www.volexity.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.18
200 OK 5.1 kB URL GET www.volexity.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.18
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type ASCII text, with very long lines (5064), with no line terminators
Hash 216d791e61641ace57d8d11a12bde01e
28bde6d98d1c689a712efe037a9592e9fa103b09
029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc
GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.18 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/css
content-length: 1091
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 1218
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HUqhY14F3H4FTSDpEeIOb2vqd4fqIDc9JCpZPuPT0HmMDVg6Qm2AMi2IhhL5a7HgZ1Kof3gddZrd891CA3igFOXeGpxBJSFAvLP6T%2FSMG%2BGJDt5qZIj32uvZM2Hl5RHASkg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 931356724e71fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=20791&min_rtt=19449&rtt_var=2136&sent=26&recv=26&lost=0&retrans=0&sent_bytes=21653&recv_bytes=1770&delivery_rate=894858&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=573&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/uploads/2021/05/election-fraud-blog-post-header-image-1-1536x768.png
200 OK 174 kB URL GET www.volexity.com/wp-content/uploads/2021/05/election-fraud-blog-post-header-image-1-1536x768.png
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type PNG image data, 1536 x 768, 8-bit/color RGBA, non-interlaced
Size 174 kB (173669 bytes)
Hash 7387ebe4e26afe1f48b77659df422176
9c89e04a23d0f1ec8a8fda3d93bb13f1c096d730
9bfe37243d3456bb03fe83ea2e5cc8528f4af11981568fe75b0a4942b4ed0bad
GET /wp-content/uploads/2021/05/election-fraud-blog-post-header-image-1-1536x768.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: image/png
content-length: 173669
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Thu, 27 May 2021 18:02:38 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4cxetstLy%2BvYrQ7xupXdVMpwkuH84QfS0jvbFBSfYX8N1gOas9X7BFS1ZP9U3tTIY%2BgfEKaK71dtX9tZeQctDt8naTHe3OGvIBhmiK1UJ3zkvPiLv4FOWUgIZs17Favx9jE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356727ef3fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=19570&min_rtt=19398&rtt_var=28&sent=372&recv=170&lost=0&retrans=0&sent_bytes=466053&recv_bytes=2865&delivery_rate=6484964&cwnd=354&unsent_bytes=0&cid=c70909ddb44d9287&ts=802&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/uploads/2021/05/image002.png
200 OK 568 kB URL GET www.volexity.com/wp-content/uploads/2021/05/image002.png
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type PNG image data, 809 x 1051, 8-bit/color RGBA, non-interlaced
Size 568 kB (568512 bytes)
Hash c4234acc4eb69806445913993c926a98
341a47e792cce009ff1cb3c2be02a167182e1c33
0415c1f9b9e9140f3eb691476b131876fa6a2081da9e35535475b13559ba0e94
GET /wp-content/uploads/2021/05/image002.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: image/png
content-length: 568512
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Wed, 26 May 2021 19:20:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0obE5qHKqktLUoSwT7Evm%2BopRtc7qwGHR8jh7p9ZmUTzFK0sL86uNk0HGzBvr%2FtHzikE99tRiEAi6amnZDBJ4IwONO5Ka6ILTN0%2FJWxCCedpmVORUQIWFrblD4fTd%2Bf8G8w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356729f14fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=19848&min_rtt=19407&rtt_var=309&sent=142&recv=74&lost=0&retrans=0&sent_bytes=159010&recv_bytes=2865&delivery_rate=3566014&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=741&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
200 OK 108 kB URL GET www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 108 kB (107543 bytes)
Hash 3d09db0cdc5096840437eb2b223ce703
62479255247513a2b6b91975578412b66a4ea6f1
758f6303c8f2891cf8bab3ac404467af40500e6d69694839182467ce3ca5d909
GET /wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/css
content-length: 18214
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 1218
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RdIEZUG7cHZgguMFibWFp%2F%2F%2FY8pPgf9W6WFOHmobJlP%2BcNdhsVGz%2BWhuV4ap%2F7VFbKbpcLNHYZ8p9NbqGaF80FYdDjA0MznuOxj950PCNS%2B8KO8vwXz%2B2yBthOXih4x1fLY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 931356724e90fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=20791&min_rtt=19449&rtt_var=2136&sent=29&recv=26&lost=0&retrans=0&sent_bytes=23297&recv_bytes=1770&delivery_rate=894858&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=578&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/dist/images/header-bg/Banner_5_L-01.svg
