kdvr.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 6 HTTP transactions. The main IP is 151.101.65.91, located in San Francisco, United States and belongs to FASTLY, US. The main domain is kdvr.com. The Cisco Umbrella rank of the primary domain is 147050.
TLS certificate: Issued by R3 on March 4th 2024. Valid for: 3 months.

This is the only time kdvr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1 1	52.202.100.214 52.202.100.214	14618 (AMAZON-AES) (AMAZON-AES)
5	151.101.65.91 151.101.65.91	54113 (FASTLY) (FASTLY)
6	2

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.100.214 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-100-214.compute-1.amazonaws.com

trib.al	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.65.91 (San Francisco, United States)

ASN54113 (FASTLY, US)

kdvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	kdvr.com kdvr.com — Cisco Umbrella Rank: 147050	64 KB
1	trib.al 1 redirects trib.al — Cisco Umbrella Rank: 29934	212 B
1	t.co t.co — Cisco Umbrella Rank: 678	546 B
6	3

	Domain	Requested by
5	kdvr.com	t.co kdvr.com
1	trib.al	1 redirects
1	t.co
6	3

This site contains links to these domains. Also see Links.

Domain
www.nexstar.tv

Subject Issuer	Validity	Valid
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-07` - `2025-01-06`	a year	crt.sh
kdvr.com R3	`2024-03-04` - `2024-06-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
Frame ID: 44A0FB3463FA14DBF2FD912868B80185
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Access Restricted

Page URL History Show full URLs

https://t.co/A1f9Wh9K4i Page URL
https://trib.al/KVNo7gI HTTP 301
https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm... Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PerimeterX (Security) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

65 kB
Transfer

63 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nexstar.tv/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/A1f9Wh9K4i Page URL
https://trib.al/KVNo7gI HTTP 301
https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 A1f9Wh9K4i
t.co/ 224 B
546 B 231ms
143ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/A1f9Wh9K4i

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 176
content-type: text/html; charset=utf-8
date: Tue, 30 Apr 2024 12:50:57 GMT
expires: Tue, 30 Apr 2024 12:55:58 GMT
perf: 7402827104
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 0dbd85932088abc2028c082c80cac478a559b3915318ac83785e9d69b705e5f6
x-response-time: 121
x-transaction-id: 040000ce8311df6c
x-xss-protection: 0

GET
H2

451

Primary Request / Show response
kdvr.com/news/local/new-scam-impersonates-xfinity-workers/
Redirect Chain

https://trib.al/KVNo7gI
https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral

3 KB
4 KB

540ms
461ms

Document
text/html

151.101.65.91
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
Requested by: Host: t.co
URL: https://t.co/A1f9Wh9K4i
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.91 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx / WordPress VIP <https://wpvip.com>
Resource Hash: 95b42e8ccd97136538c39c0c78a71232c539935b5c1f098fc7c172cf05405835

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://t.co/A1f9Wh9K4i
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
content-type: text/html; charset=UTF-8
date: Tue, 30 Apr 2024 12:50:59 GMT
fastly-restarts: 1
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://kdvr.com/wp-json/>; rel="https://api.w.org/" <https://kdvr.com/wp-json/wp/v2/posts/2857232>; rel="alternate"; type="application/json" <https://kdvr.com/?p=2857232>; rel=shortlink
server: nginx
state: PASS
vary: X-Country-Code
via: 1.1 varnish
x-cache: MISS, MISS
x-cache-hits: 0
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn2 111 254 443
x-served-by: cache-fra-etou8220027-FRA
x-timer: S1714481459.629174,VS0,VE441

Redirect headers

cache-control: private, max-age=0, no-cache
content-length: 329
content-type: text/html;charset=utf-8
date: Tue, 30 Apr 2024 12:50:58 GMT
location: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
server: CherryPy/7.1.0

GET
H2 200 header-logo-sept-2021.png
kdvr.com/wp-content/uploads/sites/11/2021/09/ 26 KB
26 KB 22ms
22ms Image
image/webp 151.101.65.91
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kdvr.com/wp-content/uploads/sites/11/2021/09/header-logo-sept-2021.png?strip=1
Requested by: Host: kdvr.com
URL: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.91 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6713dce782ef9cecb2e8a2dc1f44a59e87091fb9a191ec545fea23f541795ca3

