Report - www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/

Report Overview

Visited public
2025-04-13 20:32:05
Tags
Submit Tags
URL
www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Finishing URL
www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
IP / ASN
172.67.71.52
#13335 CLOUDFLARENET
Title
Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns | Volexity

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.volexity.com	unknown	2013-07-29	2014-09-25	2025-03-19	13 kB	1.9 MB	104.26.7.38
fonts.gstatic.com	unknown	2008-02-11	2014-04-02	2025-04-09	2.2 kB	188 kB	142.250.74.3
fonts.googleapis.com	8877	2005-01-25	2012-05-23	2025-04-09	566 B	58 kB	142.250.178.42
www.googletagmanager.com	75	2011-11-11	2012-10-04	2025-04-09	437 B	318 kB	142.250.74.168
static.cloudflareinsights.com	1294	2019-08-30	2019-09-24	2025-04-09	510 B	20 kB	104.16.80.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2025-04-13	medium	www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/	A loader for the CobaltStrike malware family, which ultimately takes the first and second bytes of an embedded file, and flips them prior to executing the resulting payload.
2025-04-13	medium	www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/	The FRESHFIRE malware family. The malware acts as a downloader, pulling down an encrypted snippet of code from a remote source, executing it, and deleting it from the remote server.

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015	ScriptElement	20 kB	2024-06-07	2025-07-17
Pretty URL static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 IP 104.16.80.73 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-06-07 09:21 Last Seen2025-07-17 07:13 Times Seen91512 Hash ec18af6d41f6f278b6aed3bdabffa7bc 62c9e2cab76b888829f3c5335e91c320b22329ae 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f Loading...

	www.googletagmanager.com/gtag/js?id=G-WRSX85NK29	ScriptElement	1.0 kB	2025-04-08	2025-07-12
Pretty URL www.googletagmanager.com/gtag/js?id=G-WRSX85NK29 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2025-04-08 10:44 Last Seen2025-07-12 17:41 Times Seen95 Hash b7ced97c10c53a1ca9014d72c4066a4c 035822375bc89318f8aca70a01ffe2a9422abd38 7d35ce0be7680150ec940f80140c950a171cf27821e8ac637d43722ef3466c42 Loading...

	www.volexity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-07-17
Pretty URL www.volexity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.26.7.38 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-17 07:13 Times Seen90716 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	www.volexity.com/wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.7	ScriptElement	174 kB	2023-09-24	2025-04-16
Pretty URL www.volexity.com/wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.7 IP 104.26.7.38 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-24 21:31 Last Seen2025-04-16 11:28 Times Seen9 Hash cb1d6f73837f571d581f710edde74a36 f35319db95fc6ccf0fe6484e1a763bc698e0c649 8478b4ae10afa6dab68cbe2a0bb50c4976f04fd0b0a1aa9752cc9599993332ed Loading...

	www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/	ScriptElement	148 B	2023-09-24	2025-04-16
Pretty URL www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/ IP 104.26.7.38 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-24 21:31 Last Seen2025-04-16 11:28 Times Seen9 Hash d4941e368115625354d3a77a5706ced6 f0edb3b5d508d63e0759936dc02eda632652da9c e2644437245246d844a1c1c84d8ede88a4101b571faf42502ff4301ee168a6e7 Loading...

	www.volexity.com/wp-includes/js/comment-reply.min.js?ver=6.7	ScriptElement	3.0 kB	2024-11-13	2025-07-17
Pretty URL www.volexity.com/wp-includes/js/comment-reply.min.js?ver=6.7 IP 104.26.7.38 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-11-13 06:33 Last Seen2025-07-17 04:12 Times Seen10208 Hash e4a49df71f8b98c1d9f9d8fce74d89e8 b95fcda0c8c26305ad94e80343d0cfca8a048a10 9d4687a19cab8f7442a3bda40c45be4d10e42488e091ddd706c3caed83c3ee1f Loading...

	www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/	ScriptElement	419 B	2025-04-13	2025-04-13
Pretty URL www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/ IP 104.26.7.38 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-13 20:32 Last Seen2025-04-13 20:32 Times Seen1 Hash b3414b1c05710d8a94f0753e95725331 34ba6535241031f02378c12c5d956e43fb69b849 672614699f40b2a9d968c43c60e287f9b6a520ba90cbf1168fcfb2a2857e987b Loading...

