landing.efcollegestudytours.com Open in urlscan Pro
52.23.55.224 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Submission Tags: phishing malicious Search All
Submission: On November 11 via api (November 11th 2020, 9:12:26 pm UTC) from US

Summary HTTP 49 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 20 IPs in 6 countries across 17 domains to perform 49 HTTP transactions. The main IP is 52.23.55.224, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is landing.efcollegestudytours.com.
TLS certificate: Issued by Trusted Secure Certificate Authority 5 on December 11th 2019. Valid for: 2 years.

This is the only time landing.efcollegestudytours.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
9	52.23.55.224 52.23.55.224	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
2	2606:2800:234... 2606:2800:234:660:118e:28f:1d8a:2522	15133 (EDGECAST) (EDGECAST)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
3	2600:9000:20a... 2600:9000:20ae:2200:15:a92b:8a80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:2a	20446 (HIGHWINDS3) (HIGHWINDS3)
1 2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c03::9a	15169 (GOOGLE) (GOOGLE)
1	216.58.208.34 216.58.208.34	15169 (GOOGLE) (GOOGLE)
8	2606:4700:20:... 2606:4700:20::ac43:49ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a02:26f0:10c... 2a02:26f0:10c:582::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a00:1450:400... 2a00:1450:4001:81a::200e	15169 (GOOGLE) (GOOGLE)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.190.11.84 35.190.11.84	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81f::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
49	20

9 52.23.55.224 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-23-55-224.compute-1.amazonaws.com

landing.efcollegestudytours.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:660:118e:28f:1d8a:2522 (United States)

ASN15133 (EDGECAST, US)

fast.fonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20ae:2200:15:a92b:8a80:93a1 (United States)

ASN16509 (AMAZON-02, US)

iuploads.scribblecdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c03::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.208.34 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra15s12-in-f34.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::ac43:49ec (United States)

ASN13335 (CLOUDFLARENET, US)

c.lytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:10c:582::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:81a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.11.84 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 84.11.190.35.bc.googleusercontent.com

api.lytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	lytics.io c.lytics.io api.lytics.io	44 KB
9	efcollegestudytours.com landing.efcollegestudytours.com	202 KB
7	google-analytics.com 1 redirects ssl.google-analytics.com www.google-analytics.com	36 KB
3	facebook.com www.facebook.com	511 B
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net	2 KB
3	scribblecdn.net iuploads.scribblecdn.net	772 KB
2	licdn.com snap.licdn.com	3 KB
2	facebook.net connect.facebook.net	92 KB
2	jquery.com code.jquery.com	65 KB
2	fonts.net fast.fonts.net	960 B
2	googleapis.com fonts.googleapis.com	1 KB
1	google.de www.google.de	153 B
1	google.com www.google.com	339 B
1	googleadservices.com www.googleadservices.com	12 KB
1	googletagmanager.com www.googletagmanager.com	76 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	7 KB
49	17

	Domain	Requested by
9	landing.efcollegestudytours.com	landing.efcollegestudytours.com
8	c.lytics.io	www.googletagmanager.com c.lytics.io landing.efcollegestudytours.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
3	www.facebook.com	landing.efcollegestudytours.com
3	iuploads.scribblecdn.net	landing.efcollegestudytours.com
2	px.ads.linkedin.com	1 redirects landing.efcollegestudytours.com
2	snap.licdn.com	landing.efcollegestudytours.com snap.licdn.com
2	connect.facebook.net	landing.efcollegestudytours.com connect.facebook.net
2	stats.g.doubleclick.net	landing.efcollegestudytours.com www.google-analytics.com
2	ssl.google-analytics.com	1 redirects landing.efcollegestudytours.com
2	code.jquery.com	landing.efcollegestudytours.com
2	fast.fonts.net	landing.efcollegestudytours.com fast.fonts.net
2	fonts.googleapis.com	landing.efcollegestudytours.com
1	www.google.de	landing.efcollegestudytours.com
1	www.google.com	landing.efcollegestudytours.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	api.lytics.io	c.lytics.io
1	www.linkedin.com	1 redirects
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	landing.efcollegestudytours.com
1	maxcdn.bootstrapcdn.com	landing.efcollegestudytours.com
49	21

This site contains links to these domains. Also see Links.

Domain
careers.ef.com
www.efcollegestudytours.com

Subject Issuer	Validity	Valid
landing.efcollegestudytours.com Trusted Secure Certificate Authority 5	`2019-12-11` - `2021-12-10`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
s9.wac.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2019-01-16` - `2021-02-03`	2 years	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-22` - `2021-10-12`	a year	crt.sh
*.scribblecdn.net Amazon	`2020-03-27` - `2021-04-27`	a year	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-17` - `2021-07-17`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-11-02` - `2021-01-30`	3 months	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.lytics.io DigiCert ECC Secure Server CA	`2020-09-22` - `2021-10-24`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-10-20` - `2021-01-12`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-10-28` - `2021-01-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Frame ID: 7CE57E1E85D08AE3F01FD81EA844515E
Requests: 49 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

49
Requests

100 %
HTTPS

86 %
IPv6

17
Domains

21
Subdomains

20
IPs

6
Countries

1314 kB
Transfer

2569 kB
Size

17
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://careers.ef.com/
Title: Careers

Search URL Search Domain Scan URL

URL: http://www.efcollegestudytours.com/legal/legal-notices
Title: Privacy Policy and Legal Notices

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1326351006&utmhn=landing.efcollegestudytours.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Refer%20a%20Colleague%20%7C%20EF%20College%20Study%20Tours&utmhid=1277012790&utmr=-&utmp=%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&utmht=1605129128317&utmac=UA-8007042-1&utmcc=__utma%3D165422955.793005754.1605129128.1605129128.1605129128.1%3B%2B__utmz%3D165422955.1605129128.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1285464134&utmredir=1&utmu=qBAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-8007042-1&cid=793005754.1605129128&jid=1285464134&_v=5.7.2&z=1326351006

