urlscan.io logo urlscan.io
SecurityTrails logo

boletos.japi.com.mx Open in urlscan Pro
54.94.230.21  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://boletos.japi.com.mx/
Effective URL: https://boletos.japi.com.mx/japi/es
Submission: On July 22 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 4 countries across 15 domains to perform 37 HTTP transactions. The main IP is 54.94.230.21, located in São Paulo, Brazil and belongs to AMAZON-02, US. The main domain is boletos.japi.com.mx.
TLS certificate: Issued by Amazon RSA 2048 M01 on August 22nd 2023. Valid for: a year.
This is the only time boletos.japi.com.mx was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

2    54.94.230.21 (São Paulo, Brazil)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-94-230-21.sa-east-1.compute.amazonaws.com
boletos.japi.com.mx
11    65.9.66.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-117.fra56.r.cloudfront.net
cdn.recorrido.cl
2    2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    18.66.102.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-99.fra56.r.cloudfront.net
imagenes.recorrido.cl
4    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.recaptcha.net
fonts.gstatic.com
1    18.245.31.129 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-31-129.fra56.r.cloudfront.net
a.bstatic.com
1    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c07::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    142.250.185.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f3.1e100.net
www.google.de
1    2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2606:4700::6812:80d8 (United States)

ASN13335 (CLOUDFLARENET, US)
diffuser-cdn.app-us1.com
prism.app-us1.com
2    172.217.16.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f8.1e100.net
www.googletagmanager.com
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f3.1e100.net
www.recaptcha.net
Apex Domain
Subdomains		 Transfer
13 recorrido.cl
cdn.recorrido.cl
imagenes.recorrido.cl
1 MB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
364 KB
3 gstatic.com
fonts.gstatic.com
www.gstatic.com
291 KB
3 recaptcha.net
www.recaptcha.net — Cisco Umbrella Rank: 1812
1 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
4 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
72 KB
2 app-us1.com
diffuser-cdn.app-us1.com — Cisco Umbrella Rank: 14794
prism.app-us1.com — Cisco Umbrella Rank: 14871
11 KB
2 japi.com.mx
boletos.japi.com.mx
39 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 6716
63 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
257 B
1 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3773
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
2 KB
1 bstatic.com
a.bstatic.com
2 KB
0 tiktok.com Failed
analytics.tiktok.com Failed
0 googleoptimize.com Failed
www.googleoptimize.com Failed
37 15
Domain Requested by
11 cdn.recorrido.cl boletos.japi.com.mx
cdn.recorrido.cl
4 www.googletagmanager.com boletos.japi.com.mx
www.googletagmanager.com
3 www.recaptcha.net boletos.japi.com.mx
www.gstatic.com
2 www.facebook.com boletos.japi.com.mx
2 connect.facebook.net boletos.japi.com.mx
connect.facebook.net
2 fonts.gstatic.com fonts.googleapis.com
2 imagenes.recorrido.cl boletos.japi.com.mx
2 boletos.japi.com.mx 1 redirects
1 prism.app-us1.com diffuser-cdn.app-us1.com
1 diffuser-cdn.app-us1.com boletos.japi.com.mx
1 www.gstatic.com www.recaptcha.net
1 www.google.de boletos.japi.com.mx
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 fonts.googleapis.com cdn.recorrido.cl
1 a.bstatic.com boletos.japi.com.mx
0 analytics.tiktok.com Failed boletos.japi.com.mx
0 www.googleoptimize.com Failed boletos.japi.com.mx
37 18

This site contains links to these domains. Also see Links.

Domain
www.japi.com.mx
Subject Issuer Validity Valid
boletos.japi.com.mx
Amazon RSA 2048 M01		 2023-08-22 -
2024-09-19		 a year crt.sh
*.recorrido.cl
Amazon RSA 2048 M02		 2024-04-12 -
2025-05-10		 a year crt.sh
*.google-analytics.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
misc.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.bstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-29 -
2024-11-28		 a year crt.sh
upload.video.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.google.de
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
diffuser-cdn.app-us1.com
E1		 2024-05-28 -
2024-08-26		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-04-30 -
2024-07-29		 3 months crt.sh
prism.app-us1.com
E6		 2024-07-15 -
2024-10-13		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://boletos.japi.com.mx/japi/es
Frame ID: BED014B5AE4217CB43BE9BC74B86BC7B
Requests: 35 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdSxWwUAAAAAGPsM6dDYntexpHbxquYxjQCFbS5&co=aHR0cHM6Ly9ib2xldG9zLmphcGkuY29tLm14OjQ0Mw..&hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=normal&cb=cq7wqf1ydcq
Frame ID: 3FDD0A961CDB02B14D094913CEB7EC21
Requests: 1 HTTP requests in this frame

Frame: https://www.recaptcha.net/recaptcha/api2/bframe?hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6LdSxWwUAAAAAGPsM6dDYntexpHbxquYxjQCFbS5
Frame ID: 065C7E8622993C45B7F76E4FD92A23AC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Boletos de JAPI | recorrido.com.mx

Page URL History Show full URLs

  1. https://boletos.japi.com.mx/ HTTP 302
    https://boletos.japi.com.mx/japi/es Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-controller
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

