urlscan.io logo urlscan.io
SecurityTrails logo

duanemorrisglobalaccess.sfrethcrons.com Open in urlscan Pro
20.187.113.106  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%9...
Effective URL: https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Submission: On May 01 via manual from IN — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 20.187.113.106, located in Central, Hong Kong and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is duanemorrisglobalaccess.sfrethcrons.com.
TLS certificate: Issued by R3 on April 28th 2023. Valid for: 3 months.
This is the only time duanemorrisglobalaccess.sfrethcrons.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 45.60.121.134 19551 (INCAPSULA)
1 20.187.113.106 8075 (MICROSOFT...)
6 3
Apex Domain
Subdomains		 Transfer
5 tremblant.ca
www.tremblant.ca — Cisco Umbrella Rank: 529833
30 KB
1 sfrethcrons.com
duanemorrisglobalaccess.sfrethcrons.com
6 2
Domain Requested by
5 www.tremblant.ca 1 redirects www.tremblant.ca
1 duanemorrisglobalaccess.sfrethcrons.com www.tremblant.ca
6 2

This site contains no links.

Subject Issuer Validity Valid
www.tremblant.ca
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-21 -
2023-11-17		 a year crt.sh
duanemorrisglobalaccess.sfrethcrons.com
R3		 2023-04-28 -
2023-07-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Frame ID: 2FB6B1C91144267669E93269789F41F8
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo... Page URL
  2. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo... HTTP 302
    https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.pro... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

