canada-eta.visasyst.com
54.192.35.95
Malicious Activity!
Public Scan
Open in
urlscan Pro
Submitted URL: https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fcanada%2deta.visasyst.com&umid=C1C8B7BB-4F0B-0C06-A3E7-...
6yr old
Effective URL: https://canada-eta.visasyst.com/ 1yr old
Submission: On April 09 via manual from MX — Scanned from FR
Effective URL: https://canada-eta.visasyst.com/ 1yr old
Submission: On April 09 via manual from MX — Scanned from FR
Summary
This website contacted 17 IPs
in 4 countries
across 13 domains to perform 62 HTTP transactions.
The main IP is 54.192.35.95, located in
United States and
belongs to AMAZON-02 - Amazon.com, Inc., US.
The main domain is canada-eta.visasyst.com.
1yr old
TLS certificate: Issued by Amazon RSA 2048 M01 on October 22nd 2025. Valid for: 1yr.
This is the only time canada-eta.visasyst.com was scanned on urlscan.io!
TLS certificate: Issued by Amazon RSA 2048 M01 on October 22nd 2025. Valid for: 1yr.
This is the only time canada-eta.visasyst.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Immigration Visa Scam (Travel)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 184.32.81.13 184.32.81.13 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 27 | 54.192.35.95 54.192.35.95 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 3 | 2a00:1450:400... 2a00:1450:4001:c1f::5f | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 | 3.167.227.120 3.167.227.120 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 13.33.222.116 13.33.222.116 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 18.245.86.69 18.245.86.69 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 4 | 2a00:1450:400... 2a00:1450:4001:c0f::61 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 142.251.20.94 142.251.20.94 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 4 | 3.69.161.208 3.69.161.208 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 2 | 151.101.2.132 151.101.2.132 | 54113 (FASTLY) (FASTLY - Fastly) | |
| 2 | 2600:9000:28e... 2600:9000:28eb:f600:5:b7cc:d3c0:93a1 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 4 | 2600:9000:264... 2600:9000:2644:8800:6:9280:1080:93a1 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 7 | 2620:1ec:33:1... 2620:1ec:33:1::10 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
| 1 | 2620:1ec:33::10 2620:1ec:33::10 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
| 2 | 3.174.46.44 3.174.46.44 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 2a05:d018:cc3... 2a05:d018:cc3:fe04:ecfd:546:f9c2:fe95 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 62 | 17 |
1
184.32.81.13
(Boardman, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-184-32-81-13.us-west-2.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-184-32-81-13.us-west-2.compute.amazonaws.com
| ddei5-0-ctp.trendmicro.com 6yr old |
27
54.192.35.95
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-35-95.fra56.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-35-95.fra56.r.cloudfront.net
| canada-eta.visasyst.com 1yr old |
3
2a00:1450:4001:c1f::5f
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| fonts.googleapis.com 56yr old |
1
104.17.25.14
(Ascension Island)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| cdnjs.cloudflare.com 13yr old |
1
3.167.227.120
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-167-227-120.fra60.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-167-227-120.fra60.r.cloudfront.net
| cdn.eu.amplitude.com 2yr old |
1
13.33.222.116
(New York, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-33-222-116.fra60.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-33-222-116.fra60.r.cloudfront.net
| www.datadoghq-browser-agent.com 7yr old |
1
18.245.86.69
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-245-86-69.fra60.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-245-86-69.fra60.r.cloudfront.net
| cdn.amplitude.com 9yr old |
1
104.18.10.207
(Ascension Island)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| stackpath.bootstrapcdn.com 8yr old |
4
2a00:1450:4001:c0f::61
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| www.googletagmanager.com 56yr old |
1
142.251.20.94
(United States)
ASN15169 (GOOGLE - Google LLC, US)
PTR: bx-in-f94.1e100.net
ASN15169 (GOOGLE - Google LLC, US)
PTR: bx-in-f94.1e100.net
| fonts.gstatic.com 9yr old |
4
3.69.161.208
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-69-161-208.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-69-161-208.eu-central-1.compute.amazonaws.com
| api.eu.amplitude.com 5yr old |
2
151.101.2.132
(United States)
ASN54113 (FASTLY - Fastly, Inc., US)
