flotadiscodev.dtop.pr.gov Open in urlscan Pro
196.3.10.202 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://flotadiscodev.dtop.pr.gov/
Submission Tags: phishingrod
Submission: On August 25 via api (August 25th 2023, 5:52:16 pm UTC) from DE — Scanned from DE

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 196.3.10.202, located in Puerto Rico and belongs to NUSTREAM-COMMUNICATIONS, PR. The main domain is flotadiscodev.dtop.pr.gov.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on September 22nd 2022. Valid for: a year.

This is the only time flotadiscodev.dtop.pr.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
7	196.3.10.202 196.3.10.202		18895 (NUSTREAM-...) (NUSTREAM-COMMUNICATIONS)
7	2

7 196.3.10.202 (Puerto Rico)

ASN18895 (NUSTREAM-COMMUNICATIONS, PR)

flotadiscodev.dtop.pr.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	pr.gov flotadiscodev.dtop.pr.gov	878 KB
7	1

	Domain	Requested by
7	flotadiscodev.dtop.pr.gov	flotadiscodev.dtop.pr.gov
7	1

This site contains no links.

Subject Issuer	Validity	Valid
*.dtop.pr.gov DigiCert TLS RSA SHA256 2020 CA1	`2022-09-22` - `2023-09-26`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://flotadiscodev.dtop.pr.gov/
Frame ID: 70C5BDFD59E6BC5F0EE67155A12EE37F
Requests: 8 HTTP requests in this frame

Frame: https://flotadiscodev.dtop.pr.gov/auth/realms/dtop/protocol/openid-connect/login-status-iframe.html
Frame ID: F153D31CA51730D141FA026864DF9575
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Flotas DISCO

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

878 kB
Transfer

890 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
flotadiscodev.dtop.pr.gov/ 2 KB
3 KB 800ms
343ms Document
text/html 196.3.10.202
NUSTREAM-COMMUNIC...

General

Check archive.org

Show headers Download Go to

Full URL

https://flotadiscodev.dtop.pr.gov/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

196.3.10.202 , Puerto Rico, ASN18895 (NUSTREAM-COMMUNICATIONS, PR),

Reverse DNS

Software

nginx/1.14.1 /

Resource Hash

859f194e220b1fa56915923d2892d00dcfca872a43c8bd2eb735ccce4079a756

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-language: de-DE
content-length: 2221
content-type: text/html
date: Fri, 25 Aug 2023 19:11:47 GMT
expires: 0
last-modified: Tue, 13 Sep 2022 18:05:32 GMT
pragma: no-cache
server: nginx/1.14.1
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 2.9c836563.chunk.css
flotadiscodev.dtop.pr.gov/static/css/ 13 KB
13 KB 293ms
292ms Stylesheet
text/css 196.3.10.202
NUSTREAM-COMMUNIC...

General

Check archive.org

Show headers Download Go to

Full URL

https://flotadiscodev.dtop.pr.gov/static/css/2.9c836563.chunk.css

Requested by

Host: flotadiscodev.dtop.pr.gov
URL: https://flotadiscodev.dtop.pr.gov/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

196.3.10.202 , Puerto Rico, ASN18895 (NUSTREAM-COMMUNICATIONS, PR),

Reverse DNS

Software

nginx/1.14.1 /

Resource Hash

67569ade3c53f16b58ebe23f25d43e2ee0e5b3779c066ae629a92cd0e72aee6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://flotadiscodev.dtop.pr.gov/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 19:11:47 GMT
x-content-type-options: nosniff
last-modified: Tue, 13 Sep 2022 18:05:32 GMT
server: nginx/1.14.1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: DENY
content-type: text/css
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 13090
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 main.7c6ade27.chunk.css
flotadiscodev.dtop.pr.gov/static/css/ 154 KB
155 KB 1306ms
1305ms Stylesheet
text/css 196.3.10.202
NUSTREAM-COMMUNIC...

General

Check archive.org

Show headers Download Go to

Full URL

https://flotadiscodev.dtop.pr.gov/static/css/main.7c6ade27.chunk.css

Requested by

Host: flotadiscodev.dtop.pr.gov
URL: https://flotadiscodev.dtop.pr.gov/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

196.3.10.202 , Puerto Rico, ASN18895 (NUSTREAM-COMMUNICATIONS, PR),

Reverse DNS

Software

nginx/1.14.1 /

Resource Hash

87c3e7bf1355f24355c49a1e789652e70f5cbcd821b7d3983108f5b951f41b96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://flotadiscodev.dtop.pr.gov/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 19:11:47 GMT
x-content-type-options: nosniff
last-modified: Tue, 13 Sep 2022 18:05:32 GMT
server: nginx/1.14.1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: DENY
content-type: text/css
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 158007
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 2.a7fa7458.chunk.js Show response
flotadiscodev.dtop.pr.gov/static/js/ 627 KB
628 KB 293ms
293ms Script
application/javascript 196.3.10.202
NUSTREAM-COMMUNIC...

