prometeo.apps.bancolombia.com Open in urlscan Pro
13.224.99.73 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://prometeo.apps.bancolombia.com/
Submission: On July 18 via automatic, source certstream-suspicious (July 18th 2021, 3:52:59 pm UTC)

Summary HTTP 35 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 4 domains to perform 35 HTTP transactions. The main IP is 13.224.99.73, located in United States and belongs to AMAZON-02, US. The main domain is prometeo.apps.bancolombia.com.
TLS certificate: Issued by DigiCert Global CA G2 on July 10th 2019. Valid for: 2 years.

This is the only time prometeo.apps.bancolombia.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	13.224.99.73 13.224.99.73	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
4	54.236.99.198 54.236.99.198	14618 (AMAZON-AES) (AMAZON-AES)
4	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
35	7

12 13.224.99.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-99-73.zrh50.r.cloudfront.net

prometeo.apps.bancolombia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.236.99.198 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-99-198.compute-1.amazonaws.com

external.apps.bancolombia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	bancolombia.com prometeo.apps.bancolombia.com external.apps.bancolombia.com	1 MB
10	gstatic.com fonts.gstatic.com www.gstatic.com	1 MB
5	googleapis.com fonts.googleapis.com	3 KB
4	google.com www.google.com	22 KB
35	4

	Domain	Requested by
12	prometeo.apps.bancolombia.com	prometeo.apps.bancolombia.com
6	www.gstatic.com	www.google.com www.gstatic.com
5	fonts.googleapis.com	prometeo.apps.bancolombia.com
4	www.google.com	prometeo.apps.bancolombia.com www.gstatic.com
4	external.apps.bancolombia.com	prometeo.apps.bancolombia.com
4	fonts.gstatic.com	fonts.googleapis.com www.google.com
35	6

This site contains no links.

Subject Issuer	Validity	Valid
prometeo.apps.bancolombia.com DigiCert Global CA G2	`2019-07-10` - `2021-07-10`	2 years	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh
external.apps.bancolombia.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2021-06-01` - `2022-06-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://prometeo.apps.bancolombia.com/
Frame ID: 973D466D9C1D10FE7F6EE7F47946D217
Requests: 24 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&co=aHR0cHM6Ly9wcm9tZXRlby5hcHBzLmJhbmNvbG9tYmlhLmNvbTo0NDM.&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=normal&cb=eluqblkrfb3v
Frame ID: A97EB7C3D8230B7479CC770CB6CBC722
Requests: 8 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&cb=vb9b7ghwqj38
Frame ID: 2DA1CC139BD0825C0EDDEC059A6AC982
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Angular (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+ ng-version="([\d.]+)"/i

Amazon Web Services (PaaS) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Amazon Cloudfront (CDN) Expand

Overall confidence: 100%
Detected patterns

headers via /$CloudFront$$/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

script /\/recaptcha\/api\.js/i

Page Statistics

35
Requests

66 %
HTTPS

67 %
IPv6

4
Domains

6
Subdomains

7
IPs

2
Countries

2458 kB
Transfer

5650 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
prometeo.apps.bancolombia.com/ 1 KB
2 KB 587ms
474ms Document
text/html 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

d1aeca6433536642d83c72b9cee2e2dc9c2ff2ecafadeeaa4b0a9fdf544e2200

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: prometeo.apps.bancolombia.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html
date: Sun, 18 Jul 2021 15:52:38 GMT
last-modified: Thu, 21 May 2020 16:59:38 GMT
etag: W/"20b058284f09a0f93b7b31c9400bc72c"
x-amz-server-side-encryption: AES256
x-amz-version-id: .d2gkbH.TucFXjW3nj6RQQrGKRXEWLjQ
server
content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
referrer-policy: same-origin
access-control-allow-origin: https://prometeo.apps.bancolombia.com
x-permitted-cross-domain-policies: master-only
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
pragma: no-cache
expires: 0
content-encoding: gzip
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
x-amz-cf-pop: ZRH50-C1
x-amz-cf-id: FcQejNIro5aH2aJG1k9gBhy9QLnqG6itbPd4eDbm6QSzKgFr92cq-Q==

GET
H2 200 css
fonts.googleapis.com/ 2 KB
988 B 35ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

