![](/screenshots/c8ca7be4-852c-4c3c-8f85-0a57840f7930.png)
therecord.media
Open in
urlscan Pro
2606:4700:4400::6812:20b5
Public Scan
Effective URL: https://therecord.media/new-york-city-government-smishing-attack?is=fddd7500a68763510e252bf429e021eedaee1997e642c2c632ba...
Submission: On April 10 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 18th 2023. Valid for: a year.
This is the only time therecord.media was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 136.147.189.155 136.147.189.155 | 14340 (SALESFORCE) (SALESFORCE) | |
11 | 2606:4700:440... 2606:4700:4400::6812:20b5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.17.2.184 104.17.2.184 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 104.17.3.184 104.17.3.184 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
19 | 4 |
ASN14340 (SALESFORCE, US)
PTR: click.email.sans.org
click.email.sans.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
therecord.media
therecord.media — Cisco Umbrella Rank: 192109 |
267 KB |
4 |
cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 4630 |
27 KB |
1 |
sans.org
1 redirects
click.email.sans.org — Cisco Umbrella Rank: 802418 |
307 B |
19 | 3 |
Domain | Requested by | |
---|---|---|
11 | therecord.media |
therecord.media
|
4 | challenges.cloudflare.com |
therecord.media
challenges.cloudflare.com |
1 | click.email.sans.org | 1 redirects |
19 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-18 - 2024-05-17 |
a year | crt.sh |
challenges.cloudflare.com Cloudflare Inc ECC CA-3 |
2023-08-18 - 2024-08-17 |
a year | crt.sh |
This page contains 3 frames:
Primary Page:
https://therecord.media/new-york-city-government-smishing-attack?is=fddd7500a68763510e252bf429e021eedaee1997e642c2c632bafb6a16bb6d74
Frame ID: C78BDB9B9D1E31301DAF38FA5A1D93BD
Requests: 17 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/76afi/0x4AAAAAAADnOjc0PNeA8qVm/light/normal
Frame ID: C89F84BD534A1FAE15FF17ECF0036808
Requests: 1 HTTP requests in this frame
Frame:
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qyzca/0x4AAAAAAADnOjc0PNeA8qVm/light/normal
Frame ID: 314292BB78A185A9281A2C117B070A46
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/c8ca7be4-852c-4c3c-8f85-0a57840f7930.png)
Page Title
Just a moment...Page URL History Show full URLs
-
https://click.email.sans.org/?qs=c7eea00bf2a97ffc42805df41f767b0427e3a72372086d470ad8accb7c32f2ea162f3907...
HTTP 302
https://therecord.media/new-york-city-government-smishing-attack?is=fddd7500a68763510e252bf429e021ee... Page URL
- https://therecord.media/new-york-city-government-smishing-attack?is=fddd7500a68763510e252bf429e021ee... Page URL
Detected technologies
![](/vendor/wappa/icons/nuvem.png)
Detected patterns
- Nuvem
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://click.email.sans.org/?qs=c7eea00bf2a97ffc42805df41f767b0427e3a72372086d470ad8accb7c32f2ea162f3907c30a3a0cbea9cd6485ecc558894b8c64645e288a
HTTP 302
https://therecord.media/new-york-city-government-smishing-attack?is=fddd7500a68763510e252bf429e021eedaee1997e642c2c632bafb6a16bb6d74 Page URL
- https://therecord.media/new-york-city-government-smishing-attack?is=fddd7500a68763510e252bf429e021eedaee1997e642c2c632bafb6a16bb6d74 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://click.email.sans.org/?qs=c7eea00bf2a97ffc42805df41f767b0427e3a72372086d470ad8accb7c32f2ea162f3907c30a3a0cbea9cd6485ecc558894b8c64645e288a HTTP 302
- https://therecord.media/new-york-city-government-smishing-attack?is=fddd7500a68763510e252bf429e021eedaee1997e642c2c632bafb6a16bb6d74
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
new-york-city-government-smishing-attack
therecord.media/ Redirect Chain
|
17 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v1
