cl=KSYMCJfT_oYBEN33z4sD
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
https://www.inky.com
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
consent_tcfv2.js
s.adroll.com/j/ 		397 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/consent_tcfv2.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fff426e1f2e0f6df1fdf4fd50790a29de380123e633dde9eb76290852785221c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

X-Amz-Version-Id
FE38nrrp1HWTDadu3Uyr7nm1dYat8XV0
Content-Encoding
gzip
Etag
W/"d0e7c263fcf5865882cfb13022c3f4b4"
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Access-Control-Max-Age
600
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Thu, 29 Jul 2021 18:15:16 GMT
Server
AmazonS3
Date
Fri, 08 Oct 2021 14:10:18 GMT
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Via
1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
cb2eM1L1zaIOK2tU04m64Er4QCuPoUP62Qa4g4Czz5lD21hf9EWiwQ==
nextroll-32x32.png
s.adroll.com/i/favicon/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.139.50 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

X-Amz-Version-Id
eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Via
1.1 78280b924a7a9f0f018abcebd8ad82d0.cloudfront.net (CloudFront)
Etag
"403a0a7dcf2d617e7ea852bfb9d11945"
X-Amz-Cf-Pop
FRA60-P4
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
1615
Last-Modified
Mon, 28 Jun 2021 18:19:21 GMT
Server
AmazonS3
Date
Fri, 08 Oct 2021 00:14:36 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
ujcCu6ecN9q6llZlYNCg3WEjZw31ZlhYqN856Hz1LbYHehlBMZrxqA==
button.5d16ecc02fbaf599a24dfb57ab239320.js
platform.twitter.com/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/js/button.5d16ecc02fbaf599a24dfb57ab239320.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67DF) /
Resource Hash
3ee8351e156e2e80d99018a585c18c0dbd9098e3bea84a131d8cbad1ec72c81e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 14:11:18 GMT
Content-Encoding
gzip
Last-Modified
Thu, 30 Sep 2021 18:56:33 GMT
Server
ECS (frb/67DF)
Age
322218
Etag
"6b95f5a9a2ff4b885e2eafdf446d70d0+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
2296
tweet_button.58065ae230495f5d9e4b6a916472b2c1.en.html
platform.twitter.com/widgets/ Frame B4A0 		32 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/tweet_button.58065ae230495f5d9e4b6a916472b2c1.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
93.184.220.66 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67DF) /
Resource Hash
fca9fbc2b7bad4d08e4b4cfe80420df03b1bfa4cc2988540b4e816cc905bf33f

