canada-eta.visasyst.com
54.192.35.95
Malicious Activity!
Public Scan
Open in
urlscan Pro
Submitted URL: http://canada-eta.visasyst.com/
1yr old
Effective URL: https://canada-eta.visasyst.com/ 1yr old
Submission: On April 13 via api from US — Scanned from FI
Effective URL: https://canada-eta.visasyst.com/ 1yr old
Submission: On April 13 via api from US — Scanned from FI
Summary
This website contacted 17 IPs
in 5 countries
across 12 domains to perform 66 HTTP transactions.
The main IP is 54.192.35.95, located in
United States and
belongs to AMAZON-02 - Amazon.com, Inc., US.
The main domain is canada-eta.visasyst.com.
1yr old
TLS certificate: Issued by Amazon RSA 2048 M01 on October 22nd 2025. Valid for: 1yr.
This is the only time canada-eta.visasyst.com was scanned on urlscan.io!
TLS certificate: Issued by Amazon RSA 2048 M01 on October 22nd 2025. Valid for: 1yr.
This is the only time canada-eta.visasyst.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Immigration Visa Scam (Travel)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 32 | 54.192.35.95 54.192.35.95 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 1 | 13.226.244.91 13.226.244.91 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 13.33.222.116 13.33.222.116 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 18.245.86.111 18.245.86.111 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 2 | 2a00:1450:400... 2a00:1450:4001:c1f::5f | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
| 4 | 2a00:1450:400... 2a00:1450:4001:c15::61 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 4 | 3.74.131.252 3.74.131.252 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 2 | 151.101.194.132 151.101.194.132 | 54113 (FASTLY) (FASTLY - Fastly) | |
| 2 | 2600:9000:28e... 2600:9000:28eb:ea00:5:b7cc:d3c0:93a1 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 4 | 2600:9000:264... 2600:9000:2644:4e00:6:9280:1080:93a1 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 7 | 2620:1ec:33:1... 2620:1ec:33:1::10 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
| 1 | 2620:1ec:33::10 2620:1ec:33::10 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) | |
| 2 | 3.174.46.38 3.174.46.38 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 2a05:d018:cc3... 2a05:d018:cc3:fe05:8862:498:e84e:4673 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
| 1 | 142.251.151.119 142.251.151.119 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
| 66 | 17 |
32
54.192.35.95
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-35-95.fra56.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-192-35-95.fra56.r.cloudfront.net
| canada-eta.visasyst.com 1yr old |
1
104.17.25.14
(Ascension Island)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| cdnjs.cloudflare.com 13yr old |
1
13.226.244.91
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-226-244-91.fra56.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-226-244-91.fra56.r.cloudfront.net
| cdn.eu.amplitude.com 2yr old |
1
13.33.222.116
(New York, United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-33-222-116.fra60.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-33-222-116.fra60.r.cloudfront.net
| www.datadoghq-browser-agent.com 7yr old |
1
18.245.86.111
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-245-86-111.fra60.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-245-86-111.fra60.r.cloudfront.net
| cdn.amplitude.com 9yr old |
2
2a00:1450:4001:c1f::5f
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| fonts.googleapis.com 56yr old |
1
2606:4700::6812:bcf
(None, )
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
| stackpath.bootstrapcdn.com 8yr old |
4
2a00:1450:4001:c15::61
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE - Google LLC, US)
ASN15169 (GOOGLE - Google LLC, US)
| www.googletagmanager.com 56yr old |
4
3.74.131.252
(Frankfurt am Main, Germany)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-74-131-252.eu-central-1.compute.amazonaws.com
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-74-131-252.eu-central-1.compute.amazonaws.com
| api.eu.amplitude.com 5yr old |
2
151.101.194.132
(United States)
ASN54113 (FASTLY - Fastly, Inc., US)
ASN54113 (FASTLY - Fastly, Inc., US)
| flag.lab.eu.amplitude.com 3yr old |
2
2600:9000:28eb:ea00:5:b7cc:d3c0:93a1
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
| sdk.privacy-center.org 8yr old |
4
2600:9000:2644:4e00:6:9280:1080:93a1
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
| s.adroll.com 9yr old |
7
2620:1ec:33:1::10
(United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
| bat.bing.com 56yr old |
