authority.cosmopolitanlasvegas.com Open in urlscan Pro
40.80.155.102 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://t2.em.cosmopolitan-lv.com/r/?id=tb9df368,15c34faf,15de16ee&utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4&p1=...
Effective URL:
https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Submission: On December 09 via api (December 9th 2022, 11:53:23 pm UTC) from CH — Scanned from DE

Summary HTTP 158 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 61 IPs in 7 countries across 44 domains to perform 158 HTTP transactions. The main IP is 40.80.155.102, located in San Jose, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is authority.cosmopolitanlasvegas.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on April 18th 2022. Valid for: a year.

This is the only time authority.cosmopolitanlasvegas.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.148.94.238 54.148.94.238	16509 (AMAZON-02) (AMAZON-02)
15	40.80.155.102 40.80.155.102	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
3	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	178.249.101.23 178.249.101.23	11054 (LIVEPERSON) (LIVEPERSON)
2 5	142.250.185.102 142.250.185.102	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
3	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f08... 2a03:2880:f080:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	107.178.244.119 107.178.244.119	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e4:... 2606:4700:e4::ac40:ac0c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
1 3	2600:9000:20a... 2600:9000:20a5:3a00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
4	23.3.88.16 23.3.88.16	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.147.255.25 54.147.255.25	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
5	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1	34.205.226.12 34.205.226.12	14618 (AMAZON-AES) (AMAZON-AES)
1 7	151.101.1.182 151.101.1.182	54113 (FASTLY) (FASTLY)
7	2606:4700:303... 2606:4700:3030::ac43:9d93	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c02::9d	15169 (GOOGLE) (GOOGLE)
2 3	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2 4	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
2 2	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
2 4	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	172.217.18.2 172.217.18.2	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1 2	185.89.210.153 185.89.210.153	29990 (ASN-APPNEX) (ASN-APPNEX)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	18.185.197.230 18.185.197.230	16509 (AMAZON-02) (AMAZON-02)
8	2a03:2880:f14... 2a03:2880:f145:82:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	178.249.97.99 178.249.97.99	11054 (LIVEPERSON) (LIVEPERSON)
7	162.252.76.20 162.252.76.20	11054 (LIVEPERSON) (LIVEPERSON)
1	2a05:d018:cc3... 2a05:d018:cc3:fe04:f373:8994:d3a2:58c	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	35.186.212.60 35.186.212.60	15169 (GOOGLE) (GOOGLE)
1	52.50.26.223 52.50.26.223	16509 (AMAZON-02) (AMAZON-02)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2620:1ec:4f:1... 2620:1ec:4f:1::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	20.234.93.27 20.234.93.27	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.224.31.34 52.224.31.34	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	208.89.12.87 208.89.12.87	11054 (LIVEPERSON) (LIVEPERSON)
1	18.66.2.30 18.66.2.30	16509 (AMAZON-02) (AMAZON-02)
7 11	54.227.133.78 54.227.133.78	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2	104.76.200.221 104.76.200.221	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	54.72.53.159 54.72.53.159	16509 (AMAZON-02) (AMAZON-02)
3	151.101.129.182 151.101.129.182	54113 (FASTLY) (FASTLY)
3	151.101.129.62 151.101.129.62	54113 (FASTLY) (FASTLY)
1	151.101.2.133 151.101.2.133	54113 (FASTLY) (FASTLY)
8 18	63.32.161.99 63.32.161.99	16509 (AMAZON-02) (AMAZON-02)
2 4	52.212.89.6 52.212.89.6	16509 (AMAZON-02) (AMAZON-02)
3	35.186.195.233 35.186.195.233	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	23.213.161.145 23.213.161.145	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	18.200.78.128 18.200.78.128	16509 (AMAZON-02) (AMAZON-02)
1	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
1 2	52.222.214.106 52.222.214.106	16509 (AMAZON-02) (AMAZON-02)
1 2	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
4	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
158	61