200 OK 696 B URL GET www.volexity.com/wp-content/themes/volexity/dist/images/header-bg/Banner_5_L-01.svg
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type SVG Scalable Vector Graphics image
Hash 380d79ce901cad79520abcea5a13a13d
1b321075bc44436827c0b903a3197dd77ca10acb
4945c49e2f83b783a485071c88957fd4592c38c5f44fb9406596984c8a2813b4
GET /wp-content/themes/volexity/dist/images/header-bg/Banner_5_L-01.svg HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:11 GMT
content-type: image/svg+xml
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6664
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M5KkMdiOojeRUmCiokGnw7s4TBljzHUOu4W5mZBgJY1rA85LVKxE13zzAisUdSOKc8om8NIupNlMa4zdtB%2BUOs2juRWHPTkNapK4g0hM4%2B0WL%2BdI%2FcuE%2F28FSnru%2BC5DfPc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356765ed5fe96-AMS
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=22473&min_rtt=19398&rtt_var=5469&sent=978&recv=332&lost=0&retrans=0&sent_bytes=1270400&recv_bytes=3431&delivery_rate=14676152&cwnd=679&unsent_bytes=0&cid=c70909ddb44d9287&ts=1229&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
200 OK 14 kB URL GET www.volexity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type JavaScript source, ASCII text, with very long lines (13479)
Hash 9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cIbqT8eq7c4DiHEWNMGOhe%2BtWXT5r%2B4oT6simjb1YabRYq3ndcVp3HsGDthThzTwHiANXRcVHnOEsWzhVTX9jQC7Dj%2Br36BWpmyO0d%2BiK6wB9%2FXQa8uGi78mLx2OUmI4rRg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356727ee9fe96-AMS
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=20322&min_rtt=19446&rtt_var=1229&sent=87&recv=35&lost=0&retrans=0&sent_bytes=92893&recv_bytes=2451&delivery_rate=1046242&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=608&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/uploads/2021/05/phish_email-1024x817.png
200 OK 358 kB URL GET www.volexity.com/wp-content/uploads/2021/05/phish_email-1024x817.png
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type PNG image data, 1024 x 817, 8-bit/color RGBA, non-interlaced
Size 358 kB (358374 bytes)
Hash 68e6258f46aacfb9e4cfcb965021b1b1
c5e848caf30bd73c755e100d99383f7a64d11dee
2d09658dc2f400b9dd822a0bae5b9d4f13598ce42038cd376fb49f8e9a6f1e7d
GET /wp-content/uploads/2021/05/phish_email-1024x817.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: image/png
content-length: 358374
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Wed, 26 May 2021 19:32:05 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gAz6Mj%2BGzkLxncc8AFGvY%2FTukqrnrt5mQ48mDZRL3uQ%2BMNaho1EK602gEkknLUVyhoNlDK987PdTnL5oF9vzKwlT2lQiN3a8t0KkIRHbwYmAMQTgW0vLGJELC8RFKpSBVQQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356728f04fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=19848&min_rtt=19407&rtt_var=309&sent=176&recv=74&lost=0&retrans=0&sent_bytes=205677&recv_bytes=2865&delivery_rate=3566014&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=750&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/dist/images/header-bg/Banner_5_R-02.svg
200 OK 1.2 kB URL GET www.volexity.com/wp-content/themes/volexity/dist/images/header-bg/Banner_5_R-02.svg
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type SVG Scalable Vector Graphics image
Hash 59e7e0b39e964528cdcd3680be7b9044
bee3197f0a8bb8dd60130fcaa332a868b7a6c544
df082c725973c2ba5484803fddb5941c3f0e15b825bfe5507b84b433648477bd
GET /wp-content/themes/volexity/dist/images/header-bg/Banner_5_R-02.svg HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:11 GMT
content-type: image/svg+xml
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ubA6duYswW0WrxVUtdibQDjsst9mlrilrHgaWE8rdDxWZ0wmDcI7NGou2V%2F3e8nKiloSL8mBJW1jxUOMdBQ2uzP6e0kiir1%2BNKERJbdNcO1%2B2WlyhvTaQEU%2F5XcJCJMQKcQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356766ee6fe96-AMS
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=20995&min_rtt=19398&rtt_var=2969&sent=983&recv=337&lost=0&retrans=0&sent_bytes=1272208&recv_bytes=3431&delivery_rate=14676152&cwnd=679&unsent_bytes=0&cid=c70909ddb44d9287&ts=1318&x=0"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
200 OK 40 kB URL GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT
File type Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Hash 9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2
GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:03:46 GMT
expires: Fri, 10 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 523465
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.volexity.com/cdn-cgi/rum?