Request Chain 29

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=188082&url=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&time=1605129128396 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D188082%26url%3Dhttps%253A%252F%252Flanding.efcollegestudytours.com%252Freferral%253Fsourcecode%253DCST_Referral_EMSig%26time%3D1605129128396%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=188082&url=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&time=1605129128396&liSync=true

49 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request referral Show response
landing.efcollegestudytours.com/ 55 KB
16 KB 390ms
170ms Document
text/html 52.23.55.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.23.55.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-23-55-224.compute-1.amazonaws.com

Software

Resource Hash

e1f252d7efa1519fc0147d7691f2e39903bbcbc12c1de929858633ca346b21fd

Security Headers

Name	Value
Content-Security-Policy

Request headers

:method: GET
:authority: landing.efcollegestudytours.com
:scheme: https
:path: /referral?sourcecode=CST_Referral_EMSig
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
cache-control: no-cache
pragma: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
expires: -1
vary: Accept-Encoding
set-cookie: ASP.NET_SessionId=gx3rvhr1oltwmtfgdz3aqbrn; path=/; HttpOnly; SameSite=Lax LiveBall=uid=17349759&uky=K79XJ4TW&rid=25134430; domain=efcollegestudytours.com; expires=Thu, 11-Nov-2021 06:00:00 GMT; path=/;SameSite=none;Secure=true
content-security-policy
date: Wed, 11 Nov 2020 21:12:07 GMT
content-length: 16368

GET
H2 200 css
fonts.googleapis.com/ 7 KB
833 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,700

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e7dc51f8129edc1019a4b379da2972e86e85ce6882857a472ef9c6370a7191ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 20:42:30 GMT
server: ESF
date: Wed, 11 Nov 2020 21:12:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Nov 2020 21:12:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 372 B
372 B 18ms
15ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Ovo

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

53d8eceb2aa4651b7c27b81faac1ca843b5f458d735357c590204e50c0f4137c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Nov 2020 21:12:07 GMT
server: ESF
date: Wed, 11 Nov 2020 21:12:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Nov 2020 21:12:07 GMT

GET
H2 200 217e2b8a-1675-4def-b196-05880749e54c.css
fast.fonts.net/cssapi/ 4 KB
851 B 30ms
7ms Stylesheet
text/css 2606:2800:234:660:118e:28f:1d8a:2522
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/cssapi/217e2b8a-1675-4def-b196-05880749e54c.css
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41AF) /
Resource Hash: 7165be0c73cfa36c86a70f47d2165a7b3f71968b0f7f08fea47eff323d4d4ad1

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
content-encoding: gzip
last-modified: Wed, 13 Mar 2019 15:32:56 GMT
server: ECS (fcn/41AF)
age: 1020623
status: 200
etag: "4182405175"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 658
expires: Wed, 18 Nov 2020 21:12:08 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 29ms
10ms Stylesheet
text/css 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:35:20 GMT
status: 200
etag: "1544639720"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 7050

GET
H2 200 ixp-runtime.min.js Show response
landing.efcollegestudytours.com/Scripts/ 47 KB
21 KB 121ms
119ms Script
application/javascript 52.23.55.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://landing.efcollegestudytours.com/Scripts/ixp-runtime.min.js?r=80.7613
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.23.55.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-55-224.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 1a3a934d90549c670e4d6be1925c2ecd36ed991ba397d50ddc637e7a25f2d33a

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:07 GMT
content-encoding: gzip
last-modified: Wed, 04 Nov 2020 19:48:36 GMT
server: Microsoft-IIS/10.0
etag: "02e67be3b2d61:0"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 21202

GET
H2 200 ixp-microthemes.min.css
landing.efcollegestudytours.com/Templates/ 188 KB
12 KB 106ms
104ms Stylesheet
text/css 52.23.55.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://landing.efcollegestudytours.com/Templates/ixp-microthemes.min.css?r=80.7613
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.23.55.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-55-224.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 621c11a0f28aa44c3dac3d4b247845c6c77b38ddf91f89f5117baaa007cc599d

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:07 GMT
content-encoding: gzip
last-modified: Wed, 04 Nov 2020 19:48:58 GMT
server: Microsoft-IIS/10.0
etag: "0f1289e3b2d61:0"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 12006

GET
H2 200 theme.css
landing.efcollegestudytours.com/Templates/ion/ion_Framework_v4.0/themes/EFT_ThemeKit/ 144 KB
18 KB 184ms
183ms Stylesheet
text/css 52.23.55.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://landing.efcollegestudytours.com/Templates/ion/ion_Framework_v4.0/themes/EFT_ThemeKit/theme.css?v=20200430160615563
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.23.55.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-55-224.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 355fa52d1e11d73fed514fbaf19ac962156045339c711c77dbf95d3194c932d7

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:07 GMT
content-encoding: gzip
last-modified: Thu, 30 Apr 2020 21:06:15 GMT
server: Microsoft-IIS/10.0
etag: "c7eb8d2f331fd61:0"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 18018

GET
H2 200 themeform.css
landing.efcollegestudytours.com/templates/ion/ion_framework_v4.0/themes/eft_themekit/ 20 KB
3 KB 108ms
106ms Stylesheet
text/css 52.23.55.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://landing.efcollegestudytours.com/templates/ion/ion_framework_v4.0/themes/eft_themekit/themeform.css?v=20200430160615563
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.23.55.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-55-224.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: ab40b0a5533b98d9234a038ff2ebe1fc93f51016b7424c010f61fe2efe31f268

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:07 GMT
content-encoding: gzip
last-modified: Thu, 10 Mar 2016 22:04:39 GMT
server: Microsoft-IIS/10.0
etag: "87a64dd7187bd11:0"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 3424

