URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Submission: On September 15 via manual from US

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 44 HTTP transactions. The main IP is 66.70.203.130, located in Canada and belongs to OVH, FR. The main domain is citizenlab.ca.
TLS certificate: Issued by SSL.com RSA SSL subCA on August 9th 2021. Valid for: a year.
This is the only time citizenlab.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
41 66.70.203.130 16276 (OVH)
1 142.250.179.168 15169 (GOOGLE)
2 216.58.208.110 15169 (GOOGLE)
44 3
Domain Requested by
41 citizenlab.ca citizenlab.ca
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 www.googletagmanager.com citizenlab.ca
44 3
Subject Issuer Validity Valid
citizenlab.ca
SSL.com RSA SSL subCA
2021-08-09 -
2022-09-09
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-08-30 -
2021-11-22
3 months crt.sh

This page contains 1 frames:

Primary Page: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Frame ID: 1AAA39D2688267DC61C90F567F7934F9
Requests: 44 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

44
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

606 kB
Transfer

863 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
55 KB
16 KB
Document
General
Full URL
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 / PHP/7.4.16
Resource Hash
221a367b81ad49396098b58f37184d5214c99f13a0553da182e4e3c3e793d2f9
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
citizenlab.ca
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx/1.10.2
Date
Wed, 15 Sep 2021 08:15:32 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
14971
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.4.16
Access-Control-Allow-Origin
https://targetedthreats.net
Link
<https://citizenlab.ca/?p=75474>; rel=shortlink
Content-Encoding
gzip
X-Varnish
18527227 4929391
Age
263
Via
1.1 varnish-v4
X-Cache-Svr
citizenlab.ca
X-Cache
HIT
Accept-Ranges
bytes
Strict-Transport-Security
max-age=15768000
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
js?id=UA-19652411-2
www.googletagmanager.com/gtag/
101 KB
41 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-19652411-2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.179.168 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s41-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
9a680f3ba27e5e204fbb9984ad2dd9531f3679084db95a9893eac12638677a5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 08:15:33 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41185
x-xss-protection
0
last-modified
Wed, 15 Sep 2021 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 Sep 2021 08:15:33 GMT
style.min.css
citizenlab.ca/wp-includes/css/dist/block-library/
79 KB
11 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5995
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Tue, 27 Jul 2021 00:17:08 GMT
Server
nginx/1.10.2
ETag
W/"60ff5084-13abe"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
5077547 18454042
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
bigfoot-number.css
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/
7 KB
3 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-number.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
b59c123856bc07c991490850f67ba6ac949e53d8507efcab17da979f8d1626bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5996
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 11 May 2020 19:33:56 GMT
Server
nginx/1.10.2
ETag
W/"5eb9a8a4-1b6f"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
5077551 18553521
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
ytprefs.min.css
citizenlab.ca/wp-content/plugins/youtube-embed-plus/styles/
6 KB
2 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5995
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 19 Jul 2021 05:00:50 GMT
Server
nginx/1.10.2
ETag
W/"60f50702-178c"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18527239 18491871
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
tachyons.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/
82 KB
17 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/tachyons.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
9f8cd7283bcdb3ac33f8f7e8e9d7718e78ba431331a0fec9d9f9966be229cf7b
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5995
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-147de"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
5077553 5691413
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
style.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/
30 KB
8 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
88ba152cda3832e392b48afcc8e27eb5c5b7e72df455ab80395994d6c0939ae7
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5995
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-7693"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18527241 18454045
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
sprite-navigation-white.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/
2 KB
1 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/sprite-navigation-white.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
271d4eeab3dfc90b3b83aa3d0b80916fb00be28bac5e01be0e6a519e113947a0
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5995
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-8ca"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18880428 18553524
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
frontend-gtag.min.js
citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/js/
12 KB
13 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
e69d17966c87ced93f60016674f0e6b10786838cfc6973e34e195649166b225e
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5995
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Tue, 14 Sep 2021 17:02:59 GMT
Server
nginx/1.10.2
ETag
W/"6140d5c3-2e81"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18527243 18491874
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
jquery.min.js
citizenlab.ca/wp-includes/js/jquery/
87 KB
89 KB
Script
General
Full URL
https://citizenlab.ca/wp-includes/js/jquery/jquery.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5995
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Tue, 27 Jul 2021 00:17:07 GMT
Server
nginx/1.10.2
ETag
W/"60ff5083-15db1"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
5077555 5691416
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
jquery-migrate.min.js
citizenlab.ca/wp-includes/js/jquery/
11 KB
12 KB
Script
General
Full URL
https://citizenlab.ca/wp-includes/js/jquery/jquery-migrate.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5995
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 06 Jan 2021 14:37:39 GMT