ASN54113 (FASTLY - Fastly, Inc., US)
| flag.lab.eu.amplitude.com 3yr old |
2
2600:9000:28eb:f600:5:b7cc:d3c0:93a1
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
| sdk.privacy-center.org 8yr old |
4
2600:9000:2644:8800:6:9280:1080:93a1
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
| s.adroll.com 9yr old |
7
2620:1ec:33:1::10
(United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
| bat.bing.com 56yr old |
1
2620:1ec:33::10
(United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
| bat.bing.net 3yr old |
2
3.174.46.44
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-174-46-44.fra60.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-174-46-44.fra60.r.cloudfront.net
| sdk.privacy-center.org 8yr old |
1
2a05:d018:cc3:fe04:ecfd:546:f9c2:fe95
(Dublin, Ireland)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
| d.adroll.com 9yr old |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 27 |
visasyst.com
canada-eta.visasyst.com 1yr old |
397 KB |
| 8 |
amplitude.com
cdn.eu.amplitude.com — Cisco Umbrella Rank: 28386 2yr old cdn.amplitude.com — Cisco Umbrella Rank: 2065 9yr old api.eu.amplitude.com — Cisco Umbrella Rank: 9994 5yr old flag.lab.eu.amplitude.com — Cisco Umbrella Rank: 48732 3yr old |
73 KB |
| 7 |
bing.com
bat.bing.com — Cisco Umbrella Rank: 373 56yr old |
17 KB |
| 5 |
adroll.com
1 redirects
s.adroll.com — Cisco Umbrella Rank: 4444 9yr old d.adroll.com — Cisco Umbrella Rank: 2123 9yr old |
32 KB |
| 4 |
privacy-center.org
sdk.privacy-center.org — Cisco Umbrella Rank: 3495 8yr old |
177 KB |
| 4 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40 56yr old |
618 KB |
| 3 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46 56yr old |
3 KB |
| 1 |
bing.net
bat.bing.net — Cisco Umbrella Rank: 3598 3yr old |
345 B |
| 1 |
gstatic.com
fonts.gstatic.com — Cisco Umbrella Rank: 27 9yr old |
125 KB |
| 1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3402 8yr old |
7 KB |
| 1 |
datadoghq-browser-agent.com
www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1128 7yr old |
48 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237 13yr old |
25 KB |
| 1 |
trendmicro.com
1 redirects
ddei5-0-ctp.trendmicro.com — Cisco Umbrella Rank: 92979 6yr old |
321 B |
| 62 | 13 |
| Domain | Requested by | |
|---|---|---|
| 27 | canada-eta.visasyst.com |
canada-eta.visasyst.com
www.datadoghq-browser-agent.com |
| 7 | bat.bing.com |
www.googletagmanager.com
bat.bing.com canada-eta.visasyst.com |
| 4 | s.adroll.com |
1 redirects
www.googletagmanager.com
canada-eta.visasyst.com s.adroll.com |
| 4 | sdk.privacy-center.org |
www.googletagmanager.com
sdk.privacy-center.org |
| 4 | api.eu.amplitude.com |
www.datadoghq-browser-agent.com
|
| 4 | www.googletagmanager.com |
canada-eta.visasyst.com
www.googletagmanager.com |
| 3 | fonts.googleapis.com |
canada-eta.visasyst.com
|
| 2 | flag.lab.eu.amplitude.com |
cdn.eu.amplitude.com
|
| 1 | d.adroll.com |
s.adroll.com
|
| 1 | bat.bing.net |
bat.bing.com
|
| 1 | fonts.gstatic.com |
fonts.googleapis.com
|
| 1 | stackpath.bootstrapcdn.com |
canada-eta.visasyst.com
|
| 1 | cdn.amplitude.com |
canada-eta.visasyst.com
|
| 1 | www.datadoghq-browser-agent.com |
canada-eta.visasyst.com
|
| 1 | cdn.eu.amplitude.com |
canada-eta.visasyst.com
|
| 1 | cdnjs.cloudflare.com |
canada-eta.visasyst.com
|
| 1 | ddei5-0-ctp.trendmicro.com | 1 redirects |
| 62 | 17 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.canada.ca |
| app.enjoyusanow.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.visasyst.com Amazon RSA 2048 M01 |
2025-10-22 - 2026-11-20 |
1yr | crt.sh |
| upload.video.google.com WE2 |
2026-03-23 - 2026-06-15 |
3mo | crt.sh |
| cdnjs.cloudflare.com WE1 |
2026-03-14 - 2026-06-12 |
3mo | crt.sh |
| cdn.eu.amplitude.com Amazon RSA 2048 M01 |
2026-03-30 - 2026-10-13 |
7mo | crt.sh |
| *.datadoghq-browser-agent.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2026-03-21 - 2026-10-05 |
7mo | crt.sh |
| cdn.amplitude.com Amazon RSA 2048 M01 |
2025-10-15 - 2026-11-13 |
1yr | crt.sh |
| bootstrapcdn.com WE1 |
2026-03-05 - 2026-06-03 |
3mo | crt.sh |
| *.google-analytics.com WE2 |
2026-03-23 - 2026-06-15 |
3mo | crt.sh |
| *.gstatic.com WE2 |
2026-03-23 - 2026-06-15 |
3mo | crt.sh |
| api.eu.amplitude.com Amazon ECDSA 256 M04 |
2026-04-09 - 2026-10-23 |
7mo | crt.sh |
| *.lab.eu.amplitude.com GlobalSign Atlas R3 DV TLS CA 2026 Q1 |
2026-02-05 - 2027-03-09 |
1yr | crt.sh |
| *.privacy-center.org Amazon RSA 2048 M01 |
2026-02-09 - 2027-03-09 |
1yr | crt.sh |
| s.adroll.com Amazon RSA 2048 M01 |
2026-03-03 - 2026-09-16 |
7mo | crt.sh |
| www.bing.com Microsoft TLS G2 RSA CA OCSP 04 |