37
Requests

95 %
HTTPS

56 %
IPv6

15
Domains

18
Subdomains

17
IPs

4
Countries

1969 kB
Transfer

6011 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://boletos.japi.com.mx/ HTTP 302
    https://boletos.japi.com.mx/japi/es Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request es
boletos.japi.com.mx/japi/
Redirect Chain
  • https://boletos.japi.com.mx/
  • https://boletos.japi.com.mx/japi/es
35 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.94.230.21 São Paulo, Brazil, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-94-230-21.sa-east-1.compute.amazonaws.com
Software
nginx/1.23.3 /
Resource Hash
f51bcb3487b44843e769c25e391378f70bf03e6facf50b5ea2c23e36c42cca8b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-eval' https://js.fintoc.com/v1/ https://api.fintoc.com/v1/ https://wlscripts.recorrido.cl https://www.googleoptimize.com https://www.google-analytics.com https://www.recaptcha.net 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.gstatic.com https://diffuser-cdn.app-us1.com https://cdn.recorrido-new.cl https://www.recaptcha.net https://*.googletagmanager.com https://tagmanager.google.com/ https://*.google.com https://prism.app-us1.com https://cdn.recorrido.cl https://trackcmp.net https://js-agent.newrelic.com https://bam.nr-data.net https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js frame-src 'unsafe-inline' 'unsafe-eval' 'self' https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js https://api.fintoc.com/v1/ https://js.fintoc.com/v1/ https://a.bstatic.com/static/affiliate_base/js/search_extension.js;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate no-cache, no-store
content-security-policy
script-src 'self' 'unsafe-eval' https://js.fintoc.com/v1/ https://api.fintoc.com/v1/ https://wlscripts.recorrido.cl https://www.googleoptimize.com https://www.google-analytics.com https://www.recaptcha.net 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.gstatic.com https://diffuser-cdn.app-us1.com https://cdn.recorrido-new.cl https://www.recaptcha.net https://*.googletagmanager.com https://tagmanager.google.com/ https://*.google.com https://prism.app-us1.com https://cdn.recorrido.cl https://trackcmp.net https://js-agent.newrelic.com https://bam.nr-data.net https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js frame-src 'unsafe-inline' 'unsafe-eval' 'self' https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js https://api.fintoc.com/v1/ https://js.fintoc.com/v1/ https://a.bstatic.com/static/affiliate_base/js/search_extension.js;
content-type
text/html; charset=utf-8
date
Mon, 22 Jul 2024 00:30:20 GMT
etag
W/"f51bcb3487b44843e769c25e391378f7"
referrer-policy
strict-origin-when-cross-origin origin-when-cross-origin
server
nginx/1.23.3
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-request-id
fc44b201-6c22-4897-9953-0d75825ed0fc
x-runtime
0.099970
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

access-control-allow-origin
*
cache-control
no-cache no-cache, no-store
content-security-policy
script-src 'self' 'unsafe-eval' https://js.fintoc.com/v1/ https://api.fintoc.com/v1/ https://wlscripts.recorrido.cl https://www.googleoptimize.com https://www.google-analytics.com https://www.recaptcha.net 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.gstatic.com https://diffuser-cdn.app-us1.com https://cdn.recorrido-new.cl https://www.recaptcha.net https://*.googletagmanager.com https://tagmanager.google.com/ https://*.google.com https://prism.app-us1.com https://cdn.recorrido.cl https://trackcmp.net https://js-agent.newrelic.com https://bam.nr-data.net https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js frame-src 'unsafe-inline' 'unsafe-eval' 'self' https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js https://api.fintoc.com/v1/ https://js.fintoc.com/v1/ https://a.bstatic.com/static/affiliate_base/js/search_extension.js;
content-type
text/html; charset=utf-8
date
Mon, 22 Jul 2024 00:30:20 GMT
location
https://boletos.japi.com.mx/japi/es
referrer-policy
strict-origin-when-cross-origin origin-when-cross-origin
server
nginx/1.23.3
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
x-request-id
b6fc6781-3ada-43c5-bc4e-89a24504cce9
x-runtime
0.017781
x-xss-protection
1; mode=block 1; mode=block
application-c0755f12a29effcfafcc8274f4066afb4676b8de152796295f9c0bd4dfb226c1.css
cdn.recorrido.cl/assets/ 		539 KB
89 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.recorrido.cl/assets/application-c0755f12a29effcfafcc8274f4066afb4676b8de152796295f9c0bd4dfb226c1.css
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
9493eb9c5929eb95367d4ceb2f426bb9616b53b7c39abcc9569c81dcb7958a9c

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 19 Jul 2024 12:17:19 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Fri, 19 Jul 2024 11:59:02 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
216781
etag
"669a5506-16220"
x-cache
Hit from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000, public
content-length
90656
x-amz-cf-id
jgbhgK3AwRZPBgcbxoQhKl3sYAZkIUhDMLwy3WD0e2_h_H7dovfefg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
japi-6ec1c61fc909143e41fa28d9988167afe986ce1c12789a987956da4eb69b1915.css
cdn.recorrido.cl/assets/white_labels/ 		545 KB
90 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.recorrido.cl/assets/white_labels/japi-6ec1c61fc909143e41fa28d9988167afe986ce1c12789a987956da4eb69b1915.css
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
13ce8823c72de9e38938762416664e2aa1497a5d7727951d4b9baf8ae86af70e