HTTP Transactions (29)

URL IP Response Size

GET www.volexity.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7

104.26.7.38

200 OK

115 kB

URL GET
www.volexity.com/wp-includes/css/dist/block-library/style.min.css?ver=6.7
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
ASCII text, with very long lines (59458)
Size
115 kB (114706 bytes)
Hash
8c9f31823282e4e056eb0aa7fac262a9
dc3b1a37381e079fda8db59c1a9469852cd18b80
3bb38d0f302677ff4104564454f60f495133579d6e6dfb722b3de850df596502

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.7 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:43 GMT
content-type: text/css
content-length: 15177
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fFmJ5Z463UoV21j5OgSgfCZEtTLSiDDkBsASwK7RI3jGv%2FgRhjL1nraZx50O0mSsCFldnyLVCQsYFsBvEN%2BQJ9XKR60GKlTFGR2F6OD6rsZDCsXc8tJESl%2FdxJfLMBj5hKA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92fdba8afc36b511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1048&min_rtt=399&rtt_var=1134&sent=39&recv=42&lost=0&retrans=0&sent_bytes=22682&recv_bytes=2736&delivery_rate=17136094&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1397&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.18

104.26.7.38

200 OK

8.7 kB

URL GET
www.volexity.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.18
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
JavaScript source, ASCII text, with very long lines (8700), with no line terminators
Size
8.7 kB (8700 bytes)
Hash
38f95416d5f7349b65699f64e6a587fd
2ca6f6f77481c3cdbcaacfc61a56c24f3c933ade
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c

HTTP Headers

GET /wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.18 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:43 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mr%2FjwCXcyitpcjWhum5mCOeSi4vS53NjkylwJmUlEwmWyWnVlQHCAZj1mOpCv3SlrWq1aX0s9ovgOXMskW5jTwd95q9zQKklg2vuhevFl9%2F4garBOXExeCIXB8YySjYF5l0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b1c61b511-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=828&min_rtt=399&rtt_var=75&sent=81&recv=55&lost=0&retrans=0&sent_bytes=75000&recv_bytes=2736&delivery_rate=19306666&cwnd=257&unsent_bytes=14647&cid=2da138eeff904902&ts=1410&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

104.26.7.38

200 OK

14 kB

URL GET
www.volexity.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
JavaScript source, ASCII text, with very long lines (13479)
Size
14 kB (13577 bytes)
Hash
9ffeb32e2d9efbf8f70caabded242267
3ad0c10e501ac2a9bfa18f9cd7e700219b378738
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:44 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OR3G9G5uvtNlHwM%2FrzpxUIORvig3%2FcUQaYK1ivXFNtTTUhpxofNznMMBsU7CvhUv3HH9LcLMr3WBHEtqX5H9SM2dQAqRfM0wVohlVYPAfFeO6Lp5zFhole5Mv0XC2zepDy4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b1c63b511-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1093&min_rtt=399&rtt_var=164&sent=573&recv=452&lost=0&retrans=1&sent_bytes=715843&recv_bytes=2736&delivery_rate=94161849&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1620&x=0"
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.3

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:12:20 GMT
expires: Fri, 10 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 296365
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/fonts/fa-brands-400.woff2

104.26.7.38

200 OK

108 kB

URL GET
www.volexity.com/wp-content/themes/volexity/fonts/fa-brands-400.woff2
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
Web Open Font Format (Version 2), TrueType, length 107656, version 770.768
Size
108 kB (107656 bytes)
Hash
e2f5b365c7d3d4497da73148ddfae997
b99813b3c531d8fe90aed3b75d2ed71f8e0c87f4
c61287c2fa9863b5fb5844c683a168ac6520c94d822bb43d5eae35c3a2a82166

HTTP Headers

GET /wp-content/themes/volexity/fonts/fa-brands-400.woff2 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Cookie: _ga_WRSX85NK29=GS1.1.1744576304.1.0.1744576304.0.0.0; _ga=GA1.1.2075492128.1744576305
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:45 GMT
content-type: font/woff2
content-length: 107656
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3696
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrQP%2Bw%2FLvfCIVM7w8aUuG7yNtHfTWs6QBcyDB6PBBGk6xK%2Bc1sswO5ug3AlqRbgmTCKYWHRxjeW93gJW%2BRBYTd%2FsdEzFQw5jawXr4pqYsBKVUarefxEjzoACcGVXG9NgnDk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba9859d6b511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=562&min_rtt=399&rtt_var=101&sent=1017&recv=845&lost=0&retrans=2&sent_bytes=1273223&recv_bytes=3480&delivery_rate=44746600&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=3416&x=0"
X-Firefox-Spdy: h2

POST www.volexity.com/cdn-cgi/rum?

