URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Submission: On September 15 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 44 HTTP transactions. The main IP is 66.70.203.130, located in Canada and belongs to OVH, FR. The main domain is citizenlab.ca.
TLS certificate: Issued by SSL.com RSA SSL subCA on August 9th 2021. Valid for: a year.
This is the only time citizenlab.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 42 66.70.203.130 16276 (OVH)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
44 3
Apex Domain
Subdomains
Transfer
42 citizenlab.ca
citizenlab.ca
546 KB
2 google-analytics.com
www.google-analytics.com
20 KB
1 googletagmanager.com
www.googletagmanager.com
40 KB
44 3
Domain Requested by
42 citizenlab.ca 1 redirects citizenlab.ca
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 www.googletagmanager.com citizenlab.ca
44 3
Subject Issuer Validity Valid
citizenlab.ca
SSL.com RSA SSL subCA
2021-08-09 -
2022-09-09
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-08-23 -
2021-11-15
3 months crt.sh

This page contains 1 frames:

Primary Page: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Frame ID: A04450CB442E9E3AB0AF1720263E019B
Requests: 44 HTTP requests in this frame

Screenshot

Page Title

FORCEDENTRY: NSO Group iMessage Zero-Click Exploit Captured in the Wild - The Citizen Lab

Page URL History Show full URLs

  1. https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild HTTP 301
    https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

44
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

605 kB
Transfer

861 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild HTTP 301
    https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Redirect Chain
  • https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild
  • https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
55 KB
16 KB
Document
General
Full URL
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 / PHP/7.4.16
Resource Hash
46ddea011c23700cde9aed7881dc8a9903b264584a5d99c26b9472c6a370c7d1
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
citizenlab.ca
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx/1.10.2
Date
Wed, 15 Sep 2021 23:32:21 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
14972
Connection
keep-alive
Vary
Accept-Encoding
X-Powered-By
PHP/7.4.16
Access-Control-Allow-Origin
https://targetedthreats.net
Link
<https://citizenlab.ca/?p=75474>; rel=shortlink
Content-Encoding
gzip
X-Varnish
20983453 25330197
Age
1220
Via
1.1 varnish-v4
X-Cache-Svr
citizenlab.ca
X-Cache
HIT
Accept-Ranges
bytes
Strict-Transport-Security
max-age=15768000
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;