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 19 Jul 2024 12:48:06 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Fri, 19 Jul 2024 12:05:43 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
214935
etag
"669a5697-16604"
x-cache
Hit from cloudfront
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000, public
content-length
91652
x-amz-cf-id
sAy2zyZQWluMR2lG1foy60AT9QmxqE7bDjEaah5jQdUhe2IreYjYAA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
js
www.googletagmanager.com/gtag/ 		257 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-81XZXXW3M7
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5a9e9f4ad119eda11e78d5c3d789c56e89317e46b2b7347d9e6b3e2c08efcd7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 00:30:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92764
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 22 Jul 2024 00:30:21 GMT
optimize.js
www.googleoptimize.com/ 		0
0
japi-logo-348.png
imagenes.recorrido.cl/logotipos/japi/logo/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagenes.recorrido.cl/logotipos/japi/logo/japi-logo-348.png?1695155530
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-99.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d7132b5dd7801f50cc9b8e1df289c670a48f5af7b12d88a8cb7db7a0b434f70d

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 14:21:00 GMT
via
1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 20:32:13 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
age
36562
x-amz-server-side-encryption
AES256
etag
"8a7b11a37fcf6dad7b60ad8dfb111800"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
16624
x-amz-cf-id
yh2Equv_OmED96qGw1FWRRHHSUYCMlFX1fshwWFAKKyz_DiVa6Kt8w==
api.js
www.recaptcha.net/recaptcha/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/api.js
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
6ec2be287086474ab829b5ad88af3abe53dba2b790c5bbe5abbd42afdb4a02ed
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 00:30:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Mon, 22 Jul 2024 00:30:21 GMT
user-placeholder-transparent-9ad3de23aad1f1e3b98d382ed6b9a3ce51889db9d471cdb97f93aa8b9c000e70.png
cdn.recorrido.cl/assets/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.recorrido.cl/assets/user-placeholder-transparent-9ad3de23aad1f1e3b98d382ed6b9a3ce51889db9d471cdb97f93aa8b9c000e70.png
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
9ad3de23aad1f1e3b98d382ed6b9a3ce51889db9d471cdb97f93aa8b9c000e70

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 19 Sep 2023 18:59:16 GMT
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Thu, 04 Aug 2022 15:41:24 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
26458265
etag
"62ebe8a4-40a"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
1034
x-amz-cf-id
FHw1gkQyYvK0WFUVOm3wqQOdJ3y_B0WMbWHXDfkVxOTGdX8XUA8Ncw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
user_placeholder-ec551bad097fc5a347eb66c8e0f0b1e6e8ddc6e3429fabd69816dc016d233f4a.png
cdn.recorrido.cl/assets/ 		359 B
746 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.recorrido.cl/assets/user_placeholder-ec551bad097fc5a347eb66c8e0f0b1e6e8ddc6e3429fabd69816dc016d233f4a.png
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
ec551bad097fc5a347eb66c8e0f0b1e6e8ddc6e3429fabd69816dc016d233f4a

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 29 Nov 2023 05:21:06 GMT
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Thu, 04 Aug 2022 15:41:24 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
20372955
etag
"62ebe8a4-167"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
359
x-amz-cf-id
8bSitL-7sUmnch6DeLInGY3sRzxY9xZGTPvSB0y924jF45EaD8fkFQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
application-f203d5b1be4ddcb4a53e.js
cdn.recorrido.cl/packs/ 		756 KB
140 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.recorrido.cl/packs/application-f203d5b1be4ddcb4a53e.js
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
51faa38754f222152f88888c3c1adef881c9417886dfe7c2ea05509f26ea6bfb

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 19 Jul 2024 19:39:11 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Fri, 19 Jul 2024 19:30:45 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
190270
etag
"669abee5-22c2d"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=315360000, public
content-length
142381
x-amz-cf-id
syXHjZyleG39ABfPaMElmVFXOo5iyHYq6jIf8kPk5ZtyuHwbohQNcQ==
expires
Thu, 31 Dec 2037 23:55:55 GMT
application-0c2c59fd0ff0ceac3a8815291a4a8944.css
cdn.recorrido.cl/packs/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.recorrido.cl/packs/application-0c2c59fd0ff0ceac3a8815291a4a8944.css
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
ee13ce99b27bf02af367facc04dddd75e74e468aed2442ac15177e6340dcc09f

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 21:41:05 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Tue, 19 Sep 2023 23:44:07 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
25498156
etag
"650a3247-2c4"
x-cache
Hit from cloudfront
content-type
text/css
cache-control
max-age=315360000, public
content-length
708
x-amz-cf-id
cnhZ30ZNc3UA6gyrWtzOR2jpoidHBGtYryjSB7f4PbpO74jwylt26A==
expires
Thu, 31 Dec 2037 23:55:55 GMT
modernizr-bcb1c21424536c81c9550d4a8a6c34ae78bb8526b37ab1089b41a169d34e2f21.js
cdn.recorrido.cl/assets/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.recorrido.cl/assets/modernizr-bcb1c21424536c81c9550d4a8a6c34ae78bb8526b37ab1089b41a169d34e2f21.js
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
bcb1c21424536c81c9550d4a8a6c34ae78bb8526b37ab1089b41a169d34e2f21