104.26.7.38

204 No Content

0 B

URL POST
www.volexity.com/cdn-cgi/rum?
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1500
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Cookie: _ga_WRSX85NK29=GS1.1.1744576304.1.0.1744576304.0.0.0; _ga=GA1.1.2075492128.1744576305
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
date: Sun, 13 Apr 2025 20:31:46 GMT
access-control-allow-origin: https://www.volexity.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 92fdba9bdedcb511-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

GET www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/

104.26.7.38

200 OK

76 kB

URL User Request GET
www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (8856), with CRLF, LF line terminators
Size
76 kB (75785 bytes)
Hash
0890a413f102c2a51c0ff002ae09fe0f
063664a88d0fd0f52954ec5b85237bded208d964
ce687e905cfe3987ea2d93ed56d1341e5ae72b6301bf6cc4623df1a11630810a

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	A loader for the CobaltStrike malware family, which ultimately takes the first and second bytes of an embedded file, and flips them prior to executing the resulting payload.
Public Nextron YARA rules	malware	The FRESHFIRE malware family. The malware acts as a downloader, pulling down an encrypted snippet of code from a remote source, executing it, and deleting it from the remote server.

HTTP Headers

GET /blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/ HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:42 GMT
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=63072000; includeSubDomains;
link: <https://www.volexity.com/wp-json/>; rel="https://api.w.org/", <https://www.volexity.com/wp-json/wp/v2/posts/2117>; rel="alternate"; title="JSON"; type="application/json", <https://www.volexity.com/?p=2117>; rel=shortlink
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=igRW%2B9jInhqs4BPmqxihIGzEqTWCmLwR0qhI49riJs1Pyq9jHKdDc5iEzEYluKCXk523n%2Bsf%2BSXhjQsWYafKKJ0N5TjE%2B%2B3AiS8zFgE8WcyJxrP8lxQScAQCGvyoTnAYDtE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92fdba83491fb511-OSL
content-encoding: br
server-timing: cfCacheStatus;desc="DYNAMIC", cfL4;desc="?proto=TCP&rtt=6429&min_rtt=469&rtt_var=11902&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3201&recv_bytes=1190&delivery_rate=6652373&cwnd=254&unsent_bytes=0&cid=2da138eeff904902&ts=354&x=0"
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,500,700,700i|Roboto+Condensed:400,500|Roboto:400,300,500|Roboto+Slab:300,500,400|Open+Sans:400,600,700

142.250.178.42

200 OK

58 kB

URL GET
fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,500,700,700i|Roboto+Condensed:400,500|Roboto:400,300,500|Roboto+Slab:300,500,400|Open+Sans:400,600,700
IP
142.250.178.42:443
ASN
#15169 GOOGLE

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint3C:2E:67:30:A6:95:F3:D3:61:49:AB:AC:BC:D1:CF:77:3E:33:8F:B7
ValidityThu, 20 Mar 2025 11:19:46 GMT - Thu, 12 Jun 2025 11:19:45 GMT

File type
ASCII text, with very long lines (1572)
Size
58 kB (57625 bytes)
Hash
ee2f4606bc60b145c5dc487034578b72
ac83d23beed2c7ddc5c8aa6409f70b319261a145
dcc3e9b6dbef41a57f59d36f37394173fbbc7fd59ed0b6c715c13a3c1eb2daa2

HTTP Headers

GET /css?family=Source+Sans+Pro:300,400,400i,500,700,700i|Roboto+Condensed:400,500|Roboto:400,300,500|Roboto+Slab:300,500,400|Open+Sans:400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 13 Apr 2025 20:31:44 GMT
date: Sun, 13 Apr 2025 20:31:44 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/favicon-16x16.png

104.26.7.38

200 OK

830 B

URL GET
www.volexity.com/wp-content/themes/volexity/favicon-16x16.png
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
830 B (830 bytes)
Hash
9df5ee64773091fb4cb953f4b4f62c6b
e6632e0f60acc26233f55297c51d8d0f1c5016d8
fcf922b11218ee88a216e02f637a599a29f439c9061ebb4b08806b8fdd5c09a3

HTTP Headers

GET /wp-content/themes/volexity/favicon-16x16.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Cookie: _ga_WRSX85NK29=GS1.1.1744576304.1.0.1744576304.0.0.0; _ga=GA1.1.2075492128.1744576305
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:46 GMT
content-type: image/png
content-length: 830
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gp5kHKKKRY6gWzT9G%2BWzfAEmYVeEir5FJ3v35lCUwZ6gNPqenxrz1kQXNrUTL45GG8S8JmLArVNQCw%2BfW1Tths1%2FxfqXqT6Rteq4lM4TEo4U%2FGCU34dTXPrKvV7KfhwHM%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba991adfb511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1508&min_rtt=399&rtt_var=1348&sent=1120&recv=886&lost=0&retrans=3&sent_bytes=1403548&recv_bytes=3683&delivery_rate=101224211&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=3663&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/apple-touch-icon.png