GET
H2 200 cst_logo_new.png
iuploads.scribblecdn.net/df822f63-03e1-4383-a93c-0c67d8fac93c/global/imagelib/uncategorized/ 10 KB
10 KB 547ms
476ms Image
image/png 2600:9000:20ae:2200:15:a92b:8a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://iuploads.scribblecdn.net/df822f63-03e1-4383-a93c-0c67d8fac93c/global/imagelib/uncategorized/cst_logo_new.png?v=10282019212735
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ae:2200:15:a92b:8a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8bf24036c1dbc8acbdb9dd840e3bbbe44c44e5814af5036876f3a3c0da37a677

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 11 Nov 2020 21:12:09 GMT
via: 1.1 f9efc23cea6c58604ef3f56c3631925f.cloudfront.net (CloudFront)
last-modified: Tue, 10 Mar 2020 01:44:44 GMT
server: AmazonS3
x-amz-cf-pop: WAW50-C1
etag: "8677bb674cdea44f537120e6d7b05edd"
x-cache: Miss from cloudfront
content-type: image/png
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 10245
x-amz-cf-id: 8DvBG5yGJSSNegOvXXGcHHsuEDpsd4ex5xL67UlBIstBo-Cbb1lraQ==

GET
H2 200 bottom_asset-04cc02ca7f021dba119f6934569b7400adfa5645.png
iuploads.scribblecdn.net/df822f63-03e1-4383-a93c-0c67d8fac93c/global/imagelib/uncategorized/ 552 KB
553 KB 549ms
489ms Image
image/png 2600:9000:20ae:2200:15:a92b:8a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://iuploads.scribblecdn.net/df822f63-03e1-4383-a93c-0c67d8fac93c/global/imagelib/uncategorized/bottom_asset-04cc02ca7f021dba119f6934569b7400adfa5645.png?v=04172019160919
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ae:2200:15:a92b:8a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a0c44a7e2ede8df8e6208503275d349fd54841c04512a3442adf94a5240a807c

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 11 Nov 2020 21:12:09 GMT
via: 1.1 f9efc23cea6c58604ef3f56c3631925f.cloudfront.net (CloudFront)
last-modified: Tue, 10 Mar 2020 01:43:18 GMT
server: AmazonS3
x-amz-cf-pop: WAW50-C1
etag: "0757c8cfdeb934d32663a3b1fb041c9b"
x-cache: Miss from cloudfront
content-type: image/png
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 565289
x-amz-cf-id: 1CvcFZBQfB2HbyDfWIoc995s8CWKItXz0glTGlqLLcV8cC6-E4lSKA==

GET
H2 200 spacer.gif
landing.efcollegestudytours.com/ 43 B
143 B 96ms
94ms Image
image/gif 52.23.55.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://landing.efcollegestudytours.com/spacer.gif
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.23.55.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-55-224.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:07 GMT
last-modified: Wed, 04 Nov 2020 19:47:14 GMT
server: Microsoft-IIS/10.0
etag: "0cd54be3b2d61:0"
content-type: image/gif
status: 200
cache-control: public, max-age=300
accept-ranges: bytes
content-length: 43

GET
H2 200 KeyGrip.ashx
landing.efcollegestudytours.com/ 70 B
106 B 98ms
96ms Image
image/gif 52.23.55.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://landing.efcollegestudytours.com/KeyGrip.ashx?lb3id=17349759$K79XJ4TW$25134430

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.23.55.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-23-55-224.compute-1.amazonaws.com

Software

Resource Hash

96be21393ffdc9129af65365ccbd7dd7458c1eaac7982a02e3697e08566edf3d

Security Headers

Name	Value
Content-Security-Policy

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
content-security-policy
cache-control: public, max-age=300
date: Wed, 11 Nov 2020 21:12:07 GMT
content-length: 70
content-type: image/gif

GET
H2 200 1.css
fast.fonts.net/t/ 0
109 B 7ms
7ms Stylesheet
text/css 2606:2800:234:660:118e:28f:1d8a:2522
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/t/1.css?apiType=css&projectid=217e2b8a-1675-4def-b196-05880749e54c
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/217e2b8a-1675-4def-b196-05880749e54c.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:660:118e:28f:1d8a:2522 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (fcn/41AE) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://fast.fonts.net/cssapi/217e2b8a-1675-4def-b196-05880749e54c.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
last-modified: Wed, 21 Feb 2018 12:55:22 GMT
server: ECS (fcn/41AE)
age: 2297395
etag: "616070693"
status: 200
x-cache: HIT
content-type: text/css
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 0
expires: Wed, 11 Nov 2020 21:12:07 GMT

GET
H2 200 jquery-1.11.1.min.js Show response
code.jquery.com/ 94 KB
33 KB 9ms
8ms Script
application/javascript 2001:4de0:ac19::1:b:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.1.min.js
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/Scripts/ixp-runtime.min.js?r=80.7613
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
content-encoding: gzip
last-modified: Fri, 24 Oct 2014 00:16:07 GMT
server: nginx
status: 200
etag: W/"54499a47-1762a"
vary: Accept-Encoding
x-hw: 1605129128.dop214.fr8.t,1605129128.cds290.fr8.hc,1605129128.cds227.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 33202

GET
H2 200 jquery-1.11.2.min.js Show response
code.jquery.com/ 94 KB
33 KB 23ms
9ms Script
application/javascript 2001:4de0:ac19::1:b:2a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.2.min.js
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
content-encoding: gzip
last-modified: Wed, 17 Dec 2014 16:05:21 GMT
server: nginx
status: 200
etag: W/"5491a9c1-176bb"
vary: Accept-Encoding
x-hw: 1605129128.dop214.fr8.t,1605129128.cds290.fr8.hc,1605129128.cds202.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 33262

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 2560
date: Wed, 11 Nov 2020 20:29:28 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Wed, 11 Nov 2020 22:29:28 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 355 KB
76 KB 39ms
19ms Script
application/javascript 2a00:1450:4001:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5GND

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5e5fe839c2025306e4374603a8acf9d99115f6b095608a5e53589d6a94d26892

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77383
x-xss-protection: 0
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 11 Nov 2020 21:12:08 GMT