1 54.148.94.238 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-94-238.us-west-2.compute.amazonaws.com

t2.em.cosmopolitan-lv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 40.80.155.102 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

authority.cosmopolitanlasvegas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.101.23 (United States)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f6.1e100.net

5258867.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f080:9:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 107.178.244.119 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 119.244.178.107.bc.googleusercontent.com

beacon.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.sojern.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e4::ac40:ac0c (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: hwcdn.net

cdn.bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:20a5:3a00:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.3.88.16 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-3-88-16.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.147.255.25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-147-255-25.compute-1.amazonaws.com

px.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.205.226.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-205-226-12.compute-1.amazonaws.com

b.videoamp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.101.1.182 (United States) 1 redirects

ASN54113 (FASTLY, US)

static.triptease.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700:3030::ac43:9d93 (United States)

ASN13335 (CLOUDFLARENET, US)

onboard.triptease.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c02::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.198 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.46 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.18.2 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

fcmatch.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fcmatch.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.153 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.185.197.230 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-197-230.eu-central-1.compute.amazonaws.com

6131764.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a03:2880:f145:82:face:b00c:0:25de (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.99 (United States)

ASN11054 (LIVEPERSON, US)
PTR: lo-accdn.lpsnmedia.net

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 162.252.76.20 (United States)

ASN11054 (LIVEPERSON, US)

lpcdn-a.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe04:f373:8994:d3a2:58c (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.212.60 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 60.212.186.35.bc.googleusercontent.com

cs.yieldoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.50.26.223 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-26-223.eu-west-1.compute.amazonaws.com

112.xg4ken.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:4f:1::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.234.93.27 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.224.31.34 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

h.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net

va.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.2.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-2-30.txl50.r.cloudfront.net

vt.myvisualiq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 54.227.133.78 (Ashburn, United States) 7 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-133-78.compute-1.amazonaws.com

t.myvisualiq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.248.159 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

tapestry.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.76.200.221 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-76-200-221.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.72.53.159 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-53-159.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.129.182 (United States)

ASN54113 (FASTLY, US)

static-meta.triptease.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.129.62 (United States)

ASN54113 (FASTLY, US)

b.triptease.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.133 (United States)

ASN54113 (FASTLY, US)

messages.guest-experience.triptease.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 63.32.161.99 (Dublin, Ireland) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

segment.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.212.89.6 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-89-6.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.195.233 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 233.195.186.35.bc.googleusercontent.com

api.triptease.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.213.161.145 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-213-161-145.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.200.78.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-78-128.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.254.47 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loadus.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.222.214.106 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-106.fra56.r.cloudfront.net