104.26.7.38

200 OK

21 kB

URL GET
www.volexity.com/wp-content/themes/volexity/apple-touch-icon.png
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
21 kB (21254 bytes)
Hash
20ed91d496dece0ad869b7096de3e478
b531237a190c44cef3d73f576c9b5f93b5e12daa
2363b101b0e64dd091de398f4ab7db3691e609cef973da80d6fa0a10b8845a7f

HTTP Headers

GET /wp-content/themes/volexity/apple-touch-icon.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Cookie: _ga_WRSX85NK29=GS1.1.1744576304.1.0.1744576304.0.0.0; _ga=GA1.1.2075492128.1744576305
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:46 GMT
content-type: image/png
content-length: 21254
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MiDeRS5FaMBOoF0bmGKlxPw7EeDa1GmuGvWD8dptbgdjYLms6tSfJ3cpuoHxEWRLoV%2FJ3DJKRI%2BjSSVlD2vJ3gAPLNt1xfhOVXdE%2Fr7%2B%2FeFHuTZ6ieScu42xNqKuopex7zo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba991ad7b511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1007&min_rtt=399&rtt_var=276&sent=1101&recv=869&lost=0&retrans=2&sent_bytes=1381677&recv_bytes=3683&delivery_rate=101224211&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=3642&x=0"
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2

142.250.74.3

200 OK

40 kB

URL GET
fonts.gstatic.com/s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 40128, version 1.0
Size
40 kB (40128 bytes)
Hash
9a01b69183a9604ab3a439e388b30501
8ed1d59003d0dbe6360481017b44665153665fbe
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

HTTP Headers

GET /s/roboto/v47/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 40128
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:03:46 GMT
expires: Fri, 10 Apr 2026 10:03:46 GMT
cache-control: public, max-age=31536000
age: 296880
last-modified: Wed, 08 Jan 2025 18:23:10 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.3

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:12:20 GMT
expires: Fri, 10 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 296365
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.googletagmanager.com/gtag/js?id=G-WRSX85NK29

142.250.74.168

200 OK

317 kB

URL GET
www.googletagmanager.com/gtag/js?id=G-WRSX85NK29
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subject*.google-analytics.com
Fingerprint88:85:26:A3:0A:0B:44:C6:92:DD:7B:0B:D1:14:38:BA:26:B9:EF:D9
ValidityThu, 20 Mar 2025 11:18:39 GMT - Thu, 12 Jun 2025 11:18:38 GMT

File type
JavaScript source, ASCII text, with very long lines (6129)
Size
317 kB (317283 bytes)
Hash
e71ce65d3c8aa59a59bb403886ae281a
280d6f25e421fbcbc5a28aba1c33e16dcbe841af
0a3c1def74fc24930f3105bc14d01e9c759d89f5b2b012783fead43a70969510

HTTP Headers

GET /gtag/js?id=G-WRSX85NK29 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 13 Apr 2025 20:31:44 GMT
expires: Sun, 13 Apr 2025 20:31:44 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1020:0
cross-origin-opener-policy-report-only: same-origin; report-to=ascgcycc:1020:0
report-to: {"group":"ascgcycc:1020:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1020:0"}],}
server: Google Tag Manager
content-length: 111547
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/uploads/2021/05/image002.png

104.26.7.38

200 OK

568 kB

URL GET
www.volexity.com/wp-content/uploads/2021/05/image002.png
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
PNG image data, 809 x 1051, 8-bit/color RGBA, non-interlaced
Size
568 kB (568512 bytes)
Hash
c4234acc4eb69806445913993c926a98
341a47e792cce009ff1cb3c2be02a167182e1c33
0415c1f9b9e9140f3eb691476b131876fa6a2081da9e35535475b13559ba0e94

HTTP Headers

GET /wp-content/uploads/2021/05/image002.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:44 GMT
content-type: image/png
content-length: 568512
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Wed, 26 May 2021 19:20:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Be8%2BI5sgOQ540O1UfS%2BY0q4wWeOA3FocF4f3FBfpC2gPILb1KO6GE2q9zjYevx8%2FyO%2BJ9IfGFfYdKmgBX5Zd4CRu93KtFDwR4WmsLgN%2BMpAgmf2GyKNl1HZBDSBn0zhjptk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b2c81b511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1945&min_rtt=399&rtt_var=423&sent=509&recv=391&lost=0&retrans=1&sent_bytes=634620&recv_bytes=2736&delivery_rate=94161849&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1562&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.26.7.38