204 No Content 0 B URL POST www.volexity.com/cdn-cgi/rum?
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1508
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Cookie: _ga_WRSX85NK29=GS1.1.1744802891.1.0.1744802891.0.0.0; _ga=GA1.1.2024340061.1744802891
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
date: Wed, 16 Apr 2025 11:28:11 GMT
access-control-allow-origin: https://www.volexity.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 93135678ec34fe96-AMS
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
www.volexity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
200 OK 88 kB URL GET www.volexity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=thncHFqlo%2BzvO5Ne8zmfeN%2FiuuM0aWU%2Ff8GHHSTg%2BqftxFbCmBqoMpoa2dUUStaO97Y3GFwKnr1HjPRjCVtzD4WLmARL0jAOGpymLYkwAPyKmwXsEF53Zzt858khkLMSCnk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356726ec4fe96-AMS
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=20322&min_rtt=19446&rtt_var=1229&sent=63&recv=34&lost=0&retrans=0&sent_bytes=60752&recv_bytes=2348&delivery_rate=1046242&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=606&x=0"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 48 kB URL GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT
File type Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Hash 015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:12:20 GMT
expires: Fri, 10 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 522951
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/fonts/fa-brands-400.woff2
200 OK 108 kB URL GET www.volexity.com/wp-content/themes/volexity/fonts/fa-brands-400.woff2
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type Web Open Font Format (Version 2), TrueType, length 107656, version 770.768
Size 108 kB (107656 bytes)
Hash e2f5b365c7d3d4497da73148ddfae997
b99813b3c531d8fe90aed3b75d2ed71f8e0c87f4
c61287c2fa9863b5fb5844c683a168ac6520c94d822bb43d5eae35c3a2a82166
GET /wp-content/themes/volexity/fonts/fa-brands-400.woff2 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Cookie: _ga_WRSX85NK29=GS1.1.1744802891.1.0.1744802891.0.0.0; _ga=GA1.1.2024340061.1744802891
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:11 GMT
content-type: font/woff2
content-length: 107656
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6664
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=boNGDc2uv9%2F3TAG2ueNmXgIdTRooTftoe4%2B84Ccl%2FkgMNPYd07ySPg9AmIeW5BIktb8mxncxq58yz6CMqYtcqplAgkXoLbVgovZdSZK6Gwgaq0x2F2K%2BGRDyeMf30lzrxrs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 93135677da03fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=20480&min_rtt=19398&rtt_var=2030&sent=986&recv=341&lost=0&retrans=0&sent_bytes=1273246&recv_bytes=3599&delivery_rate=14676152&cwnd=679&unsent_bytes=0&cid=c70909ddb44d9287&ts=1461&x=0"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 48 kB URL GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT
File type Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Hash 015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:12:20 GMT
expires: Fri, 10 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 522951
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-WRSX85NK29
200 OK 328 kB URL GET www.googletagmanager.com/gtag/js?id=G-WRSX85NK29
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint88:85:26:A3:0A:0B:44:C6:92:DD:7B:0B:D1:14:38:BA:26:B9:EF:D9
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT
File type JavaScript source, ASCII text, with very long lines (6129)
Size 328 kB (328418 bytes)
Hash f580164ce285d4f0f97979bff1f628fc
f5de7bd9e71f4a019b656464113d2e27704a2bf3
8420d440d307ce7cde849347f661224d29431c0bdf61b0941bdf75a109746904
GET /gtag/js?id=G-WRSX85NK29 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 16 Apr 2025 11:28:10 GMT
expires: Wed, 16 Apr 2025 11:28:10 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1052:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1052:0
report-to: {"group":"ascgcycc:1052:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1052:0"}],}
server: Google Tag Manager
content-length: 113551
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.volexity.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.18
200 OK 8.7 kB URL GET www.volexity.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.18
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type JavaScript source, ASCII text, with very long lines (8700), with no line terminators
Hash 38f95416d5f7349b65699f64e6a587fd
2ca6f6f77481c3cdbcaacfc61a56c24f3c933ade
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.18 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6663
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c69lY2Ez8XNgrb5iEOj8Z7J8jHAuzd%2Bqppjx6W1eBnUjpbbiImFRFQdAY57jea8IPLfzDL%2BvAxWNJuCHzFMVl%2Fx9Bem1aibkIDB8lhQkJQQt7RF%2B6QYvp9JmLIdMkYbobwQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356726ebdfe96-AMS
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=20322&min_rtt=19446&rtt_var=1229&sent=59&recv=33&lost=0&retrans=0&sent_bytes=58113&recv_bytes=2225&delivery_rate=1046242&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=599&x=0"
X-Firefox-Spdy: h2
www.volexity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
200 OK 1.2 kB URL GET www.volexity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type JavaScript source, ASCII text, with very long lines (1238)
Hash 9e8f56e8e1806253ba01a95cfc3d392c
a8af90d7482e1e99d03de6bf88fed2315c5dd728
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: application/javascript
last-modified: Mon, 14 Apr 2025 06:48:49 GMT
etag: W/"67fcafd1-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kEmib4akm4dnSbvtX1Lg7AgUajjpz7ByXqPGm3FklxIvKuoIm7LimO%2FqnyrWGZZP2XA10yoxwpeHfIS9iohG25xefYeubNU4yJ7exlfzh4473DRCRUqJVQiPmoJ0dtjUAAI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356729f1bfe96-AMS
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 18 Apr 2025 11:28:10 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/favicon-16x16.png
200 OK 830 B URL GET www.volexity.com/wp-content/themes/volexity/favicon-16x16.png
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Hash 9df5ee64773091fb4cb953f4b4f62c6b
e6632e0f60acc26233f55297c51d8d0f1c5016d8
fcf922b11218ee88a216e02f637a599a29f439c9061ebb4b08806b8fdd5c09a3
GET /wp-content/themes/volexity/favicon-16x16.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Cookie: _ga_WRSX85NK29=GS1.1.1744802891.1.0.1744802891.0.0.0; _ga=GA1.1.2024340061.1744802891
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:11 GMT
content-type: image/png
content-length: 830
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6663
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KK8Pj0oK6d0wyxbnIlJIF5Ua%2BRjrqDNlr7ZXQH1KYTbscuhadW%2F6WUjOnEZDLt0Kbo9oJu5dPWxCBQjMvTBdEfjtzcRBvIi5B6GkrSWVs%2FCMfEZ76eN%2BvIuFqlxrb2pESXE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356783ad5fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=19890&min_rtt=19398&rtt_var=196&sent=1082&recv=421&lost=0&retrans=0&sent_bytes=1403503&recv_bytes=3802&delivery_rate=14676152&cwnd=679&unsent_bytes=0&cid=c70909ddb44d9287&ts=1532&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7
200 OK 115 kB URL GET www.volexity.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type ASCII text, with very long lines (59458)
Size 115 kB (114706 bytes)
Hash 8c9f31823282e4e056eb0aa7fac262a9
dc3b1a37381e079fda8db59c1a9469852cd18b80
3bb38d0f302677ff4104564454f60f495133579d6e6dfb722b3de850df596502
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.7 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/css
content-length: 15177
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
age: 1218
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RoWllSyMGb5%2Fj7vbbzaDyqwVba74mlQ%2FzgRa%2BImJBUtq7Vy%2BVnd0BbyioeZpnYN31wqAwSIiVkxMVKrs3XciwO0GWVY9EMEaHXwjHjO6ywHEtl1HXEfxjPhC%2BJZHiiTzEeA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 931356723e6afe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=20791&min_rtt=19449&rtt_var=2136&sent=45&recv=28&lost=0&retrans=0&sent_bytes=42318&recv_bytes=1991&delivery_rate=894858&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=590&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.7
200 OK 174 kB URL GET www.volexity.com/wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.7
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (31993)
Size 174 kB (173703 bytes)
Hash cb1d6f73837f571d581f710edde74a36
f35319db95fc6ccf0fe6484e1a763bc698e0c649
8478b4ae10afa6dab68cbe2a0bb50c4976f04fd0b0a1aa9752cc9599993332ed
GET /wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.7 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BjH4Xb0HEw6wQstsd67I%2BkdOx2Dnjf4RndMUytg%2FJFSqI5ewovfNw53ZdXfNa62cwUtK5etuJRuG9RVqwJeuJ25rouYogFcVYZmsSJevU9syqYFwdbseTYdFQ0W5aILR%2BvQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356729f1ffe96-AMS
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=19831&min_rtt=19430&rtt_var=449&sent=104&recv=49&lost=0&retrans=0&sent_bytes=106868&recv_bytes=2865&delivery_rate=2045920&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=628&x=0"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,500,700,700i|Roboto+Condensed:400,500|Roboto:400,300,500|Roboto+Slab:300,500,400|Open+Sans:400,600,700
200 OK 58 kB URL GET fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,500,700,700i|Roboto+Condensed:400,500|Roboto:400,300,500|Roboto+Slab:300,500,400|Open+Sans:400,600,700
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint3C:2E:67:30:A6:95:F3:D3:61:49:AB:AC:BC:D1:CF:77:3E:33:8F:B7
ValidityThu, 20 Mar 2025 11:19:46 GMT - Thu, 12 Jun 2025 11:19:45 GMT
File type ASCII text, with very long lines (1572)
Hash ee2f4606bc60b145c5dc487034578b72
ac83d23beed2c7ddc5c8aa6409f70b319261a145
dcc3e9b6dbef41a57f59d36f37394173fbbc7fd59ed0b6c715c13a3c1eb2daa2
GET /css?family=Source+Sans+Pro:300,400,400i,500,700,700i|Roboto+Condensed:400,500|Roboto:400,300,500|Roboto+Slab:300,500,400|Open+Sans:400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 16 Apr 2025 11:28:11 GMT
date: Wed, 16 Apr 2025 11:28:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
200 OK 48 kB URL GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT
File type Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Hash 015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:12:20 GMT
expires: Fri, 10 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 522951
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/fonts/icons.woff2?4053275
200 OK 5.1 kB URL GET www.volexity.com/wp-content/themes/volexity/fonts/icons.woff2?4053275