GET
H2 200 fb-seq_ad-2_lp_stage_(1).jpg
iuploads.scribblecdn.net/df822f63-03e1-4383-a93c-0c67d8fac93c/global/imagelib/uncategorized/ 208 KB
209 KB 607ms
601ms Image
image/jpeg 2600:9000:20ae:2200:15:a92b:8a80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://iuploads.scribblecdn.net/df822f63-03e1-4383-a93c-0c67d8fac93c/global/imagelib/uncategorized/fb-seq_ad-2_lp_stage_(1).jpg
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ae:2200:15:a92b:8a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fcd2a062c35f95778ce90c151b99fe3c8782cb6e804bad479b9e7d5be310d028

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Wed, 11 Nov 2020 21:12:09 GMT
via: 1.1 f9efc23cea6c58604ef3f56c3631925f.cloudfront.net (CloudFront)
last-modified: Tue, 10 Mar 2020 01:38:00 GMT
server: AmazonS3
x-amz-cf-pop: WAW50-C1
etag: "fdce5bc4994b4c33592c370bd0bcd680"
x-cache: Miss from cloudfront
content-type: image/jpeg
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 213109
x-amz-cf-id: NPIvFG-5U-swOEvdBjmTY5KBgtOA0nXQk2iNYA5MSsjOoFF4cG8rFQ==

GET
H2 200 iconSelect.png
landing.efcollegestudytours.com/templates/ion/ion_framework_v4.0/themes/eft_themekit/ 232 B
318 B 94ms
94ms Image
image/png 52.23.55.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://landing.efcollegestudytours.com/templates/ion/ion_framework_v4.0/themes/eft_themekit/iconSelect.png
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/templates/ion/ion_framework_v4.0/themes/eft_themekit/themeform.css?v=20200430160615563
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.23.55.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-55-224.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 10435bddeb1acf8eada063170b77d51df3463e7f02f9939f22e3ccf985c62545

Request headers

Referer: https://landing.efcollegestudytours.com/templates/ion/ion_framework_v4.0/themes/eft_themekit/themeform.css?v=20200430160615563
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:07 GMT
last-modified: Fri, 20 Jun 2014 13:08:20 GMT
server: Microsoft-IIS/10.0
etag: "907490b5888ccf1:0"
content-type: image/png
status: 200
cache-control: public, max-age=300
accept-ranges: bytes
content-length: 232

GET
H2 200 EFCircularWeb-Bold.woff
landing.efcollegestudytours.com/Templates/ion/ion_Framework_v4.0/themes/EFT_ThemeKit/ 131 KB
131 KB 97ms
96ms Font
application/x-font-woff 52.23.55.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://landing.efcollegestudytours.com/Templates/ion/ion_Framework_v4.0/themes/EFT_ThemeKit/EFCircularWeb-Bold.woff
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/Templates/ion/ion_Framework_v4.0/themes/EFT_ThemeKit/theme.css?v=20200430160615563
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.23.55.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-23-55-224.compute-1.amazonaws.com
Software: Microsoft-IIS/10.0 /
Resource Hash: 3dda76071cd1404f5277de462268fcfdae2492b2a278fb0b8279b97a28ab10b2

Request headers

Origin: https://landing.efcollegestudytours.com
Referer: https://landing.efcollegestudytours.com/Templates/ion/ion_Framework_v4.0/themes/EFT_ThemeKit/theme.css?v=20200430160615563
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:07 GMT
last-modified: Wed, 14 Aug 2019 21:16:14 GMT
server: Microsoft-IIS/10.0
etag: "13d04781e552d51:0"
content-type: application/x-font-woff
status: 200
accept-ranges: bytes
content-length: 133835

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1326351006&utmhn=landing.efcollegestudytours.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&ut...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-8007042-1&cid=793005754.1605129128&jid=1285464134&_v=5.7.2&z=1326351006

35 B
113 B

13ms
13ms

Image
image/gif

2a00:1450:400c:c03::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-8007042-1&cid=793005754.1605129128&jid=1285464134&_v=5.7.2&z=1326351006

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c03::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Nov 2020 21:12:08 GMT
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 11 Nov 2020 21:12:08 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 302
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-8007042-1&cid=793005754.1605129128&jid=1285464134&_v=5.7.2&z=1326351006
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 369
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 30 KB
12 KB 94ms
35ms Script
text/javascript 216.58.208.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GND

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.208.34 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s12-in-f34.1e100.net

Software

cafe /

Resource Hash

0bfb81a6d3e2ed2e0cb381a9f933355ff00e64cd0d80724e83559861cad12711

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11472
x-xss-protection: 0
server: cafe
etag: 8286593240961886057
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Nov 2020 21:12:08 GMT

GET
H2 200 lio.js Show response
c.lytics.io/api/tag/2858/ 45 KB
12 KB 75ms
19ms Script
application/javascript 2606:4700:20::ac43:49ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/api/tag/2858/lio.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GND
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af62728ea7e37b54e809ccf8966f3a98c83f4e6edc43159b093b426908cb25a8

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 4368
status: 200
content-encoding: br
cf-request-id: 065abfe1db0000178ae1200000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NyJrv30KneM%2FIVULusQG4OYrwv0u2d40cTdaPOg2MBU6veSB8wz4tL%2FT7LusCEfG1yVv52Mun0jmVgjCMY0WC9YZXnJzIJyq3sEEg78DAyrK2dnZAf%2FRSA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7200
cf-ray: 5f0b027c9bf1178a-FRA

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 88 KB
23 KB 17ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 23070
x-xss-protection: 0
pragma: public
x-fb-debug: TmfvVIPFGxiPspavFXfkwNcpGr/wRTVGSupsihCg4mg/ZJxQ2GqvUpbY96TfbaBwU9tkOj2JUyExroAU2cfl7A==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Wed, 11 Nov 2020 21:12:08 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 965 B
761 B 27ms
9ms Script
application/x-javascript 2a02:26f0:10c:582::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:582::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 11 Nov 2020 21:12:08 GMT
Content-Encoding: gzip
Last-Modified: Tue, 22 Sep 2020 22:01:48 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=23777
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 448

