citizenlab.ca Open in urlscan Pro
66.70.203.130 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
Submission: On December 22 via manual (December 22nd 2020, 6:16:50 am UTC) from HK

Summary HTTP 41 Redirects Links 47 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 41 HTTP transactions. The main IP is 66.70.203.130, located in Montreal, Canada and belongs to OVH, FR. The main domain is citizenlab.ca.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 23rd 2020. Valid for: 3 months.

This is the only time citizenlab.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
39	66.70.203.130 66.70.203.130	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:820::200e	15169 (GOOGLE) (GOOGLE)
41	2

39 66.70.203.130 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: vps.citizenlab.ca

citizenlab.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	citizenlab.ca citizenlab.ca	406 KB
2	google-analytics.com www.google-analytics.com	19 KB
41	2

	Domain	Requested by
39	citizenlab.ca	citizenlab.ca
2	www.google-analytics.com	citizenlab.ca www.google-analytics.com
41	2

This site contains links to these domains. Also see Links.

Domain
donate.utoronto.ca
www.business-humanrights.org
www.amnesty.org
www.forbes.com
www.wired.com
www.reuters.com
www.vice.com
www.haaretz.com
wired.me
www.ynetnews.com
www.nytimes.com
www.bbc.com
www.washingtonpost.com
www.theguardian.com
money.cnn.com
www.aljazeera.com
twitter.com
www.youtube.com
censys.io
www.usom.gov.tr
www.theglobeandmail.com
cpj.org
www.tandfonline.com
cltc.berkeley.edu
www.ohchr.org
support.apple.com
www.facebook.com
github.com
creativecommons.org
munkschool.utoronto.ca

Subject Issuer	Validity	Valid
citizenlab.ca Let's Encrypt Authority X3	`2020-11-23` - `2021-02-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/
Frame ID: BE3D8D79AA54A828F09E4F65300C1942
Requests: 41 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

41
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

424 kB
Transfer

646 kB
Size

3
Cookies

47 Outgoing links

These are links going to different origins than the main page.

URL: https://donate.utoronto.ca/give/show/84
Title: Donate

Search URL Search Domain Scan URL

URL: https://www.business-humanrights.org/en/companies/nso-group/
Title: NSO Group

Search URL Search Domain Scan URL

URL: https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/
Title: network-based attacks

Search URL Search Domain Scan URL

URL: https://www.forbes.com/sites/forbestechcouncil/2020/12/14/the-pernicious-invisibility-of-zero-click-mobile-attacks/
Title: successfully deployed

Search URL Search Domain Scan URL

URL: https://www.wired.com/story/ios-security-imessage-safari/
Title: not been sandboxed

Search URL Search Domain Scan URL

URL: https://www.reuters.com/investigates/special-report/usa-spying-karma/
Title: reported

Search URL Search Domain Scan URL

URL: https://www.reuters.com/investigates/special-report/usa-raven-media/
Title: chairmen

Search URL Search Domain Scan URL

URL: https://www.vice.com/en_us/article/qvakb3/inside-nso-group-spyware-demo
Title: Vice Motherboard report

Search URL Search Domain Scan URL

URL: https://www.haaretz.com/israel-news/.premium.MAGAZINE-israel-s-cyber-spy-industry-aids-dictators-hunt-dissidents-and-gays-1.6573027
Title: 2019 Haaretz report

Search URL Search Domain Scan URL

URL: https://wired.me/technology/privacy/surveillance-gulf-states/
Title: significant customer bases

Search URL Search Domain Scan URL

URL: https://www.haaretz.com/middle-east-news/.premium-with-israel-s-encouragement-nso-sold-spyware-to-uae-and-other-gulf-states-1.9093465
Title: reportedly

Search URL Search Domain Scan URL

URL: https://www.ynetnews.com/articles/0,7340,L-5444998,00.html
Title: described

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2014/03/06/world/middleeast/3-persian-gulf-states-pull-ambassadors-from-qatar.html
Title: withdrew their ambassadors

Search URL Search Domain Scan URL

URL: https://www.reuters.com/article/us-gulf-summit-ambassadors-idUSKCN0J00Y420141116
Title: eight months

Search URL Search Domain Scan URL

URL: https://www.bbc.com/news/world-middle-east-40164552
Title: cut off diplomatic relations