200 OK

1.2 kB

URL GET
www.volexity.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
JavaScript source, ASCII text, with very long lines (1238)
Size
1.2 kB (1239 bytes)
Hash
9e8f56e8e1806253ba01a95cfc3d392c
a8af90d7482e1e99d03de6bf88fed2315c5dd728
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:43 GMT
content-type: application/javascript
last-modified: Fri, 04 Apr 2025 16:11:22 GMT
etag: W/"67f004aa-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8y46dEcny5ks%2FReMT%2BlcDl8L9VVfY%2BbpY2d1111jGVFlhSMjE7Hvvip6%2B9ARuzxuFnR9%2F8%2BTsoHlNPso09YJLWLMM94EvleKX32Tmdgu2FYd%2FXduFF6mYuECFY1nwAT7Blg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b2c83b511-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Tue, 15 Apr 2025 20:31:43 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/uploads/2021/05/election-fraud-blog-post-header-image-1-1536x768.png

104.26.7.38

200 OK

174 kB

URL GET
www.volexity.com/wp-content/uploads/2021/05/election-fraud-blog-post-header-image-1-1536x768.png
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
PNG image data, 1536 x 768, 8-bit/color RGBA, non-interlaced
Size
174 kB (173669 bytes)
Hash
7387ebe4e26afe1f48b77659df422176
9c89e04a23d0f1ec8a8fda3d93bb13f1c096d730
9bfe37243d3456bb03fe83ea2e5cc8528f4af11981568fe75b0a4942b4ed0bad

HTTP Headers

GET /wp-content/uploads/2021/05/election-fraud-blog-post-header-image-1-1536x768.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:44 GMT
content-type: image/png
content-length: 173669
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Thu, 27 May 2021 18:02:38 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xzXemv2cBH0NBP21VJ4E6QKLky3Y2m%2FVlKKqtLXRr4AJukVDhRm6nwFAVRhZhmtO%2FPbQnyCdOrOrzSSwAt%2FyUAQ0hmvUyC6OiepCIudW%2BoZcLwd%2FRRxQrX%2B7Z5YyVEH%2BxEI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b1c66b511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1220&min_rtt=399&rtt_var=1138&sent=375&recv=258&lost=0&retrans=1&sent_bytes=459893&recv_bytes=2736&delivery_rate=94161849&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1478&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.7

104.26.7.38

200 OK

174 kB

URL GET
www.volexity.com/wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.7
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31993)
Size
174 kB (173703 bytes)
Hash
cb1d6f73837f571d581f710edde74a36
f35319db95fc6ccf0fe6484e1a763bc698e0c649
8478b4ae10afa6dab68cbe2a0bb50c4976f04fd0b0a1aa9752cc9599993332ed

HTTP Headers

GET /wp-content/themes/volexity/dist/scripts/scripts.min.js?ver=6.7 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:44 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bi4t42%2FDEwgN1zpLwhKQwdmg13WbRf12RDnnNoUA9Nvl5qzzetcZgFcAe9GWT0a2UqPcVoZnJFnlQfoJvSM106TKq5h3cMdtZk%2BSEq8eGv30zZ5xQWk7RrJ1cHzZsQza1Hg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b2c84b511-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1337&min_rtt=399&rtt_var=1086&sent=579&recv=457&lost=0&retrans=1&sent_bytes=721373&recv_bytes=2736&delivery_rate=94161849&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1622&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/fonts/icons.woff2?4053275

104.26.7.38

200 OK

5.1 kB

URL GET
www.volexity.com/wp-content/themes/volexity/fonts/icons.woff2?4053275
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
Web Open Font Format (Version 2), TrueType, length 5068, version 1.0
Size
5.1 kB (5068 bytes)
Hash
b9a7e850839847829fd7e814b2b017dc
5613b8377882e08d87c80b59a9693afd5fa304b2
4fec2f5ff94c82084ce40a28b3990d3879da914059c3a4bd642a89d674712f9f

HTTP Headers

GET /wp-content/themes/volexity/fonts/icons.woff2?4053275 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Cookie: _ga_WRSX85NK29=GS1.1.1744576304.1.0.1744576304.0.0.0; _ga=GA1.1.2075492128.1744576305
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:45 GMT
content-type: font/woff2
content-length: 5068
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3695
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gGJ0YIxp8LZGJtxBoNJ7BK%2BffBEyGrGOmBzi2ZkeJdoUzUOuBz6XgrlpcnbL2EAskUoGMAXDeiu1QuXsHq110lM%2BOU2KrAdlH7tnAVFRwBL4ZZvLrixiIu0FLdbMCe1LeCg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba93ca2fb511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=832&min_rtt=399&rtt_var=134&sent=999&recv=826&lost=0&retrans=2&sent_bytes=1264780&recv_bytes=3039&delivery_rate=44746600&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=2686&x=0"
X-Firefox-Spdy: h2