1
2620:1ec:33::10
(United States)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
| bat.bing.net 3yr old |
2
3.174.46.38
(United States)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-174-46-38.fra60.r.cloudfront.net
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-174-46-38.fra60.r.cloudfront.net
| sdk.privacy-center.org 8yr old |
1
2a05:d018:cc3:fe05:8862:498:e84e:4673
(Dublin, Ireland)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
| d.adroll.com 9yr old |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 32 |
visasyst.com
canada-eta.visasyst.com 1yr old |
567 KB |
| 8 |
amplitude.com
cdn.eu.amplitude.com — Cisco Umbrella Rank: 29375 2yr old cdn.amplitude.com — Cisco Umbrella Rank: 2082 9yr old api.eu.amplitude.com — Cisco Umbrella Rank: 9953 5yr old flag.lab.eu.amplitude.com — Cisco Umbrella Rank: 48250 3yr old |
74 KB |
| 7 |
bing.com
bat.bing.com — Cisco Umbrella Rank: 370 56yr old |
17 KB |
| 5 |
adroll.com
1 redirects
s.adroll.com — Cisco Umbrella Rank: 4533 9yr old d.adroll.com — Cisco Umbrella Rank: 2114 9yr old |
32 KB |
| 4 |
privacy-center.org
sdk.privacy-center.org — Cisco Umbrella Rank: 3510 8yr old |
183 KB |
| 4 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 41 56yr old |
618 KB |
| 2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 43 56yr old |
3 KB |
| 1 |
google.com
www.google.com — Cisco Umbrella Rank: 3 56yr old |
|
| 1 |
bing.net
bat.bing.net — Cisco Umbrella Rank: 3678 3yr old |
344 B |
| 1 |
bootstrapcdn.com
stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 3420 8yr old |
7 KB |
| 1 |
datadoghq-browser-agent.com
www.datadoghq-browser-agent.com — Cisco Umbrella Rank: 1157 7yr old |
51 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 242 13yr old |
25 KB |
| 66 | 12 |
| Domain | Requested by | |
|---|---|---|
| 32 | canada-eta.visasyst.com |
canada-eta.visasyst.com
www.datadoghq-browser-agent.com |
| 7 | bat.bing.com |
www.googletagmanager.com
bat.bing.com canada-eta.visasyst.com |
| 4 | s.adroll.com |
1 redirects
www.googletagmanager.com
canada-eta.visasyst.com s.adroll.com |
| 4 | sdk.privacy-center.org |
www.googletagmanager.com
sdk.privacy-center.org |
| 4 | api.eu.amplitude.com |
www.datadoghq-browser-agent.com
|
| 4 | www.googletagmanager.com |
canada-eta.visasyst.com
www.googletagmanager.com |
| 2 | flag.lab.eu.amplitude.com |
cdn.eu.amplitude.com
|
| 2 | fonts.googleapis.com |
canada-eta.visasyst.com
|
| 1 | www.google.com |
www.datadoghq-browser-agent.com
|
| 1 | d.adroll.com |
s.adroll.com
|
| 1 | bat.bing.net |
bat.bing.com
|
| 1 | stackpath.bootstrapcdn.com |
canada-eta.visasyst.com
|
| 1 | cdn.amplitude.com |
canada-eta.visasyst.com
|
| 1 | www.datadoghq-browser-agent.com |
canada-eta.visasyst.com
|
| 1 | cdn.eu.amplitude.com |
canada-eta.visasyst.com
|
| 1 | cdnjs.cloudflare.com |
canada-eta.visasyst.com
|
| 66 | 16 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.canada.ca |
| app.enjoyusanow.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.visasyst.com Amazon RSA 2048 M01 |
2025-10-22 - 2026-11-20 |
1yr | crt.sh |
| cdnjs.cloudflare.com WE1 |
2026-03-14 - 2026-06-12 |
3mo | crt.sh |
| cdn.eu.amplitude.com Amazon RSA 2048 M01 |
2026-03-30 - 2026-10-13 |
7mo | crt.sh |
| *.datadoghq-browser-agent.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2026-03-21 - 2026-10-05 |
7mo | crt.sh |
| cdn.amplitude.com Amazon RSA 2048 M01 |
2025-10-15 - 2026-11-13 |
1yr | crt.sh |
| upload.video.google.com WE2 |
2026-03-23 - 2026-06-15 |
3mo | crt.sh |
| bootstrapcdn.com WE1 |
2026-03-05 - 2026-06-03 |
3mo | crt.sh |
| *.google-analytics.com WE2 |
2026-03-23 - 2026-06-15 |
3mo | crt.sh |
| api.eu.amplitude.com Amazon ECDSA 256 M04 |
2026-04-09 - 2026-10-23 |
7mo | crt.sh |
| *.lab.eu.amplitude.com GlobalSign Atlas R3 DV TLS CA 2026 Q1 |
2026-02-05 - 2027-03-09 |
1yr | crt.sh |
| *.privacy-center.org Amazon RSA 2048 M01 |
2026-02-09 - 2027-03-09 |
1yr | crt.sh |
| s.adroll.com Amazon RSA 2048 M01 |
2026-03-03 - 2026-09-16 |
7mo | crt.sh |
| www.bing.com Microsoft TLS G2 RSA CA OCSP 04 |
2026-02-02 - 2026-08-01 |
6mo | crt.sh |
| bat.bing.net Microsoft Azure RSA TLS Issuing CA 08 |
2026-01-18 - 2026-07-17 |
6mo | crt.sh |
| d.adroll.com Amazon RSA 2048 M04 |
2025-08-11 - 2026-09-09 |
1yr | crt.sh |
| *.google.com WR2 |
2026-03-23 - 2026-06-15 |
3mo | crt.sh |
This page contains 1 frames:
Primary Page:
https://canada-eta.visasyst.com/
Frame ID: EC6C4F3A605A9A028E4B6994E6E7F68F
Requests: 64 HTTP requests in this frame
Screenshot
Page Title
Canada eTA | canada-eta.visasyst.comPage URL History Show full URLs
-
http://canada-eta.visasyst.com/