segments.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (Canada) 1 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	triptease.io 1 redirects static.triptease.io — Cisco Umbrella Rank: 42837 onboard.triptease.io — Cisco Umbrella Rank: 32661 static-meta.triptease.io — Cisco Umbrella Rank: 92835 b.triptease.io — Cisco Umbrella Rank: 20747 messages.guest-experience.triptease.io — Cisco Umbrella Rank: 56263 api.triptease.io — Cisco Umbrella Rank: 55325	454 KB
22	bidr.io 10 redirects segment.prod.bidr.io — Cisco Umbrella Rank: 6406 match.prod.bidr.io — Cisco Umbrella Rank: 476	13 KB
15	doubleclick.net 9 redirects 5258867.fls.doubleclick.net — Cisco Umbrella Rank: 378904 pubads.g.doubleclick.net — Cisco Umbrella Rank: 419 stats.g.doubleclick.net — Cisco Umbrella Rank: 81 googleads.g.doubleclick.net — Cisco Umbrella Rank: 34 ad.doubleclick.net — Cisco Umbrella Rank: 164 cm.g.doubleclick.net — Cisco Umbrella Rank: 215	8 KB
15	cosmopolitanlasvegas.com authority.cosmopolitanlasvegas.com	793 KB
12	myvisualiq.net 7 redirects vt.myvisualiq.net — Cisco Umbrella Rank: 15816 t.myvisualiq.net — Cisco Umbrella Rank: 1598	11 KB
9	lpsnmedia.net accdn.lpsnmedia.net — Cisco Umbrella Rank: 3498 lpcdn-a.lpsnmedia.net — Cisco Umbrella Rank: 419621	415 KB
8	facebook.com www.facebook.com — Cisco Umbrella Rank: 113	293 B
8	google.com 3 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 72 fcmatch.google.com — Cisco Umbrella Rank: 2433	3 KB
6	adnxs.com 3 redirects secure.adnxs.com — Cisco Umbrella Rank: 430 ib.adnxs.com — Cisco Umbrella Rank: 218	6 KB
6	google.de 1 redirects www.google.de — Cisco Umbrella Rank: 7952 adservice.google.de — Cisco Umbrella Rank: 11832	2 KB
6	bttrack.com cdn.bttrack.com — Cisco Umbrella Rank: 6334 bttrack.com — Cisco Umbrella Rank: 715	5 KB
5	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1311 c.clarity.ms — Cisco Umbrella Rank: 1818 h.clarity.ms — Cisco Umbrella Rank: 9403	21 KB
4	gstatic.com fonts.gstatic.com	176 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 373 c.bing.com — Cisco Umbrella Rank: 256	14 KB
4	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 789	95 KB
4	adroll.com 1 redirects s.adroll.com — Cisco Umbrella Rank: 2503 d.adroll.com — Cisco Umbrella Rank: 1464	19 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	280 KB
4	liveperson.net lptag.liveperson.net — Cisco Umbrella Rank: 3496 va.v.liveperson.net — Cisco Umbrella Rank: 3980	109 KB
3	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 206	3 KB
3	sojern.com beacon.sojern.com — Cisco Umbrella Rank: 5129 pixel.sojern.com — Cisco Umbrella Rank: 8306	2 KB
3	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 171	19 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 47	187 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 507	2 KB
2	company-target.com 1 redirects segments.company-target.com — Cisco Umbrella Rank: 1241	1 KB
2	exelator.com 1 redirects loadus.exelator.com — Cisco Umbrella Rank: 1226	2 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	2 KB
2	bluekai.com tags.bluekai.com — Cisco Umbrella Rank: 541	753 B
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 396	9 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 28	20 KB
2	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 1167	9 KB
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 882	430 B
1	agkn.com aa.agkn.com — Cisco Umbrella Rank: 424	499 B
1	stickyadstv.com ads.stickyadstv.com — Cisco Umbrella Rank: 636	688 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 335	98 B
1	tapad.com 1 redirects tapestry.tapad.com — Cisco Umbrella Rank: 1126	479 B
1	xg4ken.com 112.xg4ken.com — Cisco Umbrella Rank: 408214	241 B
1	yieldoptimizer.com cs.yieldoptimizer.com — Cisco Umbrella Rank: 146049	781 B
1	siteimproveanalytics.io 6131764.global.siteimproveanalytics.io — Cisco Umbrella Rank: 527385	469 B
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 323	265 B
1	youtube.com fcmatch.youtube.com — Cisco Umbrella Rank: 2445	525 B
1	videoamp.com b.videoamp.com — Cisco Umbrella Rank: 2625	312 B
1	adentifi.com px.adentifi.com — Cisco Umbrella Rank: 9669	35 B
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 3422	6 KB
1	cosmopolitan-lv.com 1 redirects t2.em.cosmopolitan-lv.com	740 B
158	44