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
322217
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Fri, 08 Oct 2021 14:11:18 GMT
Etag
"a4ee8ee440f819aba90d7a1be062a8d7+gzip"
Last-Modified
Thu, 30 Sep 2021 18:56:41 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (frb/67DF)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
12235
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
520 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.88.5 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-hubspot-correlation-id
6c809c3a-56eb-4f8e-879a-4994c318ac7d
x-trace
2BC8D0A41433711BCC22CE7506524C7DCD9AD719DB000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
69aff5266fae69a3-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
35
x-robots-tag
none
truncated
/ Frame B4A0 		822 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/svg+xml
sa.css
tags.srv.stackadapt.com/ 		65 B
292 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.css
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.38.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-223-38-51.compute-1.amazonaws.com
Software
/
Resource Hash
9cf8cc563fb85013cce4e15d539dd52bf5baf018eec58479041d1fff68a218bc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 08 Oct 2021 14:11:18 GMT
Cache-Control
only-if-cached, no-transform, private, max-age=7776000
Connection
keep-alive
Content-Length
65
Content-Type
text/css
sa.jpeg
tags.srv.stackadapt.com/ 		0
881 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/sa.jpeg
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.38.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-223-38-51.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 08 Oct 2021 14:11:18 GMT
Cache-Control
only-if-cached, no-transform, private, max-age=7776000
Connection
keep-alive
Content-Length
651
Content-Type
image/jpeg
jot
syndication.twitter.com/i/ 		43 B
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1633702278265%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%22fcb1942%3A1632982954711%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
pragma
no-cache
last-modified
Fri, 08 Oct 2021 14:11:18 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
eab55c5632fee4d4b6ab5e4ba1c943e6015b2baaadb339988c69cf758cee6c71
x-transaction
ca0de523206b9f70
expires
Tue, 31 Mar 1981 05:00:00 GMT
saq_pxl
tags.srv.stackadapt.com/ 		213 B
514 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tags.srv.stackadapt.com/saq_pxl?uid=bNn-JTx5qLksvJROpfMIMQ&is_js=true&landing_url=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&t=Attackers%20Impersonate%20U.S.%20Department%20of%20Transportation%20to%20Harvest%20Microsoft%20Credentials&host=https://www.inky.com&sa_conv_data_css_value=%20%220-319355ce-fea9-4667-4529-69bb93ce8041%22&sa_conv_data_image_value=ffd8ffe000104a46494600010101006000600000ffdb004300080606070605080707070909080a0c140d0c0b0b0c1912130f141d1a1f1e1d1a1c1c20242e2720222c231c1c2837292c30313434341f27393d38323c2e333432ffdb0043010909090c0b0c180d0d1832211c213232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232323232ffc00011080001000103012200021101031101ffc4001f0000010501010101010100000000000000000102030405060708090a0bffc400b5100002010303020403050504040000017d01020300041105122131410613516107227114328191a1082342b1c11552d1f02433627282090a161718191a25262728292a3435363738393a434445464748494a535455565758595a636465666768696a737475767778797a838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae1e2e3e4e5e6e7e8e9eaf1f2f3f4f5f6f7f8f9faffc4001f0100030101010101010101010000000000000102030405060708090a0bffc400b51100020102040403040705040400010277000102031104052131061241510761711322328108144291a1b1c109233352f0156272d10a162434e125f11718191a262728292a35363738393a434445464748494a535455565758595a636465666768696a737475767778797a82838485868788898a92939495969798999aa2a3a4a5a6a7a8a9aab2b3b4b5b6b7b8b9bac2c3c4c5c6c7c8c9cad2d3d4d5d6d7d8d9dae2e3e4e5e6e7e8e9eaf2f3f4f5f6f7f8f9faffda000c03010002110311003f00f7fa28a2803fffd910794024949f4c78722f287f0ff9b4cad8837213
Requested by
Host: tags.srv.stackadapt.com
URL: https://tags.srv.stackadapt.com/events.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.38.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-223-38-51.compute-1.amazonaws.com
Software
/
Resource Hash
6a61b75825379d18038460dd8b96867a7f054117f71f509c01113d1fcac3f7a3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Fri, 08 Oct 2021 14:11:18 GMT
Access-Control-Allow-Methods
GET
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.inky.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
213
like.php
web.facebook.com/plugins/ Frame 90C9 		0
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web.facebook.com/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df14ab55782c076c%26domain%3Dwww.inky.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.inky.com%252Ff35654e87b72ce8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials&layout=button&locale=en_GB&sdk=joey&share=true&show_faces=false&width=120
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/all.js?hash=1a4b4acf6ab0cd9a144a1f3a3e9c9478
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.20.15 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-shv-02-frt3.facebook.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
web.facebook.com
:scheme
https
:path
/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df14ab55782c076c%26domain%3Dwww.inky.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.inky.com%252Ff35654e87b72ce8%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials&layout=button&locale=en_GB&sdk=joey&share=true&show_faces=false&width=120
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650

Response headers

content-type
text/html;charset=utf-8
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only
default-src 'self' data: blob: https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src connect.facebook.net static.xx.fbcdn.net 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net data:;connect-src wss://gateway.facebook.com wss://edge-chat.facebook.com *.facebook.com *.fbcdn.net wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ wss://*.whatsapp.com:* v.whatsapp.net *.fbsbx.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com;worker-src blob: *.facebook.com;report-uri https://web.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/web.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-content-type-options
nosniff
x-xss-protection
0
x-fb-debug
5grXiFN1rmg6i+6Ca4ZnKBZxkWQgSUeTdYYLc6tTbwsPqQmcOYSP2HXodDB5S1Tu4Dy3w/IQULOQtB7v/aTSmg==
content-length
0
date
Fri, 08 Oct 2021 14:11:18 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
view
js.hs-banner.com/cookie-banner/activity/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/cookie-banner/activity/view
Protocol
H2
Server
104.18.21.191 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://www.inky.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
content-type
application/octet-stream
content-length
0
access-control-allow-origin
https://www.inky.com
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials
true
access-control-max-age
604800
timing-allow-origin
*
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
69aff529af246949-FRA
view
js.hs-banner.com/cookie-banner/activity/ 		0
85 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/cookie-banner/activity/view
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/4660171.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.21.191 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type
application/json