HTTP 307
https://canada-eta.visasyst.com/ Page URL
Detected technologies
AdRoll
(Advertising)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:a|s)\.adroll\.com
Amplitude
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- cdn\.(?:segment.+)?amplitude(?:\.com|-plugins)
Didomi
(Cookie compliance)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- sdk\.privacy-center\.org/.*/loader\.js
Font Awesome
(Font scripts)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/gtag/js
Google Tag Manager
(Tag managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
- \.googletagmanager\.com/
Moment.js
(JavaScript libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- moment(?:\.min)?\.js
cdnjs
(CDN)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- cdnjs\.cloudflare\.com
crypto-js
(JavaScript libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- (?:/([\d\.-]+))?/crypto-js(?:\.min)?\.js
Datadog
(RUM)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- www\.datadoghq-browser-agent\.com
Microsoft Advertising
(Advertising)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- bat\.bing\.com/bat\.js
- \w+
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
URL: https://www.canada.ca/en.html
Title: here
Title: here
Search URL Search Domain Scan URL
URL: https://app.enjoyusanow.com/en/basic-details
Title: www.enjoyusanow.com
Title: www.enjoyusanow.com
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://canada-eta.visasyst.com/
HTTP 307
https://canada-eta.visasyst.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 52- https://s.adroll.com/j/pre/NFG74G7GYVDDPIGAWW33FF/33KDL5KYHVD3VOK7MOC353/fpconsent.js HTTP 302
- https://s.adroll.com/j/pre/index.js
66 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
canada-eta.visasyst.com/ Redirect Chain
|
83 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto-v30-latin-regular.woff2
canada-eta.visasyst.com/static/fonts/roboto/ |
20 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
raleway-v28-latin-regular.woff2
canada-eta.visasyst.com/static/fonts/raleway/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
canada-map.webp
canada-eta.visasyst.com/static/img/canada/canadaetavisa/jumbotron/ |
19 KB 19 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
crypto-js.js
cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/ |
187 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
wrapper.min.js
canada-eta.visasyst.com/static/scripts/minified/amplitude/ |
41 B 453 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
helpers.min.js
canada-eta.visasyst.com/static/scripts/minified/amplitude/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
331b1596c6ab83b5e4b3e24958af7ee5.experiment.js
cdn.eu.amplitude.com/script/ |
176 KB 45 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_1.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
175 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_2.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
70 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_3.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
158 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_4.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
157 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_5.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
140 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_6.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
227 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main_split_7.css
canada-eta.visasyst.com/static/styles/canada/canadaetavisa/ |
65 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
datadog-rum-v4.js
www.datadoghq-browser-agent.com/ |
150 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
arrow-f-right.webp
canada-eta.visasyst.com/static/img/canada/canadaetavisa/ |
382 B 771 B |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ssl-secure-website_light-theme.webp
canada-eta.visasyst.com/static/img/common/ssl/ |
2 KB 3 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
visa_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
1 KB 945 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
mastercard_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
948 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
maestro_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
898 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
jcb_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ideal_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
union-pay_light-theme.svg
canada-eta.visasyst.com/static/img/common/payment/logos/ |
