urlscan.io logo urlscan.io
SecurityTrails logo

duanemorrisglobalaccess.sfrethcrons.com Open in urlscan Pro
20.187.113.106  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%9...
Effective URL: https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Submission: On April 28 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 20.187.113.106, located in Central, Hong Kong and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is duanemorrisglobalaccess.sfrethcrons.com.
TLS certificate: Issued by R3 on April 28th 2023. Valid for: 3 months.
This is the only time duanemorrisglobalaccess.sfrethcrons.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 45.60.121.134 19551 (INCAPSULA)
1 20.187.113.106 8075 (MICROSOFT...)
6 3
Apex Domain
Subdomains		 Transfer
5 tremblant.ca
www.tremblant.ca — Cisco Umbrella Rank: 529833
29 KB
1 sfrethcrons.com
duanemorrisglobalaccess.sfrethcrons.com
6 2
Domain Requested by
5 www.tremblant.ca 1 redirects www.tremblant.ca
1 duanemorrisglobalaccess.sfrethcrons.com www.tremblant.ca
6 2

This site contains no links.

Subject Issuer Validity Valid
www.tremblant.ca
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-21 -
2023-11-17		 a year crt.sh
duanemorrisglobalaccess.sfrethcrons.com
R3		 2023-04-28 -
2023-07-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Frame ID: 4B659A7DB95622DE07FD7AACE8E62B5A
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo... Page URL
  2. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo... HTTP 302
    https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.pro... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