Redirect headers

Server
nginx/1.10.2
Date
Wed, 15 Sep 2021 23:32:21 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
X-Powered-By
PHP/7.4.16
Access-Control-Allow-Origin
https://targetedthreats.net
Expires
Wed, 15 Sep 2021 23:32:58 GMT
Cache-Control
max-age=3600
X-Redirect-By
WordPress
Location
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
X-Varnish
25692058 20470064
Age
3563
Via
1.1 varnish-v4
X-Cache-Svr
citizenlab.ca
X-Cache
HIT
Strict-Transport-Security
max-age=15768000
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
js
www.googletagmanager.com/gtag/
99 KB
40 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-19652411-2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2dc3ddec9f8d706aa446c517962406f0d5d9c62b98eeb2577a7c9aa03ca08a94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 15 Sep 2021 23:32:22 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40338
x-xss-protection
0
last-modified
Wed, 15 Sep 2021 22:23:25 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 15 Sep 2021 23:32:22 GMT
style.min.css
citizenlab.ca/wp-includes/css/dist/block-library/
79 KB
11 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:21 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Tue, 27 Jul 2021 00:17:08 GMT
Server
nginx/1.10.2
ETag
W/"60ff5084-13abe"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
13585044 18454042
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
bigfoot-number.css
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/
7 KB
3 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-number.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
b59c123856bc07c991490850f67ba6ac949e53d8507efcab17da979f8d1626bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 11 May 2020 19:33:56 GMT
Server
nginx/1.10.2
ETag
W/"5eb9a8a4-1b6f"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23529415 18553521
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
ytprefs.min.css
citizenlab.ca/wp-content/plugins/youtube-embed-plus/styles/
6 KB
2 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 19 Jul 2021 05:00:50 GMT
Server
nginx/1.10.2
ETag
W/"60f50702-178c"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
13585048 18491871
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
tachyons.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/
82 KB
17 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/tachyons.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
9f8cd7283bcdb3ac33f8f7e8e9d7718e78ba431331a0fec9d9f9966be229cf7b
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-147de"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
25330715 5691413
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
style.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/
30 KB
8 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
88ba152cda3832e392b48afcc8e27eb5c5b7e72df455ab80395994d6c0939ae7
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-7693"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
25330717 18454045
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
sprite-navigation-white.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/
2 KB
1 KB
Stylesheet
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/sprite-navigation-white.css
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
271d4eeab3dfc90b3b83aa3d0b80916fb00be28bac5e01be0e6a519e113947a0
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding Accept-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-8ca"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
13585050 18553524
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Content-Type
text/css
X-Cache-Svr
citizenlab.ca
frontend-gtag.min.js
citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/js/
12 KB
13 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend-gtag.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
e69d17966c87ced93f60016674f0e6b10786838cfc6973e34e195649166b225e
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Tue, 14 Sep 2021 17:02:59 GMT
Server
nginx/1.10.2
ETag
W/"6140d5c3-2e81"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
30377823 18491874
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
jquery.min.js
citizenlab.ca/wp-includes/js/jquery/
87 KB
89 KB
Script
General
Full URL
https://citizenlab.ca/wp-includes/js/jquery/jquery.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Tue, 27 Jul 2021 00:17:07 GMT
Server
nginx/1.10.2
ETag
W/"60ff5083-15db1"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
30377825 5691416
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
jquery-migrate.min.js
citizenlab.ca/wp-includes/js/jquery/
11 KB
12 KB
Script
General
Full URL
https://citizenlab.ca/wp-includes/js/jquery/jquery-migrate.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 06 Jan 2021 14:37:39 GMT
Server
nginx/1.10.2
ETag
W/"5ff5cb33-2bd8"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23823966 18454048
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
ytprefs.min.js
citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/
10 KB
11 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
2f617a099ba9e73c30624d09ec9c8cb90ae3e784e8f89d94be4574dfe1496266
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61000
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 19 Jul 2021 05:00:50 GMT
Server
nginx/1.10.2
ETag
W/"60f50702-26a1"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
30377831 18365408
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
modernizr.custom.min.js
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/libs/
15 KB
16 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/libs/modernizr.custom.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
5498eab9ddd9c6790d3e401556c0daaa159bcf36708cb89fee8184bf38e4b7aa
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61004
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-3b16"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
13585052 18491877
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
CL-logo-3-headed.png
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/
5 KB
6 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/CL-logo-3-headed.png
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
a697516b3931d47c9536d0e3643c6baabb14437558ef2f0386e3045583fff79b
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
60954
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-12fa"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23529439 17914742
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/png
X-Cache-Svr