Search URL Search Domain Scan URL

URL: https://www.washingtonpost.com/world/national-security/uae-hacked-qatari-government-sites-sparking-regional-upheaval-according-to-us-intelligence-officials/2017/07/16/00c46e54-698f-11e7-8eb5-cbccc2e7bfbf_story.html
Title: approved

Search URL Search Domain Scan URL

URL: https://www.theguardian.com/world/2017/jun/23/close-al-jazeera-saudi-arabia-issues-qatar-with-13-demands-to-end-blockade
Title: issued

Search URL Search Domain Scan URL

URL: https://www.theguardian.com/world/2015/feb/02/saudi-prince-alarab-news-channel
Title: first day of operations

Search URL Search Domain Scan URL

URL: https://www.nytimes.com/2011/01/28/world/middleeast/28jazeera.html
Title: extensive, real-time coverage of protests

Search URL Search Domain Scan URL

URL: https://money.cnn.com/2017/05/24/media/al-jazeera-blocked-saudi-arabia-uae/
Title: blocked

Search URL Search Domain Scan URL

URL: https://www.aljazeera.com/news/2013/7/4/egypts-military-shuts-down-news-channels
Title: detained five of the staff

Search URL Search Domain Scan URL

URL: https://www.washingtonpost.com/world/al-jazeera-tv-network-draws-criticism-praise-for-coverage-of-arab-revolutions/2011/05/08/AFoHWs2G_story.html
Title: striking a more muted tone

Search URL Search Domain Scan URL

URL: https://twitter.com/khalidalkhalifa/status/99281312271183872
Title: famously

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=rcyP_b435TQ
Title: attempted 1996 coup

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=BptzscpcCBQ
Title: hiring

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=SQBxbSYeYAI
Title: Saudi killing of Jamal Khashoggi

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=u1ZFA45hbP4
Title: collapsed in 2020

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=snu-0lGABUI
Title: interviews

Search URL Search Domain Scan URL

URL: https://censys.io/certificates/2efca506b8caa6ecafe3ddd1249de8f10ffd977c8ee2d6e30d06691551285b43
Title: valid TLS certificate for bananakick.net

Search URL Search Domain Scan URL

URL: https://www.reuters.com/investigates/special-report/usa-raven-whitehouse/
Title: known to target

Search URL Search Domain Scan URL

URL: https://www.usom.gov.tr/zararli-baglantilar/1.html
Title: available on their website

Search URL Search Domain Scan URL

URL: https://www.amnesty.org/en/latest/research/2018/08/amnesty-international-among-targets-of-nso-powered-campaign/
Title: three

Search URL Search Domain Scan URL

URL: https://www.amnesty.org/en/latest/research/2019/10/morocco-human-rights-defenders-targeted-with-nso-groups-spyware/
Title: Amnesty

Search URL Search Domain Scan URL

URL: https://www.theglobeandmail.com/technology/foreign-journalists-in-china-target-of-computer-attack/article1202851/
Title: China

Search URL Search Domain Scan URL

URL: https://www.theguardian.com/media/2020/may/28/how-the-free-press-worldwide-is-under-threat
Title: worsening

Search URL Search Domain Scan URL

URL: https://cpj.org/reports/2019/09/10-most-censored-eritrea-north-korea-turkmenistan-journalist/
Title: more traditional

Search URL Search Domain Scan URL

URL: https://www.tandfonline.com/doi/full/10.1080/21670811.2020.1777882
Title: fragmented and often ad-hoc security practices and cultures

Search URL Search Domain Scan URL

URL: https://cltc.berkeley.edu/journosec-guides
Title: recent

Search URL Search Domain Scan URL

URL: https://www.ohchr.org/EN/Issues/FreedomOpinion/Pages/SR2019ReportToHRC.aspx
Title: called for by the U.N. Special Rapporteur

Search URL Search Domain Scan URL

URL: https://support.apple.com/en-us/HT204204
Title: Click here for instructions

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=Read%20%22The%20Great%20iPwn%3A%20Journalists%20Hacked%20with%20Suspected%20NSO%20Group%20iMessage%20%E2%80%98Zero-Click%E2%80%99%20Exploit%22%20by%20%40citizenlab%3A%20https%3A%2F%2Fcitizenlab.ca%2F2020%2F12%2Fthe-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit%2F