2026-02-02 - 2026-08-01 |
6mo | crt.sh |
| bat.bing.net Microsoft Azure RSA TLS Issuing CA 08 |
2026-01-18 - 2026-07-17 |
6mo | crt.sh |
| d.adroll.com Amazon RSA 2048 M04 |
2025-08-11 - 2026-09-09 |
1yr | crt.sh |
This page contains 1 frames:
Primary Page:
https://canada-eta.visasyst.com/
Frame ID: B4B66DF60E853384B37591C55C08D752
Requests: 60 HTTP requests in this frame
Screenshot
Page Title
Canada eTA | canada-eta.visasyst.comPage URL History Show full URLs
-
https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fcanada%2deta.visasyst.com&umid=C1C8...
HTTP 302
https://canada-eta.visasyst.com/ Page URL
Detected technologies
AdRoll
(Advertising)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:a|s)\.adroll\.com
Amplitude
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- cdn\.(?:segment.+)?amplitude(?:\.com|-plugins)
Didomi
(Cookie compliance)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- sdk\.privacy-center\.org/.*/loader\.js
Font Awesome
(Font scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/gtag/js
Google Tag Manager
(Tag managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
- \.googletagmanager\.com/
Moment.js
(JavaScript libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- moment(?:\.min)?\.js
cdnjs
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- cdnjs\.cloudflare\.com
crypto-js
(JavaScript libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:/([\d\.-]+))?/crypto-js(?:\.min)?\.js
Datadog
(RUM)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- www\.datadoghq-browser-agent\.com
Microsoft Advertising
(Advertising)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- bat\.bing\.com/bat\.js
- \w+
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: https://www.canada.ca/en.html
Title: here
Title: here
Search URL Search Domain Scan URL
URL: https://app.enjoyusanow.com/en/basic-details
Title: www.enjoyusanow.com
Title: www.enjoyusanow.com
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ddei5-0-ctp.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fcanada%2deta.visasyst.com&umid=C1C8B7BB-4F0B-0C06-A3E7-FE280274CF67&auth=19643e6890518c4edc43c6fe721a367e555a135a-01f5814a4d95b6bc3346ddd9bef6342bfa36a1ed
HTTP 302
https://canada-eta.visasyst.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 57- https://s.adroll.com/j/pre/NFG74G7GYVDDPIGAWW33FF/33KDL5KYHVD3VOK7MOC353/fpconsent.js HTTP 302
- https://s.adroll.com/j/pre/index.js
62 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
canada-eta.visasyst.com/ Redirect Chain
|
82 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
icon
fonts.googleapis.com/ |
2 KB 945 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
canada-map.webp
canada-eta.visasyst.com/static/img/canada/canadaetavisa/jumbotron/ |
19 KB 19 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
crypto-js.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/ |
187 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wrapper.min.js
canada-eta.visasyst.com/static/scripts/minified/amplitude/ |
41 B 453 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
helpers.min.js
canada-eta.visasyst.com/static/scripts/minified/amplitude/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
331b1596c6ab83b5e4b3e24958af7ee5.experiment.js
cdn.eu.amplitude.com/script/ |
173 KB 45 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_1.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
175 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_2.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
71 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_3.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
155 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_4.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
157 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_5.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
142 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_6.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
226 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_7.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
55 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
datadog-rum-v4.js
www.datadoghq-browser-agent.com/ |
150 KB 48 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
arrow-f-right.webp
canada-eta.visasyst.com/static/img/canada/canadaetavisa/ |
382 B 770 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ssl-secure-website_light-theme.webp
canada-eta.visasyst.com/static/img/common/ssl/ |
2 KB 3 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
visa_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