Server
nginx/1.10.2
ETag
W/"5ff5cb33-2bd8"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18527245 18454048
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
ytprefs.min.js
citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/
10 KB
11 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
2f617a099ba9e73c30624d09ec9c8cb90ae3e784e8f89d94be4574dfe1496266
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5992
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 19 Jul 2021 05:00:50 GMT
Server
nginx/1.10.2
ETag
W/"60f50702-26a1"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
5077557 18365408
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
modernizr.custom.min.js
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/libs/
15 KB
16 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/libs/modernizr.custom.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
5498eab9ddd9c6790d3e401556c0daaa159bcf36708cb89fee8184bf38e4b7aa
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5995
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-3b16"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18527247 18491877
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
CL-logo-3-headed.png
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/
5 KB
6 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/CL-logo-3-headed.png
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
a697516b3931d47c9536d0e3643c6baabb14437558ef2f0386e3045583fff79b
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5946
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-12fa"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18982365 17914742
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/png
X-Cache-Svr
citizenlab.ca
MunkSchool-WHT.png
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/
20 KB
21 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/MunkSchool-WHT.png
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
1a6200b14c640e875c4bcc5cb418261017a8c752d66115257509c409ef485834
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5946
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:31 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6df-5106"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18413022 18782922
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/png
X-Cache-Svr
citizenlab.ca
magnifying-glass.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/iconic/
462 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/iconic/magnifying-glass.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
1ae815c379ad102a8d8720bf9f3f6040a1c2bb3a2ea96c8013764e55e768b452
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1217
X-Cache
HIT
Connection
keep-alive
Content-Length
287
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-1ce"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
3466395 14809569
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
chevron-right.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/
361 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/chevron-right.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
34ce795978408b2395117f918992bea43ef2c8b5c25ceebe38b635a0fc0970ca
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1217
X-Cache
HIT
Connection
keep-alive
Content-Length
226
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-169"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
19137322 5701120
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
twitter.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
743 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/twitter.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
2b89374058dde71565df2120d15fb73a06f9718778c6ef91341aa27855a8a86e
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1191
X-Cache
HIT
Connection
keep-alive
Content-Length
445
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-2e7"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
3466397 18692013
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
facebook.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
471 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/facebook.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
bb4964d892c82c6d0ef9c1d37a5aa95605f592b81b62c5996a541d9feebfeafe
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1191
X-Cache
HIT
Connection
keep-alive
Content-Length
316
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-1d7"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
19137324 18283722
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
whatsapp.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
1 KB
2 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/whatsapp.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
01433a836afe3b4bf68d036d88cb96a818e29c44440e9580aec5ecc7bffa88da
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1191
X-Cache
HIT
Connection
keep-alive
Content-Length
630
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-470"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
18527267 18692016
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
email.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
171 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/email.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
420f7a6963b9e4b626ec805e39949fb6c283f6ca02c1738ffc4f8d5e6e8f5d92
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1191
X-Cache
HIT
Connection
keep-alive
Content-Length
161
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-ab"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
19137328 18919030
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
scroll-sidebar.js
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/
4 KB
5 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/scroll-sidebar.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
364f751289c5d07f35b6e12f15102874bffe4ccb0bf5b644178da0d899f67e0c
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:33 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5965
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-f5d"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
5077561 5691725
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
twitter-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/
735 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/plugins/basic-sharing/img/twitter-white.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
7b23afced91408fcd93e27596f9cc61400beef5cc604597157b7bf873529a6a6
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1191
X-Cache
HIT
Connection
keep-alive
Content-Length
444