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fcitizenlab.ca%2F2020%2F12%2Fthe-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit%2F

Search URL Search Domain Scan URL

URL: https://twitter.com/citizenlab

Search URL Search Domain Scan URL

URL: https://www.facebook.com/citizenlab.uoft

Search URL Search Domain Scan URL

URL: https://github.com/citizenlab

Search URL Search Domain Scan URL

URL: https://creativecommons.org/licenses/by/2.5/ca/
Title: Creative Commons Attribution 2.5 Canada

Search URL Search Domain Scan URL

URL: http://munkschool.utoronto.ca/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/ 105 KB
29 KB 543ms
207ms Document
text/html 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 / PHP/7.4.9

Resource Hash

c64b6561851faf5d7a61c066c8b7c8f7829186e840210a76a40a343bb5d4de60

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: citizenlab.ca
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx/1.10.2
Date: Tue, 22 Dec 2020 06:16:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 28680
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.9
Access-Control-Allow-Origin: https://targetedthreats.net
Link: <https://citizenlab.ca/wp-json/>; rel="https://api.w.org/" <https://citizenlab.ca/wp-json/wp/v2/posts/74693>; rel="alternate"; type="application/json" <https://citizenlab.ca/?p=74693>; rel=shortlink
Content-Encoding: gzip
X-Varnish: 12483516 19867245
Age: 2919
Via: 1.1 varnish-v4
X-Cache-Svr: citizenlab.ca
X-Cache: HIT
Accept-Ranges: bytes
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
Feature-Policy: sync-xhr 'self'

GET
H/1.1 200
OK style.min.css
citizenlab.ca/wp-includes/css/dist/block-library/ 53 KB
8 KB 122ms
114ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:33 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding, Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Fri, 25 Sep 2020 00:36:00 GMT
Server: nginx/1.10.2
ETag: W/"5f6d3b70-d293"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 67530642 196611
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK bigfoot-number.css
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/ 7 KB
3 KB 233ms
111ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-number.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

b59c123856bc07c991490850f67ba6ac949e53d8507efcab17da979f8d1626bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:33 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding, Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 11 May 2020 19:33:56 GMT
Server: nginx/1.10.2
ETag: W/"5eb9a8a4-1b6f"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483518 163846
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK frontend.min.css
citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/css/ 8 KB
1 KB 328ms
108ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/css/frontend.min.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

90368b5a3711b1777dc287f535cfc1be62b69a362a1af847558cb7c44c7f3974

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:33 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81682
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding, Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 09 Nov 2020 18:42:24 GMT
Server: nginx/1.10.2
ETag: W/"5fa98d90-1e0f"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 67530646 32783
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK ytprefs.min.css
citizenlab.ca/wp-content/plugins/youtube-embed-plus/styles/ 6 KB
2 KB 327ms
108ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:33 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81682
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding, Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Fri, 25 Sep 2020 00:37:29 GMT
Server: nginx/1.10.2
ETag: W/"5f6d3bc9-178c"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483520 65547
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK tachyons.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/ 82 KB
17 KB 428ms
207ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/tachyons.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

9f8cd7283bcdb3ac33f8f7e8e9d7718e78ba431331a0fec9d9f9966be229cf7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:33 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding, Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-147de"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 67530648 163843
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK style.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/ 14 KB
4 KB 335ms
113ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

79aa7fbee1766dfae7d36821299f9d735c451cbd935b4b21d61b1b062518c125

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:33 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding, Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-395b"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483522 229379
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK sprite-navigation-white.css
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/ 2 KB
1 KB 337ms
111ms Stylesheet
text/css 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/sprite-navigation-white.css

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

271d4eeab3dfc90b3b83aa3d0b80916fb00be28bac5e01be0e6a519e113947a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:33 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
Content-Encoding: gzip
Vary: Accept-Encoding, Accept-Encoding
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-8ca"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 67530650 131078
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Content-Type: text/css
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK frontend.min.js Show response
citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/js/ 9 KB
10 KB 343ms
112ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/google-analytics-for-wordpress/assets/js/frontend.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:33 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 09 Nov 2020 18:42:24 GMT
Server: nginx/1.10.2
ETag: W/"5fa98d90-2452"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483524 98310
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK jquery.js Show response
citizenlab.ca/wp-includes/js/jquery/ 95 KB
95 KB 529ms
202ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-includes/js/jquery/jquery.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 22 May 2019 05:03:06 GMT
Server: nginx/1.10.2
ETag: W/"5ce4d80a-17a69"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 67530652 65550
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK ytprefs.min.js Show response
citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ 10 KB
10 KB 438ms
111ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