citizenlab.ca
MunkSchool-WHT.png
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/
20 KB
21 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/MunkSchool-WHT.png
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
1a6200b14c640e875c4bcc5cb418261017a8c752d66115257509c409ef485834
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
60954
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:31 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6df-5106"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23529437 18782922
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/png
X-Cache-Svr
citizenlab.ca
magnifying-glass.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/iconic/
462 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/iconic/magnifying-glass.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
1ae815c379ad102a8d8720bf9f3f6040a1c2bb3a2ea96c8013764e55e768b452
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2170
X-Cache
HIT
Connection
keep-alive
Content-Length
287
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-1ce"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
25692107 23363699
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
chevron-right.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/
361 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/chevron-right.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
34ce795978408b2395117f918992bea43ef2c8b5c25ceebe38b635a0fc0970ca
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2192
X-Cache
HIT
Connection
keep-alive
Content-Length
226
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-169"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
25692105 22544506
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
twitter.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
743 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/twitter.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
2b89374058dde71565df2120d15fb73a06f9718778c6ef91341aa27855a8a86e
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2141
X-Cache
HIT
Connection
keep-alive
Content-Length
445
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-2e7"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
23529447 20766146
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
facebook.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
471 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/facebook.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
bb4964d892c82c6d0ef9c1d37a5aa95605f592b81b62c5996a541d9feebfeafe
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2141
X-Cache
HIT
Connection
keep-alive
Content-Length
316
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-1d7"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
25692117 28934207
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
whatsapp.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
1 KB
2 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/whatsapp.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
01433a836afe3b4bf68d036d88cb96a818e29c44440e9580aec5ecc7bffa88da
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2141
X-Cache
HIT
Connection
keep-alive
Content-Length
630
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-470"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
23529449 20766149
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
email.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
171 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/email.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
420f7a6963b9e4b626ec805e39949fb6c283f6ca02c1738ffc4f8d5e6e8f5d92
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2141
X-Cache
HIT
Connection
keep-alive
Content-Length
161
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-ab"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
25692119 21169278
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
scroll-sidebar.js
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/
4 KB
5 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/scroll-sidebar.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
364f751289c5d07f35b6e12f15102874bffe4ccb0bf5b644178da0d899f67e0c
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
60973
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-f5d"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
25692081 5691725
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
twitter-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/
735 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/plugins/basic-sharing/img/twitter-white.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
7b23afced91408fcd93e27596f9cc61400beef5cc604597157b7bf873529a6a6
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2141
X-Cache
HIT
Connection
keep-alive
Content-Length
444
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 05 Jul 2017 17:48:33 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"595d2671-2df"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
23529451 28934210
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
yt_icon_mono_dark.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
723 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/yt_icon_mono_dark.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
3564bd314566653de65415379747a64f0121b1d1a4331916b4653825571eb729
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.1227675733.1631748743; _gid=GA1.2.493741673.1631748743; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2191
X-Cache
HIT
Connection
keep-alive
Content-Length
471
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-2d3"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
23529453 26247389
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
email-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/
183 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/plugins/basic-sharing/img/email-white.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
f2934aed20330ca34ef46d0295cce9e239aa2c4da7c50fc6365095774056f7ad
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.1227675733.1631748743; _gid=GA1.2.493741673.1631748743; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2191
X-Cache
HIT
Connection
keep-alive
Content-Length
168
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 05 Jul 2017 17:48:33 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"595d2671-b7"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
13585059 23265407
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
github-white.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/