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 30 Sep 2023 21:41:05 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Wed, 10 Aug 2022 22:55:39 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
25498156
etag
"62f4376b-1184"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=315360000, public
content-length
4484
x-amz-cf-id
qB9N31ePgGaBn8Vvp4et_kPsHgvTMbA3xZ4VJBcdWI_GpjynamhsDw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
landing-d96c502093dc54b165bb01c272ae366cd928b0f9eb8f652b2f0c91343387908d.js
cdn.recorrido.cl/assets/ 		2 MB
458 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.recorrido.cl/assets/landing-d96c502093dc54b165bb01c272ae366cd928b0f9eb8f652b2f0c91343387908d.js
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
d96c502093dc54b165bb01c272ae366cd928b0f9eb8f652b2f0c91343387908d

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 19 Jul 2024 12:46:59 GMT
content-encoding
gzip
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Fri, 19 Jul 2024 11:59:02 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
215002
etag
"669a5506-724b3"
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=315360000, public
content-length
468147
x-amz-cf-id
baMaX6tEK1RbjVuc46iOV2-ljOHLqJYJowjrWe9UOOLFYsxZeTTm6Q==
expires
Thu, 31 Dec 2037 23:55:55 GMT
search_extension.js
a.bstatic.com/static/affiliate_base/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.bstatic.com/static/affiliate_base/js/search_extension.js
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.31.129 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-31-129.fra56.r.cloudfront.net
Software
nginx /
Resource Hash
2a6af784bb9cc96c95744c77e517ab95dbabde859f5cee9ab900f477c581e1f0
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Fri, 19 Jul 2024 00:49:26 GMT
content-encoding
br
via
1.1 04d30d89cfeb7f513dc1f5b2d3c605d2.cloudfront.net (CloudFront)
nel
{"report_to":"default","max_age":600}
x-amz-cf-pop
FRA56-P8
age
258055
x-cache
Hit from cloudfront
x-xss-protection
1; mode=block
last-modified
Mon, 17 Jun 2024 09:44:57 GMT
server
nginx
etag
W/"66700599-de1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https://nellie.booking.com/report"}],"max_age":600,"group":"default","failure_fraction":0.05}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
gP1o0W5Bb8Pnb5F_EkKopMMUtI7ZV54oOajk_2lrqAWlEEn6IFAicg==
expires
Sun, 18 Aug 2024 00:49:26 GMT
css
fonts.googleapis.com/ 		19 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Dosis:400,700|Open+Sans:400,600,700
Requested by
Host: cdn.recorrido.cl
URL: https://cdn.recorrido.cl/assets/application-c0755f12a29effcfafcc8274f4066afb4676b8de152796295f9c0bd4dfb226c1.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f3566bfb4bba3b14dff04ed18043282d95104b36cabff7037f9a3c39edb70948
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://cdn.recorrido.cl/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 22 Jul 2024 00:30:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 22 Jul 2024 00:30:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 22 Jul 2024 00:30:21 GMT
gtm.js
www.googletagmanager.com/ 		290 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PN7RRDBX
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6828f1b0faa1fd63ea5066943f45fda49325f58bd49345bb2c3f1d16838213e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 00:30:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
102011
x-xss-protection
0
last-modified
Mon, 22 Jul 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 22 Jul 2024 00:30:21 GMT
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-81XZXXW3M7&gtm=45je47h0v9165275450za200&_p=1721608221390&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=350210243.1721608221&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dp=%2Fjapi%2Fes&sid=1721608221&sct=1&seg=0&dl=https%3A%2F%2Fboletos.japi.com.mx%2Fjapi%2Fes&dt=Boletos%20de%20JAPI%20%7C%20recorrido.com.mx&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.travel_pagetype=home&ep.dimension2=home&tfd=1594&_z=fetch
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-81XZXXW3M7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Jul 2024 00:30:21 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://boletos.japi.com.mx
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-81XZXXW3M7&cid=350210243.1721608221&gtm=45je47h0v9165275450za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-81XZXXW3M7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Jul 2024 00:30:21 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://boletos.japi.com.mx
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-81XZXXW3M7&cid=350210243.1721608221&gtm=45je47h0v9165275450za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&z=1789177197
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Jul 2024 00:30:21 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Dosis:400,700|Open+Sans:400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://boletos.japi.com.mx
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 12:26:16 GMT
x-content-type-options
nosniff
age
475445
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 16 Jul 2025 12:26:16 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/ 		536 KB
213 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js
Requested by
Host: www.recaptcha.net
URL: https://www.recaptcha.net/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://boletos.japi.com.mx/
Origin
https://boletos.japi.com.mx
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 21 Jul 2024 17:11:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
26345
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
217833
x-xss-protection
0
last-modified
Sun, 23 Jun 2024 08:01:07 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 21 Jul 2025 17:11:16 GMT
image_133.png
imagenes.recorrido.cl/bus_operators/header_pictures/348/original/ 		250 KB
250 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagenes.recorrido.cl/bus_operators/header_pictures/348/original/image_133.png?1719818024;%20background-position:%20center%20-50px;
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-99.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
aaf9f2132829ea10bf185808961fd9f65f66b84c74cdb3fb6530e2aed3bdd7be