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5GND

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 6980
date: Wed, 11 Nov 2020 19:15:48 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Wed, 11 Nov 2020 21:15:48 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
79 B 14ms
13ms XHR
text/plain 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1277012790&t=pageview&_s=1&dl=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&ul=en-us&de=UTF-8&dt=Refer%20a%20Colleague%20%7C%20EF%20College%20Study%20Tours&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_utma=165422955.793005754.1605129128.1605129128.1605129128.1&_utmz=165422955.1605129128.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1605129128379&_u=YQBCAEABAAAAAC~&jid=2121677231&gjid=1429215642&cid=793005754.1605129128&tid=UA-8007042-1&_gid=1679112732.1605129128&_r=1&gtm=2wgas15GND&cd8=null&cd9=793005754.1605129128&z=1982397247

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Nov 2020 21:12:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: text/plain
access-control-allow-origin: https://landing.efcollegestudytours.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:582::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:582::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Wed, 11 Nov 2020 21:12:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 03 Sep 2020 20:29:41 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=72297
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 696448013798261 Show response
connect.facebook.net/signals/config/ 234 KB
69 KB 115ms
115ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/696448013798261?v=2.9.27&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a63a8e3610e46d8214279bf70e11f3c86ef2eb34bb1e1ec11a0b90aeb413b095

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: 2kEzq97q3bMaKcdDEdPQLtkXT/RE8GRBRjtRIfoRWXj2A1tCaWHcRs5KCYqgfstSWMzGt54NN8iJEIwkHZKsPg==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Wed, 11 Nov 2020 21:12:08 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=188082&url=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&time=1605129128396
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D188082%26url%3Dhttps%253A%252F%252Flanding.efcollegestudytours.com%252Freferral%2...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=188082&url=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&time=1605129128396&liSync=true

0
58 B

109ms
108ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=188082&url=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&time=1605129128396&liSync=true
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: rADSLnCQRhYwMCKQKysAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id lnkd.demdex.net blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/ platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: dzR3KnCQRhYwSg2TYCsAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: 9DEAFC98184E47CF876C7FBD1FE97DD6 Ref B: FRAEDGE1121 Ref C: 2020-11-11T21:12:08Z
x-frame-options: sameorigin
date: Wed, 11 Nov 2020 21:12:07 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=188082&url=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&time=1605129128396&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H3-Q050 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
453 B 38ms
13ms XHR
text/plain 2a00:1450:400c:c03::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-8007042-1&cid=793005754.1605129128&jid=2121677231&gjid=1429215642&_gid=1679112732.1605129128&_u=YQBCAEAAAAAAAC~&z=2113249196

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c03::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Nov 2020 21:12:08 GMT
status: 200
content-type: text/plain
access-control-allow-origin: https://landing.efcollegestudytours.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 io.min.js Show response
c.lytics.io/static/v2/ 13 KB
6 KB 16ms
15ms Script
text/javascript 2606:4700:20::ac43:49ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/static/v2/io.min.js
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/api/tag/2858/lio.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c0e0ca6ba3ee267ba14d39184efb68c958717fc6e58b528b700502c0aea5170

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5262
status: 200
content-encoding: br
cf-request-id: 065abfe1f20000178af32f7000000001
last-modified: Wed, 29 Apr 2020 21:03:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0MSGN%2F9UMc72qeBLV4KUc7EvT1i7eyudrMLdAq6xDLc9lKlkSrWrvQEdeQd3pXTITH4%2FifUBPohwNigoQzr2cYDHirutZJYBrZx2vn2PK0ldiD0CkBkYRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: max-age=7200
cf-ray: 5f0b027cbc59178a-FRA

GET
H2 200 81572.25640119714 Show response
api.lytics.io/api/me/425e1a929aeafe7bc5b2d0647603e35a/_uid/ 165 B
389 B 198ms
142ms Script
application/json 35.190.11.84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.lytics.io/api/me/425e1a929aeafe7bc5b2d0647603e35a/_uid/81572.25640119714?segments=true&mergestate=true&callback=window.lio.segmentscb&state=%7B%22gtm.start%22%3A1605129128208%2C%22event%22%3A%22gtm.js%22%2C%22gtm.uniqueEventId%22%3A1%2C%22LiveBall%22%3A%22uid%3D17349759%26uky%3DK79XJ4TW%26rid%3D25134430%22%2C%22_ga%22%3A%22165422955.793005754%22%2C%22_ts%22%3A1605129128452%2C%22_nmob%22%3A%22t%22%2C%22_device%22%3A%22desktop%22%2C%22url%22%3A%22landing.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig%22%2C%22_uid%22%3A%2281572.25640119714%22%2C%22_v%22%3A%222.0.0%22%2C%22_e%22%3A%22pv%22%2C%22_sesstart%22%3A%221%22%2C%22_tz%22%3A1%2C%22_ul%22%3A%22en-US%22%2C%22_sz%22%3A%221600x1200%22%2C%22_ca%22%3A%22jstag1%22%7D&ts=1605129128456
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/api/tag/2858/lio.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.11.84 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 84.11.190.35.bc.googleusercontent.com
Software: lytics.io 20b1e7271cc5805a5b2f813c2cb5e8a6d0880ffe /
Resource Hash: 14b3f10160e86f83b5e50addfe645d5ac5b09f26d10f04bb610213c470368f68

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
content-encoding: gzip
server: lytics.io 20b1e7271cc5805a5b2f813c2cb5e8a6d0880ffe
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Cookie, *
status: 200
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin
alt-svc: clear
content-length: 148
via: 1.1 google