01c4b7ea2a08142064d2c3994a2cc73d7c55125d586d2a918ce3482f4439e1f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Fri, 25 Sep 2020 00:37:29 GMT
Server: nginx/1.10.2
ETag: W/"5f6d3bc9-2669"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483526 131081
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK modernizr.custom.min.js Show response
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/libs/ 15 KB
15 KB 542ms
207ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/libs/modernizr.custom.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

5498eab9ddd9c6790d3e401556c0daaa159bcf36708cb89fee8184bf38e4b7aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-3b16"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 67530654 98313
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK CL-logo-3-headed.png
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/ 5 KB
5 KB 209ms
111ms Image
image/png 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/CL-logo-3-headed.png

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

a697516b3931d47c9536d0e3643c6baabb14437558ef2f0386e3045583fff79b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-12fa"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199819 294925
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/png
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK MunkSchool-WHT.png
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/ 20 KB
21 KB 216ms
115ms Image
image/png 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/MunkSchool-WHT.png

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

1a6200b14c640e875c4bcc5cb418261017a8c752d66115257509c409ef485834

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-5106"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199821 262161
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/png
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK magnifying-glass.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/iconic/ 462 B
885 B 212ms
111ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/iconic/magnifying-glass.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

1ae815c379ad102a8d8720bf9f3f6040a1c2bb3a2ea96c8013764e55e768b452

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2384
X-Cache: HIT
Connection: keep-alive
Content-Length: 287
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-1ce"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483540 62686117
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK chevron-left.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/ 318 B
803 B 163ms
107ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/chevron-left.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

d6a343d1f22a917f6cd12624a677162451fa8c0f9059b5b8abbf06eab46b793a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2384
X-Cache: HIT
Connection: keep-alive
Content-Length: 205
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-13e"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483538 51448378
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H3-Q050 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 1560
date: Tue, 22 Dec 2020 05:50:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Tue, 22 Dec 2020 07:50:34 GMT

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
citizenlab.ca/wp-includes/js/ 14 KB
15 KB 112ms
112ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-includes/js/wp-emoji-release.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81683
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Fri, 25 Sep 2020 00:35:59 GMT
Server: nginx/1.10.2
ETag: W/"5f6d3b6f-37a6"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199823 32777
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK twitter.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 743 B
1 KB 110ms
110ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/twitter.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

2b89374058dde71565df2120d15fb73a06f9718778c6ef91341aa27855a8a86e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2382
X-Cache: HIT
Connection: keep-alive
Content-Length: 445
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-2e7"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483544 67611291
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK facebook.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 471 B
914 B 110ms
110ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/facebook.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

bb4964d892c82c6d0ef9c1d37a5aa95605f592b81b62c5996a541d9feebfeafe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2323
X-Cache: HIT
Connection: keep-alive
Content-Length: 316
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-1d7"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483546 51448415
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK whatsapp.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 1 KB
1 KB 111ms
111ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/whatsapp.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

01433a836afe3b4bf68d036d88cb96a818e29c44440e9580aec5ecc7bffa88da

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2323
X-Cache: HIT
Connection: keep-alive
Content-Length: 630
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-470"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199827 38226135
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK email.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 171 B
758 B 110ms
110ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/email.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

420f7a6963b9e4b626ec805e39949fb6c283f6ca02c1738ffc4f8d5e6e8f5d92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2381
X-Cache: HIT
Connection: keep-alive
Content-Length: 161
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-ab"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199829 51448400
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK scroll-sidebar.js Show response
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/ 4 KB
4 KB 111ms
111ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/scroll-sidebar.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

364f751289c5d07f35b6e12f15102874bffe4ccb0bf5b644178da0d899f67e0c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-f5d"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 67530656 65553
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK twitter-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/ 735 B
1 KB 107ms
107ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/plugins/basic-sharing/img/twitter-white.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

7b23afced91408fcd93e27596f9cc61400beef5cc604597157b7bf873529a6a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2381
X-Cache: HIT
Connection: keep-alive
Content-Length: 444
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 05 Jul 2017 17:48:33 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "595d2671-2df"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483550 38225929
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK facebook-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/ 464 B
914 B 111ms
110ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/plugins/basic-sharing/img/facebook-white.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