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 00:30:21 GMT
via
1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
last-modified
Mon, 01 Jul 2024 07:13:45 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
age
32224
x-amz-server-side-encryption
AES256
etag
"d59da89bed1933f0d11be4796a047d08"
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
255682
x-amz-cf-id
d-ab2RdAilKUPwQ45YpSZkMZHblHQdVCL6Osvm2TtnqlzR-xhQuUUA==
signika-bold-webfont-9f156794f50183dfe9594e618fe15c0415056dfb0b55a65922d0d6de57f630f1.woff2
cdn.recorrido.cl/assets/signika/ 		26 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.recorrido.cl/assets/signika/signika-bold-webfont-9f156794f50183dfe9594e618fe15c0415056dfb0b55a65922d0d6de57f630f1.woff2
Requested by
Host: cdn.recorrido.cl
URL: https://cdn.recorrido.cl/assets/application-c0755f12a29effcfafcc8274f4066afb4676b8de152796295f9c0bd4dfb226c1.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
9f156794f50183dfe9594e618fe15c0415056dfb0b55a65922d0d6de57f630f1

Request headers

Referer
https://cdn.recorrido.cl/assets/application-c0755f12a29effcfafcc8274f4066afb4676b8de152796295f9c0bd4dfb226c1.css
Origin
https://boletos.japi.com.mx
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sun, 16 Jun 2024 23:56:45 GMT
via
1.1 2a3a093b493a82493f3431437cb166ac.cloudfront.net (CloudFront)
last-modified
Thu, 04 Aug 2022 15:41:24 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
3026016
etag
"62ebe8a4-6894"
x-cache
Hit from cloudfront
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
26772
x-amz-cf-id
NAIDm4H5PX19ATsVarn1d9yq_lv5nmvPPZMmzkgEIeymO-q13O_iKw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
HhyaU5sn9vOmLzloC_U.woff2
fonts.gstatic.com/s/dosis/v32/ 		30 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/dosis/v32/HhyaU5sn9vOmLzloC_U.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Dosis:400,700|Open+Sans:400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0dcac7cabd17a67b5d09d54d506c6ed734516248e9e8552d194b1a5cf16b7722
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://boletos.japi.com.mx
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 15 Jul 2024 14:28:18 GMT
x-content-type-options
nosniff
age
554523
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30208
x-xss-protection
0
last-modified
Thu, 24 Aug 2023 20:45:32 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 15 Jul 2025 14:28:18 GMT
fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2
cdn.recorrido.cl/assets/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.recorrido.cl/assets/fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2
Requested by
Host: cdn.recorrido.cl
URL: https://cdn.recorrido.cl/assets/application-c0755f12a29effcfafcc8274f4066afb4676b8de152796295f9c0bd4dfb226c1.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer
https://cdn.recorrido.cl/assets/application-c0755f12a29effcfafcc8274f4066afb4676b8de152796295f9c0bd4dfb226c1.css
Origin
https://boletos.japi.com.mx
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 19:48:23 GMT
via
1.1 2a3a093b493a82493f3431437cb166ac.cloudfront.net (CloudFront)
last-modified
Wed, 10 Aug 2022 22:58:09 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
448917
etag
"62f43801-12d68"
x-cache
Hit from cloudfront
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
content-length
77160
x-amz-cf-id
xzkeTvB0taoGsBWVQe3uhPYkaeIX0Ue9NYgKnfhk73RgjmLrEHWovA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
diffuser.js
diffuser-cdn.app-us1.com/diffuser/ 		41 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://diffuser-cdn.app-us1.com/diffuser/diffuser.js
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:80d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8eaa1c9ac4fe2a600a0b6506d6b4486dd7719c3d917cd3ae02fd9589a750388
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 00:30:21 GMT
content-encoding
gzip
via
1.1 f741e5a55bc5bd136ac1f5406bb11d88.cloudfront.net (CloudFront)
cf-cache-status
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P10
age
241
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Mon, 17 Jun 2024 20:11:47 GMT
server
cloudflare
etag
W/"2801030c0114e98ab25cd3dc2ac1149b"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=300
cf-ray
8a6f5258d89130e2-FRA
x-amz-cf-id
2G4NjPuW8fB8c7AeV0g1yPLtFLQ0E7OBBsqcVZTVyZkfPpFSkw0Elw==
destination
www.googletagmanager.com/gtag/ 		226 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-AW-11328839672&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PN7RRDBX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
6b17ae85dc95b3e6907f10e1eaaa598f4e8ccae3ce7937d6d76c894dffaf451a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 00:30:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83236
x-xss-protection
0
last-modified
Mon, 22 Jul 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 22 Jul 2024 00:30:21 GMT
fbevents.js
connect.facebook.net/en_US/ 		224 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 22 Jul 2024 00:30:21 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58677
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1368, tbw=2770, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
mfxuLYW90i8/9M7Tpi5AEiM6Hb888PAr3plczYSvuggMxYfBRcqS3SvIA0fKwMNV0ppdfYk1oWYq6eCMZQPhPg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
anchor
www.recaptcha.net/recaptcha/api2/ Frame 3FDD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/api2/anchor?ar=1&k=6LdSxWwUAAAAAGPsM6dDYntexpHbxquYxjQCFbS5&co=aHR0cHM6Ly9ib2xldG9zLmphcGkuY29tLm14OjQ0Mw..&hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=normal&cb=cq7wqf1ydcq