1 KB 947 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
mastercard_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
948 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
maestro_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
898 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jcb_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ideal_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
union-pay_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
12 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
home-scripts-old.min.js
canada-eta.visasyst.com/static/scripts/minified/home/ |
97 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
homeAmplitude.min.js
canada-eta.visasyst.com/static/scripts/minified/amplitude/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
amplitude-8.18.4-min.gz.js
cdn.amplitude.com/libs/ |
93 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
5 KB 711 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
16 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
462 KB 155 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
moment.min.js
canada-eta.visasyst.com/static/scripts/minified/utils/ |
57 KB 21 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
logo_lg.webp
canada-eta.visasyst.com/static/img/canada/canadaetavisa/ |
8 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v145/ |
125 KB 125 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
fontawesome-webfont.woff2
canada-eta.visasyst.com/static/vendor/fontawesome/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
roboto-v30-latin-regular.woff2
canada-eta.visasyst.com/static/fonts/roboto/ |
20 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
roboto-v30-latin-500.woff2
canada-eta.visasyst.com/static/fonts/roboto/ |
20 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
/
api.eu.amplitude.com/ |
7 B 136 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
flags
flag.lab.eu.amplitude.com/sdk/v2/ |
1 KB 738 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
/
api.eu.amplitude.com/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
flags
flag.lab.eu.amplitude.com/sdk/v2/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
/
api.eu.amplitude.com/ |
7 B 136 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loader.js
sdk.privacy-center.org/e65727f7-729c-49ca-a0e0-3a3854f03d8e/ |
105 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
416 KB 144 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
532 KB 174 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
420 KB 145 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
roundtrip.js
s.adroll.com/j/ |
94 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bat.js
bat.bing.com/ |
54 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sdk.84929264c3f47567fcfb028b8eb92508edcbab1b.js
sdk.privacy-center.org/sdk/84929264c3f47567fcfb028b8eb92508edcbab1b/modern/ |
356 KB 92 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
/
api.eu.amplitude.com/ |
7 B 136 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
187222762.js
bat.bing.com/p/action/ |
397 B 436 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.com/actionp/ |
0 288 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.net/actionp/ |
0 345 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.com/actionp/ |
0 231 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
src_sdk_core_modules_integrations_sdk-integrations_providers_gcm_gcm_js.84929264c3f47567fcfb028b8eb92508edcbab1b.js
sdk.privacy-center.org/sdk/84929264c3f47567fcfb028b8eb92508edcbab1b/modern/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ui-web-fr-web.84929264c3f47567fcfb028b8eb92508edcbab1b.js
sdk.privacy-center.org/sdk/84929264c3f47567fcfb028b8eb92508edcbab1b/modern/ |
267 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.com/actionp/ |
0 123 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.com/actionp/ |
0 122 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
0
bat.bing.com/action/ |
0 122 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.js
s.adroll.com/j/pre/ Redirect Chain
|
0 756 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.js
s.adroll.com/j/pre/NFG74G7GYVDDPIGAWW33FF/33KDL5KYHVD3VOK7MOC353/ |
0 809 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
NFG74G7GYVDDPIGAWW33FF
d.adroll.com/consent/check/ |
561 B 654 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
favicon.ico
canada-eta.visasyst.com/static/img/canada/canadaetavisa/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Immigration Visa Scam (Travel)74 JavaScript Window variables
These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.