Response headers

timing-allow-origin
*
date
Fri, 08 Oct 2021 14:11:18 GMT
cf-cache-status
DYNAMIC
server
cloudflare
x-hubspot-correlation-id
92835006-a866-48f8-b57c-5a1408bbd2ad
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://www.inky.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-credentials
true
cf-ray
69aff52a58b26949-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
__ptq.gif
track.hubspot.com/ 		45 B
351 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3169173831&v=1.1&a=4660171&pi=54734389294&ct=blog-post&ccu=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials&cpi=54734389294&cgi=5913297540&lpi=54734389294&lvi=54734389294&lvc=en&pu=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&t=Attackers+Impersonate+U.S.+Department+of+Transportation+to+Harvest+Microsoft+Credentials&cts=1633702278667&vi=fa0201fd773e4dff8cc4a5122075ef6f&nc=true&ce=false&pt=1&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
fdf70985-b903-45ed-8f37-4c749045e738
cf-ray
69aff529cbfa0605-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CnMOF2Cv9Q2Nq7zILKZDoEEvVhL6yre3UXDP%2FZJaiSAIbznZMkIu6aH05Dwb1nIa7rsy9slpeQD7JWpvHI%2FD3xTvbQAiYANEzJGQUR7%2BxDcXJHLJdb1t%2BlUqh%2F%2Fl7RwvrFzo"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
513 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=17&fi=b4cfb89a-2056-4f97-8bc0-402eb66e1434&fci=37ef2ec5-62bb-43fb-b70c-e4dd5db16631&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3169173831&v=1.1&a=4660171&pi=54734389294&ct=blog-post&ccu=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials&cpi=54734389294&cgi=5913297540&lpi=54734389294&lvi=54734389294&lvc=en&pu=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&t=Attackers+Impersonate+U.S.+Department+of+Transportation+to+Harvest+Microsoft+Credentials&cts=1633702278668&vi=fa0201fd773e4dff8cc4a5122075ef6f&nc=true&ce=false&pt=1&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
4ed3b3cc-011b-4d36-87c0-2eee9d1e2565
cf-ray
69aff529cbf90605-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Psmy%2FnGZsNeBViwGM3Vrg3NE5t8Gk3NoGBGFJ7XJzzEtNEig8EeAqH3Sed%2BUYVQDYnxqG3LAhGFu9%2B%2F1E2Q3txT8j8yEP4LbKRV9O%2B3YJw8ULrfvYQcWXWG0eCqW7GQ1ijO"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
350 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=b4cfb89a-2056-4f97-8bc0-402eb66e1434&fci=37ef2ec5-62bb-43fb-b70c-e4dd5db16631&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3169173831&v=1.1&a=4660171&pi=54734389294&ct=blog-post&ccu=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials&cpi=54734389294&cgi=5913297540&lpi=54734389294&lvi=54734389294&lvc=en&pu=https%3A%2F%2Fwww.inky.com%2Fblog%2Fattackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials%3Futm_content%3D180073276%26utm_medium%3Dsocial%26utm_source%3Dlinkedin%26hss_channel%3Dlcp-10363650&t=Attackers+Impersonate+U.S.+Department+of+Transportation+to+Harvest+Microsoft+Credentials&cts=1633702278671&vi=fa0201fd773e4dff8cc4a5122075ef6f&nc=true&ce=false&pt=1&cc=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.155.83 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Fri, 08 Oct 2021 14:11:18 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
021e204d-738a-4d86-814e-a5dd69ca59d4
cf-ray
69aff529cbf70605-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NlBeLN4IXo%2Fz6Fj7lQtj4RVh8PGY47b5SZSAuoAZaAsuF2S0SnuAxw4A%2BZ1Ju7fKHYB4TZ6K%2FM2KLJ%2BKh0I1mQgVDw9DmmzzplIzdE7o45NvAOOHdnoPruyp%2F0z%2FUz%2BcNE0S"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
perf
www.inky.com/_hcms/ 		2 B
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.inky.com/_hcms/perf
Requested by
Host: www.inky.com
URL: https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.60.103.254 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-fetch-mode
cors
origin
https://www.inky.com
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
sec-fetch-dest
empty
cookie
__cfruid=d036cb37670174cc66c02d11e65abe7394c44621-1633702277; _gcl_au=1.1.983080085.1633702278; _ga=GA1.2.1166997391.1633702278; _gid=GA1.2.200808065.1633702278; _gat_UA-91768532-1=1; _sp_ses.22d5=*; _sp_id.22d5=81531225-333e-4994-b559-963221679991.1633702278.1.1633702278.1633702278.5ebbaa13-ffc9-4449-a11b-0a092c002022; cnv_sp=cdc3a2da-827d-46dd-a415-20994a5eb21c
content-length
938
:path
/_hcms/perf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type
application/json
accept
*/*
cache-control
no-cache
:authority
www.inky.com
referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
:scheme
https
sec-fetch-site
same-origin
:method
POST
Referer
https://www.inky.com/blog/attackers-impersonate-u.s.-department-of-transportation-to-harvest-microsoft-credentials?utm_content=180073276&utm_medium=social&utm_source=linkedin&hss_channel=lcp-10363650
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-type
application/json