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 05 Jul 2017 17:48:33 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"595d2671-2df"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
18921469 18692019
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
yt_icon_mono_dark.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
723 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/yt_icon_mono_dark.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
3564bd314566653de65415379747a64f0121b1d1a4331916b4653825571eb729
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1217
X-Cache
HIT
Connection
keep-alive
Content-Length
471
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-2d3"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
18921471 18657684
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
email-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/
183 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/plugins/basic-sharing/img/email-white.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
f2934aed20330ca34ef46d0295cce9e239aa2c4da7c50fc6365095774056f7ad
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1217
X-Cache
HIT
Connection
keep-alive
Content-Length
168
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 05 Jul 2017 17:48:33 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"595d2671-b7"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
19137330 14809578
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
github-white.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
825 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/github-white.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
d8b2a716fe0171afe660655ba27d2eeea343616d996d32500b28ba5fef051a46
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
1217
X-Cache
HIT
Connection
keep-alive
Content-Length
474
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-339"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
18215018 18954180
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
bigfoot.js
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/
28 KB
29 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
900997a69d45375550212e3532ddae9c3999f1baa5bfaffadf29aa59c7ea0beb
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5992
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 11 May 2020 19:33:56 GMT
Server
nginx/1.10.2
ETag
W/"5eb9a8a4-70b0"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
5077563 18491894
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
bigfoot.min.js
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/
12 KB
13 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
7ea292934ffa2874392f579fac47bd8c5edbda9b6a5b52373895fd9f275f6abc
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5992
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 11 May 2020 19:33:56 GMT
Server
nginx/1.10.2
ETag
W/"5eb9a8a4-31c9"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
5077565 18365411
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
bigfoot-function.js
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/
17 B
1 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-function.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
d9a81f50f0701b959fb97cb775f4ab21336d7ca950924b9b67dda773cfba3d04
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5991
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 11 May 2020 19:33:56 GMT
Server
nginx/1.10.2
ETag
W/"5eb9a8a4-11"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18527255 18491899
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
fitvids.min.js
citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/
3 KB
4 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5991
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 19 Jul 2021 05:00:50 GMT
Server
nginx/1.10.2
ETag
W/"60f50702-aaf"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18527260 18365414
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
search-menu.js
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/
1 KB
2 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/search-menu.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
ec3d1cd769d5423d9e82e9608fffb841aed45deea9169407c5493da64b5b337a
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5991
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-486"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18466394 18365417
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
jquery.details.min.js
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/jquery-details/
2 KB
3 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/jquery-details/jquery.details.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
8d0927b83c2b8bc4d5e9caa08c31fbd1d189f550a0fafc7a79d1f53a9cc872ed
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5991
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-851"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
3466393 5691453
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
wp-embed.min.js
citizenlab.ca/wp-includes/js/
1 KB
2 KB
Script
General
Full URL
https://citizenlab.ca/wp-includes/js/wp-embed.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5991
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Thu, 04 Feb 2021 05:03:06 GMT
Server
nginx/1.10.2
ETag
W/"601b800a-592"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18662312 18553580
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
forms.js
citizenlab.ca/wp-content/plugins/mailchimp-for-wp/assets/js/
6 KB
7 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
dcbe862273a5d7cb61ffaa1eda7e0a1ecb466ca5e08a592fae3e6d1824960293
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5991
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 19 Jul 2021 05:00:34 GMT
Server
nginx/1.10.2
ETag
W/"60f506f2-1842"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18527269 18491906
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
wp-emoji-release.min.js
citizenlab.ca/wp-includes/js/
18 KB
19 KB
Script
General
Full URL
https://citizenlab.ca/wp-includes/js/wp-emoji-release.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
5994
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Tue, 27 Jul 2021 00:17:07 GMT
Server
nginx/1.10.2
ETag
W/"60ff5083-4705"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18527271 18553577
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
analytics.js
www.google-analytics.com/
48 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-19652411-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.110 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
sof01s11-in-f110.1e100.net