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1011245228/ 2 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1011245228/?random=1605129128461&cv=9&fst=1605129128461&num=1&label=gJ8xCMzQ6mUQrMGZ4gM&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgas1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&tiba=Refer%20a%20Colleague%20%7C%20EF%20College%20Study%20Tours&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54be81d7e478ac5ceb834404f6f0ba2b02c7f8eca8b4857b8821613f8acf8bc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Nov 2020 21:12:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1101
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/1011245228/ 42 B
339 B 22ms
22ms Image
image/gif 2a00:1450:4001:81f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1011245228/?random=1605129128461&cv=9&fst=1605128400000&num=1&label=gJ8xCMzQ6mUQrMGZ4gM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgas1&sendb=1&frm=0&url=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&tiba=Refer%20a%20Colleague%20%7C%20EF%20College%20Study%20Tours&async=1&fmt=3&is_vtc=1&random=1127060303&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Nov 2020 21:12:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/1011245228/ 42 B
153 B 23ms
22ms Image
image/gif 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1011245228/?random=1605129128461&cv=9&fst=1605128400000&num=1&label=gJ8xCMzQ6mUQrMGZ4gM&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgas1&sendb=1&frm=0&url=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&tiba=Refer%20a%20Colleague%20%7C%20EF%20College%20Study%20Tours&async=1&fmt=3&is_vtc=1&random=1127060303&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Nov 2020 21:12:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
265 B 18ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=696448013798261&ev=PageView&dl=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&rl=&if=false&ts=1605129128539&sw=1600&sh=1200&v=2.9.27&r=stable&ec=0&o=30&fbp=fb.1.1605129128538.1392865793&it=1605129128392&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 11 Nov 2020 21:12:08 GMT

GET
H2 200 pathfora.min.js Show response
c.lytics.io/static/ 100 KB
20 KB 35ms
34ms Script
text/javascript 2606:4700:20::ac43:49ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/static/pathfora.min.js
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/api/tag/2858/lio.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d168ba515a51b5718ba8f51cc423e6458094e282e9426f9cbc03ed09166bd09a

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5266
status: 200
content-encoding: br
cf-request-id: 065abfe2de0000178ab430b000000001
last-modified: Fri, 12 Jun 2020 19:10:40 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mJuLLN8j%2FEB0yV5vtcY4RE%2F6%2FZ8i3AO78IXquMfDKsLIpnCjKjU%2F%2BjjG6%2FxSSXGwWJg22wzBXRK04ApR36YMhkdyGIF4wileEKAFjzuXhQ0kVkSAhqJb%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
cache-control: max-age=7200
cf-ray: 5f0b027e280b178a-FRA

GET
H2 200 2858
c.lytics.io/c/ 35 B
324 B 175ms
174ms Image
image/gif 2606:4700:20::ac43:49ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/2858?_ts=1605129128656&_nmob=t&_device=desktop&url=landing.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&_ga=165422955.793005754&_uid=81572.25640119714&_v=2.0.0&_e=pv&_sesstart=1&_tz=1&_ul=en-US&_sz=1600x1200&_ca=jstag1
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
access-control-allow-methods: GET, POST
content-length: 35
cf-request-id: 065abfe2e10000178a76958000000001
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jKzDpwe96ocu1nl0ae2niMrmLLXo6ZKKG%2FyNnO3FfZ%2FlmOh0w2KB9ZeTICZagpXZUPE9yt5wQu%2Ff1%2FfO%2BgxqkdJQDVzlOixB2TeYABamVyjRxOGhwk97tg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-ray: 5f0b027e2810178a-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires: 0

GET
H2 200 default
c.lytics.io/c/2858/ 35 B
545 B 136ms
135ms Image
image/gif 2606:4700:20::ac43:49ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/2858/default?gtm.start=1605129128208&event=gtm.js&gtm.uniqueEventId=1&_ts=1605129128659&_nmob=t&_device=desktop&url=landing.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&_ga=165422955.793005754&_uid=81572.25640119714&_v=2.0.0&_ca=jstag1
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
access-control-allow-methods: GET, POST
content-length: 35
cf-request-id: 065abfe2e00000178a8031c000000001
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SnEXED8QPPkXiNDVZ48qi8ggcYaYSU6vBHEZ1pU%2FUoA9PRdh%2FoIsR4trn3L7L%2Bcgu6gk0xSN%2FK4V0OKcKIM%2FFxscfdrjPbVOo4wN1deCyVxIWZN2OEeyzg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-ray: 5f0b027e2814178a-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires: 0

GET
H2 200 default
c.lytics.io/c/2858/ 35 B
582 B 137ms
136ms Image
image/gif 2606:4700:20::ac43:49ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.lytics.io/c/2858/default?LiveBall=uid%3D17349759%26uky%3DK79XJ4TW%26rid%3D25134430&_ga=165422955.793005754&_ts=1605129128660&_nmob=t&_device=desktop&url=landing.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&_uid=81572.25640119714&_v=2.0.0&_ca=jstag1
Requested by: Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
status: 200
access-control-allow-methods: GET, POST
content-length: 35
cf-request-id: 065abfe2e10000178ab8320000000001
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lsd7MQ8PF%2BhJlQP0Zxq4%2BiGCvMGd%2FD2moQC0X%2FuXov9WkVVAUqDO8q0nFSbWIYFyCMXFLcIm9TPfMsHx0Gd0OYE%2Bmd5JROjFx1DH06kHFD9qwXtB5JZc%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cf-ray: 5f0b027e2816178a-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Cookie, *
expires: 0

GET
H2 200 /
www.facebook.com/tr/ 44 B
100 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=696448013798261&ev=Lytics%20Audiences&dl=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&rl=&if=false&ts=1605129128663&cd[default_anon_seg]=true&cd[notenrolled]=true&cd[unknown]=true&cd[no_tr]=true&cd[smt_new]=true&cd[all]=true&cd[ly_unknown_email]=true&sw=1600&sh=1200&v=2.9.27&r=stable&ec=1&o=30&fbp=fb.1.1605129128538.1392865793&it=1605129128392&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: landing.efcollegestudytours.com
URL: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 11 Nov 2020 21:12:08 GMT