GET fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

142.250.74.3

200 OK

48 kB

URL GET
fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
142.250.74.3:443
ASN
#15169 GOOGLE

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
Fingerprint04:FF:92:E7:16:B0:49:91:8B:B7:8D:C6:93:B9:20:B4:2A:33:9F:A8
ValidityThu, 20 Mar 2025 11:19:45 GMT - Thu, 12 Jun 2025 11:19:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Size
48 kB (48236 bytes)
Hash
015c126a3520c9a8f6a27979d0266e96
2acf956561d44434a6d84204670cf849d3215d5f
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

HTTP Headers

GET /s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48236
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Apr 2025 10:12:20 GMT
expires: Fri, 10 Apr 2026 10:12:20 GMT
cache-control: public, max-age=31536000
age: 296365
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/dist/images/search.png

104.26.7.38

200 OK

309 B

URL GET
www.volexity.com/wp-content/themes/volexity/dist/images/search.png
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
PNG image data, 24 x 25, 8-bit colormap, non-interlaced
Size
309 B (309 bytes)
Hash
690ecde12c9e2016efac2824f88c03d0
b0b22c870d6c398ba1ea36e3c5b0829563593e4a
2d44bc68ebd5cc51defb48f9defe3c8705e280af5dd86c161e187bafcbbb63b3

HTTP Headers

GET /wp-content/themes/volexity/dist/images/search.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Cookie: _ga_WRSX85NK29=GS1.1.1744576304.1.0.1744576304.0.0.0; _ga=GA1.1.2075492128.1744576305
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:45 GMT
content-type: image/png
content-length: 309
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8ZRGONjPRnxEb%2BPk6wAphwUnucEWnJTd2heaS%2BB021jfHrkreibnVnyeDTnDtB8Jgj%2FRZ2qWa4Qa8p6IYRNp7eYjDXIooNc62J3o5Y9GyPDcGl%2BDbQvaImuyVCwc9fFqZ0E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba94fc46b511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=599&min_rtt=399&rtt_var=113&sent=1013&recv=841&lost=0&retrans=2&sent_bytes=1272288&recv_bytes=3374&delivery_rate=44746600&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=3009&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.18

104.26.7.38

200 OK

5.1 kB

URL GET
www.volexity.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.18
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
ASCII text, with very long lines (5064), with no line terminators
Size
5.1 kB (5064 bytes)
Hash
216d791e61641ace57d8d11a12bde01e
28bde6d98d1c689a712efe037a9592e9fa103b09
029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc

HTTP Headers

GET /wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.18 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:44 GMT
content-type: text/css
content-length: 1091
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PsCB7C7Bqrbsc6N%2B5VacA8qw89RH9K5V0uxNuTeY9ycznEYr9yf4mLh9TUfk5MIryUcxAFJsdmRPn3Spjbj%2BXU%2BnS7dwoBc8eDHBENcRcaI98AqzWqARCajkTWQpHA9oAKw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92fdba8b0c46b511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1270&min_rtt=399&rtt_var=128&sent=570&recv=450&lost=0&retrans=1&sent_bytes=714124&recv_bytes=2736&delivery_rate=94161849&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1613&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7

104.26.7.38

200 OK

108 kB

URL GET
www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
108 kB (107543 bytes)
Hash
3d09db0cdc5096840437eb2b223ce703
62479255247513a2b6b91975578412b66a4ea6f1
758f6303c8f2891cf8bab3ac404467af40500e6d69694839182467ce3ca5d909

HTTP Headers

GET /wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:43 GMT
content-type: text/css
content-length: 18214
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1SRNmQx40tPeruiww3CQaKL4s1H5WlD5Tta60tJuNAA%2F%2Bjveiirk%2B4uPd1rhJAg96F%2F2J2b3Sqe0ORVgsId8pJoPIPuP%2FbhVZ0MgY9OXyG80bmASpGJ%2BjPHJnQstNgjOfSk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 92fdba8b1c5fb511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=828&min_rtt=399&rtt_var=75&sent=52&recv=55&lost=0&retrans=0&sent_bytes=38656&recv_bytes=2736&delivery_rate=19306666&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1409&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/uploads/2021/05/phish_email-1024x817.png