637a6aa073f15a0f017cd26bb6ae7d393bebe56eb158bce9c881cb83e18508e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2381
X-Cache: HIT
Connection: keep-alive
Content-Length: 316
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 05 Jul 2017 17:48:33 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "595d2671-1d0"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199831 62686129
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK email-white.svg
citizenlab.ca/wp-content/plugins/basic-sharing/img/ 183 B
765 B 109ms
109ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/plugins/basic-sharing/img/email-white.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

f2934aed20330ca34ef46d0295cce9e239aa2c4da7c50fc6365095774056f7ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2381
X-Cache: HIT
Connection: keep-alive
Content-Length: 168
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 05 Jul 2017 17:48:33 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "595d2671-b7"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483552 38225926
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK github-white.svg
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/ 825 B
1 KB 110ms
110ms Image
image/svg+xml 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/images/brands/github-white.svg

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

d8b2a716fe0171afe660655ba27d2eeea343616d996d32500b28ba5fef051a46

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 2381
X-Cache: HIT
Connection: keep-alive
Content-Length: 474
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
X-Frame-Options: SAMEORIGIN
ETag: "5eea2ce4-339"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199833 20585833
Via: 1.1 varnish-v4
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: image/svg+xml
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK bigfoot.js Show response
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/ 28 KB
29 KB 110ms
110ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

900997a69d45375550212e3532ddae9c3999f1baa5bfaffadf29aa59c7ea0beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 11 May 2020 19:33:56 GMT
Server: nginx/1.10.2
ETag: W/"5eb9a8a4-70b0"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483530 98316
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK bigfoot.min.js Show response
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/ 12 KB
13 KB 118ms
115ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

7ea292934ffa2874392f579fac47bd8c5edbda9b6a5b52373895fd9f275f6abc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 11 May 2020 19:33:56 GMT
Server: nginx/1.10.2
ETag: W/"5eb9a8a4-31c9"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 67530658 98319
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK bigfoot-function.js Show response
citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/ 17 B
666 B 111ms
108ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-function.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

d9a81f50f0701b959fb97cb775f4ab21336d7ca950924b9b67dda773cfba3d04

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Mon, 11 May 2020 19:33:56 GMT
Server: nginx/1.10.2
ETag: W/"5eb9a8a4-11"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 66160671 65559
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK fitvids.min.js Show response
citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ 3 KB
3 KB 114ms
111ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Fri, 25 Sep 2020 00:37:29 GMT
Server: nginx/1.10.2
ETag: W/"5f6d3bc9-aaf"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 67830084 65562
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK search-menu.js Show response
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/ 1 KB
2 KB 113ms
110ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/search-menu.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

ec3d1cd769d5423d9e82e9608fffb841aed45deea9169407c5493da64b5b337a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-486"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199813 262149
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK jquery.details.min.js Show response
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/jquery-details/ 2 KB
3 KB 115ms
113ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/js/jquery-details/jquery.details.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

8d0927b83c2b8bc4d5e9caa08c31fbd1d189f550a0fafc7a79d1f53a9cc872ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: W/"5eea2ce4-851"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199811 65565
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK wp-embed.min.js Show response
citizenlab.ca/wp-includes/js/ 1 KB
2 KB 110ms
110ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-includes/js/wp-embed.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Tue, 12 May 2020 15:47:10 GMT
Server: nginx/1.10.2
ETag: W/"5ebac4fe-59a"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199817 65568
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK forms.min.js Show response
citizenlab.ca/wp-content/plugins/mailchimp-for-wp/assets/js/ 7 KB
7 KB 172ms
108ms Script
application/javascript 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/plugins/mailchimp-for-wp/assets/js/forms.min.js

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/2020/12/the-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