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-sT12sK5XRokmACf1Vc434Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://boletos.japi.com.mx/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-sT12sK5XRokmACf1Vc434Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 22 Jul 2024 00:30:21 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
events.js
analytics.tiktok.com/i18n/pixel/ 		0
0
js
www.googletagmanager.com/gtag/ 		268 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-11328839672
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PN7RRDBX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s08-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
28774ae967fff6140d6c2aecefc9f0f24497f6472c2ce2e508d4f4b5a3a6c9cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 00:30:21 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94239
x-xss-protection
0
last-modified
Mon, 22 Jul 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 22 Jul 2024 00:30:21 GMT
/
prism.app-us1.com/ 		0
313 B 		Script
General
Check archive.org
Download Go to
Full URL
https://prism.app-us1.com/?a=799387631&u=https%3A%2F%2Fboletos.japi.com.mx%2Fjapi%2Fes
Requested by
Host: diffuser-cdn.app-us1.com
URL: https://diffuser-cdn.app-us1.com/diffuser/diffuser.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:80d8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.1.29
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 22 Jul 2024 00:30:22 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
PHP/8.1.29
content-type
application/javascript
cache-control
no-cache, private
x-envoy-upstream-service-time
59
cf-ray
8a6f52599e805d46-FRA
content-length
0
331750512672375
connect.facebook.net/signals/config/ 		60 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/331750512672375?v=2.9.162&r=stable&domain=boletos.japi.com.mx&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
62443a2b8d0cbfcd96ef10b8cda9c51fee6631d8117eba6b73e367c7fd2f9e9d
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 22 Jul 2024 00:30:21 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=11, rtx=0, c=63, mss=1368, tbw=64157, tp=-1, tpl=-1, uplat=116, ullat=0
pragma
public
x-fb-debug
fPsncudbkn6rBnegwi3Cf4VKGPNEr1GofUn5vlBLzT2GrlQFUN2Dg2mHx2VVidQS0lh39G2/BaqwGylfg9zwyw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
273 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=331750512672375&ev=PageView&dl=https%3A%2F%2Fboletos.japi.com.mx%2Fjapi%2Fes&rl=&if=false&ts=1721608221832&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.2.1721608221831.963619157833276698&ler=empty&cdl=API_unavailable&it=1721608221674&coo=false&rqm=GET
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=6, rtx=0, c=10, mss=1368, tbw=2796, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 22 Jul 2024 00:30:21 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=331750512672375&ev=PageView&dl=https%3A%2F%2Fboletos.japi.com.mx%2Fjapi%2Fes&rl=&if=false&ts=1721608221832&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.2.1721608221831.963619157833276698&ler=empty&cdl=API_unavailable&it=1721608221674&coo=false&rqm=FGET
Requested by
Host: boletos.japi.com.mx
URL: https://boletos.japi.com.mx/japi/es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Mon, 22 Jul 2024 00:30:22 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7394251007800695720", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=7, rtx=0, c=10, mss=1368, tbw=3113, tp=-1, tpl=-1, uplat=169, ullat=0
pragma
no-cache
x-fb-debug
Mi9CRUgZ3/5Ugn7Rcsmt6VyDk6eLnk3GbQFgfC05gwICjyPy/d47yWOrO9N6jAWRZ/+LjjOr87jeE1aCXfwlFg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7394251007800695720"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
japi_favicon-f2c0086fe45475b2ed8676c925dafc0b20367c18c383655eb4b704888372a322.png
cdn.recorrido.cl/assets/ 		31 KB
32 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.recorrido.cl/assets/japi_favicon-f2c0086fe45475b2ed8676c925dafc0b20367c18c383655eb4b704888372a322.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-117.fra56.r.cloudfront.net
Software
nginx/1.23.3 /
Resource Hash
f2c0086fe45475b2ed8676c925dafc0b20367c18c383655eb4b704888372a322

Request headers

Referer
https://boletos.japi.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Jul 2024 00:18:33 GMT
via
1.1 6165dcc1fdf84ac65e8204c05709f1ca.cloudfront.net (CloudFront)
last-modified
Tue, 12 Sep 2023 17:28:50 GMT
server
nginx/1.23.3
x-amz-cf-pop
FRA56-C1
age
432708
etag
"65009fd2-7d9a"
x-cache
Hit from cloudfront
content-type
image/png
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
32154
x-amz-cf-id
S_7qfpSCqY0pYkeu-sVGIVmKAW94XqqJ2cECIIXDvKk2ZCiRM-_dHg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
bframe
www.recaptcha.net/recaptcha/api2/ Frame 065C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.recaptcha.net/recaptcha/api2/bframe?hl=de&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6LdSxWwUAAAAAGPsM6dDYntexpHbxquYxjQCFbS5
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f3.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-wOwKnKMbHalZuY0OtDykKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://boletos.japi.com.mx/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-wOwKnKMbHalZuY0OtDykKw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 22 Jul 2024 00:30:22 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googleoptimize.com
URL
https://www.googleoptimize.com/optimize.js?id=
Domain
analytics.tiktok.com
URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CK0TR4BC77U2Q32CIU80&lib=ttq

