urlscan.io logo urlscan.io
SecurityTrails logo

duanemorrisglobalaccess.sfrethcrons.com Open in urlscan Pro
20.187.113.106  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%9...
Effective URL: https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Submission: On May 01 via manual from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 20.187.113.106, located in Central, Hong Kong and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is duanemorrisglobalaccess.sfrethcrons.com.
TLS certificate: Issued by R3 on April 28th 2023. Valid for: 3 months.
This is the only time duanemorrisglobalaccess.sfrethcrons.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 5 45.60.121.134 19551 (INCAPSULA)
1 20.187.113.106 8075 (MICROSOFT...)
6 3
Apex Domain
Subdomains		 Transfer
5 tremblant.ca
www.tremblant.ca — Cisco Umbrella Rank: 529833
30 KB
1 sfrethcrons.com
duanemorrisglobalaccess.sfrethcrons.com
6 2
Domain Requested by
5 www.tremblant.ca 1 redirects www.tremblant.ca
1 duanemorrisglobalaccess.sfrethcrons.com www.tremblant.ca
6 2

This site contains no links.

Subject Issuer Validity Valid
www.tremblant.ca
DigiCert TLS RSA SHA256 2020 CA1		 2022-10-21 -
2023-11-17		 a year crt.sh
duanemorrisglobalaccess.sfrethcrons.com
R3		 2023-04-28 -
2023-07-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Frame ID: 2CF76FF28605FA0231DEDC8746476093
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo... Page URL
  2. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo... HTTP 302
    https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.pro... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

6
Requests

83 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

29 kB
Transfer

196 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint Page URL
  2. https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint HTTP 302
    https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ChangeCulture
www.tremblant.ca/Shared/LanguageSwitcher/ 		212 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d02032286070b4dd9d8fbd985a7bdca8af8edf52b89ff177db3bfcb2c8a9c43d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-cache, no-store
content-length
212
content-security-policy-report-only
form-action www.pages08.net www.tremblant.ca www.google.com medias.tremblant.ca *.facebook.com www.google.ca; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.tremblant.ca *.hotjar.com m.clarity.ms *.clarity.ms v2.mtnfeed.com www.google.com events.mapbox.com g.clarity.ms www.google.ca *.doubleclick.net rum-collector-2.pingdom.net medias.tremblant.ca bam.nr-data.net cookies.alterramtnco.com c4fyt.tremblant.ca *.vimeo.com *.omtrdc.net img.youtube.com bat.bing.com api.mapbox.com *.tiktok.com engagefront.theweathernetwork.com analytics.google.com adservice.google.com www.googletagmanager.com aws-cdn.inntopia.com api.omappapi.com use.typekit.net *.facebook.com dashboard.engagefront.com www.inntopia.travel www.pages08.net photos.pixlee.co *.everesttech.net *.demdex.net a.opmnstr.com www.google-analytics.com www.youtube.com cams.mtnfeed.com assets.adobedtm.com p.typekit.net api.trustyou.com tremblantwebcams.com mtnpowder.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/html
strict-transport-security
max-age=31536000
x-iinfo
8-30494009-0 0NNN RT(1682946999064 21) q(0 -1 -1 0) r(0 -1) B10(4,314,0) U18
_Incapsula_Resource
www.tremblant.ca/ 		196 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.tremblant.ca/_Incapsula_Resource?SWJIYLWA=5074a744e2e3d891814e9a2dace20bd4,719d34d31c8e3a6e6fffd425f7e032f3
Requested by
Host: www.tremblant.ca
URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b6cba2c5a970600c6a6d3bced5b7a44f382f53a2c3802abd6aaee1a32153d9e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
content-encoding
gzip
x-robots-tag
noindex
content-length
28673
content-security-policy-report-only
form-action www.pages08.net www.tremblant.ca www.google.com medias.tremblant.ca *.facebook.com www.google.ca; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.tremblant.ca *.hotjar.com m.clarity.ms *.clarity.ms v2.mtnfeed.com www.google.com events.mapbox.com g.clarity.ms www.google.ca *.doubleclick.net rum-collector-2.pingdom.net medias.tremblant.ca bam.nr-data.net cookies.alterramtnco.com c4fyt.tremblant.ca *.vimeo.com *.omtrdc.net img.youtube.com bat.bing.com api.mapbox.com *.tiktok.com engagefront.theweathernetwork.com analytics.google.com adservice.google.com www.googletagmanager.com aws-cdn.inntopia.com api.omappapi.com use.typekit.net *.facebook.com dashboard.engagefront.com www.inntopia.travel www.pages08.net photos.pixlee.co *.everesttech.net *.demdex.net a.opmnstr.com www.google-analytics.com www.youtube.com cams.mtnfeed.com assets.adobedtm.com p.typekit.net api.trustyou.com tremblantwebcams.com mtnpowder.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
application/javascript
_Incapsula_Resource
www.tremblant.ca/ 		29 B
58 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.tremblant.ca/_Incapsula_Resource?SWHANEDL=3706650265612067366,10652750300282797804,3036234185863879455,373687
Requested by
Host: www.tremblant.ca
URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
29
content-security-policy-report-only
form-action www.pages08.net www.tremblant.ca www.google.com medias.tremblant.ca *.facebook.com www.google.ca; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.tremblant.ca *.hotjar.com m.clarity.ms *.clarity.ms v2.mtnfeed.com www.google.com events.mapbox.com g.clarity.ms www.google.ca *.doubleclick.net rum-collector-2.pingdom.net medias.tremblant.ca bam.nr-data.net cookies.alterramtnco.com c4fyt.tremblant.ca *.vimeo.com *.omtrdc.net img.youtube.com bat.bing.com api.mapbox.com *.tiktok.com engagefront.theweathernetwork.com analytics.google.com adservice.google.com www.googletagmanager.com aws-cdn.inntopia.com api.omappapi.com use.typekit.net *.facebook.com dashboard.engagefront.com www.inntopia.travel www.pages08.net photos.pixlee.co *.everesttech.net *.demdex.net a.opmnstr.com www.google-analytics.com www.youtube.com cams.mtnfeed.com assets.adobedtm.com p.typekit.net api.trustyou.com tremblantwebcams.com mtnpowder.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
application/javascript
Primary Request /
duanemorrisglobalaccess.sfrethcrons.com/
Redirect Chain
  • https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.ou...
  • https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
180 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://duanemorrisglobalaccess.sfrethcrons.com/?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Requested by
Host: www.tremblant.ca
URL: https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.187.113.106 Central, Hong Kong, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 01 May 2023 13:16:41 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