GET
H2 200 pathfora.min.css
c.lytics.io/static/ 20 KB
3 KB 27ms
27ms Stylesheet
text/css 2606:4700:20::ac43:49ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/static/pathfora.min.css
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/static/pathfora.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 58aa5964d6f5dc68b2180e943ea63b6031c0ba83e44d9815e724b10f2f615f9f

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 5263
status: 200
content-encoding: br
cf-request-id: 065abfe3150000178abda45000000001
last-modified: Fri, 12 Jun 2020 19:10:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AG%2F6mLmjcwPD0jE1PUAtQFa3CaKhbHaIu6UzPRgcUSlncYsWqPEtSTz7jGYlM8CRqQkajd3i7XeZ%2BFSJfneiDmEgyDl%2F0U4F8QqMa47NEXtGNo%2BkW47uSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: max-age=7200
cf-ray: 5f0b027e890f178a-FRA

GET
H2 200 config.js Show response
c.lytics.io/api/program/campaign/config/425e1a929aeafe7bc5b2d0647603e35a/ 327 B
473 B 28ms
28ms Script
application/javascript 2606:4700:20::ac43:49ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.lytics.io/api/program/campaign/config/425e1a929aeafe7bc5b2d0647603e35a/config.js
Requested by: Host: c.lytics.io
URL: https://c.lytics.io/api/tag/2858/lio.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:49ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4844fb8e90185473b005feba5c25c6aa87918b3bfd8e28c9f852844fff7ad36b

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:08 GMT
via: 1.1 google
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1229
status: 200
content-encoding: br
cf-request-id: 065abfe3150000178a7b24d000000001
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YprvpTduXvzN6Ab6ZEoqcHqw2Z%2BnJkXyAtVkLwxSkS7bsTyjMvc26wbsoqCeWLzkgHSt2TWT9fXdmoAEW22z4CrCmRk34cX0a%2Fkr9woJvuNsYcfC9AzL8g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7200
cf-ray: 5f0b027e8912178a-FRA

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
63 B 7ms
6ms Image
image/gif 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1277012790&t=event&ni=1&_s=1&dl=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&ul=en-us&de=UTF-8&dt=Refer%20a%20Colleague%20%7C%20EF%20College%20Study%20Tours&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll&ea=25%25&_utma=165422955.793005754.1605129128.1605129128.1605129128.1&_utmz=165422955.1605129128.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1605129129137&_u=aTDCCEABBAAAAC~&jid=&gjid=&cid=793005754.1605129128&tid=UA-8007042-1&_gid=1679112732.1605129128&gtm=2wgas15GND&cd8=null&cd9=793005754.1605129128&z=1324868379

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Nov 2020 03:15:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 64597
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
58 B 7ms
6ms Image
image/gif 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1277012790&t=event&ni=1&_s=1&dl=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&ul=en-us&de=UTF-8&dt=Refer%20a%20Colleague%20%7C%20EF%20College%20Study%20Tours&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll&ea=50%25&_utma=165422955.793005754.1605129128.1605129128.1605129128.1&_utmz=165422955.1605129128.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1605129129141&_u=aTDCCEABBAAAAC~&jid=&gjid=&cid=793005754.1605129128&tid=UA-8007042-1&_gid=1679112732.1605129128&gtm=2wgas15GND&cd8=null&cd9=793005754.1605129128&z=1606807402

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Nov 2020 03:15:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 64597
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
58 B 7ms
7ms Image
image/gif 2a00:1450:4001:81a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1277012790&t=event&ni=1&_s=1&dl=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&ul=en-us&de=UTF-8&dt=Refer%20a%20Colleague%20%7C%20EF%20College%20Study%20Tours&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll&ea=75%25&_utma=165422955.793005754.1605129128.1605129128.1605129128.1&_utmz=165422955.1605129128.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1605129129145&_u=aTDCCEABBAAAAC~&jid=&gjid=&cid=793005754.1605129128&tid=UA-8007042-1&_gid=1679112732.1605129128&gtm=2wgas15GND&cd8=null&cd9=793005754.1605129128&z=349048523

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Nov 2020 03:15:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 64597
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
146 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=696448013798261&ev=Microdata&dl=https%3A%2F%2Flanding.efcollegestudytours.com%2Freferral%3Fsourcecode%3DCST_Referral_EMSig&rl=&if=false&ts=1605129130042&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Refer%20a%20Colleague%20%7C%20EF%20College%20Study%20Tours%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.27&r=stable&ec=2&o=30&fbp=fb.1.1605129128538.1392865793&it=1605129128392&coo=false&dpo=LDU&dpoco=0&dpost=0&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://landing.efcollegestudytours.com/referral?sourcecode=CST_Referral_EMSig
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 11 Nov 2020 21:12:10 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 11 Nov 2020 21:12:10 GMT