12 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
home-scripts-old.min.js
canada-eta.visasyst.com/static/scripts/minified/home/ |
97 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
homeAmplitude.min.js
canada-eta.visasyst.com/static/scripts/minified/amplitude/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
amplitude-8.18.4-min.gz.js
cdn.amplitude.com/libs/ |
93 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
5 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
16 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
462 KB 155 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
arrow-f-right.webp
canada-eta.visasyst.com/static/img/canada/canadaetavisa/ |
382 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
moment.min.js
canada-eta.visasyst.com/static/scripts/minified/utils/ |
57 KB 21 KB |
XHR
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
logo_lg.webp
canada-eta.visasyst.com/static/img/canada/canadaetavisa/ |
8 KB 8 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
roboto-v30-latin-700.woff2
canada-eta.visasyst.com/static/fonts/roboto/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
material-icons.woff2
canada-eta.visasyst.com/static/fonts/material-icons/ |
125 KB 126 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
fontawesome-webfont.woff2
canada-eta.visasyst.com/static/vendor/fontawesome/fonts/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
roboto-v30-latin-regular.woff2
canada-eta.visasyst.com/static/fonts/roboto/ |
20 KB 0 |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
roboto-v30-latin-500.woff2
canada-eta.visasyst.com/static/fonts/roboto/ |
20 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
/
api.eu.amplitude.com/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
flags
flag.lab.eu.amplitude.com/sdk/v2/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
/
api.eu.amplitude.com/ |
7 B 136 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
flags
flag.lab.eu.amplitude.com/sdk/v2/ |
1 KB 715 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loader.js
sdk.privacy-center.org/e65727f7-729c-49ca-a0e0-3a3854f03d8e/ |
105 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
416 KB 144 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
532 KB 174 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
420 KB 145 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
roundtrip.js
s.adroll.com/j/ |
94 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bat.js
bat.bing.com/ |
54 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
/
api.eu.amplitude.com/ |
7 B 136 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
/
api.eu.amplitude.com/ |
7 B 136 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sdk.3eab2614a4187ec709e19a0bbd9e3cdfcc613fff.js
sdk.privacy-center.org/sdk/3eab2614a4187ec709e19a0bbd9e3cdfcc613fff/modern/ |
399 KB 100 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
187222762.js
bat.bing.com/p/action/ |
398 B 426 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.js
s.adroll.com/j/pre/ Redirect Chain
|
0 756 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
index.js
s.adroll.com/j/pre/NFG74G7GYVDDPIGAWW33FF/33KDL5KYHVD3VOK7MOC353/ |
0 809 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.com/actionp/ |
0 285 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.net/actionp/ |
0 344 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.com/actionp/ |
0 229 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
src_sdk_core_modules_integrations_sdk-integrations_providers_gcm_gcm_js.3eab2614a4187ec709e19a0bbd9e3cdfcc613fff.js
sdk.privacy-center.org/sdk/3eab2614a4187ec709e19a0bbd9e3cdfcc613fff/modern/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
ui-web-en-web.3eab2614a4187ec709e19a0bbd9e3cdfcc613fff.js
sdk.privacy-center.org/sdk/3eab2614a4187ec709e19a0bbd9e3cdfcc613fff/modern/ |
256 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
NFG74G7GYVDDPIGAWW33FF
d.adroll.com/consent/check/ |
555 B 648 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.com/actionp/ |
0 121 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
0
bat.bing.com/actionp/ |
0 120 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H3 |
collect
www.google.com/ccm/ |
0 0 |
Fetch
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
0
bat.bing.com/action/ |
0 121 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
favicon.ico
canada-eta.visasyst.com/static/img/canada/canadaetavisa/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Immigration Visa Scam (Travel)74 JavaScript Window variables
These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.