92e84db6987ce882afbf7bf6a990760008eb6f08af890a00b0ee7f1301e5f7d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 18 Jul 2021 15:27:38 GMT
server: ESF
date: Sun, 18 Jul 2021 15:52:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 18 Jul 2021 15:52:38 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
619 B 36ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3cd4435683f31935fe9fac4db83d9a8c232cfe0849eb2db5c561b839066b0608

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 18 Jul 2021 14:58:09 GMT
server: ESF
date: Sun, 18 Jul 2021 15:52:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 18 Jul 2021 15:52:38 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
759 B 42ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500&display=swap

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

eb9384f7a4fbdb141e673788b2b80d39e36b5ba956b176207ff315dfc40a8df0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 18 Jul 2021 15:49:48 GMT
server: ESF
date: Sun, 18 Jul 2021 15:52:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 18 Jul 2021 15:52:38 GMT

GET
H2 200 icon
fonts.googleapis.com/ 568 B
438 B 44ms
23ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

415afc12cef02264dab61ba05de6b9eabb4146c0b4fedfbd160a1fb379f895d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 18 Jul 2021 15:52:38 GMT
server: ESF
date: Sun, 18 Jul 2021 15:52:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 18 Jul 2021 15:52:38 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
742 B 43ms
23ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d4876c12b071f74470f52c0404d10730ab271ae769c2c407fe131dae8b33e236

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 18 Jul 2021 14:34:39 GMT
server: ESF
date: Sun, 18 Jul 2021 15:52:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 18 Jul 2021 15:52:38 GMT

GET
H2 200 styles.5593db7c9f4859d3a292.css
prometeo.apps.bancolombia.com/ 201 KB
31 KB 494ms
493ms Stylesheet
text/css 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://prometeo.apps.bancolombia.com/styles.5593db7c9f4859d3a292.css

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

1dc4781bc1870385b82d38c467dc91687ff9f113905d74447a31a9b82becadfc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /styles.5593db7c9f4859d3a292.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
access-control-allow-origin: https://prometeo.apps.bancolombia.com
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:59:49 GMT
server
x-frame-options: DENY
date: Sun, 18 Jul 2021 15:52:39 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: Q4rEvbuW0SB4pj0AhHMLAp16StrdqoeF
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
etag: W/"32c1fa830341b6506e0753e584c5db3b"
content-type: text/css
x-amz-cf-id: nC9p1SyLX9JbxNqahAHLrwR1gTDE7Awgb_b3rBqnqSONO-p72NwsUQ==
expires: 0

GET
H2 200 runtime.a42b10975ddde4a3b263.js Show response
prometeo.apps.bancolombia.com/ 1 KB
2 KB 474ms
473ms Script
application/x-javascript 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://prometeo.apps.bancolombia.com/runtime.a42b10975ddde4a3b263.js

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

eb3d5f2600910179bef8b0709214b7c721ea66e92ebb35bc282264beb2631eaf

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /runtime.a42b10975ddde4a3b263.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
access-control-allow-origin: https://prometeo.apps.bancolombia.com
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:59:45 GMT
server
x-frame-options: DENY
date: Sun, 18 Jul 2021 15:52:39 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: Y7m0jl1XIZCK2RlYb1UJ3meWy5TTO7Fx
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
etag: W/"cd1ce3e306bf57f272364d1cc0249d6e"
content-type: application/x-javascript
x-amz-cf-id: cbAgf413eB_uNGlPtp-HTBOARmlm24FrWUNXRvgvCqLsGAO3LtVBag==
expires: 0

GET
H2 200 polyfills.a44271bb6b0fb6fd79db.js Show response
prometeo.apps.bancolombia.com/ 274 KB
90 KB 521ms
521ms Script
application/x-javascript 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://prometeo.apps.bancolombia.com/polyfills.a44271bb6b0fb6fd79db.js

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

0f2e750963a4e9dbac1609617d24e5ca1111ee469f4e610a81e8d44b24e5195a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /polyfills.a44271bb6b0fb6fd79db.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
access-control-allow-origin: https://prometeo.apps.bancolombia.com
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:59:42 GMT
server
x-frame-options: DENY
date: Sun, 18 Jul 2021 15:52:39 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: rbDDCdXNaJZU4DcUxQRf0NV3HgNv5DTL
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
etag: W/"86c06b211447af0e9315448fdc6b93bb"
content-type: application/x-javascript
x-amz-cf-id: D8m7VyQBbHKO1T05hYGNdjv1RwlBdgCJOC_TZLytoFAGLSsZusswnQ==
expires: 0