object| amplitude function| amplitudePageLoadTime function| amplitudeLogEvent function| amplitudeDefaultIdentify function| amplitudeCreateIdentify function| amplitudeIdentify function| amplitudeSetUserId function| amplitudeStandardProperties function| amplitudeGetDeviceId function| amplitudeGetSessionId function| amplitudeSetIds object| WebExperiment object| experimentInstances object| Experiment object| webExperiment object| analyticsConnectorInstances object| experimentIntegration object| dataLayer object| DD_RUM object| countries_isocode object| prefix_countries object| countries_esim_isocode function| dropdownClose function| getCookie function| setCookie function| modalClose function| $ function| jQuery function| Cookies object| clickPurposeOfTravelProps object| userLangProps string| currentUrl function| shouldRedirect function| redirectToNewPage function| bingShouldRedirect function| bingRedirectToNewPage object| CryptoJS function| moment object| google_tag_manager object| google_tag_data object| __tcfapiBuffer function| __tcfapi object| didomiEventListeners object| didomiOnReady object| uetq string| adroll_adv_id string| adroll_pix_id object| adroll_email boolean| __adroll_loaded object| didomiVendorListCore object| didomiRemoteConfig string| didomiCountry string| didomiRegion object| didomiGeoRegulations function| UET function| UET_init function| UET_push object| ueto_224afb962e function| onYouTubeIframeAPIReady object| webpackChunkDidomi object| Didomi object| DidomiSanitizing object| didomiState string| adroll_sid object| __adroll_consent_data object| adroll object| __adroll object| adroll_loaded object| adroll_callbacks function| adroll_tpc_callback object| adroll_exp_list boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country7 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| canada-eta.visasyst.com/ | Name: userinfo Value: {%22referrer%22:%22%22%2C%22user_agent%22:%22Mozilla/5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML%2C%20like%20Gecko)%20Chrome/147.0.0.0%20Safari/537.36%22%2C%22browser_language%22:%22fr-FR%22} |
|
| .visasyst.com/ | Name: amp_331b15 Value: TiFB5Gj3ddhZSJ0jeSud2h.dW5kZWZpbmVk..1jlpqnrkd.1jlpqns18.2.1.3 |
|
| .bing.com/ | Name: MUID Value: 3FD6C192AE73646836B1D6A4AFE065CF |
|
| .visasyst.com/ | Name: didomi_token Value: eyJ1c2VyX2lkIjoiMTlkNzNhYmYtMGMwZC02ZWM0LWE2NzgtN2UyZmNiZjdlNTU1IiwiY3JlYXRlZCI6IjIwMjYtMDQtMDlUMTk6MTU6NDEuMzc2WiIsInVwZGF0ZWQiOiIyMDI2LTA0LTA5VDE5OjE1OjQxLjM3NloiLCJ2ZXJzaW9uIjpudWxsfQ== |
|
| .visasyst.com/ | Name: _uetsid Value: 7fde1df0344811f1a202bf75b923085e |
|
| .visasyst.com/ | Name: _uetvid Value: 7fde4050344811f1b32af3e02d03259f |
|
| canada-eta.visasyst.com/ | Name: _dd_s Value: rum=0&expire=1775763040699 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000 |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.eu.amplitude.com
bat.bing.com
bat.bing.net
canada-eta.visasyst.com
cdn.amplitude.com
cdn.eu.amplitude.com
cdnjs.cloudflare.com
d.adroll.com
ddei5-0-ctp.trendmicro.com
flag.lab.eu.amplitude.com
fonts.googleapis.com
fonts.gstatic.com
s.adroll.com
sdk.privacy-center.org
stackpath.bootstrapcdn.com
www.datadoghq-browser-agent.com
www.googletagmanager.com
104.17.25.14
104.18.10.207
13.33.222.116
142.251.20.94
151.101.2.132
18.245.86.69
184.32.81.13
2600:9000:2644:8800:6:9280:1080:93a1
2600:9000:28eb:f600:5:b7cc:d3c0:93a1