Response headers

cf-ray
69aff53bfa7243b8-FRA
date
Fri, 08 Oct 2021 14:11:21 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-hubspot-correlation-id
d9164140-b686-4a70-9f6d-290d6a8f39a5
x-trace
2B1742350F4464B3DFAF46CE266662C1525FEDB47C000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gCNHCeXxay4VfjenL9iEKiBLIDU7JDqfxNr8fn5mmuydlALWlBxpntfXXOIN6x9%2F1ZPf4aF4jzCoEKAJtWaNZLYTCconwHzqARcJbWtaVEKkMelKj9imQth6MgaEzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
access-control-allow-credentials
false
x-robots-tag
none
content-length
2

Verdicts & Comments Add Verdict or Comment

133 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| onbeforexrselect boolean| originAgentCluster object| dataLayer object| __core-js_shared__ object| Sslac object| IN function| $ function| jQuery function| hsjQuery function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage function| bindToWindowOnError object| globalRoot function| hns object| hubspot object| hbspt object| __hsRoot object| hspreserve undefined| React undefined| reqwest function| OutpostErrorReporter undefined| Pikaday function| hns2 function| hmerge undefined| I18n undefined| ReactDOM undefined| require undefined| requirejs undefined| define undefined| exports undefined| module undefined| bootstrap object| HSFR object| _hsq function| hs_reqwest_0 object| hsPostListings function| hsPopulateListingFeed function| hsOnReadyPopulateListingFeed_204029563_1633701992729 object| jQuery17108532008684185863 object| hsVars function| getParameterByName string| source string| medium string| campaign string| term string| content string| utm_parameter1 function| jsonpHandler object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga string| _linkedin_data_partner_id function| saq function| _saq object| techtargetic string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded object| GlobalSnowplowNamespace function| snowplow object| _hsp object| FB object| __twttrll object| twttr object| __twttr object| gaplugins object| gaGlobal object| gaData function| lintrk boolean| _already_called_lintrk boolean| CE_USER_SCRIPT object| CE2 string| CE_USER_DATA_URL string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| ownKeys function| _objectSpread function| _defineProperty function| _typeof object| Snowplow boolean| _hspb_loaded object| __hsCollectedFormsDebug function| gtag function| _googWcmImpl string| _googWcmAk string| CE_USER_COMMON_SCRIPT_URL string| CE_USER_THIRDPARTY_SCRIPT_URL function| __cmp function| __tcfapi object| adroll_exp_list object| __adroll_consent_data object| CE2BH function| CE_URL_FINGERPRINT function| _googWccDebug function| _googCallTrackingImpl function| _gaPhoneImpl object| _paq function| sanitizeKey boolean| _hstc_loaded object| __adroll_consent boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country function| md5 object| $jscomp string| BANNER_VERSION string| TCF_VERSION string| IABWRITE_NO_COOKIE object| __adroll_consent_banner object| __adroll_consent_prev_lastchild string| google_wcc_status object| res string| current_window_url_param boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime

21 Cookies

Domain/Path Name / Value
.www.inky.com/ Name: __cfruid
Value: d036cb37670174cc66c02d11e65abe7394c44621-1633702277
.inky.com/ Name: _gcl_au
Value: 1.1.983080085.1633702278
.hubspot.com/ Name: __cf_bm
Value: 985_ES3iKppDNbKMd4BVV7_iVs1BXMR7uE6PmfTwWtU-1633702277-0-AVGgPVSCNh9IpHVEGN7Xfcjj4xfZE/Xi3K6FBVQKPSNBZitDoWjAPoIXrqJLumycOrXFqjKClRaAF09VehPHHGM=
.inky.com/ Name: _ga
Value: GA1.2.1166997391.1633702278
.inky.com/ Name: _gid
Value: GA1.2.200808065.1633702278
.inky.com/ Name: _gat_UA-91768532-1
Value: 1
.techtarget.com/ Name: __cf_bm
Value: rGDbUw5TvJscNOSwaqcW8SCMjJhGI_SOoTDMTjHEm94-1633702277-0-AfjCMNtJHaJFm/8vtLwRkyAZ1SS/l71OTPngFbJU2Znev3arxl5HPgZUR8v6+RjezzDkcV0MTrUCnTDZFOK4CSI=
.inky.com/ Name: _sp_ses.22d5
Value: *
.inky.com/ Name: _sp_id.22d5
Value: 81531225-333e-4994-b559-963221679991.1633702278.1.1633702278.1633702278.5ebbaa13-ffc9-4449-a11b-0a092c002022
.doubleclick.net/ Name: IDE
Value: AHWqTUmPFFaKKjibVM74Bu028NYWkKQbbnoDbB4L2WlTTdIjOYssrXAfqqjpk730
.linkedin.com/ Name: UserMatchHistory
Value: AQJJYQg0C2lYTwAAAXxgPnO2Kf83PMIYHfBvp1LSWktdE_QJUs6f5luy8UcEyiB_fVZ9OzCFNIOHYg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLuIzWEeheQvAAAAXxgPnO2CuT4Tz-6_EHsTZkE7RCZPzFJh2Zgd1JPpciDA7-Cb0634LzGaZckirioab89zw
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&657158eb-70cb-4071-87a6-1f24601f87c6"
.linkedin.com/ Name: lidc
Value: "b=VGST02:s=V:r=V:a=V:p=V:g=2462:u=1:x=1:i=1633702278:t=1633788678:v=2:sig=AQH9FOtnN-Y0xzm8_kDWGFjEua6agozp"
tags.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-319355ce-fea9-4667-4529-69bb93ce8041.rip47mxoZPXr9IZvS6Rnzb8YuF19FuepvidHTTNhm7M
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0-319355ce-fea9-4667-4529-69bb93ce8041%24ip%24216.131.114.19.k80fe2Hw8cVj6aJ8F9lDBhqLhQgNCRKcUD6CMqf%2FcpU
apt.techtarget.com/ Name: TS01fac3f6
Value: 012c66465954ab3fc3a272897cd84cfc7f669dd2236f8e70f3507d44b6750396d501878f9c08863d11bf13020057f225789dbbf184
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&20211008141118044cf3f6-e625-4c65-8f83-b64754b5895cAQEdVL-XpEPyKTa7jK9o5Vn8M70rCgbk"
.inky.com/ Name: cnv_sp
Value: cdc3a2da-827d-46dd-a415-20994a5eb21c