object| amplitude function| amplitudePageLoadTime function| amplitudeLogEvent function| amplitudeDefaultIdentify function| amplitudeCreateIdentify function| amplitudeIdentify function| amplitudeSetUserId function| amplitudeStandardProperties function| amplitudeGetDeviceId function| amplitudeGetSessionId function| amplitudeSetIds object| WebExperiment object| experimentInstances object| Experiment object| webExperiment object| analyticsConnectorInstances object| experimentIntegration object| dataLayer object| DD_RUM object| countries_isocode object| prefix_countries object| countries_esim_isocode function| dropdownClose function| getCookie function| setCookie function| modalClose function| $ function| jQuery function| Cookies object| clickPurposeOfTravelProps object| userLangProps string| currentUrl function| shouldRedirect function| redirectToNewPage function| bingShouldRedirect function| bingRedirectToNewPage function| moment object| CryptoJS object| google_tag_manager object| google_tag_data object| __tcfapiBuffer function| __tcfapi object| didomiEventListeners object| didomiOnReady object| uetq string| adroll_adv_id string| adroll_pix_id object| adroll_email boolean| __adroll_loaded object| didomiVendorListCore object| didomiRemoteConfig string| didomiCountry string| didomiRegion object| didomiGeoRegulations function| onYouTubeIframeAPIReady function| UET function| UET_init function| UET_push object| ueto_f17ca5c323 string| adroll_sid object| __adroll_consent_data object| adroll object| __adroll object| adroll_loaded object| adroll_callbacks function| adroll_tpc_callback object| webpackChunkDidomi object| Didomi object| DidomiSanitizing object| didomiState object| adroll_exp_list boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| canada-eta.visasyst.com/ | Name: userinfo Value: {%22referrer%22:%22%22%2C%22user_agent%22:%22Mozilla/5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML%2C%20like%20Gecko)%20Chrome/147.0.0.0%20Safari/537.36%22%2C%22browser_language%22:%22fi-FI%22} |
|
| .visasyst.com/ | Name: amp_331b15 Value: SfnO5vyMOBXuP4vMjUYbRi.dW5kZWZpbmVk..1jm3ac78u.1jm3ac7hu.2.1.3 |
|
| .visasyst.com/ | Name: didomi_token Value: eyJ1c2VyX2lkIjoiMTlkODZhNjEtZmFiOS02MzI2LWIzYzEtYzgyM2JlMGZhZTg0IiwiY3JlYXRlZCI6IjIwMjYtMDQtMTNUMTE6NDI6MDcuMjc1WiIsInVwZGF0ZWQiOiIyMDI2LTA0LTEzVDExOjQyOjA3LjI3NVoiLCJ2ZXJzaW9uIjpudWxsfQ== |
|
| .visasyst.com/ | Name: _gcl_au Value: 1.1.2143475765.1776080527 |
|
| .visasyst.com/ | Name: _uetsid Value: ccaf29c0372d11f19f9db9f9099f9df9 |
|
| .visasyst.com/ | Name: _uetvid Value: ccaf6370372d11f1acc9d12e6abebcd5 |
|
| .bing.com/ | Name: MUID Value: 331800E20CC96481142B17D80D9E656A |
|
| canada-eta.visasyst.com/ | Name: _dd_s Value: rum=0&expire=1776081426374 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000 |
| X-Content-Type-Options | nosniff |
| X-Frame-Options | SAMEORIGIN |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.eu.amplitude.com
bat.bing.com
bat.bing.net
canada-eta.visasyst.com
cdn.amplitude.com
cdn.eu.amplitude.com
cdnjs.cloudflare.com
d.adroll.com
flag.lab.eu.amplitude.com
fonts.googleapis.com
s.adroll.com
sdk.privacy-center.org
stackpath.bootstrapcdn.com
www.datadoghq-browser-agent.com
www.google.com
www.googletagmanager.com
104.17.25.14
13.226.244.91
13.33.222.116
142.251.151.119
151.101.194.132
18.245.86.111
2600:9000:2644:4e00:6:9280:1080:93a1
2600:9000:28eb:ea00:5:b7cc:d3c0:93a1
2606:4700::6812:bcf
2620:1ec:33:1::10