Verdicts & Comments Add Verdict or Comment

69 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.efcollegestudytours.com/	1970-01-19 16:01:45	Name: _fbp Value: fb.1.1605129128538.1392865793
landing.efcollegestudytours.com/	1970-01-19 14:35:21	Name: ly_segs Value: %7B%22default_anon_seg%22%3A%22default_anon_seg%22%2C%22notenrolled%22%3A%22notenrolled%22%2C%22unknown%22%3A%22unknown%22%2C%22no_tr%22%3A%22no_tr%22%2C%22smt_new%22%3A%22smt_new%22%2C%22all%22%3A%22all%22%2C%22ly_unknown_email%22%3A%22ly_unknown_email%22%7D
.efcollegestudytours.com/	1970-01-19 16:01:45	Name: seerid Value: 81572.25640119714
.efcollegestudytours.com/	1970-01-20 07:23:21	Name: _ga Value: GA1.2.793005754.1605129128
.efcollegestudytours.com/	1970-01-19 13:52:09	Name: __utmt Value: 1
.efcollegestudytours.com/	1969-12-31 23:59:59	Name: __utmc Value: 165422955
.efcollegestudytours.com/	1970-01-19 13:52:09	Name: _gat_UA-8007042-1 Value: 1
.efcollegestudytours.com/	1970-01-19 13:53:35	Name: _gid Value: GA1.2.1679112732.1605129128
.landing.efcollegestudytours.com/	1970-01-19 16:01:45	Name: seerid Value: 81572.25640119714
.efcollegestudytours.com/	1970-01-19 18:14:57	Name: __utmz Value: 165422955.1605129128.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.efcollegestudytours.com/	1970-01-19 22:36:50	Name: LiveBall Value: uid=17349759&uky=K79XJ4TW&rid=25134430
.landing.efcollegestudytours.com/	1970-01-19 13:52:10	Name: seerses Value: e
.efcollegestudytours.com/	1970-01-19 16:01:45	Name: _gcl_au Value: 1.1.1082291232.1605129128
.efcollegestudytours.com/	1970-01-19 13:52:10	Name: seerses Value: e
landing.efcollegestudytours.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: gx3rvhr1oltwmtfgdz3aqbrn
.efcollegestudytours.com/	1970-01-19 13:52:10	Name: __utmb Value: 165422955.1.10.1605129128
.efcollegestudytours.com/	1970-01-20 07:23:21	Name: __utma Value: 165422955.793005754.1605129128.1605129128.1605129128.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.lytics.io
c.lytics.io
code.jquery.com
connect.facebook.net
fast.fonts.net
fonts.googleapis.com
googleads.g.doubleclick.net
iuploads.scribblecdn.net
landing.efcollegestudytours.com
maxcdn.bootstrapcdn.com
px.ads.linkedin.com
snap.licdn.com
ssl.google-analytics.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
2001:4de0:ac19::1:b:1a
2001:4de0:ac19::1:b:2a
216.58.208.34
2600:9000:20ae:2200:15:a92b:8a80:93a1
2606:2800:234:660:118e:28f:1d8a:2522
2606:4700:20::ac43:49ec
2620:1ec:21::14
2a00:1450:4001:806::200a
2a00:1450:4001:809::2003
2a00:1450:4001:809::2008
2a00:1450:4001:81a::200e
2a00:1450:4001:81f::2004
2a00:1450:4001:820::2002
2a00:1450:4001:820::2008
2a00:1450:400c:c03::9a
2a02:26f0:10c:582::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:10:101::b93f:9105
35.190.11.84
52.23.55.224
0bfb81a6d3e2ed2e0cb381a9f933355ff00e64cd0d80724e83559861cad12711
10435bddeb1acf8eada063170b77d51df3463e7f02f9939f22e3ccf985c62545
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
14b3f10160e86f83b5e50addfe645d5ac5b09f26d10f04bb610213c470368f68
1a3a934d90549c670e4d6be1925c2ecd36ed991ba397d50ddc637e7a25f2d33a
1c0e0ca6ba3ee267ba14d39184efb68c958717fc6e58b528b700502c0aea5170
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
355fa52d1e11d73fed514fbaf19ac962156045339c711c77dbf95d3194c932d7
3dda76071cd1404f5277de462268fcfdae2492b2a278fb0b8279b97a28ab10b2
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
4844fb8e90185473b005feba5c25c6aa87918b3bfd8e28c9f852844fff7ad36b
53d8eceb2aa4651b7c27b81faac1ca843b5f458d735357c590204e50c0f4137c
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54be81d7e478ac5ceb834404f6f0ba2b02c7f8eca8b4857b8821613f8acf8bc1
58aa5964d6f5dc68b2180e943ea63b6031c0ba83e44d9815e724b10f2f615f9f
5e5fe839c2025306e4374603a8acf9d99115f6b095608a5e53589d6a94d26892
621c11a0f28aa44c3dac3d4b247845c6c77b38ddf91f89f5117baaa007cc599d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7165be0c73cfa36c86a70f47d2165a7b3f71968b0f7f08fea47eff323d4d4ad1
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8bf24036c1dbc8acbdb9dd840e3bbbe44c44e5814af5036876f3a3c0da37a677
96be21393ffdc9129af65365ccbd7dd7458c1eaac7982a02e3697e08566edf3d
a0c44a7e2ede8df8e6208503275d349fd54841c04512a3442adf94a5240a807c
a63a8e3610e46d8214279bf70e11f3c86ef2eb34bb1e1ec11a0b90aeb413b095
ab40b0a5533b98d9234a038ff2ebe1fc93f51016b7424c010f61fe2efe31f268
af62728ea7e37b54e809ccf8966f3a98c83f4e6edc43159b093b426908cb25a8
d168ba515a51b5718ba8f51cc423e6458094e282e9426f9cbc03ed09166bd09a
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e1f252d7efa1519fc0147d7691f2e39903bbcbc12c1de929858633ca346b21fd
e37570ef85a3553930ba20dfab7280bfcead8a2238b536b5c03c629c35b3d4ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e7dc51f8129edc1019a4b379da2972e86e85ce6882857a472ef9c6370a7191ac
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f10b9b0c4107ca5a40a5c69b1ac91a8948d84f39893dee6b429cdbdb05887093
fcd2a062c35f95778ce90c151b99fe3c8782cb6e804bad479b9e7d5be310d028

landing.efcollegestudytours.com Open in urlscan Pro 52.23.55.224 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

49 Requests

100 %HTTPS

86 %IPv6

17 Domains

21 Subdomains

20 IPs

6 Countries

1314 kBTransfer

2569 kBSize

17 Cookies

2 Outgoing links

Redirected requests

49 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

landing.efcollegestudytours.com Open in urlscan Pro
52.23.55.224 Public Scan

Screenshot
Live screenshot

Full Image

49
Requests

100 %
HTTPS

86 %
IPv6

17
Domains

21
Subdomains

20
IPs

6
Countries

1314 kB
Transfer

2569 kB
Size

17
Cookies

49 HTTP transactions
0 data transactions