1 Console Messages

Source Level URL
Text
network error URL: https://script.crazyegg.com/pages/scripts/0078/5986.js
Message:
Failed to load resource: the server responded with a status of 410 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.hubspot.com
apt.techtarget.com
assets.convertiv.com
cdn.callrail.com
cdn2.hubspot.net
cdnjs.cloudflare.com
cdns.canddi.com
connect.facebook.net
d.adroll.com
d11dxp04.na1.hubspotlinks.com
fonts.googleapis.com
fonts.gstatic.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
hubs.li
js.hs-analytics.net
js.hs-banner.com
js.hscollectedforms.net
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
s.adroll.com
script.crazyegg.com
snap.licdn.com
sp.inky.com
stats.g.doubleclick.net
syndication.twitter.com
tags.srv.stackadapt.com
track.hubspot.com
trk.techtarget.com
use.fontawesome.com
web.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.inky.com
www.linkedin.com
104.16.18.94
104.16.88.5
104.17.128.171
104.17.243.204
104.17.69.176
104.18.1.92
104.18.10.52
104.18.21.191
104.18.31.105
104.19.147.8
104.19.154.83
104.19.155.83
104.21.78.7
104.244.42.200
108.174.11.85
13.107.42.14
142.250.184.226
142.250.185.163
142.250.185.227
142.250.185.99
142.250.186.162
142.250.74.206
151.139.243.18
152.199.22.144
157.240.20.15
157.240.20.19
172.217.16.132
172.217.16.136
18.66.112.122
18.66.139.50
199.60.103.254
2.16.186.10
206.19.49.24
216.58.212.138
3.223.38.51
35.168.195.200
52.18.183.31
54.90.31.9
74.125.133.156
93.184.220.66
00a838051c95fd70f609e56b14160f3b11f9cc925ebf863b6b6d05aa05f18410
047b9b74686c6a74e926097d28820ddf0b10994f0ba0932f8edc986bf8a1d8ba
07bb44e69b9e0b890be4eb145632dfaa5c4d48cee258a7ec484f4d607b1fd16e
089607791727521335315a0290e4128263bbc0b9b7fcff30bc90e6288bc0f352
0956150ea686524d63a1ce792a96fffef2c4c80d48c8ff07f8d2b078624a007a
0cf469052f011566187feab5b6d3b5ca0b409998eae4900cad2f0c5ee224f076
10dcf8d83bb21b94367c1e8556c7790dacf0207e6c75c21736f90b9596e9e2b0
18b4683501d54b788044d8887ab17cd96224cf707cd60dfec0d1b41b16a834ea
1cc423b713042e7f031abea5d376fbe260ffe404204d006da97734cb2271f426
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26ad9839e159c14ec27a78d9d4c0dee34f81ed62b4c3e72a0f584f1329ffe609
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f9d91a354279ae9600088ebac84ee928b90ee6ed2d87a2d9d188747a7ff22f3
2ff8942b1c4c45a0f3bb104333da4c0d7dac507344aa7e7572bccd3e615a5f2f
32ea30c5d4a13adccdb96eae3db7d8f03b226ee322e7a60a9f303194c68e2381
33992895f60b3d46ed7f1b5d0f6e7bd5f1316a39349f7d50915eb48d766c5fa5
3415c691c1a67536e3e43d1a30a3834a06bb75049955f753ca3d71f480f9ca0a
341a4d40ad1b2560db940f906716d0e9539d4c0785399d7e0348fd0d3af00170
39680ab02e737649e76a8a0ec7c6231c652b2e691f9516b2022e637fa3ea45f0
3b98b770ede13e084c8799f8cb498b3828fccc59369d98c94d1fa9e3ae601c3f
3e6b47492e567f24365b69bb93c3baeb22e28b994d8aa78c2bd6d7463a533d24
3ee8351e156e2e80d99018a585c18c0dbd9098e3bea84a131d8cbad1ec72c81e
409a96e192a73fcc1dfb6e207569844ba62d6d881c703e7652309af14cb66b42
41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea
43ac0ae9e90f01a0afabe35cc0aaa377336aac90759e74770251de89db0af44c
46659a98dbbff29b3caf14cdfc48b2192b10b652be2a1f7d19cc264156861060
475b0d7206466f7697a94ce42f4d69d22ed7bbf34013be684093fa3393bed879
4b31dcd977f937aa7d0eef858a30208d41a0279dd35c25db4d1e795fed1ffdf2
4e5488ce329a7175e745579f61343e9ede8b574e081ceaa34220893700aca624
5066eb8c5e597263405f571bf0e8ae80bab9fbe2322c2f95f0b8d76e3b1a8ca8
50cf303cfaa020fcbedd6ad1bf045a008cbb88dfc792f731f07235dd1ca13599
5110806a76e601c5dae3cf1f0ccb3c8245f85c1fc45550b6794b87cafcc8b93e
51583a0cf96be11c2e6f966f1575c9804dbeb09b10c2906eca870b319dfec9e2
51628a2242a71fb512568853a2047ede1e68d28e947e0bb87073414214fc192d
54df0148d6da489c160a781a5ecb6ba67611c27405bf2c047997af62a16caede
564970ca3723a64d7b53f0013336ac0c9ce98095092b146db1d3e715af9d1bff
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5761df100e8b9f3e5f2ab9dc11113a243196b7942a9e2b67bfb9e89b459c15f9
5ecb285028473354835a3f78befd9d0dca8ea9aeea3e07f5368b565e927a7a04
5f14f0efb563db7b23efaf394339a78bced6fd5ba649f049961a65476d928af5
69aea70ed00c6297e407afc0b1ccf6db9629eedc412bf0779467f3e462d346e3
6a0375fbb1b1cf7fbf3ce7c5014a75ddc974325d029f2bfcac652da23b8016ef
6a61b75825379d18038460dd8b96867a7f054117f71f509c01113d1fcac3f7a3
6ac089f5f1fe40dc6f4279ed44a86244800edf020b5f5add666467ec026fbddf
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
706b682de3b146cb553c5873e127b951393fe17d72e2833ff04c35f09cad0c84
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
737685a301d8c1470e6e510b69098dd6c3a5e26c59df617c160674497dd3ae3f
74f9ed2313caf906226892361688adc61b60238a59f25af65d9743355eee815a
771324ae4a560483891a9bd337355ce91d26930c2776ef0d962af9bbe88eb901
78e9692792add64aa8fb3866cfe91a0336544268cbd70dd6e2c21136039cb047
79c1af1bac5243f1ea3b6930ffed18caa0dd80096fa54d7b56f519a2f9bf7ef5
7a58db67a5dcde12662868bde321be853777eecc5a973a09a963e50dee7e8507
7a7d6a52225baae5c38ae3c75b025f025798ab05aed480fa2d4650fb94efc90e
7c294f338b0418f3ef73876b50ff88fa6d1ddd318371e1c3c1ea5820dda0c4a1
7d4243c8e973ec0cfc707904891ae4e3efc03dbc8923acb9755f9a35c92269a6
7da6db022fcbf3b2ca0a4d7e9118c6c94d76e42ac67a5a258621197e5988f074
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
855d465f9d66780e276e21a5fd3eb9284d9902936a5b6977df68f6a1117150dc
8689a4fccbe5d28d8091fb32c8decbed5159d30861dee3ed604426038907cf10
869fa98355097369ac7f0b1b93197bb6faeea82981566db90dd9c52b2ebde7d6
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8d578112caf732d2d87102fc27471f76c5fc0ea43a2ca27e2e8500820cea5138
9194059997d722ec01e41980dffbff03ebe00808b1cdd164a7fd18a561bc312a
92ee88f405da44cb713427ec8eda9e9c41f3f764442f98cb93c76c6329e657a2
92f06aa0c08d9c33784919876a0bf62eac35390b0d6f5d514131c209b4e05324
92fe9226922b323ea1ecdfaff17d5ba6f15955730888c9fb33c6b6b3421bd6c4
934034b9549a94b4bd62cf878d4230b45c68553addac60e23cc5d104eddb80ff
936f533627a8fd4e977ff14c8a3b98ee0c45569c6dbf62efb8bd8c37be46b5bd
95fe2bfdec1ef05cff889bf30ed6fa79eb495b42354b7fab306d121e3af5804d
98c73c2f42dfd0656d5af03420c651c0d76bee43e0ca0f5ca391d47b02d8ef52
9cf8cc563fb85013cce4e15d539dd52bf5baf018eec58479041d1fff68a218bc