4a967a69edb3b1b523c71a86b0c665fa93436249640a987aead72a28ca348461

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
Age: 81681
Transfer-Encoding: chunked
X-Cache: HIT
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Fri, 25 Sep 2020 00:37:33 GMT
Server: nginx/1.10.2
ETag: W/"5f6d3bcd-1abd"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483542 32794
Access-Control-Allow-Origin: *
cache-control: public, max-age=2592000
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/javascript
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK source-sans-pro-v9-latin-regular.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/ 11 KB
12 KB 176ms
109ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/source-sans-pro-v9-latin-regular.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

adbbb1570f134e34309f6335b650f8704232d270f25624283a8b56ea48236e57

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 2384
X-Cache: HIT
Connection: keep-alive
Content-Length: 11400
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-2c88"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483532 67611246
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK source-sans-pro-v11-latin_cyrillic-700.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/ 22 KB
22 KB 302ms
201ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/source-sans-pro-v11-latin_cyrillic-700.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

f6b888fcb7d32a0ae96a913e1c32b69565f2531a2022006e4e91b48e408f44bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 2381
X-Cache: HIT
Connection: keep-alive
Content-Length: 22104
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-5658"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 51199815 20585830
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK Oswald-Medium.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/Oswald/ 15 KB
16 KB 220ms
116ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/Oswald/Oswald-Medium.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

181abeaeff7b0322fe12dd622050e445647524cc8bcba696ad4ecc369d240da6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 2381
X-Cache: HIT
Connection: keep-alive
Content-Length: 15528
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-3ca8"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 59495106 38225919
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK Oswald-Regular.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/Oswald/ 34 KB
34 KB 307ms
204ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/Oswald/Oswald-Regular.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

c917890db16d209bcb5221dcadbbdf0d877531aaf8bf96c2be95016f2c01dc80

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 2381
X-Cache: HIT
Connection: keep-alive
Content-Length: 34488
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-86b8"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483534 51448385
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

GET
H/1.1 200
OK source-sans-pro-v9-latin-italic.woff2
citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/ 11 KB
12 KB 217ms
114ms Font
application/octet-stream 66.70.203.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/fonts/source-sans-pro-v9-latin-italic.woff2

Requested by

Host: citizenlab.ca
URL: https://citizenlab.ca/wp-content/themes/citizenlab-2.0.3/library/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

66.70.203.130 Montreal, Canada, ASN16276 (OVH, FR),

Reverse DNS

vps.citizenlab.ca

Software

nginx/1.10.2 /

Resource Hash

69d776d65aa27596857008e9762d926ba60349c39280d5044890c8885474e166

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://citizenlab.ca
Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 22 Dec 2020 06:16:34 GMT
Via: 1.1 varnish-v4
X-Content-Type-Options: nosniff
X-Accept-Ranges: bytes
Age: 2381
X-Cache: HIT
Connection: keep-alive
Content-Length: 11200
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin
Last-Modified: Wed, 17 Jun 2020 14:47:00 GMT
Server: nginx/1.10.2
ETag: "5eea2ce4-2bc0"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15768000
X-Varnish: 12483536 62686122
Access-Control-Allow-Origin: *
Feature-Policy: sync-xhr 'self'
Accept-Ranges: bytes
Content-Type: application/octet-stream
X-Cache-Svr: citizenlab.ca

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
64 B 13ms
13ms XHR
text/plain 2a00:1450:4001:820::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&aip=1&a=1169926237&t=pageview&_s=1&dl=https%3A%2F%2Fcitizenlab.ca%2F2020%2F12%2Fthe-great-ipwn-journalists-hacked-with-suspected-nso-group-imessage-zero-click-exploit%2F&ul=en-us&de=UTF-8&dt=The%20Great%20iPwn%3A%20Journalists%20Hacked%20with%20Suspected%20NSO%20Group%20iMessage%20%27Zero-Click%27%20Exploit%20-%20The%20Citizen%20Lab&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABCAAAAC~&jid=1847229222&gjid=1802859393&cid=1572863962.1608617795&tid=UA-19652411-2&_gid=919150817.1608617795&_r=1&_slc=1&did=dZGIzZG&z=1197934958

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://citizenlab.ca/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 22 Dec 2020 06:16:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://citizenlab.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.citizenlab.ca/	1970-01-19 14:50:17	Name: _gat Value: 1
.citizenlab.ca/	1970-01-19 14:51:44	Name: _gid Value: GA1.2.919150817.1608617795
.citizenlab.ca/	1970-01-20 08:21:29	Name: _ga Value: GA1.2.1572863962.1608617795

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js(Line 2) Message: YT API init check
console-api	log	URL: https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js(Line 2) Message: YT API init check
console-api	log	URL: https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js(Line 2) Message: YT API init check
console-api	log	URL: https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js(Line 2) Message: YT API init check

