vpnco2.santander.com.co Open in urlscan Pro
190.242.107.210  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://vpnco2.santander.com.co/ Page URL
2. https://vpnco2.santander.com.co/+CSCOE+/logon.html Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
-2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ vpnco2.santander.com.co/	315 B 1 KB	1026ms 165ms	Document text/html	190.242.107.210 COLUMBUS NETWORKS...
General Check archive.org Show headers Download Go to Full URL https://vpnco2.santander.com.co/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 190.242.107.210 Barranquilla, Colombia, ASN262191 (COLUMBUS NETWORKS COLOMBIA, CO), Reverse DNS Software / Resource Hash Security Headers Name Value Content-Security-Policy default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store Connection Keep-Alive Content-Security-Policy default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' Content-Type text/html; charset=utf-8 Date Mon, 11 Dec 2023 09:56:45 GMT Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains Transfer-Encoding chunked X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1
GET H/1.1	200 OK	Primary Request logon.html Show response vpnco2.santander.com.co/+CSCOE+/	7 KB 4 KB	169ms 169ms	Document text/html	190.242.107.210 COLUMBUS NETWORKS...
General Check archive.org Show headers Download Go to Full URL https://vpnco2.santander.com.co/+CSCOE+/logon.html Requested by Host: vpnco2.santander.com.co URL: https://vpnco2.santander.com.co/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 190.242.107.210 Barranquilla, Colombia, ASN262191 (COLUMBUS NETWORKS COLOMBIA, CO), Reverse DNS Software / Resource Hash c474890feb32dd0eb9796087b34915437a030e3efe8723e41ae37186c1db01da Security Headers Name Value Content-Security-Policy default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1 Request headers Referer https://vpnco2.santander.com.co/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store Connection Keep-Alive Content-Encoding gzip Content-Security-Policy default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' Content-Type text/html; charset=utf-8 Date Mon, 11 Dec 2023 09:56:45 GMT Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains Transfer-Encoding chunked X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1
GET		portal.css vpnco2.santander.com.co/+CSCOU+/	0 0
GET		logon_custom.css vpnco2.santander.com.co/+CSCOE+/	0 0
GET		win.js vpnco2.santander.com.co/+CSCOE+/	0 0
GET		csco_logo.gif vpnco2.santander.com.co/+CSCOU+/	0 0
GET		gradient.gif vpnco2.santander.com.co/+CSCOU+/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

vpnco2.santander.com.co

URL

https://vpnco2.santander.com.co/+CSCOU+/portal.css

Domain

vpnco2.santander.com.co

URL

https://vpnco2.santander.com.co/+CSCOE+/logon_custom.css

Domain

vpnco2.santander.com.co

URL

https://vpnco2.santander.com.co/+CSCOE+/win.js

Domain

vpnco2.santander.com.co

URL

https://vpnco2.santander.com.co/+CSCOU+/csco_logo.gif

Domain

vpnco2.santander.com.co

URL

https://vpnco2.santander.com.co/+CSCOU+/gradient.gif?r=255&g=255&b=255

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture number| blinkCounter object| dap function| scrollToLogonForm function| dap_message function| blinkDapMessage function| showDapMessage function| hideDapMessage function| base64_encode function| updateLogonForm function| PrefillError function| CSCO_Format function| disableButton function| validate_username

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			vpnco2.santander.com.co/	1969-12-31 23:59:59	Name: webvpnlogin Value: 1
			vpnco2.santander.com.co/	1969-12-31 23:59:59	Name: webvpnLang Value: en

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://vpnco2.santander.com.co/ Message: The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://vpnco2.santander.com.co/+CSCOE+/logon.html Message: The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://vpnco2.santander.com.co/+CSCOE+/logon.html(Line 143) Message: Refused to load the stylesheet 'https://vpnco2.santander.com.co/+CSCOU+/portal.css' because it violates the following Content Security Policy directive: "default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://vpnco2.santander.com.co/+CSCOE+/logon.html(Line 144) Message: Refused to load the stylesheet 'https://vpnco2.santander.com.co/+CSCOE+/logon_custom.css' because it violates the following Content Security Policy directive: "default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:". Note that 'style-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://vpnco2.santander.com.co/+CSCOE+/logon.html Message: Refused to load the script 'https://vpnco2.santander.com.co/+CSCOE+/win.js' because it violates the following Content Security Policy directive: "default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:". Note that 'script-src-elem' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: about:blank Message: The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security	error	URL: https://vpnco2.santander.com.co/+CSCOE+/logon.html(Line 271) Message: Refused to load the image 'https://vpnco2.santander.com.co/+CSCOU+/csco_logo.gif' because it violates the following Content Security Policy directive: "default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://vpnco2.santander.com.co/+CSCOE+/logon.html(Line 271) Message: Refused to load the image 'https://vpnco2.santander.com.co/+CSCOU+/gradient.gif?r=255&g=255&b=255' because it violates the following Content Security Policy directive: "default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://vpnco2.santander.com.co/+CSCOE+/logon.html(Line 242) Message: Refused to frame 'https://vpnco2.santander.com.co/+CSCOE+/blank.html' because it violates the following Content Security Policy directive: "default-src data: blob:". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

vpnco2.santander.com.co
vpnco2.santander.com.co
190.242.107.210
c474890feb32dd0eb9796087b34915437a030e3efe8723e41ae37186c1db01da
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855