cache-control
no-cache, no-store
content-length
259
content-security-policy-report-only
form-action www.pages08.net www.tremblant.ca www.google.com medias.tremblant.ca *.facebook.com www.google.ca; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.tremblant.ca *.hotjar.com m.clarity.ms *.clarity.ms v2.mtnfeed.com www.google.com events.mapbox.com g.clarity.ms www.google.ca *.doubleclick.net rum-collector-2.pingdom.net medias.tremblant.ca bam.nr-data.net cookies.alterramtnco.com c4fyt.tremblant.ca *.vimeo.com *.omtrdc.net img.youtube.com bat.bing.com api.mapbox.com *.tiktok.com engagefront.theweathernetwork.com analytics.google.com adservice.google.com www.googletagmanager.com aws-cdn.inntopia.com api.omappapi.com use.typekit.net *.facebook.com dashboard.engagefront.com www.inntopia.travel www.pages08.net photos.pixlee.co *.everesttech.net *.demdex.net a.opmnstr.com www.google-analytics.com www.youtube.com cams.mtnfeed.com assets.adobedtm.com p.typekit.net api.trustyou.com tremblantwebcams.com mtnpowder.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/html; charset=utf-8
date
Mon, 01 May 2023 13:16:40 GMT
expires
-1
location
https://ⓓuanemoⓡrisgloⓑalacⓒess.sfⓡethⓒrons.com?id=com.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
pragma
no-cache
strict-transport-security
max-age=31536000
x-cdn
Imperva
x-iinfo
8-30494009-30043044 pNNN RT(1682946999064 182) q(0 0 0 -1) r(3 3) U11
_Incapsula_Resource
www.tremblant.ca/ 		1 B
37 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.tremblant.ca/_Incapsula_Resource?SWKMTFSR=1&e=0.8391203568325938
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.121.134 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.tremblant.ca/Shared/LanguageSwitcher/ChangeCulture?culture=en&url=https://%E2%93%93uanemo%E2%93%A1risglo%E2%93%91alac%E2%93%92ess.sf%E2%93%A1eth%E2%93%92rons.com%3Fid%3Dcom.microsoft.outlook.msn.android.systematic.facebook.music.baracuda.proofpoint
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
content-security-policy-report-only
form-action www.pages08.net www.tremblant.ca www.google.com medias.tremblant.ca *.facebook.com www.google.ca; default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.tremblant.ca *.hotjar.com m.clarity.ms *.clarity.ms v2.mtnfeed.com www.google.com events.mapbox.com g.clarity.ms www.google.ca *.doubleclick.net rum-collector-2.pingdom.net medias.tremblant.ca bam.nr-data.net cookies.alterramtnco.com c4fyt.tremblant.ca *.vimeo.com *.omtrdc.net img.youtube.com bat.bing.com api.mapbox.com *.tiktok.com engagefront.theweathernetwork.com analytics.google.com adservice.google.com www.googletagmanager.com aws-cdn.inntopia.com api.omappapi.com use.typekit.net *.facebook.com dashboard.engagefront.com www.inntopia.travel www.pages08.net photos.pixlee.co *.everesttech.net *.demdex.net a.opmnstr.com www.google-analytics.com www.youtube.com cams.mtnfeed.com assets.adobedtm.com p.typekit.net api.trustyou.com tremblantwebcams.com mtnpowder.com; frame-ancestors 'self' ; report-uri /csp_report
content-type
text/plain
_Incapsula_Resource
www.tremblant.ca/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.tremblant.ca
URL
https://www.tremblant.ca/_Incapsula_Resource?ES2LURCT=67&t=78&d=complete%20(s%3A1%2Cc%3A45%2Cr%3A2255)

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

5 Cookies

Domain/Path Name / Value
.tremblant.ca/ Name: visid_incap_877920
Value: PHi8oH5ZTymYtNcRvaMyBbe7T2QAAAAAQUIPAAAAAACIH+tmZCg3oYhBkoaFW0m4
.tremblant.ca/ Name: incap_ses_358_877920
Value: CwN7ScCo/zFnYZpBGOD3BLe7T2QAAAAAv1GRSgR0losGFUJ5r6Ktqw==
www.tremblant.ca/ Name: tremblant#lang
Value: en
.tremblant.ca/ Name: sessionId
Value: f708436d-04bb-475b-95cc-ff8d1c06ece7
.tremblant.ca/ Name: nlbi_877920
Value: KBmEYBKgvRXq11GLofr4YgAAAACFmC1ALAHzjNRpPEIZvAjt

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

duanemorrisglobalaccess.sfrethcrons.com
www.tremblant.ca
www.tremblant.ca
20.187.113.106
45.60.121.134
b6cba2c5a970600c6a6d3bced5b7a44f382f53a2c3802abd6aaee1a32153d9e8
d02032286070b4dd9d8fbd985a7bdca8af8edf52b89ff177db3bfcb2c8a9c43d