General

Check archive.org

Show headers Download Go to

Full URL

https://flotadiscodev.dtop.pr.gov/static/js/2.a7fa7458.chunk.js

Requested by

Host: flotadiscodev.dtop.pr.gov
URL: https://flotadiscodev.dtop.pr.gov/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

196.3.10.202 , Puerto Rico, ASN18895 (NUSTREAM-COMMUNICATIONS, PR),

Reverse DNS

Software

nginx/1.14.1 /

Resource Hash

239751054c5b98074959f28fef4d75f00953a37a526375059efe9bfdaa669636

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://flotadiscodev.dtop.pr.gov/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 19:11:47 GMT
x-content-type-options: nosniff
last-modified: Tue, 13 Sep 2022 18:05:32 GMT
server: nginx/1.14.1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: DENY
content-type: application/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 641929
x-xss-protection: 1; mode=block
expires: 0

GET
H2 200 main.7e528c6d.chunk.js Show response
flotadiscodev.dtop.pr.gov/static/js/ 68 KB
69 KB 9284ms
9283ms Script
application/javascript 196.3.10.202
NUSTREAM-COMMUNIC...

General

Check archive.org

Show headers Download Go to

Full URL

https://flotadiscodev.dtop.pr.gov/static/js/main.7e528c6d.chunk.js

Requested by

Host: flotadiscodev.dtop.pr.gov
URL: https://flotadiscodev.dtop.pr.gov/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

196.3.10.202 , Puerto Rico, ASN18895 (NUSTREAM-COMMUNICATIONS, PR),

Reverse DNS

Software

nginx/1.14.1 /

Resource Hash

31349a3c0f80de6f343306380d2dae1e6d3408a23968e6e827cf5c4c3e213f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://flotadiscodev.dtop.pr.gov/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 19:11:47 GMT
x-content-type-options: nosniff
last-modified: Tue, 13 Sep 2022 18:05:32 GMT
server: nginx/1.14.1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: DENY
content-type: application/javascript
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 69945
x-xss-protection: 1; mode=block
expires: 0

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f8ac3df16e92dae17625c7b70b99e4a651d02d3bfcfd07fea9cdaae0445894d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 empresa.1d96d7a3.png
flotadiscodev.dtop.pr.gov/static/media/ 10 KB
11 KB 444ms
444ms Image
image/png 196.3.10.202
NUSTREAM-COMMUNIC...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://flotadiscodev.dtop.pr.gov/static/media/empresa.1d96d7a3.png

Requested by

Host: flotadiscodev.dtop.pr.gov
URL: https://flotadiscodev.dtop.pr.gov/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

196.3.10.202 , Puerto Rico, ASN18895 (NUSTREAM-COMMUNICATIONS, PR),

Reverse DNS

Software

nginx/1.14.1 /

Resource Hash

00403d14041e697e4f75126aff27f58a6e2e6faf7bc05353f0c25e6802765342

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://flotadiscodev.dtop.pr.gov/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 25 Aug 2023 19:11:58 GMT
x-content-type-options: nosniff
last-modified: Tue, 13 Sep 2022 18:05:32 GMT
server: nginx/1.14.1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options: DENY
content-type: image/png
cache-control: no-cache, no-store, max-age=0, must-revalidate
accept-ranges: bytes
content-length: 10649
x-xss-protection: 1; mode=block
expires: 0

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a9923b49a77aba200f710d31cfc4136b22717282e911fa3a741c72767e11b99f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 502 login-status-iframe.html Show response
flotadiscodev.dtop.pr.gov/auth/realms/dtop/protocol/openid-connect/ Frame F153 575 B
647 B 145ms
145ms Document
text/html 196.3.10.202
NUSTREAM-COMMUNIC...

General

Check archive.org

Show headers Download Go to

Full URL: https://flotadiscodev.dtop.pr.gov/auth/realms/dtop/protocol/openid-connect/login-status-iframe.html
Requested by: Host: flotadiscodev.dtop.pr.gov
URL: https://flotadiscodev.dtop.pr.gov/static/js/2.a7fa7458.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 196.3.10.202 , Puerto Rico, ASN18895 (NUSTREAM-COMMUNICATIONS, PR),
Reverse DNS
Software: nginx/1.14.1 /
Resource Hash: 496842ea3c8f16ac21ce9b42cd1636b6fe4f165bccfa25c45299ed0baec84b7b

Request headers

Referer: https://flotadiscodev.dtop.pr.gov/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 575
content-type: text/html
date: Fri, 25 Aug 2023 19:11:58 GMT
server: nginx/1.14.1

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://flotadiscodev.dtop.pr.gov/auth/realms/dtop/protocol/openid-connect/login-status-iframe.html Message: Failed to load resource: the server responded with a status of 502 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

flotadiscodev.dtop.pr.gov
196.3.10.202
00403d14041e697e4f75126aff27f58a6e2e6faf7bc05353f0c25e6802765342
239751054c5b98074959f28fef4d75f00953a37a526375059efe9bfdaa669636
31349a3c0f80de6f343306380d2dae1e6d3408a23968e6e827cf5c4c3e213f97
496842ea3c8f16ac21ce9b42cd1636b6fe4f165bccfa25c45299ed0baec84b7b
67569ade3c53f16b58ebe23f25d43e2ee0e5b3779c066ae629a92cd0e72aee6b
859f194e220b1fa56915923d2892d00dcfca872a43c8bd2eb735ccce4079a756
87c3e7bf1355f24355c49a1e789652e70f5cbcd821b7d3983108f5b951f41b96
a9923b49a77aba200f710d31cfc4136b22717282e911fa3a741c72767e11b99f
f8ac3df16e92dae17625c7b70b99e4a651d02d3bfcfd07fea9cdaae0445894d2

flotadiscodev.dtop.pr.gov Open in urlscan Pro 196.3.10.202 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

878 kBTransfer

890 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

flotadiscodev.dtop.pr.gov Open in urlscan Pro
196.3.10.202 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

878 kB
Transfer

890 kB
Size

0
Cookies

7 HTTP transactions
2 data transactions