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
7138
date
Wed, 15 Sep 2021 06:16:36 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Wed, 15 Sep 2021 08:16:36 GMT
source-sans-pro-v9-latin-regular.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/
11 KB
12 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/source-sans-pro-v9-latin-regular.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
adbbb1570f134e34309f6335b650f8704232d270f25624283a8b56ea48236e57
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
1522
X-Cache
HIT
Connection
keep-alive
Content-Length
11400
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-2c88"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18880430 18691463
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
source-sans-pro-v11-latin_cyrillic-700.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/
22 KB
23 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/source-sans-pro-v11-latin_cyrillic-700.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
f6b888fcb7d32a0ae96a913e1c32b69565f2531a2022006e4e91b48e408f44bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
1504
X-Cache
HIT
Connection
keep-alive
Content-Length
22104
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-5658"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
4929939 14808420
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
Oswald-Medium.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/Oswald/
15 KB
16 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/Oswald/Oswald-Medium.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
181abeaeff7b0322fe12dd622050e445647524cc8bcba696ad4ecc369d240da6
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
1534
X-Cache
HIT
Connection
keep-alive
Content-Length
15528
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-3ca8"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18215016 5072049
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
Oswald-Regular.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/Oswald/
34 KB
35 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/Oswald/Oswald-Regular.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
c917890db16d209bcb5221dcadbbdf0d877531aaf8bf96c2be95016f2c01dc80
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
1426
X-Cache
HIT
Connection
keep-alive
Content-Length
34488
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-86b8"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18284401 18877382
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
source-sans-pro-v14-latin-700italic.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/
15 KB
16 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/source-sans-pro-v14-latin-700italic.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
1f7a0936b6088ba92724552532f25bc5265a9683af16678aecfe3a7f67423004
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
1213
X-Cache
HIT
Connection
keep-alive
Content-Length
15188
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-3b54"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
19137320 18954229
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
source-sans-pro-v9-latin-italic.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/
11 KB
12 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/source-sans-pro-v9-latin-italic.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
69d776d65aa27596857008e9762d926ba60349c39280d5044890c8885474e166
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
1187
X-Cache
HIT
Connection
keep-alive
Content-Length
11200
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-2bc0"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18921467 18524317
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
FORCEDENTRY-Feat-image-1.png
citizenlab.ca/wp-content/uploads/2021/09/
105 KB
106 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/uploads/2021/09/FORCEDENTRY-Feat-image-1.png
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
11aa636aace691e894506b5ca6a62e03568465f660227a1f30734e2329c170fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.536731190.1631693735; _gid=GA1.2.729554695.1631693735; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 08:15:34 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
49938
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 13 Sep 2021 18:23:16 GMT
Server
nginx/1.10.2
ETag
W/"613f9714-1a59d"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
18921477 3100354
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/png
X-Cache-Svr
citizenlab.ca
collect?v=1&_v=j93&aip=1&a=1248326653&t=pageview&_s=1&dl=https%3A%2F%2Fcitizenlab.ca%2F2021%2F09%2Fforcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild%2F&ul=en-us&de=UTF-8&dt=FOR...
www.google-analytics.com/j/
1 B
204 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&aip=1&a=1248326653&t=pageview&_s=1&dl=https%3A%2F%2Fcitizenlab.ca%2F2021%2F09%2Fforcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild%2F&ul=en-us&de=UTF-8&dt=FORCEDENTRY%3A%20NSO%20Group%20iMessage%20Zero-Click%20Exploit%20Captured%20in%20the%20Wild%20-%20The%20Citizen%20Lab&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1995542591&gjid=267336551&cid=536731190.1631693735&tid=UA-19652411-2&_gid=729554695.1631693735&_r=1&gtm=2ou9d0&did=dZGIzZG&z=91817750
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.208.110 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
sof01s11-in-f110.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://citizenlab.ca/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Sep 2021 08:15:34 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://citizenlab.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster string| mi_version boolean| mi_track_user string| mi_no_track_reason object| disableStrs function| __gtagTrackerIsOptedOut undefined| index function| __gtagTrackerOptout function| gaOptout function| __gtagDataLayer function| __gtagTracker object| dataLayer object| MonsterInsightsDualTracker function| gtag function| __gaTracker object| _wpemojiSettings object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| monsterinsights_frontend function| MonsterInsights object| MonsterInsightsObject undefined| $ function| jQuery object| _EPYT_ object| _EPADashboard_ function| onYouTubeIframeAPIReady object| html5 object| Modernizr function| yepnope function| startSidebarScrollStick object| mc4wp function| epdofitvids object| menuSearchform object| menuSearch object| menuSearchButton object| menuSearchContainer function| isDescendant function| menuSearchToggle function| menuSearchHide object| wp object| gaplugins object| gaGlobal object| gaData object| twemoji