825 B
1 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/images/brands/github-white.svg
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
d8b2a716fe0171afe660655ba27d2eeea343616d996d32500b28ba5fef051a46
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.1227675733.1631748743; _gid=GA1.2.493741673.1631748743; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
2191
X-Cache
HIT
Connection
keep-alive
Content-Length
474
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
X-Frame-Options
SAMEORIGIN
ETag
"60dbc6de-339"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15768000
X-Varnish
23529455 26247392
Via
1.1 varnish-v4
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/svg+xml
X-Cache-Svr
citizenlab.ca
bigfoot.js
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/
28 KB
29 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
900997a69d45375550212e3532ddae9c3999f1baa5bfaffadf29aa59c7ea0beb
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61000
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 11 May 2020 19:33:56 GMT
Server
nginx/1.10.2
ETag
W/"5eb9a8a4-70b0"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23823976 18491894
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
bigfoot.min.js
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/
12 KB
13 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
7ea292934ffa2874392f579fac47bd8c5edbda9b6a5b52373895fd9f275f6abc
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61000
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 11 May 2020 19:33:56 GMT
Server
nginx/1.10.2
ETag
W/"5eb9a8a4-31c9"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
25692091 18365411
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
bigfoot-function.js
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/
17 B
1 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-function.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
d9a81f50f0701b959fb97cb775f4ab21336d7ca950924b9b67dda773cfba3d04
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61000
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 11 May 2020 19:33:56 GMT
Server
nginx/1.10.2
ETag
W/"5eb9a8a4-11"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23823982 18491899
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
fitvids.min.js
citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/
3 KB
4 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61000
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 19 Jul 2021 05:00:50 GMT
Server
nginx/1.10.2
ETag
W/"60f50702-aaf"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23529423 18365414
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
search-menu.js
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/
1 KB
2 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/search-menu.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
ec3d1cd769d5423d9e82e9608fffb841aed45deea9169407c5493da64b5b337a
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
60999
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-486"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23529425 18365417
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
jquery.details.min.js
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/jquery-details/
2 KB
3 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/js/jquery-details/jquery.details.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
8d0927b83c2b8bc4d5e9caa08c31fbd1d189f550a0fafc7a79d1f53a9cc872ed
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
60999
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
W/"60dbc6de-851"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
25692109 5691453
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
wp-embed.min.js
citizenlab.ca/wp-includes/js/
1 KB
2 KB
Script
General
Full URL
https://citizenlab.ca/wp-includes/js/wp-embed.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
60999
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Thu, 04 Feb 2021 05:03:06 GMT
Server
nginx/1.10.2
ETag
W/"601b800a-592"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
25692115 18553580
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
forms.js
citizenlab.ca/wp-content/plugins/mailchimp-for-wp/assets/js/
6 KB
7 KB
Script
General
Full URL
https://citizenlab.ca/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
dcbe862273a5d7cb61ffaa1eda7e0a1ecb466ca5e08a592fae3e6d1824960293
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.1227675733.1631748743; _gid=GA1.2.493741673.1631748743; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61000
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 19 Jul 2021 05:00:34 GMT
Server
nginx/1.10.2
ETag
W/"60f506f2-1842"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
13585061 18491906
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
wp-emoji-release.min.js
citizenlab.ca/wp-includes/js/
18 KB
19 KB
Script
General
Full URL
https://citizenlab.ca/wp-includes/js/wp-emoji-release.min.js
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.1227675733.1631748743; _gid=GA1.2.493741673.1631748743; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
61002
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Tue, 27 Jul 2021 00:17:07 GMT
Server
nginx/1.10.2
ETag
W/"60ff5083-4705"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23529457 18553577
Access-Control-Allow-Origin
*
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/javascript
X-Cache-Svr
citizenlab.ca
analytics.js
www.google-analytics.com/
48 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-19652411-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 11 Aug 2021 00:32:57 GMT
server
Golfe2
age
2422
date
Wed, 15 Sep 2021 22:52:00 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Thu, 16 Sep 2021 00:52:00 GMT
source-sans-pro-v9-latin-regular.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/
11 KB
12 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/source-sans-pro-v9-latin-regular.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
adbbb1570f134e34309f6335b650f8704232d270f25624283a8b56ea48236e57
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
2494
X-Cache
HIT
Connection
keep-alive
Content-Length
11400
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-2c88"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23823980 23003203
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
source-sans-pro-v11-latin_cyrillic-700.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/
22 KB