2620:1ec:33::10
2a00:1450:4001:c15::61
2a00:1450:4001:c1f::5f
2a05:d018:cc3:fe05:8862:498:e84e:4673
3.174.46.38
3.74.131.252
54.192.35.95
0031e12119f0b0e9820611dc4e888b0decf9c9924e4b2bea291397e70105305a
0cbf9be3241f1b9929c390b17afe792c142045bb12dcd856583587a0a68d23ba
0d0373dff75de361bf6baf8288890761bfd1c40d5d250ae41b4d9ef067b781c8
0f440cab441a79808574e6ca56603624faca6ac4706f2bdfac9bb391ac4de411
158eafec77c7192ce91d5891450446bfe347b5addaa8e30f5959595bf27b5943
1b631b6a628cbe47781d3a938a5e727c86536b3a163ff95f82689d38b9c4e073
23162bf8c468598c1200bb3500a7929a08f8e08b2e47c20c22a1a53e680f5333
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2bef6bc763635f137e6b49fc7d01d0d1f74e55413d92a21ce76c9c92c3457150
2f763b0973b4683b99e5641df1fb13cf3878510f1e0327a591d4cbd794e42d1a
2fff2b462ecf4ed3658311eb4cd09ef5dbae2b13886bc7b55483b74fcfbd1457
31c0671c74627d42ffecff1b08a29f1f1cb7582b2acda50971b4d9ae2d2d8a8d
3e44fb721d3be9376c6e5e946109067a04da84ae10b3f27a03ada7a3731e515c
42086e54556ac41a1bdeb0669f06323894d61e7b28c61055c60f64a151b23d43
47e086c2c0be59a5b803e581cb9d102f7d446512a57372d837bcdc2e6b5566a2
4823f26ef72715ef65096e4af5cea8382e56134a1fcbed39559ff654a9c7ba3e
4910815a1fd993ba8edf0e2c37ad469eb4c5e9a0c09e395991dd9e7923aa08ae
4e5b8cb322bef041f7b5af35738eb9dcdee30145258c94c940dce990071df6c7
5798881ed837fb1225047e085a176ccba6c6504aba058ec6964c664dc67053d6
5a102e111e6190ff0e9e9ea8375d235ee61b39257a40fde871d2d552cdf678d2
5ba508548f79eb343dbe899352943f19053224bde579e554585ab57685267598
614e758df65af61e28bd9b9d282d5c052c5f2f9a6b85ff1a82460a9fa0cf48f6
6c479c95c14838bbc633b287ce0a902dec462f335b76f6daf6d89cf2481e20ae
76c25b3ddcc3a0f83a4efae4a8bf84e65dc640cb74a52c342c7aba11c1d4980e
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
81ee86485fb5b500989afa1fc9418bc850f3368f1e95d030e99d69f1f20c0590
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
855230e1321917153b6859521e1ccfab0dce7497f88645e73d7e6db9c4bbe3b1
860febd72886b1fa9be1eef1c147a31696f34dcd67391d7c8c9cc8fbbbaddc00
889bdb80a85d856d124dfae0a521a8914ff79187c3caf59a514dac2acd5d25f9
8e874feec5fe0c24e47119b4a39c8e8180a743e90e3bf36105457bfde508d10c
9d6652d4e326261a5e9ef4c5fdf7bef588037c31019a74637371ba0709a33d87
a1e0ad281e8e0eb2c9bb7af039f6e913af6828402b5b527b509e5b1bad7c2b37
a4b827865be8293cdbe824ae85f0d631724d9162487ed88427de738b9e269915
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b0f97467a999719d52617addce2f0546a1ac5792b4a5f82048ecd6d718c14694
bfb9ba389771cb0287582c5b9f4ca316355c028211fa4e1bfc4fd74db439ca2d
c61b0d55c025a1b6d213c229c5e2561017b6db41dbdb2a6e754e09b051e0833f
c6826494432163d74fd27e78ad011a13d55e4670441cd49fc9f1e52a4afd28d9
c87cac0a95da996685f9e83ac2d02b9c25a5a6af57fadea033f41debe1dbbb34
cd5eb76033d96219a0c4fe45fb0df10202e1febcb4d086fb1305f1b3304a6b1a
ce295dd4ef9835a07b93139f9ff038c172525b8b7b81a168533d9ab4f72c3328
db66c078bb9430f2145e357acf86a534a231ee446bb33de5515e23c191ebcb7f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44c11f4834bdd4d6b6da7b8ee5eaebc8acb41250cd6bce5cc82ea8262140eaa
e465615687c41fcc4c7d7d7ae494c104c0241092a068df0eaf8d7337b075fa6f
e5b29c36b2e7a2f4db58307359fa574004be43d39790e4b7a3cf80a7b16e8bb6
e95ddaa4d42359a7e6e4c655bf93130e2b26a6bccdb446d894313ab36850c4f2
ea9e86e6b32923bee1daa285d887ce9fe809a34d1cb7a82a17ba5870c92ea9e3
ef5c8f311295aa26a3cecfc21915b7b12bf91207d8ac480e7f8e688592364a6f
f004e82897c96736e7a08e8221f799e7d50fb703a54dbf42a870ebca4f4f00ed
fbb6a66f519e45cf9f13cdad241ffe6fe45d29cd16e93afdaa3dde7c16e262e2