3 Cookies

Domain/Path Name / Value
.citizenlab.ca/ Name: _ga
Value: GA1.2.536731190.1631693735
.citizenlab.ca/ Name: _gid
Value: GA1.2.729554695.1631693735
.citizenlab.ca/ Name: _gat_gtag_UA_19652411_2
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

citizenlab.ca
www.google-analytics.com
www.googletagmanager.com
142.250.179.168
216.58.208.110
66.70.203.130
01433a836afe3b4bf68d036d88cb96a818e29c44440e9580aec5ecc7bffa88da
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
11aa636aace691e894506b5ca6a62e03568465f660227a1f30734e2329c170fd
181abeaeff7b0322fe12dd622050e445647524cc8bcba696ad4ecc369d240da6
1a6200b14c640e875c4bcc5cb418261017a8c752d66115257509c409ef485834
1ae815c379ad102a8d8720bf9f3f6040a1c2bb3a2ea96c8013764e55e768b452
1f7a0936b6088ba92724552532f25bc5265a9683af16678aecfe3a7f67423004
221a367b81ad49396098b58f37184d5214c99f13a0553da182e4e3c3e793d2f9
271d4eeab3dfc90b3b83aa3d0b80916fb00be28bac5e01be0e6a519e113947a0
2b89374058dde71565df2120d15fb73a06f9718778c6ef91341aa27855a8a86e
2f617a099ba9e73c30624d09ec9c8cb90ae3e784e8f89d94be4574dfe1496266
34ce795978408b2395117f918992bea43ef2c8b5c25ceebe38b635a0fc0970ca
3564bd314566653de65415379747a64f0121b1d1a4331916b4653825571eb729
364f751289c5d07f35b6e12f15102874bffe4ccb0bf5b644178da0d899f67e0c
420f7a6963b9e4b626ec805e39949fb6c283f6ca02c1738ffc4f8d5e6e8f5d92
5498eab9ddd9c6790d3e401556c0daaa159bcf36708cb89fee8184bf38e4b7aa
54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
69d776d65aa27596857008e9762d926ba60349c39280d5044890c8885474e166
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7b23afced91408fcd93e27596f9cc61400beef5cc604597157b7bf873529a6a6
7ea292934ffa2874392f579fac47bd8c5edbda9b6a5b52373895fd9f275f6abc
88ba152cda3832e392b48afcc8e27eb5c5b7e72df455ab80395994d6c0939ae7
8d0927b83c2b8bc4d5e9caa08c31fbd1d189f550a0fafc7a79d1f53a9cc872ed
900997a69d45375550212e3532ddae9c3999f1baa5bfaffadf29aa59c7ea0beb
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
9a680f3ba27e5e204fbb9984ad2dd9531f3679084db95a9893eac12638677a5b
9f8cd7283bcdb3ac33f8f7e8e9d7718e78ba431331a0fec9d9f9966be229cf7b
a697516b3931d47c9536d0e3643c6baabb14437558ef2f0386e3045583fff79b
aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c
adbbb1570f134e34309f6335b650f8704232d270f25624283a8b56ea48236e57
b59c123856bc07c991490850f67ba6ac949e53d8507efcab17da979f8d1626bc
bb4964d892c82c6d0ef9c1d37a5aa95605f592b81b62c5996a541d9feebfeafe
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c917890db16d209bcb5221dcadbbdf0d877531aaf8bf96c2be95016f2c01dc80
d8b2a716fe0171afe660655ba27d2eeea343616d996d32500b28ba5fef051a46
d9a81f50f0701b959fb97cb775f4ab21336d7ca950924b9b67dda773cfba3d04
dcbe862273a5d7cb61ffaa1eda7e0a1ecb466ca5e08a592fae3e6d1824960293
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e69d17966c87ced93f60016674f0e6b10786838cfc6973e34e195649166b225e
ec3d1cd769d5423d9e82e9608fffb841aed45deea9169407c5493da64b5b337a
f2934aed20330ca34ef46d0295cce9e239aa2c4da7c50fc6365095774056f7ad
f6b888fcb7d32a0ae96a913e1c32b69565f2531a2022006e4e91b48e408f44bc
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62