GET
H2 200 scripts.d137d5543bc53b345a19.js Show response
prometeo.apps.bancolombia.com/ 166 KB
52 KB 516ms
516ms Script
application/x-javascript 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://prometeo.apps.bancolombia.com/scripts.d137d5543bc53b345a19.js

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

38a80258eec4456e826d69742a23b270e9bfb7c4ed927ec425e24b005be9aae8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts.d137d5543bc53b345a19.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
access-control-allow-origin: https://prometeo.apps.bancolombia.com
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:59:47 GMT
server
x-frame-options: DENY
date: Sun, 18 Jul 2021 15:52:39 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: WS037bfCw9QT6mNuFK2igoUNAlsnelWE
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
etag: W/"351221f2bff47221ab100f9bc9fc7677"
content-type: application/x-javascript
x-amz-cf-id: 1BO5nkg0dB1txJD3kx6Okg0UOd7bIifFOczdoibJ339dcb-RgeXH1Q==
expires: 0

GET
H2 200 main.6983bb795c604052567c.js Show response
prometeo.apps.bancolombia.com/ 3 MB
789 KB 525ms
525ms Script
application/x-javascript 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://prometeo.apps.bancolombia.com/main.6983bb795c604052567c.js

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

b1acd563ee2028b19305f74660f44bfe8dfc6f85547150cb0633f93909f37a44

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /main.6983bb795c604052567c.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
access-control-allow-origin: https://prometeo.apps.bancolombia.com
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:59:40 GMT
server
x-frame-options: DENY
date: Sun, 18 Jul 2021 15:52:39 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: dV.D03_vh426hznLQidNRxutYAf_tAoA
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
etag: W/"797b30a90e1a4aca3f3663dbd4273117"
content-type: application/x-javascript
x-amz-cf-id: 9YXHopB8r76ZeR9OIkFI2K5sfeFBaDmKvxHPiNeYKP5G6kV-ErNC0w==
expires: 0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
16 KB 25ms
5ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://prometeo.apps.bancolombia.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:26:24 GMT
x-content-type-options: nosniff
age: 509174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Jul 2022 18:26:24 GMT

OPTIONS
H2 200 key
external.apps.bancolombia.com/sve-prometeo/prometeo/ Frame 0
0 356ms
127ms Preflight 54.236.99.198
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://external.apps.bancolombia.com/sve-prometeo/prometeo/key
Protocol: H2
Server: 54.236.99.198 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-99-198.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://prometeo.apps.bancolombia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 18 Jul 2021 15:52:39 GMT
content-length: 0
access-control-allow-headers: content-type,Authorization
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, PATCH, DELETE
access-control-max-age: 3600
x-envoy-upstream-service-time: 15
server: istio-envoy

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 913 B
759 B 16ms
16ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/main.6983bb795c604052567c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3f42f68d807e9240114c54388f31f1406afab6ba1dd05eccfb335b149377cd11

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 18 Jul 2021 15:52:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 578
x-xss-protection: 1; mode=block
expires: Sun, 18 Jul 2021 15:52:39 GMT

GET
H2 200 key Show response
external.apps.bancolombia.com/sve-prometeo/prometeo/ 474 B
854 B 125ms
124ms XHR
application/json 54.236.99.198
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://external.apps.bancolombia.com/sve-prometeo/prometeo/key
Requested by: Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/polyfills.a44271bb6b0fb6fd79db.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.99.198 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-99-198.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: a3dad8aa603c4e08402ce504ca2cdef6fc7b47b2b0210d7c33e2c879e11c1ab4

Request headers

Accept: application/json, text/plain, */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 18 Jul 2021 15:52:39 GMT
server: istio-envoy
access-control-max-age: 3600
access-control-allow-methods: POST, GET, PATCH, DELETE
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
x-oneagent-js-injection: true
access-control-allow-credentials: true
x-envoy-upstream-service-time: 12
access-control-allow-headers: content-type,Authorization

GET
H2 200 logoCrearProyectoPrimario.png
prometeo.apps.bancolombia.com/assets/imagenes/ 6 KB
7 KB 496ms
495ms Image
image/png 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prometeo.apps.bancolombia.com/assets/imagenes/logoCrearProyectoPrimario.png

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

25a9c0336ac0eaa1bd0f949a2878173f2b87b20e0d2426d891082eec2a78a4ea

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /assets/imagenes/logoCrearProyectoPrimario.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 18 Jul 2021 15:52:40 GMT
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 5887
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:59:18 GMT
server
x-frame-options: DENY
etag: "308430f5fd014dcd18bba01e6cda103d"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: bttcyky7RWhxLD7hqW0PTZag.GdCJBwT
access-control-allow-origin: https://prometeo.apps.bancolombia.com
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: HzWlJnlZ-wcfDCNnUqwyYTy7FwoD3EKIZbduplixkT3l3a5cKI4Uyw==
expires: 0

GET
H2 200 image.png
prometeo.apps.bancolombia.com/assets/imagenes/ 310 KB
311 KB 529ms
528ms Image
image/png 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prometeo.apps.bancolombia.com/assets/imagenes/image.png

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

f4d38cf28eee7a5f1f78a4f0779fa13b1c3d87131d27b3434c8b6d69ff136496

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /assets/imagenes/image.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 18 Jul 2021 15:52:40 GMT
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 317399
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:59:11 GMT
server
x-frame-options: DENY
etag: "0f51527803b5039b527f6a581960a067"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: 7L2NctJ6v9eyt7pmqXgqXpwouZCHnmEZ
access-control-allow-origin: https://prometeo.apps.bancolombia.com
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: F1HMymghZ93VBOcHzjBKlexUg7PpaK4t47GZgiVzzHcSL0DN-2k2Kw==
expires: 0

GET
H2 200 iconUserInicioSes.svg
prometeo.apps.bancolombia.com/assets/imagenes/ 2 KB
2 KB 513ms
512ms Image
image/svg+xml 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prometeo.apps.bancolombia.com/assets/imagenes/iconUserInicioSes.svg

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

1337b38fcef6f4de9602bfc777a8736ea2650239738da1f82da8912d2ffc5834

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /assets/imagenes/iconUserInicioSes.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
access-control-allow-origin: https://prometeo.apps.bancolombia.com
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:58:59 GMT
server
x-frame-options: DENY
date: Sun, 18 Jul 2021 15:52:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: XGKMrHb755vMmuFfZwVjT6ykayUaU4zy
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
etag: W/"477406c5d4b9393b97e7dc397c5e3db7"
content-type: image/svg+xml
x-amz-cf-id: 87aVk2vLBaQIA_y1ljAEiEQb96bIYsgqUObJZ3sY4Dy2JNE1dbMnhA==
expires: 0

GET
H2 200 iconUserPassInicSes.svg
prometeo.apps.bancolombia.com/assets/imagenes/ 2 KB
2 KB 477ms
476ms Image
image/svg+xml 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prometeo.apps.bancolombia.com/assets/imagenes/iconUserPassInicSes.svg

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

0dc471ccbb3afcfe88bf1552e19948e506e7c548b2afe5fb55130c8b0b29a5fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /assets/imagenes/iconUserPassInicSes.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
access-control-allow-origin: https://prometeo.apps.bancolombia.com
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:59:01 GMT
server
x-frame-options: DENY
date: Sun, 18 Jul 2021 15:52:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: 3FBAh051RzhtArMJTqDLwk1V0dnLfhSB
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
etag: W/"f52f0db20c3692d761bd43084718155d"
content-type: image/svg+xml
x-amz-cf-id: 8TI8ruGO90OFaSM4_FR2moAMD5T1Xgkb9IviQgfVVnQoNME0DreQtw==
expires: 0

GET
H2 200 iconCancelar.png
prometeo.apps.bancolombia.com/assets/imagenes/ 290 B
1 KB 495ms
494ms Image
image/png 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prometeo.apps.bancolombia.com/assets/imagenes/iconCancelar.png

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

d56c09e3d72e09985799855dfb7c94d95cc37ad75d31b0146dba02fe16a4b8ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /assets/imagenes/iconCancelar.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 18 Jul 2021 15:52:40 GMT
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 290
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:58:50 GMT
server
x-frame-options: DENY
etag: "d99ba45c63cb62ab2776362d3e33479d"
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: U9NQBzfviuTajxj9b73m7KvVnyCi5ish
access-control-allow-origin: https://prometeo.apps.bancolombia.com
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: JLo8RSvm2YhB-nkVmo8bOjMqtoA9lrZ_DNxSq2UOafXvm2GKkihLMQ==
expires: 0

GET
H2 200 iconError.svg
prometeo.apps.bancolombia.com/assets/imagenes/ 2 KB
2 KB 482ms
482ms Image
image/svg+xml 13.224.99.73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://prometeo.apps.bancolombia.com/assets/imagenes/iconError.svg

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.99.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-99-73.zrh50.r.cloudfront.net

Software

Resource Hash

374d59e64cab2afc43d8b772b488c3687541873583ce66414d2748ca1b6c6d24

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:path: /assets/imagenes/iconError.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: prometeo.apps.bancolombia.com
referer: https://prometeo.apps.bancolombia.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://prometeo.apps.bancolombia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
content-encoding: gzip
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-amz-cf-pop: ZRH50-C1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
vary: Accept-Encoding
x-xss-protection: 1; mode=block
pragma: no-cache
access-control-allow-origin: https://prometeo.apps.bancolombia.com
referrer-policy: same-origin
last-modified: Thu, 21 May 2020 16:58:55 GMT
server
x-frame-options: DENY
date: Sun, 18 Jul 2021 15:52:40 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-amz-version-id: bwN0czUY5WruPs177lOGP96UTX2O2PF.
via: 1.1 e96895e7fdc48b58a3d95d2e8e23a8b0.cloudfront.net (CloudFront)
cache-control: no-cache; must-revalidate; pre-check= 0; post-check= 0; max-age= 0; s-maxage= 0; no-store
etag: W/"adeb4f301780ac4ec938fed779020291"
content-type: image/svg+xml
x-amz-cf-id: fHelAwNhyNhJ9nfOKbgEqVO9qYt4CLiXoN_rOI3OAN4g1vgk8vi8Dw==
expires: 0

GET
H3-29 200 XRXV3I6Li01BKofINeaB.woff2
fonts.gstatic.com/s/nunito/v16/ 19 KB
19 KB 19ms
18ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunito/v16/XRXV3I6Li01BKofINeaB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06f3af3fe52542d40ad9bc14ec03e04deaabd09ec369221cc8f536db1c72bf55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://prometeo.apps.bancolombia.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 13 Jul 2021 09:19:08 GMT
x-content-type-options: nosniff
age: 455611
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18972
x-xss-protection: 0
last-modified: Wed, 25 Nov 2020 02:44:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 13 Jul 2022 09:19:08 GMT

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v20/ 14 KB
14 KB 14ms
13ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://prometeo.apps.bancolombia.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 18:26:10 GMT
x-content-type-options: nosniff
age: 509189
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:19 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Jul 2022 18:26:10 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/ 341 KB
342 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&onload=ng2recaptchaloaded

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1b2833041de1561cb7c581248ef8e325f3318a24be95a3886fae8b398fda123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://prometeo.apps.bancolombia.com
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 18 Jul 2021 08:19:18 GMT
x-content-type-options: nosniff
age: 27201
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 349515
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 02:05:32 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Jul 2022 08:19:18 GMT

GET
H3-29 200 anchor Show response
www.google.com/recaptcha/api2/ Frame A97E 40 KB
20 KB 29ms
29ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&co=aHR0cHM6Ly9wcm9tZXRlby5hcHBzLmJhbmNvbG9tYmlhLmNvbTo0NDM.&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=normal&cb=eluqblkrfb3v

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

77f30719641ed9afcb76d1113185315f076f75d57c8af176b1a5df5e694591b2

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Hrl9ywZvknEthEUtgDvh9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&co=aHR0cHM6Ly9wcm9tZXRlby5hcHBzLmJhbmNvbG9tYmlhLmNvbTo0NDM.&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=normal&cb=eluqblkrfb3v
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 18 Jul 2021 15:52:39 GMT
content-security-policy: script-src 'report-sample' 'nonce-Hrl9ywZvknEthEUtgDvh9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20668
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/ Frame A97E 52 KB
25 KB 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&co=aHR0cHM6Ly9wcm9tZXRlby5hcHBzLmJhbmNvbG9tYmlhLmNvbTo0NDM.&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=normal&cb=eluqblkrfb3v