therecord.media/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ |
392 KB 107 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
api.js
challenges.cloudflare.com/turnstile/v0/b/bcc5fb0a8815/ |
40 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
therecord.media/ |
15 KB 2 KB |
Image
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
894387f8-5cc7-4002-9e78-9acbbfeece24
https://therecord.media/ |
13 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
fe711fdafbe1c75
therecord.media/cdn-cgi/challenge-platform/h/b/flow/ov1/1935640720:1712722140:1LDhhEcdn_GDznxbCgwys_3uuWUqT6rzjvey9F1Z3iE/872007c82fc11e68/ |
15 KB 11 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/76afi/0x4AAAAAAADnOjc0PNeA8qVm/light/ Frame C89F |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
8e36a6f2-e9d1-4652-a4be-15c8ec89b3cb
https://therecord.media/ |
80 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
therecord.media/ |
15 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
fe711fdafbe1c75
therecord.media/cdn-cgi/challenge-platform/h/b/flow/ov1/1935640720:1712722140:1LDhhEcdn_GDznxbCgwys_3uuWUqT6rzjvey9F1Z3iE/872007c82fc11e68/ |
2 KB 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
new-york-city-government-smishing-attack
therecord.media/ |
16 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v1
therecord.media/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ |
395 KB 109 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
api.js
challenges.cloudflare.com/turnstile/v0/b/bcc5fb0a8815/ |
40 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
therecord.media/ |
15 KB 2 KB |
Image
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
3aaf7391-f194-4746-97d8-7afc816bde82
https://therecord.media/ |
13 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
cb1d0b7ecb93b87
therecord.media/cdn-cgi/challenge-platform/h/b/flow/ov1/1216545247:1712722072:u1v_vY2Kqi_qhLKEoSoI3VZqTmpKo4Tz4sGgwNuvEmI/872007dc7df71e68/ |
15 KB 11 KB |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
normal
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/qyzca/0x4AAAAAAADnOjc0PNeA8qVm/light/ Frame 3142 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
429cfd04-7dd9-4906-af76-d30022396c21
https://therecord.media/ |
80 B 0 |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
therecord.media/ |
15 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| _cf_chl_opt function| rQHZa5 function| wXagv3 function| PsSt8 function| HrjuF1 boolean| KaiqDo8 function| wYHO8 function| XxXBN3 function| rTya5 object| FvgJ7 object| CzJOu7 object| gKrrTp6 number| Dekg1 object| angular object| turnstile boolean| epUoWW3 string| tvUPr71 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
therecord.media/ | Name: cf_chl_rc_ni Value: 1 |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
challenges.cloudflare.com
click.email.sans.org
therecord.media
104.17.2.184
104.17.3.184
136.147.189.155
2606:4700:4400::6812:20b5
189f001fff5672a7ea81ded39d691aa173456bc3166989b3da0f1d17dce3f480
1d5d7571ddb9876d6bdb02c3291e62d788f660b71e6eb9d9032234a691db4680
44d67f420e330a9318e4260095b42f5c865da44bcd52b0a72cf8d367956f0e49
4ef964e096ae72a3aaf01ffa5104629993456df4bbd455d4186fc9ab4c4ceded
6c95a8f6647f75b4213678048a572173cf7b3db609b7fb3f860597501cb57fff
7ccd98a88e86b0209df128af5aaa98076e36e62376a46eab441941a24dd930b1
8860e7fef89219a219cb11d18bd8e4a322f32072613f86e935e7fe162ab69c04
8f1ad19042c2f9ee60c2de21f37f788af7b1ecccda8eec1d877f9b9c0e994370
9892053e531605a32d4f5a6f7065177b9938b0cab7c2d062f1973c27cdf535b8
d342728182a82e8d1a60e453e6edf617a25e5db0efa7d23c7771742d93c4ac50
f7e179752676d50f2dc5bd53e52c96f8c0712589d363f45699d28bf001d84796