104.26.7.38

200 OK

358 kB

URL GET
www.volexity.com/wp-content/uploads/2021/05/phish_email-1024x817.png
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
PNG image data, 1024 x 817, 8-bit/color RGBA, non-interlaced
Size
358 kB (358374 bytes)
Hash
68e6258f46aacfb9e4cfcb965021b1b1
c5e848caf30bd73c755e100d99383f7a64d11dee
2d09658dc2f400b9dd822a0bae5b9d4f13598ce42038cd376fb49f8e9a6f1e7d

HTTP Headers

GET /wp-content/uploads/2021/05/phish_email-1024x817.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:44 GMT
content-type: image/png
content-length: 358374
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Wed, 26 May 2021 19:32:05 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bQOSHp0RF0oktt2EQ%2BAEU2Bm8Giy8z7UGL2s%2F9EtkB8wNY5wwhsFyXJcfKinue0Y7D8U33i1K0MHN2Ke2%2BT%2BDGOPtJEl7jpV15CssSPbB18XGzTRN9IxUVM%2BKk%2BD7r3u66Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b2c7fb511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1289&min_rtt=399&rtt_var=1234&sent=102&recv=67&lost=0&retrans=0&sent_bytes=99572&recv_bytes=2736&delivery_rate=21570664&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1434&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-includes/js/comment-reply.min.js?ver=6.7

104.26.7.38

200 OK

3.0 kB

URL GET
www.volexity.com/wp-includes/js/comment-reply.min.js?ver=6.7
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
ASCII text, with very long lines (2991)
Size
3.0 kB (3026 bytes)
Hash
e4a49df71f8b98c1d9f9d8fce74d89e8
b95fcda0c8c26305ad94e80343d0cfca8a048a10
9d4687a19cab8f7442a3bda40c45be4d10e42488e091ddd706c3caed83c3ee1f

HTTP Headers

GET /wp-includes/js/comment-reply.min.js?ver=6.7 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:44 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1QnZuYCnvAk0D5B8GbHru2bpEWrX1NVUeBAoFNVjTCNQaj7ciEzroRHorQcZxuHYXnSvkmXkTUVnfpu6BAi%2FtorBTifQIhlh4xhZJyL16%2F5uelaIGj2nO8m9%2B3Z9RfgUwL8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b2c86b511-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=1047&min_rtt=399&rtt_var=742&sent=99&recv=64&lost=0&retrans=0&sent_bytes=97738&recv_bytes=2736&delivery_rate=21570664&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1430&x=0"
X-Firefox-Spdy: h2

GET static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

104.16.80.73

200 OK

20 kB

URL GET
static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
IP
104.16.80.73:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectcloudflareinsights.com
FingerprintAD:90:D1:30:C9:77:BF:DE:1F:AB:8C:0D:6E:67:CB:6A:E8:42:DB:18
ValidityThu, 27 Feb 2025 14:42:34 GMT - Wed, 28 May 2025 15:42:17 GMT

File type
JavaScript source, ASCII text, with very long lines (19948), with no line terminators
Size
20 kB (19948 bytes)
Hash
ec18af6d41f6f278b6aed3bdabffa7bc
62c9e2cab76b888829f3c5335e91c320b22329ae
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

HTTP Headers

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.volexity.com
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:43 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8bab1e56a9-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/dist/images/logo.png

104.26.7.38

200 OK

4.9 kB

URL GET
www.volexity.com/wp-content/themes/volexity/dist/images/logo.png
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
PNG image data, 1628 x 168, 8-bit colormap, non-interlaced
Size
4.9 kB (4852 bytes)
Hash
c717e4264781f7a88c8f2e894f9a11dd
e116c5e7acf0361886dd8f0e00f1de748e64bf23
c028d95161528697214cfa6fd024eb225429b155723339cb67e75f27cd64c368

HTTP Headers

GET /wp-content/themes/volexity/dist/images/logo.png HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:43 GMT
content-type: image/png
content-length: 4852
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NVdS9TUqdmaTnonG4gsHZrOh16%2F78yvgYsdvkwEVzkJEBvjIbn2q1QMudt5rJt11qPLLc9E0tW%2FhCagtuBsgsCWte%2B6utc5j8pNjpOQ92nvAfx0nGedk5cpGMDHwK41f5gI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b1c65b511-OSL
server-timing: cfL4;desc="?proto=TCP&rtt=1187&min_rtt=399&rtt_var=751&sent=93&recv=58&lost=0&retrans=0&sent_bytes=92305&recv_bytes=2736&delivery_rate=21570664&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1426&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/dist/images/header-bg/Banner_5_R-02.svg