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 16:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85065
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 02:05:32 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Jul 2022 16:14:54 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/ Frame A97E 341 KB
341 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1b2833041de1561cb7c581248ef8e325f3318a24be95a3886fae8b398fda123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 18 Jul 2021 08:19:18 GMT
x-content-type-options: nosniff
age: 27201
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 349515
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 02:05:32 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Jul 2022 08:19:18 GMT

GET
DATA 200
OK truncated
/ Frame A97E 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A97E 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame A97E 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/styles__ltr.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 23:34:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
age: 490714
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
content-type: image/png
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
expires: Mon, 19 Jul 2021 23:34:05 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame A97E 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.google.com
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 12 Jul 2021 21:27:21 GMT
x-content-type-options: nosniff
age: 498318
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 12 Jul 2022 21:27:21 GMT

GET
H3-29 200 webworker.js
www.google.com/recaptcha/api2/ Frame A97E 102 B
132 B 16ms
16ms Other
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=vzAt61JclNZYHl6fEWIBqLbe

Requested by

Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d8c7cf6fa5788300fc92e8ff2578c03fc025debbc62680379ed3af26ad7d1811

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&co=aHR0cHM6Ly9wcm9tZXRlby5hcHBzLmJhbmNvbG9tYmlhLmNvbTo0NDM.&hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&size=normal&cb=eluqblkrfb3v
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 18 Jul 2021 15:52:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Sun, 18 Jul 2021 15:52:39 GMT

GET
H3-29 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 2DA1 7 KB
1 KB 22ms
22ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&cb=vb9b7ghwqj38

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b506f15f71beb3c090b04ae6599a4186aa851e3bc081b695f70611d3aaae949a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-UW2Xf692IzvUxOAwx7Am4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&cb=vb9b7ghwqj38
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 18 Jul 2021 15:52:39 GMT
content-security-policy: script-src 'report-sample' 'nonce-UW2Xf692IzvUxOAwx7Am4g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1110
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/ Frame 2DA1 52 KB
25 KB 6ms
6ms Stylesheet
text/css 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&cb=vb9b7ghwqj38

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 17 Jul 2021 16:14:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85065
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25732
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 02:05:32 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 17 Jul 2022 16:14:54 GMT

GET
H3-29 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/ Frame 2DA1 341 KB
341 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vzAt61JclNZYHl6fEWIBqLbe/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=vzAt61JclNZYHl6fEWIBqLbe&k=6LcJ56wUAAAAAP7OPa6_WfOfvWioy4iAofsmv_Lo&cb=vb9b7ghwqj38

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e1b2833041de1561cb7c581248ef8e325f3318a24be95a3886fae8b398fda123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 18 Jul 2021 08:19:18 GMT
x-content-type-options: nosniff
age: 27201
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 349515
x-xss-protection: 0
last-modified: Mon, 12 Jul 2021 02:05:32 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 18 Jul 2022 08:19:18 GMT

OPTIONS
H2 200 Subscribe
external.apps.bancolombia.com/sve-prometeo/prometeo/ Frame 0
0 128ms
128ms Preflight 54.236.99.198
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://external.apps.bancolombia.com/sve-prometeo/prometeo/Subscribe
Protocol: H2
Server: 54.236.99.198 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-99-198.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://prometeo.apps.bancolombia.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Sun, 18 Jul 2021 15:52:40 GMT
content-length: 0
access-control-allow-headers: content-type,Authorization
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, PATCH, DELETE
access-control-max-age: 3600
x-envoy-upstream-service-time: 13
server: istio-envoy

POST
H2 200 Subscribe Show response
external.apps.bancolombia.com/sve-prometeo/prometeo/ 251 B
632 B 182ms
181ms XHR
application/json 54.236.99.198
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://external.apps.bancolombia.com/sve-prometeo/prometeo/Subscribe
Requested by: Host: prometeo.apps.bancolombia.com
URL: https://prometeo.apps.bancolombia.com/polyfills.a44271bb6b0fb6fd79db.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.236.99.198 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-236-99-198.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 08d02c43442a478174635d8bc93d2a47d696649124eab3805b03a24135cf19d3

Request headers

Accept: application/json, text/plain, */*
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Sun, 18 Jul 2021 15:52:40 GMT
server: istio-envoy
access-control-max-age: 3600
access-control-allow-methods: POST, GET, PATCH, DELETE
content-type: application/json;charset=UTF-8
access-control-allow-origin: *
x-oneagent-js-injection: true
access-control-allow-credentials: true
x-envoy-upstream-service-time: 68
access-control-allow-headers: content-type,Authorization

Verdicts & Comments Add Verdict or Comment

181 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; img-src 'self' https://www.gstatic.com/recaptcha/api2 https://www.dicom.cl/clients/assets/img/spinner.gif data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com; connect-src 'self' https://external.apps.bancolombia.com https://www.google.com; frame-src 'self' https://www.google.com; font-src 'self' https://fonts.gstatic.com;
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

external.apps.bancolombia.com
fonts.googleapis.com
fonts.gstatic.com
prometeo.apps.bancolombia.com
www.google.com
www.gstatic.com
13.224.99.73
2a00:1450:4001:812::2003
2a00:1450:4001:828::2004
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
54.236.99.198
06f3af3fe52542d40ad9bc14ec03e04deaabd09ec369221cc8f536db1c72bf55
08d02c43442a478174635d8bc93d2a47d696649124eab3805b03a24135cf19d3
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0dc471ccbb3afcfe88bf1552e19948e506e7c548b2afe5fb55130c8b0b29a5fb
0f2e750963a4e9dbac1609617d24e5ca1111ee469f4e610a81e8d44b24e5195a
1337b38fcef6f4de9602bfc777a8736ea2650239738da1f82da8912d2ffc5834
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1dc4781bc1870385b82d38c467dc91687ff9f113905d74447a31a9b82becadfc
25a9c0336ac0eaa1bd0f949a2878173f2b87b20e0d2426d891082eec2a78a4ea
374d59e64cab2afc43d8b772b488c3687541873583ce66414d2748ca1b6c6d24
38a80258eec4456e826d69742a23b270e9bfb7c4ed927ec425e24b005be9aae8
3cd4435683f31935fe9fac4db83d9a8c232cfe0849eb2db5c561b839066b0608
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f42f68d807e9240114c54388f31f1406afab6ba1dd05eccfb335b149377cd11
415afc12cef02264dab61ba05de6b9eabb4146c0b4fedfbd160a1fb379f895d0
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
5fe20047c1cc1be61a786d56c5c02b96453b9c60656d6c8429a1add79017e47f
77f30719641ed9afcb76d1113185315f076f75d57c8af176b1a5df5e694591b2
92e84db6987ce882afbf7bf6a990760008eb6f08af890a00b0ee7f1301e5f7d2
a3dad8aa603c4e08402ce504ca2cdef6fc7b47b2b0210d7c33e2c879e11c1ab4
a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b
b1acd563ee2028b19305f74660f44bfe8dfc6f85547150cb0633f93909f37a44
b506f15f71beb3c090b04ae6599a4186aa851e3bc081b695f70611d3aaae949a
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d1aeca6433536642d83c72b9cee2e2dc9c2ff2ecafadeeaa4b0a9fdf544e2200
d4876c12b071f74470f52c0404d10730ab271ae769c2c407fe131dae8b33e236
d56c09e3d72e09985799855dfb7c94d95cc37ad75d31b0146dba02fe16a4b8ff
d8c7cf6fa5788300fc92e8ff2578c03fc025debbc62680379ed3af26ad7d1811
e1b2833041de1561cb7c581248ef8e325f3318a24be95a3886fae8b398fda123
eb3d5f2600910179bef8b0709214b7c721ea66e92ebb35bc282264beb2631eaf
eb9384f7a4fbdb141e673788b2b80d39e36b5ba956b176207ff315dfc40a8df0
f4d38cf28eee7a5f1f78a4f0779fa13b1c3d87131d27b3434c8b6d69ff136496

prometeo.apps.bancolombia.com Open in urlscan Pro 13.224.99.73 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

35 Requests

66 %HTTPS

67 %IPv6

4 Domains

6 Subdomains

7 IPs

2 Countries

2458 kBTransfer

5650 kBSize

0 Cookies

0 Outgoing links

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

prometeo.apps.bancolombia.com Open in urlscan Pro
13.224.99.73 Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

66 %
HTTPS

67 %
IPv6

4
Domains

6
Subdomains

7
IPs

2
Countries

2458 kB
Transfer

5650 kB
Size

0
Cookies

35 HTTP transactions
2 data transactions