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type Web Open Font Format (Version 2), TrueType, length 5068, version 1.0
Hash b9a7e850839847829fd7e814b2b017dc
5613b8377882e08d87c80b59a9693afd5fa304b2
4fec2f5ff94c82084ce40a28b3990d3879da914059c3a4bd642a89d674712f9f
GET /wp-content/themes/volexity/fonts/icons.woff2?4053275 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:11 GMT
content-type: font/woff2
content-length: 5068
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6664
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xS29dD8uIGR6fA3mInT3CIXV4ENQRR9WggdjsB5eaG0u3Wr0r6iV%2BT6vUvSIA3m2meS2qJHEnyZV0ZARWlFDKOodxTvDPsSi1tXrngQZWqM%2BBEcAOaP%2FAH%2Fz9MzGMl6ykuE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 93135675cda3fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=25880&min_rtt=19398&rtt_var=11976&sent=971&recv=323&lost=0&retrans=0&sent_bytes=1264772&recv_bytes=3102&delivery_rate=14676152&cwnd=679&unsent_bytes=0&cid=c70909ddb44d9287&ts=1137&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/dist/images/logo.png
200 OK 4.9 kB URL GET www.volexity.com/wp-content/themes/volexity/dist/images/logo.png
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type PNG image data, 1628 x 168, 8-bit colormap, non-interlaced
Hash c717e4264781f7a88c8f2e894f9a11dd
e116c5e7acf0361886dd8f0e00f1de748e64bf23
c028d95161528697214cfa6fd024eb225429b155723339cb67e75f27cd64c368
GET /wp-content/themes/volexity/dist/images/logo.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: image/png
content-length: 4852
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1218
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xH9lulzNY3EICVhohjaxVpiXoKBkzZIMszZJXiWeVj%2Bhb1NJXXEvOki5UlYsZOajOuZ1CeSKNJjyzCqMZCFTzvAXAXd%2BfcLXcqjucUcgKj5quT6tyQQ7QXKaNM4Jh6iVk9o%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356727ef0fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=20322&min_rtt=19446&rtt_var=1229&sent=88&recv=35&lost=0&retrans=0&sent_bytes=93387&recv_bytes=2451&delivery_rate=1046242&cwnd=258&unsent_bytes=5088&cid=c70909ddb44d9287&ts=608&x=0"
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
200 OK 20 kB URL GET static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintAD:90:D1:30:C9:77:BF:DE:1F:AB:8C:0D:6E:67:CB:6A:E8:42:DB:18
ValidityThu, 27 Feb 2025 14:42:34 GMT - Wed, 28 May 2025 15:42:17 GMT
File type JavaScript source, ASCII text, with very long lines (19948), with no line terminators
Hash ec18af6d41f6f278b6aed3bdabffa7bc
62c9e2cab76b888829f3c5335e91c320b22329ae
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 93135672bbd156af-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
200 OK 76 kB URL User Request GET www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
IP
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type HTML document, Unicode text, UTF-8 text, with very long lines (8856), with CRLF, LF line terminators
Hash bf3a2c6318ef5ad47689bc664042423a
4ba8db4ae15e6fa1b0d4f77bd8dd783213c893e8
3667a4571313684336a19db12b9b6e6eb009894b9729fedd84e7f887c71ad67d
Analyzer Verdict Alert Public Nextron YARA rules malware A loader for the CobaltStrike malware family, which ultimately takes the first and second bytes of an embedded file, and flips them prior to executing the resulting payload.
Public Nextron YARA rules malware The FRESHFIRE malware family. The malware acts as a downloader, pulling down an encrypted snippet of code from a remote source, executing it, and deleting it from the remote server.