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220027-FRA
x-rq: hhn2 109 139 443
date: Tue, 30 Apr 2024 12:50:59 GMT
via: 1.1 varnish
last-modified: Tue, 16 Apr 2024 00:25:50 GMT
server: nginx
x-timer: S1714481459.097760,VS0,VE1
etag: "529e0389ae176e84"
state: PASS
x-cache: HIT, MISS
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes, bytes
content-length: 26924
x-cache-hits: 0

GET
H2 200 footer-logos-dec-2023.png
kdvr.com/wp-content/uploads/sites/11/2023/12/ 25 KB
25 KB 22ms
21ms Image
image/webp 151.101.65.91
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kdvr.com/wp-content/uploads/sites/11/2023/12/footer-logos-dec-2023.png?strip=1
Requested by: Host: kdvr.com
URL: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.91 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 3e24684484bf009701c736a851370fa7d1ed59eb6d3f3d1c0cf2bd2e7ef09e70

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220027-FRA
x-rq: hhn2 109 32 443
date: Tue, 30 Apr 2024 12:50:59 GMT
via: 1.1 varnish
last-modified: Tue, 16 Apr 2024 00:25:50 GMT
server: nginx
x-timer: S1714481459.097739,VS0,VE1
etag: "7771992b5876b451"
state: PASS
x-cache: HIT, MISS
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes, bytes
content-length: 25580
x-cache-hits: 0

GET
H2 200 nexstar-logo-white-nmg.png
kdvr.com/wp-content/themes/nexstar/client/src/images/footer/ 8 KB
9 KB 34ms
34ms Image
image/png 151.101.65.91
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kdvr.com/wp-content/themes/nexstar/client/src/images/footer/nexstar-logo-white-nmg.png
Requested by: Host: kdvr.com
URL: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.91 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6aecc150c510c5194c1a5412ef752a105add2714f009ff443265a6d1e7c0ea69

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220027-FRA
x-rq: hhn2 111 253 443
date: Tue, 30 Apr 2024 12:50:59 GMT
via: 1.1 varnish
last-modified: Mon, 13 Mar 2023 13:56:39 GMT
server: nginx
x-timer: S1714481459.107895,VS0,VE1
etag: "640f2b97-21d0"
state: PASS
x-cache: HIT, MISS
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 8656
x-cache-hits: 0

GET
H2 200 favicon.ico
kdvr.com/ 198 B
322 B 22ms
21ms Other
image/x-icon 151.101.65.91
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://kdvr.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.91 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-etou8220027-FRA
x-rq: hhn2 85 188 443
date: Tue, 30 Apr 2024 12:50:59 GMT
via: 1.1 varnish
last-modified: Tue, 20 Feb 2024 10:27:36 GMT
server: nginx
x-timer: S1714481459.145026,VS0,VE1
etag: "65d47e98-c6"
state: PASS
x-cache: HIT, MISS
content-type: image/x-icon
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 198
x-cache-hits: 0

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.t.co/	1970-01-21 05:44:55	Name: muc Value: f9c0e4a8-14ad-4db9-9c4b-516d2f1f9b4b
			kdvr.com/	1970-01-21 05:00:17	Name: _pxhd Value: 0e7e4b20d6839c09b3b24da5d307b7bf494f2d8fa18e4f622eed71338599bf6b:4aa9b52a-06f0-11ef-8a54-d10fcea61366

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://kdvr.com/news/local/new-scam-impersonates-xfinity-workers/?utm_source=twitter.com&utm_campaign=socialflow&utm_medium=referral Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

kdvr.com
t.co
trib.al
104.244.42.133
151.101.65.91
52.202.100.214
3e24684484bf009701c736a851370fa7d1ed59eb6d3f3d1c0cf2bd2e7ef09e70
6713dce782ef9cecb2e8a2dc1f44a59e87091fb9a191ec545fea23f541795ca3
6aecc150c510c5194c1a5412ef752a105add2714f009ff443265a6d1e7c0ea69
95b42e8ccd97136538c39c0c78a71232c539935b5c1f098fc7c172cf05405835
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

kdvr.com Open in urlscan Pro 151.101.65.91 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

65 kBTransfer

63 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

1 Console Messages

Security Headers

Indicators

kdvr.com Open in urlscan Pro
151.101.65.91 Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

65 kB
Transfer

63 kB
Size

2
Cookies

6 HTTP transactions
0 data transactions