23 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/source-sans-pro-v11-latin_cyrillic-700.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
f6b888fcb7d32a0ae96a913e1c32b69565f2531a2022006e4e91b48e408f44bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
2440
X-Cache
HIT
Connection
keep-alive
Content-Length
22104
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-5658"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23529429 27754569
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
Oswald-Medium.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/Oswald/
15 KB
16 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/Oswald/Oswald-Medium.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
181abeaeff7b0322fe12dd622050e445647524cc8bcba696ad4ecc369d240da6
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
2515
X-Cache
HIT
Connection
keep-alive
Content-Length
15528
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-3ca8"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
25692099 27164793
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
Oswald-Regular.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/Oswald/
34 KB
35 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/Oswald/Oswald-Regular.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
c917890db16d209bcb5221dcadbbdf0d877531aaf8bf96c2be95016f2c01dc80
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
2382
X-Cache
HIT
Connection
keep-alive
Content-Length
34488
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-86b8"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
25692101 15426165
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
source-sans-pro-v14-latin-700italic.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/
15 KB
16 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/source-sans-pro-v14-latin-700italic.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
1f7a0936b6088ba92724552532f25bc5265a9683af16678aecfe3a7f67423004
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
2170
X-Cache
HIT
Connection
keep-alive
Content-Length
15188
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-3b54"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
23529433 19895912
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
source-sans-pro-v9-latin-italic.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/
11 KB
12 KB
Font
General
Full URL
https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/fonts/source-sans-pro-v9-latin-italic.woff2
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.5/library/css/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
69d776d65aa27596857008e9762d926ba60349c39280d5044890c8885474e166
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://citizenlab.ca
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://citizenlab.ca/
Connection
keep-alive
Referer
https://citizenlab.ca/
Origin
https://citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
X-Accept-Ranges
bytes
Age
2133
X-Cache
HIT
Connection
keep-alive
Content-Length
11200
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Wed, 30 Jun 2021 01:20:30 GMT
Server
nginx/1.10.2
ETag
"60dbc6de-2bc0"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
25692103 25395341
Access-Control-Allow-Origin
*
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
application/octet-stream
X-Cache-Svr
citizenlab.ca
FORCEDENTRY-Feat-image-1.png
citizenlab.ca/wp-content/uploads/2021/09/
105 KB
106 KB
Image
General
Full URL
https://citizenlab.ca/wp-content/uploads/2021/09/FORCEDENTRY-Feat-image-1.png
Requested by
Host: citizenlab.ca
URL: https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.70.203.130 , Canada, ASN16276 (OVH, FR),
Reverse DNS
vps.citizenlab.ca
Software
nginx/1.10.2 /
Resource Hash
11aa636aace691e894506b5ca6a62e03568465f660227a1f30734e2329c170fd
Security Headers
Name Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
citizenlab.ca
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://citizenlab.ca/
Cookie
_ga=GA1.2.1227675733.1631748743; _gid=GA1.2.493741673.1631748743; _gat_gtag_UA_19652411_2=1
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://citizenlab.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 15 Sep 2021 23:32:22 GMT
Via
1.1 varnish-v4
X-Content-Type-Options
nosniff
Age
18546
Transfer-Encoding
chunked
X-Cache
HIT
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin
Last-Modified
Mon, 13 Sep 2021 18:23:16 GMT
Server
nginx/1.10.2
ETag
W/"613f9714-1a59d"
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=15768000
X-Varnish
13585063 20336739
cache-control
public, max-age=2592000
Feature-Policy
sync-xhr 'self'
Content-Security-Policy
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Accept-Ranges
bytes
Content-Type
image/png
X-Cache-Svr
citizenlab.ca
collect
www.google-analytics.com/j/
1 B
204 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&aip=1&a=2035734617&t=pageview&_s=1&dl=https%3A%2F%2Fcitizenlab.ca%2F2021%2F09%2Fforcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild%2F&ul=en-us&de=UTF-8&dt=FORCEDENTRY%3A%20NSO%20Group%20iMessage%20Zero-Click%20Exploit%20Captured%20in%20the%20Wild%20-%20The%20Citizen%20Lab&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=867226303&gjid=345355453&cid=1227675733.1631748743&tid=UA-19652411-2&_gid=493741673.1631748743&_r=1&gtm=2ou9f0&did=dZGIzZG&z=47682828
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://citizenlab.ca/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 15 Sep 2021 23:32:22 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://citizenlab.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster string| mi_version boolean| mi_track_user string| mi_no_track_reason object| disableStrs function| __gtagTrackerIsOptedOut undefined| index function| __gtagTrackerOptout function| gaOptout function| __gtagDataLayer function| __gtagTracker object| dataLayer object| MonsterInsightsDualTracker function| gtag function| __gaTracker object| _wpemojiSettings object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| monsterinsights_frontend function| MonsterInsights object| MonsterInsightsObject undefined| $ function| jQuery object| _EPYT_ object| _EPADashboard_ function| onYouTubeIframeAPIReady object| html5 object| Modernizr function| yepnope function| startSidebarScrollStick object| mc4wp function| epdofitvids object| menuSearchform object| menuSearch object| menuSearchButton object| menuSearchContainer function| isDescendant function| menuSearchToggle function| menuSearchHide object| gaplugins object| gaGlobal object| gaData object| wp object| twemoji