9d3e33f1ac41519286a88b590c98f3d942b1b66c45876e0360661739d106c5f0
9f959aaad80347edc26ed8279c6a68c098efc76876ac2e2f8ccc54b118f197f4
9fb2d2b4efd9725057d87e960115ff137596ca2a73723688cbf2bd502ee28bbe
a0e8f49ce2aa1c4720cc187c184c8d800182aea43645aa3193c0614703d0c8f4
a5789f099c795bde2831ced3eed1236ef4a21e99cdfdd48856ef3d8205a6f1fa
a6015b373b314875501f079b119da04a7c88b6b244ce333da1f8320869741306
a628ce53bf6868d0d084ac3b7143b7410d7361b5b741bcb5aa4b2d14760f6877
a7392ee4cf4273e3600833bf0c3f9b078072ebd01302b795a9d38dc622f3d455
aafaa364e16ceee3bb02ae00305751a0a2600e60ce130ff3b1b2b28949a2dd8f
ac5000602bb127a5a07be117df96c48667d2e2a9fb1bb33d5ebb7c50e4480a88
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b23385c2f8745fffba70643c884aacbfeb0fc5c9e0ac6d2bc95098b055d6ca85
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
c1534e7ec1f21224f153911b3fdb3107dd589e0f46fd06b52aaaa65c51805004
c2b0064ce70f717881e78e0a4cac9cf832347ee7650f4fe5ea32a120b97196df
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c7395cb3e42311d894b6f20d9877912ec71e9d81c63a1292455923588c6e803b
ca07e3ffc6f3f2165defc67c685ec32f1fcaaa7b470754bf20d8db39404979f2
ce20bf6892926586223505a0013107cff17c27cfcf4d6064f3ec1bff95e72d20
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
cfd3099998b0c37ace8024cbd802160585ba9be1c0047fefc172035184f074df
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b
d933a98657089095397ca6126d62e3a07c39e70f82b36f8cea002c0ba5bf1e2c
daab314890951d408604603cdd77b31b63ae2ca9cc3c313673ce259c1575f695
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc64d7192f84497cacad5c10aef682562c24aa6124270f85fe247e223607f3ed
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de631a39041884e8e3e9866b8c83000ecb2e25169717870e2a41b589604d25e4
e1aca2fbcbb37a595532e449e6ecfe07ada9a85a6446da9fdca067f75b8c3f91
e1b6f437256d0d7846227e789f9594612a89bcb9b8fb2d1979ce97de038950d1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46a063657d2eaccc67935453d50b61efede7263118a5d50ef5cca449fefe8fc
e668a8c0f1ed837da184d25114f1e5577af320932407a9c1b4337fea9f5cd46f
e7836e6e99b38cf5429a2780f7c5e13db1247e39503d6cd228d2fbd27ecf217c
ebdd736bacc0d5ec4a229edb007d4462882f24332a949d97f5d2ac8601399e91
eeb17a45a48aca1d7adbcf04de155dcd0b47cb36ad036310446bb471fea9aaa3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efaae52b12a9929fdbfd305a883750ae365852ac6f031ed726c0eaa5c840ccb6
f35c52596780faa647385b4c22e232e3bdede90af7c80b234be63ea55d9918cf
f490a87810719d9fce4f0d169fb0cf1d74a006dc848f696a68026e72ccee6a7c
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f9f709d853d98fcc7f55df3d2d0081362c673c937379e30db281b8cf48e8fbf8
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
fca9fbc2b7bad4d08e4b4cfe80420df03b1bfa4cc2988540b4e816cc905bf33f
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fd728cb08ada59cd3d3ec8bef3b2e6909eeeed49c7dbec172184368c568f5ef6
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3
ff2fde453aa6220144126828a284d4cc227479f1fe83beef3a6b6a4504c7e4df
fff426e1f2e0f6df1fdf4fd50790a29de380123e633dde9eb76290852785221c