29 kB
Transfer

194 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint Page URL
  2. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint HTTP 302
    https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ChangeCulture
www.tremblant.ca/Shared/LanguageSwitcher/ 		212 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d02032286070b4dd9d8fbd985a7bdca8af8edf52b89ff177db3bfcb2c8a9c43d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store
content-length
212
content-security-policy-report-only
form-action www.google.ca medias.tremblant.ca www.pages08.net www.tremblant.ca www.google.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: img.youtube.com www.google.com www.google-analytics.com www.tremblant.ca *.hotjar.com bam.nr-data.net aws-cdn.inntopia.com api.trustyou.com medias.tremblant.ca dashboard.engagefront.com use.typekit.net cams.mtnfeed.com events.mapbox.com *.doubleclick.net v2.mtnfeed.com mtnpowder.com www.google.ca cookies.alterramtnco.com engagefront.theweathernetwork.com a.opmnstr.com analytics.google.com *.demdex.net *.clarity.ms www.youtube.com g.clarity.ms www.pages08.net *.vimeo.com tremblantwebcams.com api.mapbox.com *.everesttech.net c4fyt.tremblant.ca assets.adobedtm.com m.clarity.ms api.omappapi.com rum-collector-2.pingdom.net www.inntopia.travel www.googletagmanager.com p.typekit.net photos.pixlee.co *.tiktok.com bat.bing.com *.omtrdc.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/html
strict-transport-security
max-age=31536000
x-iinfo
10-46586894-0 0NNN RT(1682921972624 20) q(0 -1 -1 0) r(0 -1) B10(4,314,0) U18
_Incapsula_Resource
www.tremblant.ca/ 		194 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tremblant.ca/_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3
Requested by
Host: www.tremblant.ca
URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
92c97392fefa2f15f1abd4b6263f9c84d0c620625419b1264fef743354d67242
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
content-encoding
gzip
x-robots-tag
noindex
content-length
28337
content-security-policy-report-only
form-action www.google.ca medias.tremblant.ca www.pages08.net www.tremblant.ca www.google.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: img.youtube.com www.google.com www.google-analytics.com www.tremblant.ca *.hotjar.com bam.nr-data.net aws-cdn.inntopia.com api.trustyou.com medias.tremblant.ca dashboard.engagefront.com use.typekit.net cams.mtnfeed.com events.mapbox.com *.doubleclick.net v2.mtnfeed.com mtnpowder.com www.google.ca cookies.alterramtnco.com engagefront.theweathernetwork.com a.opmnstr.com analytics.google.com *.demdex.net *.clarity.ms www.youtube.com g.clarity.ms www.pages08.net *.vimeo.com tremblantwebcams.com api.mapbox.com *.everesttech.net c4fyt.tremblant.ca assets.adobedtm.com m.clarity.ms api.omappapi.com rum-collector-2.pingdom.net www.inntopia.travel www.googletagmanager.com p.typekit.net photos.pixlee.co *.tiktok.com bat.bing.com *.omtrdc.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
application/javascript
_Incapsula_Resource
www.tremblant.ca/ 		29 B
58 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.tremblant.ca/_Incapsula_Resource?SWHANEDL=2104939149594580512,2557023070167054894,15125751654733499510,344200
Requested by
Host: www.tremblant.ca
URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
29
content-security-policy-report-only
form-action www.google.ca medias.tremblant.ca www.pages08.net www.tremblant.ca www.google.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: img.youtube.com www.google.com www.google-analytics.com www.tremblant.ca *.hotjar.com bam.nr-data.net aws-cdn.inntopia.com api.trustyou.com medias.tremblant.ca dashboard.engagefront.com use.typekit.net cams.mtnfeed.com events.mapbox.com *.doubleclick.net v2.mtnfeed.com mtnpowder.com www.google.ca cookies.alterramtnco.com engagefront.theweathernetwork.com a.opmnstr.com analytics.google.com *.demdex.net *.clarity.ms www.youtube.com g.clarity.ms www.pages08.net *.vimeo.com tremblantwebcams.com api.mapbox.com *.everesttech.net c4fyt.tremblant.ca assets.adobedtm.com m.clarity.ms api.omappapi.com rum-collector-2.pingdom.net www.inntopia.travel www.googletagmanager.com p.typekit.net photos.pixlee.co *.tiktok.com bat.bing.com *.omtrdc.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
application/javascript
Primary Request /
duanemorrisglobalaccess.sfrethcrons.com/
Redirect Chain
  • https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.ou...
  • https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
180 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Requested by
Host: www.tremblant.ca
URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.187.113.106 Central, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 01 May 2023 06:19:34 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store
content-length
259
content-security-policy-report-only
form-action www.google.ca medias.tremblant.ca www.pages08.net www.tremblant.ca www.google.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: img.youtube.com www.google.com www.google-analytics.com www.tremblant.ca *.hotjar.com bam.nr-data.net aws-cdn.inntopia.com api.trustyou.com medias.tremblant.ca dashboard.engagefront.com use.typekit.net cams.mtnfeed.com events.mapbox.com *.doubleclick.net v2.mtnfeed.com mtnpowder.com www.google.ca cookies.alterramtnco.com engagefront.theweathernetwork.com a.opmnstr.com analytics.google.com *.demdex.net *.clarity.ms www.youtube.com g.clarity.ms www.pages08.net *.vimeo.com tremblantwebcams.com api.mapbox.com *.everesttech.net c4fyt.tremblant.ca assets.adobedtm.com m.clarity.ms api.omappapi.com rum-collector-2.pingdom.net www.inntopia.travel www.googletagmanager.com p.typekit.net photos.pixlee.co *.tiktok.com bat.bing.com *.omtrdc.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/html; charset=utf-8
date
Mon, 01 May 2023 06:19:33 GMT
expires
-1
location
https://ⓓuanemoⓡrisgloⓑalacⓒess.sfⓡethⓒrons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
pragma
no-cache
strict-transport-security
max-age=31536000
x-cdn
Imperva
x-iinfo
10-46586894-46520699 pNNN RT(1682921972624 137) q(0 0 0 -1) r(3 3) U11
_Incapsula_Resource
www.tremblant.ca/ 		1 B
37 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.tremblant.ca/_Incapsula_Resource?SWKMTFSR=1&e=0.3950591980196112
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
content-security-policy-report-only
form-action www.google.ca medias.tremblant.ca www.pages08.net www.tremblant.ca www.google.com *.facebook.com; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: img.youtube.com www.google.com www.google-analytics.com www.tremblant.ca *.hotjar.com bam.nr-data.net aws-cdn.inntopia.com api.trustyou.com medias.tremblant.ca dashboard.engagefront.com use.typekit.net cams.mtnfeed.com events.mapbox.com *.doubleclick.net v2.mtnfeed.com mtnpowder.com www.google.ca cookies.alterramtnco.com engagefront.theweathernetwork.com a.opmnstr.com analytics.google.com *.demdex.net *.clarity.ms www.youtube.com g.clarity.ms www.pages08.net *.vimeo.com tremblantwebcams.com api.mapbox.com *.everesttech.net c4fyt.tremblant.ca assets.adobedtm.com m.clarity.ms api.omappapi.com rum-collector-2.pingdom.net www.inntopia.travel www.googletagmanager.com p.typekit.net photos.pixlee.co *.tiktok.com bat.bing.com *.omtrdc.net; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/plain
_Incapsula_Resource
www.tremblant.ca/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.tremblant.ca
URL
https://www.tremblant.ca/_Incapsula_Resource?ES2LURCT=67&t=78&d=complete%20(s%3A0%2Cc%3A22%2Cr%3A1229)

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

5 Cookies

Domain/Path Name / Value
.tremblant.ca/ Name: visid_incap_877920
Value: sl1VwzlxTwu+z59g3Dy0hPRZT2QAAAAAQUIPAAAAAAAA/zVqQuvmSVokcvx+gPw0
.tremblant.ca/ Name: incap_ses_1450_877920
Value: xJ+NOIO1E0aBrX8K3W8fFPRZT2QAAAAASYUjieceloVuwBdF4x7N8Q==
www.tremblant.ca/ Name: tremblant#lang
Value: en
.tremblant.ca/ Name: sessionId
Value: 31e9a798-de16-422b-a1af-594680aab6e9
.tremblant.ca/ Name: nlbi_877920
Value: oJi7Vkr2AiZrKOnoofr4YgAAAABGtofsDBlDb5cHkJfXmOy1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

duanemorrisglobalaccess.sfrethcrons.com
www.tremblant.ca
www.tremblant.ca
20.187.113.106
45.60.121.134
92c97392fefa2f15f1abd4b6263f9c84d0c620625419b1264fef743354d67242
d02032286070b4dd9d8fbd985a7bdca8af8edf52b89ff177db3bfcb2c8a9c43d