104.26.7.38

200 OK

1.2 kB

URL GET
www.volexity.com/wp-content/themes/volexity/dist/images/header-bg/Banner_5_R-02.svg
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
SVG Scalable Vector Graphics image
Size
1.2 kB (1163 bytes)
Hash
59e7e0b39e964528cdcd3680be7b9044
bee3197f0a8bb8dd60130fcaa332a868b7a6c544
df082c725973c2ba5484803fddb5941c3f0e15b825bfe5507b84b433648477bd

HTTP Headers

GET /wp-content/themes/volexity/dist/images/header-bg/Banner_5_R-02.svg HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Cookie: _ga_WRSX85NK29=GS1.1.1744576304.1.0.1744576304.0.0.0; _ga=GA1.1.2075492128.1744576305
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:45 GMT
content-type: image/svg+xml
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4BxRjDY%2FoeHL6fajxKQaRTjq0T%2BP1bRKfQf2dBFJCvygCkVit%2FktuNEJwQkcqdnaP%2FOu6lttSU1VYTDl9RZ5%2Bq6TDw1fwbVDkrYXx%2BLd4IAtZiilNkzv6d2lYX4NVrYMgI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba94ec2db511-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=732&min_rtt=399&rtt_var=100&sent=1007&recv=835&lost=0&retrans=2&sent_bytes=1270382&recv_bytes=3374&delivery_rate=44746600&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=2982&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

104.26.7.38

200 OK

88 kB

URL GET
www.volexity.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
88 kB (87553 bytes)
Hash
826eb77e86b02ab7724fe3d0141ff87c
79cd3587d565afe290076a8d36c31c305a573d18
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:43 GMT
content-type: text/javascript
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BM9pjdH5Iqt7lbNG7AJo8JTsM%2BPCxl1fa3jey2bndObIxAR6t63L1k1Q5%2FlVxQtSFISJ0hWZd%2Fkt2SwEImcSQIDJ72FQdeJ%2BwWelU7QBLzqvjFbwksplmuvfTgdp5QwaMyY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba8b1c62b511-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=828&min_rtt=399&rtt_var=75&sent=68&recv=55&lost=0&retrans=0&sent_bytes=57559&recv_bytes=2736&delivery_rate=19306666&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=1409&x=0"
X-Firefox-Spdy: h2

GET www.volexity.com/wp-content/themes/volexity/dist/images/header-bg/Banner_5_L-01.svg

104.26.7.38

200 OK

696 B

URL GET
www.volexity.com/wp-content/themes/volexity/dist/images/header-bg/Banner_5_L-01.svg
IP
104.26.7.38:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/
Certificate
IssuerGoogle Trust Services
Subjectvolexity.com
FingerprintB0:3E:DC:0C:D1:B3:F7:58:E3:BE:EC:57:22:D5:D9:93:0C:19:59:95
ValidityTue, 11 Mar 2025 05:44:34 GMT - Mon, 09 Jun 2025 06:44:18 GMT

File type
SVG Scalable Vector Graphics image
Size
696 B (696 bytes)
Hash
380d79ce901cad79520abcea5a13a13d
1b321075bc44436827c0b903a3197dd77ca10acb
4945c49e2f83b783a485071c88957fd4592c38c5f44fb9406596984c8a2813b4

HTTP Headers

GET /wp-content/themes/volexity/dist/images/header-bg/Banner_5_L-01.svg HTTP/1.1
Host: www.volexity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.volexity.com/wp-content/themes/volexity/dist/styles/styles.min.css?ver=6.7
Cookie: _ga_WRSX85NK29=GS1.1.1744576304.1.0.1744576304.0.0.0; _ga=GA1.1.2075492128.1744576305
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 13 Apr 2025 20:31:45 GMT
content-type: image/svg+xml
strict-transport-security: max-age=63072000; includeSubDomains;
last-modified: Mon, 18 Nov 2024 15:31:54 GMT
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JQHVEGMOrhyI99pgL4LYKMthbT0zVWvAMPKpWDKiYXgU4HT0Lln0ILKfcgWU8H%2FzWF5FfUL%2BBBWpPeHNhjO8Bas5iKetbjI7m00XguZIhsy5uj4Gz3jWkOqxaS5%2BbLaIwrQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 92fdba94dc0fb511-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=665&min_rtt=399&rtt_var=107&sent=1010&recv=838&lost=0&retrans=2&sent_bytes=1271418&recv_bytes=3374&delivery_rate=44746600&cwnd=257&unsent_bytes=0&cid=2da138eeff904902&ts=2994&x=0"
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (29)

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers