citizenlab.ca Open in urlscan Pro
66.70.203.130 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Submission: On April 15 via api (April 15th 2021, 2:40:57 pm UTC) from CA

Summary HTTP 44 Redirects Links 108 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 44 HTTP transactions. The main IP is 66.70.203.130, located in Canada and belongs to OVH, FR. The main domain is citizenlab.ca.
TLS certificate: Issued by R3 on April 5th 2021. Valid for: 3 months.

This is the only time citizenlab.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
40	66.70.203.130 66.70.203.130	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
1	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
44	4

40 66.70.203.130 (Canada)

ASN16276 (OVH, FR)
PTR: vps.citizenlab.ca

citizenlab.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.48 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	citizenlab.ca citizenlab.ca	431 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	w.org s.w.org	547 B
0	doubleclick.net Failed stats.g.doubleclick.net Failed
44	4

	Domain	Requested by
40	citizenlab.ca	citizenlab.ca
2	www.google-analytics.com	citizenlab.ca www.google-analytics.com
1	s.w.org	citizenlab.ca
0	stats.g.doubleclick.net Failed	www.google-analytics.com
44	4

This site contains links to these domains. Also see Links.

Domain
donate.utoronto.ca
tspace.library.utoronto.ca
isc.sans.edu
targetedthreats.net
www.usenix.org
tibcert.org
www.fireeye.com
blog.exodusintel.com
github.com
cve.mitre.org
bugs.chromium.org
googleprojectzero.blogspot.com
techcrunch.com
www.forbes.com
www.volexity.com
www.dalailama.com
tibet.net
tibetanparliament.org
bugs.webkit.org
en.wikipedia.org
securelist.com
blog.trendmicro.com
chromereleases.googleblog.com
www.tianfucup.com
docs.oracle.com
www.computerworld.com
community.riskiq.com
unit42.paloaltonetworks.com
www.apple.com
www.reuters.com
www.vice.com
www.forbes.co.il
www.forbes.fr
www.wired.com
www.cyberscoop.com
boingboing.net
ictk.ch
www.scmagazine.com
thelogic.co
www.businessinsider.in
www.securitynewspaper.com
www.satoshinakamotoblog.com
news.ltn.com.tw
tibettimes.net
fooshya.com
kursk-izvestia.ru
www.boxun.com
au.pcmag.com
www.bald-news.com
novostit.com
arstechnica.com
thenextweb.com
koran-sindo.com
news.webindia123.com
www.securityweek.com
big.az
www.thecyberwire.com
lanouvelletribune.info
zpn.ro
www.nieuw.space
www.allusanewshub.com
news.livedoor.com
usa-sciencenews.com
www.security.nl
thenewsheadline.com
pcnews.ru
www.thequint.com
mobiguru.ru
www.news18.com
www.boannews.com
austrian.economicblogs.org
www.phayul.com
foreignpolicy.com
www.defenceweb.co.za
www.varindia.com
g1.globo.com
www.appmarsh.com
udn.com
maestroviejo.es
dailyheralds.org
twitter.com
www.facebook.com
creativecommons.org
munkschool.utoronto.ca

Subject Issuer	Validity	Valid
citizenlab.ca R3	`2021-04-05` - `2021-07-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-23` - `2021-06-15`	3 months	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2019-12-19` - `2021-12-18`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/
Frame ID: 35CD0340A8F01286939E63E093DD7055
Requests: 44 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Page Statistics

44
Requests

98 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

451 kB
Transfer

673 kB
Size

3
Cookies

108 Outgoing links

These are links going to different origins than the main page.

URL: https://donate.utoronto.ca/give/show/84
Title: Donate

Search URL Search Domain Scan URL

URL: https://tspace.library.utoronto.ca/bitstream/1807/102535/1/Report%23123--missinglink.pdf
Title: Download this report

Search URL Search Domain Scan URL

URL: https://isc.sans.edu/diary/Overview+of+cyber+attacks+against+Tibetan+communities/4177
Title: decade

Search URL Search Domain Scan URL

URL: https://targetedthreats.net/media/2-Extended%20Analysis-Full.pdf
Title: MacOS

Search URL Search Domain Scan URL

URL: https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-hardy.pdf
Title: clever social engineering rather than the technical sophistication

Search URL Search Domain Scan URL

URL: https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/hardy
Title: most common threat

Search URL Search Domain Scan URL

URL: https://tibcert.org/
Title: TibCERT

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/current-threats/what-is-a-zero-day-exploit.html
Title: zero-day

Search URL Search Domain Scan URL

URL: https://blog.exodusintel.com/2019/04/03/a-window-of-opportunity/
Title: a working exploit publicly released by Exodus Intelligence

Search URL Search Domain Scan URL

URL: https://github.com/4B5F5F4B/Exploits/blob/master/Chrome/CVE-2016-1646/exploit.html
Title: Tencent’s Xuanwu Lab

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1646
Title: CVE-2016-1646

Search URL Search Domain Scan URL

URL: https://github.com/xuechiyaobai/V8_November_2017/blob/e30af61fffe3aeee1aeab523bd5bef83d6a71044/CVE-2017-5070/hello_chrome.html
Title: Qihoo 360’s Vulcan Team

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17480
Title: CVE-2018-17480

Search URL Search Domain Scan URL

URL: https://bugs.chromium.org/p/chromium/issues/detail?id=808192#c6
Title: Chrome Bug Tracker

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6065
Title: CVE-2018-6065

Search URL Search Domain Scan URL

URL: https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Title: Google Project Zero

Search URL Search Domain Scan URL

URL: https://techcrunch.com/2019/08/31/china-google-iphone-uyghur/
Title: media

Search URL Search Domain Scan URL

URL: https://www.forbes.com/sites/thomasbrewster/2019/09/01/iphone-hackers-caught-by-google-also-targeted-android-and-microsoft-windows-say-sources/#7f3cae244adf
Title: reporting

Search URL Search Domain Scan URL

URL: https://www.volexity.com/blog/2019/09/02/digital-crackdown-large-scale-surveillance-and-exploitation-of-uyghurs/
Title: Volexity

Search URL Search Domain Scan URL

URL: https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html
Title: described

Search URL Search Domain Scan URL

URL: https://www.dalailama.com/office
Title: Private Office of His Holiness the Dalai Lama

Search URL Search Domain Scan URL

URL: https://tibet.net/
Title: Central Tibetan Administration

Search URL Search Domain Scan URL

URL: https://tibetanparliament.org/
Title: Tibetan Parliament

Search URL Search Domain Scan URL

URL: https://googleprojectzero.blogspot.com/2019/08/jsc-exploits.html
Title: JSC Exploit 4

Search URL Search Domain Scan URL

URL: https://bugs.webkit.org/show_bug.cgi?id=185694
Title: 185694

Search URL Search Domain Scan URL

URL: https://googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-3.html
Title: iOS Exploit Chain 3

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman
Title: ECC Diffie-Hellman

Search URL Search Domain Scan URL

URL: https://github.com/MRGEffitas/Ironsquirrel
Title: IronSquirrel

Search URL Search Domain Scan URL

URL: https://securelist.com/attacking-diffie-hellman-protocol-implementation-in-the-angler-exploit-kit/72097/
Title: Angler Exploit Kit

Search URL Search Domain Scan URL

URL: https://blog.trendmicro.com/trendlabs-security-intelligence/astrum-exploit-kit-abuses-diffie-hellman-key-exchange/
Title: other kits

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5198
Title: CVE-2016-5198

Search URL Search Domain Scan URL

URL: https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop.html
Title: publicly credited

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5030
Title: CVE-2017-5030

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5070
Title: CVE-2017-5070

Search URL Search Domain Scan URL

URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17463
Title: CVE-2018-17463

Search URL Search Domain Scan URL

URL: http://www.tianfucup.com/
Title: Tian Fu Cup PWN Contest

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/XXTEA
Title: XXTEA

Search URL Search Domain Scan URL

URL: https://docs.oracle.com/javase/8/docs/technotes/guides/jni/spec/invocation.html#JNJI_OnLoad
Title: JNI_Onload

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/WebSocket
Title: WebSocket

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/OAuth
Title: Open Authentication

Search URL Search Domain Scan URL

URL: https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/
Title: digital espionage operations

Search URL Search Domain Scan URL

URL: https://www.computerworld.com/article/3194291/security/sneaky-gmail-phishing-attack-fools-with-fake-google-docs-app.html
Title: cybercrime

Search URL Search Domain Scan URL

URL: https://community.riskiq.com/
Title: RiskIQ

Search URL Search Domain Scan URL

URL: https://unit42.paloaltonetworks.com/scarlet-mimic-years-long-espionage-targets-minority-activists/
Title: previous

Search URL Search Domain Scan URL

URL: https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/
Title: reports

Search URL Search Domain Scan URL

URL: https://github.com/citizenlab/malware-indicators
Title: our GitHub page

Search URL Search Domain Scan URL

URL: https://www.apple.com/newsroom/2019/09/a-message-about-ios-security/
Title: https://www.apple.com/newsroom/2019/09/a-message-about-ios-security/

Search URL Search Domain Scan URL

URL: https://www.reuters.com/article/us-china-cyber-tibetans/chinese-hackers-who-pursued-uighurs-also-targeted-tibetans-researchers-idUSKBN1W90XN
Title: Reuters

Search URL Search Domain Scan URL

URL: https://www.vice.com/en_us/article/a357b5/hackers-tried-to-compromise-phones-of-tibetans-working-for-dalai-lama
Title: Vice

Search URL Search Domain Scan URL

URL: https://www.forbes.com/sites/thomasbrewster/2019/09/24/whatsapp-fakes-hack-tibetan-iphones-and-androids-to-steal-facebook-data-and-more/#31bc93a3713d
Title: Forbes

Search URL Search Domain Scan URL

URL: http://www.forbes.co.il/news/new.aspx?Pn6VQ=J&0r9VQ=EKEMH
Title: Forbes Israel

Search URL Search Domain Scan URL

URL: https://www.forbes.fr/technologie/comment-les-chinois-hackent-les-smartphones-de-personnalites-tibetaines/
Title: Forbes France

Search URL Search Domain Scan URL

URL: https://techcrunch.com/2019/09/24/tibetans-iphone-android-hacks-uyghurs/
Title: TechCrunch

Search URL Search Domain Scan URL

URL: https://www.wired.com/story/doordash-breach-notpetya-fedex-security-roundup/
Title: Wired

Search URL Search Domain Scan URL

URL: https://www.cyberscoop.com/tibet-citizen-lab-spyware-espionage/
Title: Cyber Scoop

Search URL Search Domain Scan URL

URL: https://boingboing.net/2019/09/24/one-click-attacks.html
Title: Boing Boing

Search URL Search Domain Scan URL

URL: https://ictk.ch/inhalt/chinesische-hacker-griffen-angeblich-exil-tibeter
Title: ICT Kommunikation

Search URL Search Domain Scan URL

URL: https://www.scmagazine.com/home/security-news/apts-cyberespionage/poison-carp-cyberespionage-group-targeting-tibetan-officials-with-mobile-malware/
Title: SC Media

Search URL Search Domain Scan URL

URL: https://thelogic.co/briefing/dalai-lamas-staff-targeted-by-same-hackers-who-went-after-chinas-uyghur-minority/
Title: the Logic

Search URL Search Domain Scan URL

URL: https://www.businessinsider.in/the-iphones-and-android-phones-of-tibetan-activists-were-targeted-by-hackers-pretending-to-work-for-amnesty-international/articleshow/71281769.cms
Title: Business Insider

Search URL Search Domain Scan URL

URL: https://www.securitynewspaper.com/2019/09/24/see-how-one-click-mobile-exploits-targets-tibetans/
Title: Information Security Newspaper

Search URL Search Domain Scan URL

URL: https://www.satoshinakamotoblog.com/1-click-iphone-and-android-exploits-target-tibetan-users-via-whatsapp
Title: Satoshi Nakamoto Blog

Search URL Search Domain Scan URL

URL: https://www.satoshinakamotoblog.com/a-doordash-breach-exposes-data-of-4-9-million-customers
Title: 2

Search URL Search Domain Scan URL

URL: https://news.ltn.com.tw/news/world/breakingnews/2925621
Title: Liberty Times Net

Search URL Search Domain Scan URL

URL: http://tibettimes.net/2019/09/24/180568/
Title: Tibet Times

Search URL Search Domain Scan URL

URL: https://fooshya.com/2019/09/24/whatsapp-fakes-hack-tibetan-iphones-and-androids-to-steal-fb-knowledge-and-extra/
Title: Fooshya

Search URL Search Domain Scan URL

URL: http://kursk-izvestia.ru/news/144198/
Title: Kursk Izvestia

Search URL Search Domain Scan URL

URL: https://www.boxun.com/news/gb/china/2019/09/201909250737.shtml
Title: Boxun

Search URL Search Domain Scan URL

URL: https://au.pcmag.com/news/63650/iphone-hackers-who-spied-on-uighurs-also-targeted-tibetans
Title: PC Mag

Search URL Search Domain Scan URL

URL: https://www.bald-news.com/culture/8236639/%D8%A8%D9%86%D9%82%D8%B1%D8%A9-%D9%88%D8%A7%D8%AD%D8%AF%D8%A9-%D8%B9%D9%84%D9%89-%D9%88%D8%A7%D8%AA%D8%B3%D8%A7%D8%A8-%D9%87%D9%88%D8%A7%D8%AA%D9%81-%D8%A3%D9%86%D8%AF%D8%B1%D9%88%D9%8A%D8%AF-%D9%88%D8%A2%D9%8A%D9%81%D9%88%D9%86-%D8%AA%D8%AA%D8%B9%D8%B1%D8%B6-%D9%84%D9%84%D8%A7%D8%AE%D8%AA%D8%B1%D8%A7%D9%82
Title: Bald News

Search URL Search Domain Scan URL

URL: https://novostit.com/kiberprestupniki-atakovali-ofis-dalaj-lamy-s-pomoshhyu-ssylki-v-whatsapp.html
Title: Novost IT

Search URL Search Domain Scan URL

URL: https://arstechnica.com/information-technology/2019/09/attackers-used-one-click-exploits-to-target-tibetans-ios-and-android-phones/
Title: Ars Technica

Search URL Search Domain Scan URL

URL: https://thenextweb.com/security/2019/09/25/mobile-malware-campaign-targeting-uyghur-muslims-impacted-tibetans-too/
Title: Next Web

Search URL Search Domain Scan URL

URL: http://koran-sindo.com/page/news/2019-09-26/0/26/Peretas_China_Targetkan_Warga_Tibet_dan_Uighur
Title: Koran Sindo

Search URL Search Domain Scan URL

URL: https://news.webindia123.com/news/Articles/India/20190925/3605789.html
Title: Web India

Search URL Search Domain Scan URL

URL: https://www.securityweek.com/poison-carp-threat-actor-targets-tibetan-groups
Title: Security Week

Search URL Search Domain Scan URL

URL: https://big.az/369435-whatsapp_isledenlerin_nezerine_danisiq_ve_yazismalariniz_izlenile_biler.html
Title: Big AZ

Search URL Search Domain Scan URL

URL: https://www.thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_25.html
Title: Cyber Wire

Search URL Search Domain Scan URL

URL: https://lanouvelletribune.info/2019/09/whatsapp-des-personnalites-espionnees-par-des-hackers/
Title: La Nouvelle Tribune

Search URL Search Domain Scan URL

URL: https://zpn.ro/hackerii-chinezi-care-au-urmarit-uigurii-au-vizat-si-tibetanii-cercetatori-securitate-software-telco-isp/
Title: ZPN

Search URL Search Domain Scan URL

URL: http://www.nieuw.space/post?id=5998043
Title: Nieuw Space

Search URL Search Domain Scan URL

URL: http://www.allusanewshub.com/2019/09/25/the-cybersecurity-202-white-house-blocking-congress-from-auditing-its-offensive-hacking-strategy/
Title: USA News Hub

Search URL Search Domain Scan URL

URL: https://news.livedoor.com/article/detail/17137032/
Title: Live Door

Search URL Search Domain Scan URL

URL: https://usa-sciencenews.com/2019/09/25/inside-the-campaign-that-tried-to-compromise-tibetans-ios-and-android-phones/
Title: USA Science News

Search URL Search Domain Scan URL

URL: https://www.security.nl/posting/625473/Tibetaanse+groepen+doelwit+van+1-click+Android-+en+iOS-exploits
Title: Security.nl

Search URL Search Domain Scan URL

URL: https://thenewsheadline.com/attackers-used-one-click-exploits-to-target-tibetans-ios-and-android-phones/
Title: News Headline

Search URL Search Domain Scan URL

URL: https://pcnews.ru/news/hakery_naucilis_vzlamyvat_smartfony_cerez_whatsapp-927113.html
Title: PC News,

Search URL Search Domain Scan URL

URL: https://www.thequint.com/news/hot-news/chinese-hackers-target-tibetans-close-to-dalai-lama
Title: the Quint

Search URL Search Domain Scan URL

URL: https://mobiguru.ru/news/art/22570.html
Title: Mobi Guru

Search URL Search Domain Scan URL

URL: https://www.news18.com/news/tech/whatsapp-is-being-used-by-hackers-to-target-tibetans-2322789.html
Title: News 18

Search URL Search Domain Scan URL

URL: https://www.boannews.com/media/view.asp?idx=83259
Title: Boan News

Search URL Search Domain Scan URL

URL: https://austrian.economicblogs.org/zerohedge/2019/durden-china-linked-hackers-targetnbsptibetan-activists-smartphones-spoofing-amnesty-international-officials/
Title: Austrian Economics Blog

Search URL Search Domain Scan URL

URL: http://www.phayul.com/news/article.aspx?id=41796&article=Members+of+CTA%2c+civil+society+targeted+by+one-click+mobile+exploits%3a+research
Title: Phayul

Search URL Search Domain Scan URL

URL: https://foreignpolicy.com/2019/09/26/security-brief-plus-trading-missiles-for-favors/
Title: Foreign Policy

Search URL Search Domain Scan URL

URL: https://www.defenceweb.co.za/cyber-defence/chinese-uighur-hackers-also-went-after-tibetans/
Title: Defence Web

Search URL Search Domain Scan URL

URL: https://www.varindia.com/news/oneclick-away-on-your-ios-and-android-phones-with-just-one-whatsapp-click
Title: VAR India

Search URL Search Domain Scan URL

URL: https://g1.globo.com/economia/tecnologia/blog/altieres-rohr/post/2019/09/27/com-link-via-whatsapp-hackers-espionaram-celulares-de-liderancas-do-tibete.ghtml
Title: Globo

Search URL Search Domain Scan URL

URL: https://www.appmarsh.com/start-up-no-1154-ai-scientific-analysis-as-just-right-as-human-amazons-new-iot-protocol-5gs-warmth-drawback-wepaintings-objectives-to-promote-three-companies-and-extra/
Title: App Marsh

Search URL Search Domain Scan URL

URL: https://udn.com/news/story/7331/4075392
Title: UDN

Search URL Search Domain Scan URL

URL: https://maestroviejo.es/netizen-report-protestas-contra-la-corrupcion-en-egipto-desencadenan-bloqueos-de-internet-y-arrestos/
Title: Maestroviejo

Search URL Search Domain Scan URL

URL: https://dailyheralds.org/market/doordash-breach-exposes-data-49-million-customers-84600420
Title: Daily Heralds

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Read%20%22Missing%20Link%3A%20Tibetan%20Groups%20Targeted%20with%201-Click%20Mobile%20Exploits%22%20by%20%40citizenlab%3A%20https%3A%2F%2Fcitizenlab.ca%2F2019%2F09%2Fpoison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits%2F

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcitizenlab.ca%2F2019%2F09%2Fpoison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/citizenlab

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citizenlab.uoft

Search URL Search Domain Scan URL

URL: https://github.com/citizenlab

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by/2.5/ca/
Title: Creative Commons Attribution 2.5 Canada

Search URL Search Domain Scan URL

URL: http://munkschool.utoronto.ca/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/ 129 KB
36 KB 614ms
229ms Document
text/html 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 / PHP/7.4.16

Resource Hash

1fbf8c9d128ffadbed2319b5087409c15f969dfb21c23d04266736f66a9cb5bd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: citizenlab.ca
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx/1.10.2
Date: Thu, 15 Apr 2021 14:40:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 35353
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.16
Access-Control-Allow-Origin: https://targetedthreats.net
Link: <https://citizenlab.ca/wp-json/>; rel="https://api.w.org/" <https://citizenlab.ca/wp-json/wp/v2/posts/72958>; rel="alternate"; type="application/json" <https://citizenlab.ca/?p=72958>; rel=shortlink
Content-Encoding: gzip
X-Varnish: 8931708 7857448
Age: 563
Via: 1.1 varnish-v4
X-Cache-Svr: citizenlab.ca
X-Cache: HIT
Accept-Ranges: bytes
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;

GET
H/1.1 200
OK style.min.css
citizenlab.ca/wp-includes/css/dist/block-library/ 50 KB
9 KB 129ms
127ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

fe9ad9796d39e706fe661ddf90151c0ebc03251164354d55f1ee95ca06878b40

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:40 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 22 Feb 2021 17:02:58 GMT
Server: nginx/1.10.2
ETag: W/"6033e3c2-c88a"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931710 11188146
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK bigfoot-number.css
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/ 7 KB
3 KB 254ms
123ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-number.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

b59c123856bc07c991490850f67ba6ac949e53d8507efcab17da979f8d1626bc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 11 May 2020 19:33:56 GMT
Server: nginx/1.10.2
ETag: W/"5eb9a8a4-1b6f"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 11130352 2510948
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK frontend.min.css
citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/css/ 8 KB
2 KB 333ms
111ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/css/frontend.min.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

90368b5a3711b1777dc287f535cfc1be62b69a362a1af847558cb7c44c7f3974

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 06 Jan 2021 14:35:44 GMT
Server: nginx/1.10.2
ETag: W/"5ff5cac0-1e0f"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931712 11149761
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK ytprefs.min.css
citizenlab.ca/wp-content/plugins/youtube-embed-plus/styles/ 6 KB
2 KB 346ms
115ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 06 Jan 2021 14:35:43 GMT
Server: nginx/1.10.2
ETag: W/"5ff5cabf-178c"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 11156445 1983596
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK tachyons.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/ 82 KB
17 KB 455ms
221ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/tachyons.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

9f8cd7283bcdb3ac33f8f7e8e9d7718e78ba431331a0fec9d9f9966be229cf7b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-147de"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931714 6550241
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK style.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/ 14 KB
4 KB 368ms
123ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

79aa7fbee1766dfae7d36821299f9d735c451cbd935b4b21d61b1b062518c125

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-395b"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931716 563771
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK sprite-navigation-white.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/ 2 KB
1 KB 373ms
124ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/sprite-navigation-white.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

271d4eeab3dfc90b3b83aa3d0b80916fb00be28bac5e01be0e6a519e113947a0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: text/css,*/*;q=0.1
Cache-Control: no-cache
Sec-Fetch-Dest: style
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-8ca"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 4203978 2004318
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK frontend.min.js Show response
citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 9 KB
10 KB 380ms
126ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 06 Jan 2021 14:35:44 GMT
Server: nginx/1.10.2
ETag: W/"5ff5cac0-2452"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931718 1983599
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK jquery.min.js Show response
citizenlab.ca/wp-includes/js/jquery/ 87 KB
88 KB 538ms
206ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-includes/js/jquery/jquery.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 06 Jan 2021 14:37:39 GMT
Server: nginx/1.10.2
ETag: W/"5ff5cb33-15d98"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931720 10463225
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK jquery-migrate.min.js Show response
citizenlab.ca/wp-includes/js/jquery/ 11 KB
12 KB 471ms
125ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 06 Jan 2021 14:37:39 GMT
Server: nginx/1.10.2
ETag: W/"5ff5cb33-2bd8"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 11156453 563774
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK ytprefs.min.js Show response
citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ 10 KB
11 KB 500ms
132ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

01c4b7ea2a08142064d2c3994a2cc73d7c55125d586d2a918ce3482f4439e1f4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28582
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 06 Jan 2021 14:35:43 GMT
Server: nginx/1.10.2
ETag: W/"5ff5cabf-2669"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 3913269 2004321
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK modernizr.custom.min.js Show response
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/libs/ 15 KB
16 KB 625ms
253ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/libs/modernizr.custom.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

5498eab9ddd9c6790d3e401556c0daaa159bcf36708cb89fee8184bf38e4b7aa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-3b16"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931724 1983602
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK CL-logo-3-headed.png
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/ 5 KB
6 KB 215ms
112ms Image
image/png 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/CL-logo-3-headed.png

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

a697516b3931d47c9536d0e3643c6baabb14437558ef2f0386e3045583fff79b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28688
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-12fa"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931740 1983434
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/png
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK MunkSchool-WHT.png
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/ 20 KB
21 KB 273ms
130ms Image
image/png 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/MunkSchool-WHT.png

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

1a6200b14c640e875c4bcc5cb418261017a8c752d66115257509c409ef485834

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28690
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-5106"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931742 3910285
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/png
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK magnifying-glass.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/iconic/ 462 B
1 KB 209ms
124ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/iconic/magnifying-glass.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

1ae815c379ad102a8d8720bf9f3f6040a1c2bb3a2ea96c8013764e55e768b452

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 3598
X-Cache: HIT
Connection: keep-alive
Content-Length: 287
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-1ce"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 4203984 7523557
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK chevron-left.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/ 318 B
1 KB 142ms
122ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/chevron-left.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

d6a343d1f22a917f6cd12624a677162451fa8c0f9059b5b8abbf06eab46b793a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 1183
X-Cache: HIT
Connection: keep-alive
Content-Length: 205
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-13e"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931738 11058501
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 2943
date: Thu, 15 Apr 2021 13:51:38 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19463
expires: Thu, 15 Apr 2021 15:51:38 GMT

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
citizenlab.ca/wp-includes/js/ 14 KB
15 KB 121ms
120ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-includes/js/wp-emoji-release.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28580
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Thu, 04 Feb 2021 05:03:06 GMT
Server: nginx/1.10.2
ETag: W/"601b800a-3795"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 4203992 6550257
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK twitter.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 743 B
1 KB 118ms
117ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/twitter.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

2b89374058dde71565df2120d15fb73a06f9718778c6ef91341aa27855a8a86e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 897
X-Cache: HIT
Connection: keep-alive
Content-Length: 445
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-2e7"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931748 8931094
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK facebook.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 471 B
1 KB 123ms
122ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/facebook.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

bb4964d892c82c6d0ef9c1d37a5aa95605f592b81b62c5996a541d9feebfeafe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 898
X-Cache: HIT
Connection: keep-alive
Content-Length: 316
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-1d7"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931750 7856904
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK whatsapp.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 1 KB
2 KB 123ms
122ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/whatsapp.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

01433a836afe3b4bf68d036d88cb96a818e29c44440e9580aec5ecc7bffa88da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 898
X-Cache: HIT
Connection: keep-alive
Content-Length: 630
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-470"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 11130356 9584928
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK email.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 171 B
1 KB 111ms
110ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/email.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

420f7a6963b9e4b626ec805e39949fb6c283f6ca02c1738ffc4f8d5e6e8f5d92

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 898
X-Cache: HIT
Connection: keep-alive
Content-Length: 161
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-ab"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 11130360 9584931
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK scroll-sidebar.js Show response
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/ 4 KB
5 KB 126ms
126ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/scroll-sidebar.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

364f751289c5d07f35b6e12f15102874bffe4ccb0bf5b644178da0d899f67e0c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-f5d"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 9585481 10463228
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK twitter-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/ 735 B
1 KB 125ms
124ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/plugins/basic-sharing/img/twitter-white.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

7b23afced91408fcd93e27596f9cc61400beef5cc604597157b7bf873529a6a6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 3598
X-Cache: HIT
Connection: keep-alive
Content-Length: 444
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 05 Jul 2017 17:48:33 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "595d2671-2df"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 3913275 10477555
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK facebook-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/ 464 B
1 KB 116ms
115ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/plugins/basic-sharing/img/facebook-white.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

637a6aa073f15a0f017cd26bb6ae7d393bebe56eb158bce9c881cb83e18508e6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 3598
X-Cache: HIT
Connection: keep-alive
Content-Length: 316
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 05 Jul 2017 17:48:33 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "595d2671-1d0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 11130366 11309766
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK email-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/ 183 B
1 KB 121ms
117ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/plugins/basic-sharing/img/email-white.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

f2934aed20330ca34ef46d0295cce9e239aa2c4da7c50fc6365095774056f7ad

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 3598
X-Cache: HIT
Connection: keep-alive
Content-Length: 168
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 05 Jul 2017 17:48:33 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "595d2671-b7"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 3913277 9216347
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK github-white.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 825 B
1 KB 123ms
123ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/github-white.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

d8b2a716fe0171afe660655ba27d2eeea343616d996d32500b28ba5fef051a46

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:42 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 3598
X-Cache: HIT
Connection: keep-alive
Content-Length: 474
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-339"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 11130372 10477558
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK bigfoot.js Show response
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/ 28 KB
29 KB 128ms
128ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

900997a69d45375550212e3532ddae9c3999f1baa5bfaffadf29aa59c7ea0beb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 11 May 2020 19:33:56 GMT
Server: nginx/1.10.2
ETag: W/"5eb9a8a4-70b0"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931732 563777
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK bigfoot.min.js Show response
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/ 12 KB
13 KB 136ms
133ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

7ea292934ffa2874392f579fac47bd8c5edbda9b6a5b52373895fd9f275f6abc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 11 May 2020 19:33:56 GMT
Server: nginx/1.10.2
ETag: W/"5eb9a8a4-31c9"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 11312253 563780
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK bigfoot-function.js Show response
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/ 17 B
1 KB 126ms
123ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-function.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

d9a81f50f0701b959fb97cb775f4ab21336d7ca950924b9b67dda773cfba3d04

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 11 May 2020 19:33:56 GMT
Server: nginx/1.10.2
ETag: W/"5eb9a8a4-11"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 9585483 2004324
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK fitvids.min.js Show response
citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ 3 KB
4 KB 128ms
125ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 06 Jan 2021 14:35:43 GMT
Server: nginx/1.10.2
ETag: W/"5ff5cabf-aaf"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 185325 9579049
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK search-menu.js Show response
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/ 1 KB
2 KB 129ms
126ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/search-menu.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

ec3d1cd769d5423d9e82e9608fffb841aed45deea9169407c5493da64b5b337a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-486"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 11156461 2004327
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK jquery.details.min.js Show response
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/jquery-details/ 2 KB
3 KB 201ms
123ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/jquery-details/jquery.details.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

8d0927b83c2b8bc4d5e9caa08c31fbd1d189f550a0fafc7a79d1f53a9cc872ed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-851"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 4203986 1983611
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK wp-embed.min.js Show response
citizenlab.ca/wp-includes/js/ 1 KB
2 KB 125ms
125ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-includes/js/wp-embed.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Thu, 04 Feb 2021 05:03:06 GMT
Server: nginx/1.10.2
ETag: W/"601b800a-592"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931746 10463233
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK forms.min.js Show response
citizenlab.ca/wp-content/plugins/mailchimp-for-wp/assets/js/ 7 KB
8 KB 112ms
111ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/mailchimp-for-wp/assets/js/forms.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

4a967a69edb3b1b523c71a86b0c665fa93436249640a987aead72a28ca348461

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://citizenlab.ca/
Cookie: _ga=GA1.2.914145236.1618497642; _gid=GA1.2.540715084.1618497642; _gat=1
Connection: keep-alive
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 28581
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Fri, 25 Sep 2020 00:37:33 GMT
Server: nginx/1.10.2
ETag: W/"5f6d3bcd-1abd"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 4203990 11188154
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK source-sans-pro-v9-latin-regular.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/ 11 KB
12 KB 188ms
132ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/source-sans-pro-v9-latin-regular.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

adbbb1570f134e34309f6335b650f8704232d270f25624283a8b56ea48236e57

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://citizenlab.ca
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://citizenlab.ca/
Connection: keep-alive
Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 1512
X-Cache: HIT
Connection: keep-alive
Content-Length: 11400
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-2c88"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 11156463 9287506
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK source-sans-pro-v11-latin_cyrillic-700.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/ 22 KB
23 KB 205ms
126ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/source-sans-pro-v11-latin_cyrillic-700.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

f6b888fcb7d32a0ae96a913e1c32b69565f2531a2022006e4e91b48e408f44bc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://citizenlab.ca
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://citizenlab.ca/
Connection: keep-alive
Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 1448
X-Cache: HIT
Connection: keep-alive
Content-Length: 22104
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-5658"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931734 9287603
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK Oswald-Medium.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/Oswald/ 15 KB
16 KB 327ms
214ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/Oswald/Oswald-Medium.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

181abeaeff7b0322fe12dd622050e445647524cc8bcba696ad4ecc369d240da6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://citizenlab.ca
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://citizenlab.ca/
Connection: keep-alive
Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 3209
X-Cache: HIT
Connection: keep-alive
Content-Length: 15528
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-3ca8"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 4203980 9216618
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK Oswald-Regular.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/Oswald/ 34 KB
35 KB 332ms
218ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/Oswald/Oswald-Regular.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

c917890db16d209bcb5221dcadbbdf0d877531aaf8bf96c2be95016f2c01dc80

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://citizenlab.ca
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://citizenlab.ca/
Connection: keep-alive
Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 2504
X-Cache: HIT
Connection: keep-alive
Content-Length: 34488
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-86b8"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 8931736 8929763
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK source-sans-pro-v9-latin-italic.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/ 11 KB
12 KB 243ms
128ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/source-sans-pro-v9-latin-italic.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 , Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

69d776d65aa27596857008e9762d926ba60349c39280d5044890c8885474e166

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Origin: https://citizenlab.ca
Accept-Encoding: gzip, deflate, br
Host: citizenlab.ca
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: font
Referer: https://citizenlab.ca/
Connection: keep-alive
Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 15 Apr 2021 14:40:41 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 558
X-Cache: HIT
Connection: keep-alive
Content-Length: 11200
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-2bc0"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 4203982 11312157
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Content-Security-Policy: default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 27ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j89&aip=1&a=1317939633&t=pageview&_s=1&dl=https%3A%2F%2Fcitizenlab.ca%2F2019%2F09%2Fpoison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits%2F&ul=en-us&de=UTF-8&dt=Missing%20Link%3A%20Tibetan%20Groups%20Targeted%20with%201-Click%20Mobile%20Exploits%20-%20The%20Citizen%20Lab&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABCAAAAC~&jid=319825635&gjid=597884156&cid=914145236.1618497642&tid=UA-19652411-2&_gid=540715084.1618497642&_r=1&_slc=1&did=dZGIzZG&z=996250441

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 15 Apr 2021 14:40:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://citizenlab.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST collect
stats.g.doubleclick.net/j/ 0
0

GET
H2 200 21a9.svg
s.w.org/images/core/emoji/13.0.1/svg/ 348 B
547 B 97ms
30ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.1/svg/21a9.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2019/09/poison-carp-tibetan-groups-targeted-with-1-click-mobile-exploits/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

239f4fb5d0217da316c97a822ed394d468e1543ec4c445f56bd5d1e2899eb43b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Thu, 15 Apr 2021 14:40:42 GMT
x-content-type-options: nosniff
last-modified: Tue, 20 Oct 2020 16:13:30 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=315360000
accept-ranges: bytes
content-length: 348
expires: Thu, 31 Dec 2037 23:55:55 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: stats.g.doubleclick.net
URL: https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j89&tid=UA-19652411-2&cid=914145236.1618497642&jid=319825635&gjid=597884156&_gid=540715084.1618497642&_u=YEBAAUAACAAAAC~&z=1078278625

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.citizenlab.ca/	1970-01-19 17:34:57	Name: _gat Value: 1
.citizenlab.ca/	1970-01-19 17:36:24	Name: _gid Value: GA1.2.540715084.1618497642
.citizenlab.ca/	1970-01-20 11:06:09	Name: _ga Value: GA1.2.914145236.1618497642

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://citizenlab.ca/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js(Line 2) Message: YT API init check
console-api	log	URL: https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js(Line 2) Message: YT API init check
console-api	log	URL: https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js(Line 2) Message: YT API init check
console-api	log	URL: https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js(Line 2) Message: YT API init check

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

citizenlab.ca
s.w.org
stats.g.doubleclick.net
www.google-analytics.com
stats.g.doubleclick.net
192.0.77.48
2a00:1450:4001:80f::200e
66.70.203.130
01433a836afe3b4bf68d036d88cb96a818e29c44440e9580aec5ecc7bffa88da
01c4b7ea2a08142064d2c3994a2cc73d7c55125d586d2a918ce3482f4439e1f4
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
181abeaeff7b0322fe12dd622050e445647524cc8bcba696ad4ecc369d240da6
1a6200b14c640e875c4bcc5cb418261017a8c752d66115257509c409ef485834
1ae815c379ad102a8d8720bf9f3f6040a1c2bb3a2ea96c8013764e55e768b452
1fbf8c9d128ffadbed2319b5087409c15f969dfb21c23d04266736f66a9cb5bd
239f4fb5d0217da316c97a822ed394d468e1543ec4c445f56bd5d1e2899eb43b
271d4eeab3dfc90b3b83aa3d0b80916fb00be28bac5e01be0e6a519e113947a0
2b89374058dde71565df2120d15fb73a06f9718778c6ef91341aa27855a8a86e
364f751289c5d07f35b6e12f15102874bffe4ccb0bf5b644178da0d899f67e0c
420f7a6963b9e4b626ec805e39949fb6c283f6ca02c1738ffc4f8d5e6e8f5d92
4a967a69edb3b1b523c71a86b0c665fa93436249640a987aead72a28ca348461
5498eab9ddd9c6790d3e401556c0daaa159bcf36708cb89fee8184bf38e4b7aa
54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
637a6aa073f15a0f017cd26bb6ae7d393bebe56eb158bce9c881cb83e18508e6
63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4
69d776d65aa27596857008e9762d926ba60349c39280d5044890c8885474e166
79aa7fbee1766dfae7d36821299f9d735c451cbd935b4b21d61b1b062518c125
7b23afced91408fcd93e27596f9cc61400beef5cc604597157b7bf873529a6a6
7ea292934ffa2874392f579fac47bd8c5edbda9b6a5b52373895fd9f275f6abc
8d0927b83c2b8bc4d5e9caa08c31fbd1d189f550a0fafc7a79d1f53a9cc872ed
900997a69d45375550212e3532ddae9c3999f1baa5bfaffadf29aa59c7ea0beb
90368b5a3711b1777dc287f535cfc1be62b69a362a1af847558cb7c44c7f3974
9f8cd7283bcdb3ac33f8f7e8e9d7718e78ba431331a0fec9d9f9966be229cf7b
a697516b3931d47c9536d0e3643c6baabb14437558ef2f0386e3045583fff79b
aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c
adbbb1570f134e34309f6335b650f8704232d270f25624283a8b56ea48236e57
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b59c123856bc07c991490850f67ba6ac949e53d8507efcab17da979f8d1626bc
bb4964d892c82c6d0ef9c1d37a5aa95605f592b81b62c5996a541d9feebfeafe
c917890db16d209bcb5221dcadbbdf0d877531aaf8bf96c2be95016f2c01dc80
d6a343d1f22a917f6cd12624a677162451fa8c0f9059b5b8abbf06eab46b793a
d8b2a716fe0171afe660655ba27d2eeea343616d996d32500b28ba5fef051a46
d9a81f50f0701b959fb97cb775f4ab21336d7ca950924b9b67dda773cfba3d04
ec3d1cd769d5423d9e82e9608fffb841aed45deea9169407c5493da64b5b337a
f2934aed20330ca34ef46d0295cce9e239aa2c4da7c50fc6365095774056f7ad
f6b888fcb7d32a0ae96a913e1c32b69565f2531a2022006e4e91b48e408f44bc
f79723478f4c48501cd49ac52b81d6244a6562b9d3f08ce8ab208a8b8878d4c4
fe9ad9796d39e706fe661ddf90151c0ebc03251164354d55f1ee95ca06878b40

citizenlab.ca Open in urlscan Pro 66.70.203.130 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

44 Requests

98 %HTTPS

33 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

451 kBTransfer

673 kBSize

3 Cookies

108 Outgoing links

Redirected requests

44 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

citizenlab.ca Open in urlscan Pro
66.70.203.130 Public Scan

Screenshot
Live screenshot

Full Image

44
Requests

98 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

451 kB
Transfer

673 kB
Size

3
Cookies

44 HTTP transactions
0 data transactions