GET /blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/ HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=63072000; includeSubDomains;
link: <https://www.volexity.com/wp-json/>; rel="https://api.w.org/", <https://www.volexity.com/wp-json/wp/v2/posts/2117>; rel="alternate"; title="JSON"; type="application/json", <https://www.volexity.com/?p=2117>; rel=shortlink
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dtc1q2uw%2BucdyOUDkzNo0XhFzo7LoVAsqtPfydHXPvsWORan5fBHO%2B1%2BIHQZwlFlzlpqfHTbZhRPpj7rN8HnPkSuUkSp%2B9u5T190K7zCkdTKB7U1Er9SBj13JAsuqx2s5lI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 9313566effe5fe96-AMS
content-encoding: br
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=25030&min_rtt=19452&rtt_var=13360&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3276&recv_bytes=1319&delivery_rate=222085&cwnd=255&unsent_bytes=0&cid=c70909ddb44d9287&ts=256&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/dist/images/search.png
200 OK 309 B URL GET www.volexity.com/wp-content/themes/volexity/dist/images/search.png
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type PNG image data, 24 x 25, 8-bit colormap, non-interlaced
Hash 690ecde12c9e2016efac2824f88c03d0
b0b22c870d6c398ba1ea36e3c5b0829563593e4a
2d44bc68ebd5cc51defb48f9defe3c8705e280af5dd86c161e187bafcbbb63b3
GET /wp-content/themes/volexity/dist/images/search.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:11 GMT
content-type: image/png
content-length: 309
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 903
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N7nzgybou%2FOW2sIXHW9e%2B5kbwqTn9al2VM4nDoK5NufgKUzE%2FDxO5a9cJi1m6k7OSEmg9e1ecIe%2BUO6brjeQCwwOL%2FEKZaPEUmW6yveOY%2BHfPlAORgVUf9kGrpqSIwnHnro%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356766ee9fe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=22473&min_rtt=19398&rtt_var=5469&sent=980&recv=332&lost=0&retrans=0&sent_bytes=1271331&recv_bytes=3431&delivery_rate=14676152&cwnd=679&unsent_bytes=0&cid=c70909ddb44d9287&ts=1233&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-content/themes/volexity/apple-touch-icon.png
200 OK 21 kB URL GET www.volexity.com/wp-content/themes/volexity/apple-touch-icon.png
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 20ed91d496dece0ad869b7096de3e478
b531237a190c44cef3d73f576c9b5f93b5e12daa
2363b101b0e64dd091de398f4ab7db3691e609cef973da80d6fa0a10b8845a7f
GET /wp-content/themes/volexity/apple-touch-icon.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Cookie: _ga_WRSX85NK29=GS1.1.1744802891.1.0.1744802891.0.0.0; _ga=GA1.1.2024340061.1744802891
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:11 GMT
content-type: image/png
content-length: 21254
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 6663
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=szyojNMQZIxFunwQTu0PmcGssAOfKr05moGM29PbgudGBrKFE6nWBFrjRA0ddgRnrw2ZtiXBmFD0BsmySklt4I9m9LAzaUQmGs4VTVXNTV15DNLYOYdVHBTbkX%2BjdQR%2FA1E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356783accfe96-AMS
server-timing: cfL4;desc="?proto=TCP&rtt=19890&min_rtt=19398&rtt_var=196&sent=1065&recv=421&lost=0&retrans=0&sent_bytes=1381700&recv_bytes=3802&delivery_rate=14676152&cwnd=679&unsent_bytes=0&cid=c70909ddb44d9287&ts=1530&x=0"
X-Firefox-Spdy: h2
www.volexity.com/wp-includes/js/comment-reply.min.js?ver=6.7
200 OK 3.0 kB URL GET www.volexity.com/wp-includes/js/comment-reply.min.js?ver=6.7
IP
Requested by https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT
File type ASCII text, with very long lines (2991)
Hash e4a49df71f8b98c1d9f9d8fce74d89e8
b95fcda0c8c26305ad94e80343d0cfca8a048a10
9d4687a19cab8f7442a3bda40c45be4d10e42488e091ddd706c3caed83c3ee1f
GET /wp-includes/js/comment-reply.min.js?ver=6.7 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 16 Apr 2025 11:28:10 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Twia6wb5w%2FHexxam1ktCvEYvLbR%2Fd%2FwCGgmBgKatbQScifQ9xIc1CLCOpxP3iL6SgqFxXQSfgmWx4n4DJvOMzJjbFZnLtgcSCrnDOk%2B064R8RWysYzhDzQQXphJe4hV%2FwQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 931356729f20fe96-AMS
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=20114&min_rtt=19430&rtt_var=882&sent=101&recv=43&lost=0&retrans=0&sent_bytes=105038&recv_bytes=2865&delivery_rate=1202491&cwnd=258&unsent_bytes=0&cid=c70909ddb44d9287&ts=626&x=0"
X-Firefox-Spdy: h2
104.26.6.38
142.250.74.35