2620:1ec:33:1::10
2620:1ec:33::10
2a00:1450:4001:c0f::61
2a00:1450:4001:c1f::5f
2a05:d018:cc3:fe04:ecfd:546:f9c2:fe95
3.167.227.120
3.174.46.44
3.69.161.208
54.192.35.95
0031e12119f0b0e9820611dc4e888b0decf9c9924e4b2bea291397e70105305a
0d0373dff75de361bf6baf8288890761bfd1c40d5d250ae41b4d9ef067b781c8
158eafec77c7192ce91d5891450446bfe347b5addaa8e30f5959595bf27b5943
1b631b6a628cbe47781d3a938a5e727c86536b3a163ff95f82689d38b9c4e073
23162bf8c468598c1200bb3500a7929a08f8e08b2e47c20c22a1a53e680f5333
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2f763b0973b4683b99e5641df1fb13cf3878510f1e0327a591d4cbd794e42d1a
31c0671c74627d42ffecff1b08a29f1f1cb7582b2acda50971b4d9ae2d2d8a8d
42086e54556ac41a1bdeb0669f06323894d61e7b28c61055c60f64a151b23d43
483c984ae48a0756afe9d662187dd107d9e2b99051e42294fc76989ac7805e14
5177ba6d877a1df635d3d57a040544a2e360d85f3bcccb81f7281721262557c9
5798881ed837fb1225047e085a176ccba6c6504aba058ec6964c664dc67053d6
5ba508548f79eb343dbe899352943f19053224bde579e554585ab57685267598
652c073f242de8c5f12761f8bb5a7c70924176591ac0fe7ccbb665d9689a5933
69ba392301c602e44ac8ed0c0ce2f7b307fd109a7307a0b3855dda8497236003
6c479c95c14838bbc633b287ce0a902dec462f335b76f6daf6d89cf2481e20ae
6f038666490283cc3adb794ca1121e059813e420ab26152fe174cd0b8e6e0faa
761b2ee3c286b687b4885e254eed19e46028b441290428fbf22c6d8380a886b4
76c25b3ddcc3a0f83a4efae4a8bf84e65dc640cb74a52c342c7aba11c1d4980e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
813126ef53a6a49912302ae6b3ddeceace2172cfbb6df1b712384d3f83aeac78
81ee86485fb5b500989afa1fc9418bc850f3368f1e95d030e99d69f1f20c0590
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
836ec61bc3bc93026a1c2dbcb6c8f983a6e55edfc99e8032ee6610329b92cd19
854fd204551c25f6597de9f29007395b1be38cdd2ea4f1f572e4b2e3aa851bb9
855230e1321917153b6859521e1ccfab0dce7497f88645e73d7e6db9c4bbe3b1
9b543bd7f31e8e51e20b0769b0592e4c2172a00d053b318b1be641df3b7c0925
9ceb87d4071ad0e810c0505d2dc2a7d203351fd371538f3c4806d609b077054b
a26377fd9511603809d87fdfb9926526769c5495636f782d9626396d9df74145
a4b827865be8293cdbe824ae85f0d631724d9162487ed88427de738b9e269915
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b0f97467a999719d52617addce2f0546a1ac5792b4a5f82048ecd6d718c14694
b92cf3442ed8b8994af246ae8ec2679e03472df91c30b8585cf1927e75ecf4c9
c61b0d55c025a1b6d213c229c5e2561017b6db41dbdb2a6e754e09b051e0833f
c6826494432163d74fd27e78ad011a13d55e4670441cd49fc9f1e52a4afd28d9
c87cac0a95da996685f9e83ac2d02b9c25a5a6af57fadea033f41debe1dbbb34
ca8c7ddff8efa5dac5551caeb3aa70e5e253ed90b99ccb058d2ed2070f54f017
cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a
ce295dd4ef9835a07b93139f9ff038c172525b8b7b81a168533d9ab4f72c3328
db66c078bb9430f2145e357acf86a534a231ee446bb33de5515e23c191ebcb7f
df96bf0b6ed73f13ebe865501ab1863d77064097275fe8137447a54c58134888
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa
e465615687c41fcc4c7d7d7ae494c104c0241092a068df0eaf8d7337b075fa6f
e471f388d90d715ceab817495452328b59e690f5f8bebf9eabef0dea6f8ec9af
e4a93a8ec73c2372626dceefe08c05ba89d807699f3810a55d14e01cd7893904
e5b29c36b2e7a2f4db58307359fa574004be43d39790e4b7a3cf80a7b16e8bb6
ea9e86e6b32923bee1daa285d887ce9fe809a34d1cb7a82a17ba5870c92ea9e3
eb1876541b0417ed41436fbd14c941addd873c788c504aa9605694ca5ac8d37d
ef5c8f311295aa26a3cecfc21915b7b12bf91207d8ac480e7f8e688592364a6f
f004e82897c96736e7a08e8221f799e7d50fb703a54dbf42a870ebca4f4f00ed