29 kB
Transfer

189 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint Page URL
  2. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint HTTP 302
    https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ChangeCulture
www.tremblant.ca/Shared/LanguageSwitcher/ 		212 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d02032286070b4dd9d8fbd985a7bdca8af8edf52b89ff177db3bfcb2c8a9c43d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store
content-length
212
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: g.clarity.ms analytics.google.com *.clarity.ms *.doubleclick.net events.mapbox.com *.tiktok.com www.google.ca v2.mtnfeed.com *.hotjar.com www.youtube.com *.facebook.com use.typekit.net api.omappapi.com www.pages08.net *.vimeo.com medias.tremblant.ca www.tremblant.ca mtnpowder.com bat.bing.com *.omtrdc.net aws-cdn.inntopia.com img.youtube.com a.opmnstr.com dashboard.engagefront.com api.trustyou.com assets.adobedtm.com rum-collector-2.pingdom.net www.google-analytics.com m.clarity.ms bam.nr-data.net tremblantwebcams.com p.typekit.net cookies.alterramtnco.com www.googletagmanager.com *.demdex.net cams.mtnfeed.com www.inntopia.travel photos.pixlee.co www.google.com adservice.google.com api.mapbox.com; form-action *.facebook.com www.google.com www.google.ca medias.tremblant.ca www.tremblant.ca www.pages08.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/html
strict-transport-security
max-age=31536000
x-iinfo
2-3438693-0 0NNN RT(1682691749419 38) q(0 -1 -1 2) r(0 -1) B10(4,314,0) U18
_Incapsula_Resource
www.tremblant.ca/ 		189 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tremblant.ca/_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3
Requested by
Host: www.tremblant.ca
URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
9bf4d45863ecf8bfc79c50492376832ecb6255210820f35047784fd66c38c9e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
content-encoding
gzip
x-robots-tag
noindex
content-length
27721
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: g.clarity.ms analytics.google.com *.clarity.ms *.doubleclick.net events.mapbox.com *.tiktok.com www.google.ca v2.mtnfeed.com *.hotjar.com www.youtube.com *.facebook.com use.typekit.net api.omappapi.com www.pages08.net *.vimeo.com medias.tremblant.ca www.tremblant.ca mtnpowder.com bat.bing.com *.omtrdc.net aws-cdn.inntopia.com img.youtube.com a.opmnstr.com dashboard.engagefront.com api.trustyou.com assets.adobedtm.com rum-collector-2.pingdom.net www.google-analytics.com m.clarity.ms bam.nr-data.net tremblantwebcams.com p.typekit.net cookies.alterramtnco.com www.googletagmanager.com *.demdex.net cams.mtnfeed.com www.inntopia.travel photos.pixlee.co www.google.com adservice.google.com api.mapbox.com; form-action *.facebook.com www.google.com www.google.ca medias.tremblant.ca www.tremblant.ca www.pages08.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
application/javascript
_Incapsula_Resource
www.tremblant.ca/ 		29 B
58 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.tremblant.ca/_Incapsula_Resource?SWHANEDL=8017509964270047319,12145207412749065209,18202157454360446063,114921
Requested by
Host: www.tremblant.ca
URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
29
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: g.clarity.ms analytics.google.com *.clarity.ms *.doubleclick.net events.mapbox.com *.tiktok.com www.google.ca v2.mtnfeed.com *.hotjar.com www.youtube.com *.facebook.com use.typekit.net api.omappapi.com www.pages08.net *.vimeo.com medias.tremblant.ca www.tremblant.ca mtnpowder.com bat.bing.com *.omtrdc.net aws-cdn.inntopia.com img.youtube.com a.opmnstr.com dashboard.engagefront.com api.trustyou.com assets.adobedtm.com rum-collector-2.pingdom.net www.google-analytics.com m.clarity.ms bam.nr-data.net tremblantwebcams.com p.typekit.net cookies.alterramtnco.com www.googletagmanager.com *.demdex.net cams.mtnfeed.com www.inntopia.travel photos.pixlee.co www.google.com adservice.google.com api.mapbox.com; form-action *.facebook.com www.google.com www.google.ca medias.tremblant.ca www.tremblant.ca www.pages08.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
application/javascript
Primary Request /
duanemorrisglobalaccess.sfrethcrons.com/
Redirect Chain
  • https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outloo...
  • https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
180 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Requested by
Host: www.tremblant.ca
URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.187.113.106 Central, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 28 Apr 2023 14:22:32 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store
content-length
259
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: g.clarity.ms analytics.google.com *.clarity.ms *.doubleclick.net events.mapbox.com *.tiktok.com www.google.ca v2.mtnfeed.com *.hotjar.com www.youtube.com *.facebook.com use.typekit.net api.omappapi.com www.pages08.net *.vimeo.com medias.tremblant.ca www.tremblant.ca mtnpowder.com bat.bing.com *.omtrdc.net aws-cdn.inntopia.com img.youtube.com a.opmnstr.com dashboard.engagefront.com api.trustyou.com assets.adobedtm.com rum-collector-2.pingdom.net www.google-analytics.com m.clarity.ms bam.nr-data.net tremblantwebcams.com p.typekit.net cookies.alterramtnco.com www.googletagmanager.com *.demdex.net cams.mtnfeed.com www.inntopia.travel photos.pixlee.co www.google.com adservice.google.com api.mapbox.com; form-action *.facebook.com www.google.com www.google.ca medias.tremblant.ca www.tremblant.ca www.pages08.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/html; charset=utf-8
date
Fri, 28 Apr 2023 14:22:30 GMT
expires
-1
location
https://ⓓuanemoⓡrisgloⓑalacⓒess.sfⓡethⓒrons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
pragma
no-cache
strict-transport-security
max-age=31536000
x-cdn
Imperva
x-iinfo
2-3438693-3430680 pNNN RT(1682691749419 172) q(0 1 1 -1) r(3 3) U11
_Incapsula_Resource
www.tremblant.ca/ 		1 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.tremblant.ca/_Incapsula_Resource?SWKMTFSR=1&e=0.598724876530186
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
content-security-policy-report-only
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: g.clarity.ms analytics.google.com *.clarity.ms *.doubleclick.net events.mapbox.com *.tiktok.com www.google.ca v2.mtnfeed.com *.hotjar.com www.youtube.com *.facebook.com use.typekit.net api.omappapi.com www.pages08.net *.vimeo.com medias.tremblant.ca www.tremblant.ca mtnpowder.com bat.bing.com *.omtrdc.net aws-cdn.inntopia.com img.youtube.com a.opmnstr.com dashboard.engagefront.com api.trustyou.com assets.adobedtm.com rum-collector-2.pingdom.net www.google-analytics.com m.clarity.ms bam.nr-data.net tremblantwebcams.com p.typekit.net cookies.alterramtnco.com www.googletagmanager.com *.demdex.net cams.mtnfeed.com www.inntopia.travel photos.pixlee.co www.google.com adservice.google.com api.mapbox.com; form-action *.facebook.com www.google.com www.google.ca medias.tremblant.ca www.tremblant.ca www.pages08.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/plain
_Incapsula_Resource
www.tremblant.ca/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.tremblant.ca
URL
https://www.tremblant.ca/_Incapsula_Resource?ES2LURCT=67&t=78&d=complete%20(s%3A1%2Cc%3A23%2Cr%3A1997)

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

5 Cookies

Domain/Path Name / Value
.tremblant.ca/ Name: visid_incap_877920
Value: Jcyc/u3jTvyW4rnHEwhtMqXWS2QAAAAAQUIPAAAAAAB5M2URXWLrWthqwSTJ9X9m
.tremblant.ca/ Name: incap_ses_8074_877920
Value: MXDRTMSMqB7yX4F77pwMcKXWS2QAAAAAguARqq78LNST8Fg/EwdApg==
www.tremblant.ca/ Name: tremblant#lang
Value: en
.tremblant.ca/ Name: sessionId
Value: 0d9b7fb6-de16-42fb-8405-c2349b3f4b53
.tremblant.ca/ Name: nlbi_877920
Value: 7MguDgDTmQ3rWHtoofr4YgAAAAD8bMkc50x3BDHvYAOORkgn

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

duanemorrisglobalaccess.sfrethcrons.com
www.tremblant.ca
www.tremblant.ca
20.187.113.106
45.60.121.134
9bf4d45863ecf8bfc79c50492376832ecb6255210820f35047784fd66c38c9e3
d02032286070b4dd9d8fbd985a7bdca8af8edf52b89ff177db3bfcb2c8a9c43d