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| google_tag_manager object| google_tag_data object| dataLayer function| gtag object| gaGlobal function| hasLocalStorage function| hasSessionStorage object| I18n string| simple_locale string| current_platform string| current_bus_operator_slug string| current_country object| default_price_format_options function| moment object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| html5 object| Modernizr function| $ function| jQuery object| jQuery112406717391419254974 function| _ object| Backbone object| Mn object| Marionette object| Backgrid function| AbstractChosen function| SelectParser function| Cookies function| Picker function| updateDateSliderLabels function| Ibilbidea object| ibilbidea object| JST function| inIFrame function| inCustomDomain function| getParameterByName function| prependToAnchorsUrl function| setIOS function| setInstantSearch function| setCityFields function| Sifter object| MicroPlugin function| Selectize function| JQClass function| SmartBanner function| postscribe object| google_tag_manager_external string| visitorGlobalObjectAlias function| vgo function| _i_ function| _r_ object| bookingLeaveBehind function| fbq function| _fbq object| recaptcha object| featuredOperator function| roundIfNecessary object| closure_lm_898862 string| TiktokAnalyticsObject object| ttq string| prismGlobalObjectAlias object| visitorGlobalObject

12 Cookies

Domain/Path Name / Value
boletos.japi.com.mx/japi Name: Path
Value: /
boletos.japi.com.mx/ Name: _recorrido_session
Value: Q0h2NmNDVmZLUWpEakNmWVc1VmJBbHlRd3o3aTMxRUNoZWx6Ny8wdy9XRTNTaVNVYk1BN1FlWTFYbkhPanh1dGlhcSswZnFZUkIxaWlnNjB3VGJpNlE9PS0tUnd5cXNZbjNxT0gyc3JIclc3K2JWUT09--1ff7b16613960a8a65c268c0d4eae2a63530c907
boletos.japi.com.mx/ Name: Path
Value: /
boletos.japi.com.mx/ Name: locale
Value: es
boletos.japi.com.mx/ Name: AWSALB
Value: sbeJ53lx3XeX1gTriQwQ1zudzzTNmepjM/RZkVebW74ddYPZhE0dKmbV5Nnzr1jNvZPeGqVZ6TRW+n4C//uZKEoXiivWFD/UUEbABIJvYDfiCRH32kuUw5zH8o8a
boletos.japi.com.mx/ Name: AWSALBCORS
Value: sbeJ53lx3XeX1gTriQwQ1zudzzTNmepjM/RZkVebW74ddYPZhE0dKmbV5Nnzr1jNvZPeGqVZ6TRW+n4C//uZKEoXiivWFD/UUEbABIJvYDfiCRH32kuUw5zH8o8a
boletos.japi.com.mx/ Name: japi_session
Value: eDRHNWplbU5WWUFkdXY0MHF5QkdaczdkVGl4Y1dUeXJ6QXhweGV5eEVYL0crK2hsUFg2VHA3VkJ4UjFBUjFVNWpNOEpXKzhudTBGejNnZXRRdXdlS29haXZnbk02Qm1ZSkNXM1NPVXlDQTRsaHlqZDhDVVk5aUtiTTMwTHR5ZGY4TUJtbUE4MGRRVmkzY1FoMHl1NFBET1k2WWZNZFJUQkR2Q0NWdjB0YlZNZFJQQ01uTmZxTVJVb1VKU0EvdHNqLS1sVklibWUxc3VVcjJrMHBWZlIycVpBPT0%3D--978a54d92d0258380c84080a07abe585ecd19ef7
.japi.com.mx/ Name: _ga
Value: GA1.1.350210243.1721608221
.japi.com.mx/ Name: _gcl_au
Value: 1.1.1160436031.1721608222
.japi.com.mx/ Name: _ga_81XZXXW3M7
Value: GS1.1.1721608221.1.1.1721608221.60.0.0
.japi.com.mx/ Name: _fbp
Value: fb.2.1721608221831.963619157833276698
prism.app-us1.com/ Name: prism_799387631
Value: 51c7fea5-e1bf-40b0-b491-cb1dfbed9c7d

6 Console Messages

Source Level URL
Text
security error URL: https://boletos.japi.com.mx/japi/es
Message:
The Content-Security-Policy directive 'script-src' contains 'frame-src' as a source expression. Did you want to add it as a directive and forget a semicolon?
security error URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js(Line 493)
Message:
The Content-Security-Policy directive 'script-src' contains 'frame-src' as a source expression. Did you want to add it as a directive and forget a semicolon?
security error (Line 1)
Message:
Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CK0TR4BC77U2Q32CIU80&lib=ttq' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' https://js.fintoc.com/v1/ https://api.fintoc.com/v1/ https://wlscripts.recorrido.cl https://www.googleoptimize.com https://www.google-analytics.com https://www.recaptcha.net 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.gstatic.com https://diffuser-cdn.app-us1.com https://cdn.recorrido-new.cl https://www.recaptcha.net https://*.googletagmanager.com https://tagmanager.google.com/ https://*.google.com https://prism.app-us1.com https://cdn.recorrido.cl https://trackcmp.net https://js-agent.newrelic.com https://bam.nr-data.net https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js frame-src 'unsafe-inline' 'unsafe-eval' 'self' https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js https://api.fintoc.com/v1/ https://js.fintoc.com/v1/ https://a.bstatic.com/static/affiliate_base/js/search_extension.js". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js(Line 578)
Message:
The Content-Security-Policy directive 'script-src' contains 'frame-src' as a source expression. Did you want to add it as a directive and forget a semicolon?
security error URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js(Line 578)
Message:
The Content-Security-Policy directive 'script-src' contains 'frame-src' as a source expression. Did you want to add it as a directive and forget a semicolon?
security error URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__de.js(Line 273)
Message:
The Content-Security-Policy directive 'script-src' contains 'frame-src' as a source expression. Did you want to add it as a directive and forget a semicolon?