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

citizenlab.ca
www.google-analytics.com
2a00:1450:4001:820::200e
66.70.203.130
01433a836afe3b4bf68d036d88cb96a818e29c44440e9580aec5ecc7bffa88da
01c4b7ea2a08142064d2c3994a2cc73d7c55125d586d2a918ce3482f4439e1f4
181abeaeff7b0322fe12dd622050e445647524cc8bcba696ad4ecc369d240da6
1a6200b14c640e875c4bcc5cb418261017a8c752d66115257509c409ef485834
1ae815c379ad102a8d8720bf9f3f6040a1c2bb3a2ea96c8013764e55e768b452
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
271d4eeab3dfc90b3b83aa3d0b80916fb00be28bac5e01be0e6a519e113947a0
2b89374058dde71565df2120d15fb73a06f9718778c6ef91341aa27855a8a86e
364f751289c5d07f35b6e12f15102874bffe4ccb0bf5b644178da0d899f67e0c
420f7a6963b9e4b626ec805e39949fb6c283f6ca02c1738ffc4f8d5e6e8f5d92
4a967a69edb3b1b523c71a86b0c665fa93436249640a987aead72a28ca348461
5498eab9ddd9c6790d3e401556c0daaa159bcf36708cb89fee8184bf38e4b7aa
54b16a534f27d39f8edb7dd908ecf182b4be466f86f28ac0f01f415f2ba9d1cf
637a6aa073f15a0f017cd26bb6ae7d393bebe56eb158bce9c881cb83e18508e6
63a6d926d277a3d64d30e349fa0ea2b0630e9801d173e1947ff3bd6060147ef4
69d776d65aa27596857008e9762d926ba60349c39280d5044890c8885474e166
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
79aa7fbee1766dfae7d36821299f9d735c451cbd935b4b21d61b1b062518c125
7b23afced91408fcd93e27596f9cc61400beef5cc604597157b7bf873529a6a6
7ea292934ffa2874392f579fac47bd8c5edbda9b6a5b52373895fd9f275f6abc
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8cb438bd4d1961f80ade4f1a295ca7de253630adcdd10473932908e638908c5e
8d0927b83c2b8bc4d5e9caa08c31fbd1d189f550a0fafc7a79d1f53a9cc872ed
900997a69d45375550212e3532ddae9c3999f1baa5bfaffadf29aa59c7ea0beb
90368b5a3711b1777dc287f535cfc1be62b69a362a1af847558cb7c44c7f3974
9f8cd7283bcdb3ac33f8f7e8e9d7718e78ba431331a0fec9d9f9966be229cf7b
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a697516b3931d47c9536d0e3643c6baabb14437558ef2f0386e3045583fff79b
aba0ac3c89011196a2c6b54d868991e18ffaf494c8e3afc97451be087b93770c
adbbb1570f134e34309f6335b650f8704232d270f25624283a8b56ea48236e57
b59c123856bc07c991490850f67ba6ac949e53d8507efcab17da979f8d1626bc
bb4964d892c82c6d0ef9c1d37a5aa95605f592b81b62c5996a541d9feebfeafe
c64b6561851faf5d7a61c066c8b7c8f7829186e840210a76a40a343bb5d4de60
c917890db16d209bcb5221dcadbbdf0d877531aaf8bf96c2be95016f2c01dc80
d6a343d1f22a917f6cd12624a677162451fa8c0f9059b5b8abbf06eab46b793a
d8b2a716fe0171afe660655ba27d2eeea343616d996d32500b28ba5fef051a46
d9a81f50f0701b959fb97cb775f4ab21336d7ca950924b9b67dda773cfba3d04
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ec3d1cd769d5423d9e82e9608fffb841aed45deea9169407c5493da64b5b337a
f2934aed20330ca34ef46d0295cce9e239aa2c4da7c50fc6365095774056f7ad
f6b888fcb7d32a0ae96a913e1c32b69565f2531a2022006e4e91b48e408f44bc

citizenlab.ca Open in urlscan Pro 66.70.203.130 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

41 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

424 kBTransfer

646 kBSize

3 Cookies

47 Outgoing links

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

citizenlab.ca Open in urlscan Pro
66.70.203.130 Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

424 kB
Transfer

646 kB
Size

3
Cookies

41 HTTP transactions
0 data transactions