3 Cookies

Domain/Path Name / Value
.citizenlab.ca/ Name: _ga
Value: GA1.2.1227675733.1631748743
.citizenlab.ca/ Name: _gid
Value: GA1.2.493741673.1631748743
.citizenlab.ca/ Name: _gat_gtag_UA_19652411_2
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com;
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

citizenlab.ca
www.google-analytics.com
www.googletagmanager.com
2a00:1450:4001:808::2008
2a00:1450:4001:808::200e
66.70.203.130
01433a836afe3b4bf68d036d88cb96a818e29c44440e9580aec5ecc7bffa88da
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
11aa636aace691e894506b5ca6a62e03568465f660227a1f30734e2329c170fd
181abeaeff7b0322fe12dd622050e445647524cc8bcba696ad4ecc369d240da6
1a6200b14c640e875c4bcc5cb418261017a8c752d66115257509c409ef485834
1ae815c379ad102a8d8720bf9f3f6040a1c2bb3a2ea96c8013764e55e768b452
1f7a0936b6088ba92724552532f25bc5265a9683af16678aecfe3a7f67423004
271d4eeab3dfc90b3b83aa3d0b80916fb00be28bac5e01be0e6a519e113947a0
2b89374058dde71565df2120d15fb73a06f9718778c6ef91341aa27855a8a86e
2dc3ddec9f8d706aa446c517962406f0d5d9c62b98eeb2577a7c9aa03ca08a94
2f617a099ba9e73c30624d09ec9c8cb90ae3e784e8f89d94be4574dfe1496266
34ce795978408b2395117f918992bea43ef2c8b5c25ceebe38b635a0fc0970ca
3564bd314566653de65415379747a64f0121b1d1a4331916b4653825571eb729
364f751289c5d07f35b6e12f15102874bffe4ccb0bf5b644178da0d899f67e0c
420f7a6963b9e4b626ec805e39949fb6c283f6ca02c1738ffc4f8d5e6e8f5d92
46ddea011c23700cde9aed7881dc8a9903b264584a5d99c26b9472c6a370c7d1
5498eab9ddd9c6790d3e401556c0daaa159bcf36708cb89fee8184bf38e4b7aa
54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
69d776d65aa27596857008e9762d926ba60349c39280d5044890c8885474e166
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7b23afced91408fcd93e27596f9cc61400beef5cc604597157b7bf873529a6a6
7ea292934ffa2874392f579fac47bd8c5edbda9b6a5b52373895fd9f275f6abc
88ba152cda3832e392b48afcc8e27eb5c5b7e72df455ab80395994d6c0939ae7
8d0927b83c2b8bc4d5e9caa08c31fbd1d189f550a0fafc7a79d1f53a9cc872ed
900997a69d45375550212e3532ddae9c3999f1baa5bfaffadf29aa59c7ea0beb
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
9f8cd7283bcdb3ac33f8f7e8e9d7718e78ba431331a0fec9d9f9966be229cf7b
a697516b3931d47c9536d0e3643c6baabb14437558ef2f0386e3045583fff79b
aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c
adbbb1570f134e34309f6335b650f8704232d270f25624283a8b56ea48236e57
b59c123856bc07c991490850f67ba6ac949e53d8507efcab17da979f8d1626bc
bb4964d892c82c6d0ef9c1d37a5aa95605f592b81b62c5996a541d9feebfeafe
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c917890db16d209bcb5221dcadbbdf0d877531aaf8bf96c2be95016f2c01dc80
d8b2a716fe0171afe660655ba27d2eeea343616d996d32500b28ba5fef051a46
d9a81f50f0701b959fb97cb775f4ab21336d7ca950924b9b67dda773cfba3d04
dcbe862273a5d7cb61ffaa1eda7e0a1ecb466ca5e08a592fae3e6d1824960293
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e69d17966c87ced93f60016674f0e6b10786838cfc6973e34e195649166b225e
ec3d1cd769d5423d9e82e9608fffb841aed45deea9169407c5493da64b5b337a
f2934aed20330ca34ef46d0295cce9e239aa2c4da7c50fc6365095774056f7ad
f6b888fcb7d32a0ae96a913e1c32b69565f2531a2022006e4e91b48e408f44bc
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62