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-eval' https://js.fintoc.com/v1/ https://api.fintoc.com/v1/ https://wlscripts.recorrido.cl https://www.googleoptimize.com https://www.google-analytics.com https://www.recaptcha.net 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.gstatic.com https://diffuser-cdn.app-us1.com https://cdn.recorrido-new.cl https://www.recaptcha.net https://*.googletagmanager.com https://tagmanager.google.com/ https://*.google.com https://prism.app-us1.com https://cdn.recorrido.cl https://trackcmp.net https://js-agent.newrelic.com https://bam.nr-data.net https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js frame-src 'unsafe-inline' 'unsafe-eval' 'self' https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js https://api.fintoc.com/v1/ https://js.fintoc.com/v1/ https://a.bstatic.com/static/affiliate_base/js/search_extension.js;
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff nosniff
X-Xss-Protection 1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.bstatic.com
analytics.tiktok.com
boletos.japi.com.mx
cdn.recorrido.cl
connect.facebook.net
diffuser-cdn.app-us1.com
fonts.googleapis.com
fonts.gstatic.com
imagenes.recorrido.cl
prism.app-us1.com
region1.analytics.google.com
stats.g.doubleclick.net
www.facebook.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.gstatic.com
www.recaptcha.net
analytics.tiktok.com
www.googleoptimize.com
142.250.185.195
172.217.16.200
172.217.18.3
18.245.31.129
18.66.102.99
2001:4860:4802:34::36
2606:4700::6812:80d8
2a00:1450:4001:811::2003
2a00:1450:4001:81c::2003
2a00:1450:4001:81c::2008
2a00:1450:4001:82b::200a
2a00:1450:400c:c07::9a
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
54.94.230.21
65.9.66.117
0481cf978633d761686dd05ed060c86593d34768aa66d43d61c4f968cbe6b63d
0dcac7cabd17a67b5d09d54d506c6ed734516248e9e8552d194b1a5cf16b7722
13ce8823c72de9e38938762416664e2aa1497a5d7727951d4b9baf8ae86af70e
28774ae967fff6140d6c2aecefc9f0f24497f6472c2ce2e508d4f4b5a3a6c9cf
2a6af784bb9cc96c95744c77e517ab95dbabde859f5cee9ab900f477c581e1f0
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
51faa38754f222152f88888c3c1adef881c9417886dfe7c2ea05509f26ea6bfb
5a9e9f4ad119eda11e78d5c3d789c56e89317e46b2b7347d9e6b3e2c08efcd7d
62443a2b8d0cbfcd96ef10b8cda9c51fee6631d8117eba6b73e367c7fd2f9e9d
6828f1b0faa1fd63ea5066943f45fda49325f58bd49345bb2c3f1d16838213e3
6b17ae85dc95b3e6907f10e1eaaa598f4e8ccae3ce7937d6d76c894dffaf451a
6ec2be287086474ab829b5ad88af3abe53dba2b790c5bbe5abbd42afdb4a02ed
9493eb9c5929eb95367d4ceb2f426bb9616b53b7c39abcc9569c81dcb7958a9c
9ad3de23aad1f1e3b98d382ed6b9a3ce51889db9d471cdb97f93aa8b9c000e70
9f156794f50183dfe9594e618fe15c0415056dfb0b55a65922d0d6de57f630f1
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aaf9f2132829ea10bf185808961fd9f65f66b84c74cdb3fb6530e2aed3bdd7be
b8eaa1c9ac4fe2a600a0b6506d6b4486dd7719c3d917cd3ae02fd9589a750388
bcb1c21424536c81c9550d4a8a6c34ae78bb8526b37ab1089b41a169d34e2f21
d7132b5dd7801f50cc9b8e1df289c670a48f5af7b12d88a8cb7db7a0b434f70d
d96c502093dc54b165bb01c272ae366cd928b0f9eb8f652b2f0c91343387908d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
ec551bad097fc5a347eb66c8e0f0b1e6e8ddc6e3429fabd69816dc016d233f4a
ee13ce99b27bf02af367facc04dddd75e74e468aed2442ac15177e6340dcc09f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2c0086fe45475b2ed8676c925dafc0b20367c18c383655eb4b704888372a322
f3566bfb4bba3b14dff04ed18043282d95104b36cabff7037f9a3c39edb70948
f51bcb3487b44843e769c25e391378f70bf03e6facf50b5ea2c23e36c42cca8b