	Domain	Requested by
18	segment.prod.bidr.io	8 redirects b.triptease.io
15	authority.cosmopolitanlasvegas.com	authority.cosmopolitanlasvegas.com
11	t.myvisualiq.net	7 redirects
8	www.facebook.com	authority.cosmopolitanlasvegas.com
7	lpcdn-a.lpsnmedia.net	lptag.liveperson.net
7	onboard.triptease.io	authority.cosmopolitanlasvegas.com static.triptease.io
7	static.triptease.io	1 redirects static.triptease.io
5	bttrack.com	authority.cosmopolitanlasvegas.com cdn.bttrack.com bttrack.com
5	5258867.fls.doubleclick.net	2 redirects www.googletagmanager.com adservice.google.com
4	fonts.gstatic.com	fonts.googleapis.com
4	match.prod.bidr.io	2 redirects b.triptease.io match.prod.bidr.io
4	secure.adnxs.com	2 redirects authority.cosmopolitanlasvegas.com
4	www.google.de	authority.cosmopolitanlasvegas.com 5258867.fls.doubleclick.net
4	www.google.com	2 redirects authority.cosmopolitanlasvegas.com
4	analytics.tiktok.com	authority.cosmopolitanlasvegas.com analytics.tiktok.com
4	connect.facebook.net	authority.cosmopolitanlasvegas.com connect.facebook.net
3	api.triptease.io	static.triptease.io
3	b.triptease.io	static.triptease.io b.triptease.io
3	static-meta.triptease.io	static.triptease.io static-meta.triptease.io
3	dpm.demdex.net	2 redirects match.prod.bidr.io
3	bat.bing.com	5258867.fls.doubleclick.net bat.bing.com
3	cm.g.doubleclick.net	3 redirects
3	adservice.google.com	authority.cosmopolitanlasvegas.com 5258867.fls.doubleclick.net
3	googleads.g.doubleclick.net	2 redirects www.googletagmanager.com
3	s.adroll.com	1 redirects authority.cosmopolitanlasvegas.com
3	www.googleadservices.com	www.googletagmanager.com 5258867.fls.doubleclick.net www.googleadservices.com
3	www.googletagmanager.com	authority.cosmopolitanlasvegas.com static-meta.triptease.io www.googletagmanager.com
2	dsum-sec.casalemedia.com	1 redirects match.prod.bidr.io
2	segments.company-target.com	1 redirects match.prod.bidr.io
2	loadus.exelator.com	1 redirects match.prod.bidr.io
2	fonts.googleapis.com	static.triptease.io
2	tags.bluekai.com	match.prod.bidr.io
2	va.v.liveperson.net	lptag.liveperson.net
2	c.clarity.ms	1 redirects authority.cosmopolitanlasvegas.com
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	adservice.google.de	1 redirects adservice.google.com
2	accdn.lpsnmedia.net	lptag.liveperson.net
2	ib.adnxs.com	1 redirects match.prod.bidr.io
2	pixel.sojern.com	authority.cosmopolitanlasvegas.com
2	ad.doubleclick.net	2 redirects
2	cdn.jsdelivr.net	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com authority.cosmopolitanlasvegas.com
2	lptag.liveperson.net	authority.cosmopolitanlasvegas.com
2	ajax.aspnetcdn.com	authority.cosmopolitanlasvegas.com
1	image2.pubmatic.com	match.prod.bidr.io
1	aa.agkn.com	match.prod.bidr.io
1	ads.stickyadstv.com	match.prod.bidr.io
1	messages.guest-experience.triptease.io	static.triptease.io
1	idsync.rlcdn.com
1	tapestry.tapad.com	1 redirects
1	vt.myvisualiq.net	www.googletagmanager.com
1	h.clarity.ms	www.clarity.ms
1	c.bing.com	1 redirects
1	112.xg4ken.com	5258867.fls.doubleclick.net
1	cs.yieldoptimizer.com	5258867.fls.doubleclick.net
1	d.adroll.com	s.adroll.com
1	6131764.global.siteimproveanalytics.io	authority.cosmopolitanlasvegas.com
1	match.adsrvr.org	authority.cosmopolitanlasvegas.com
1	fcmatch.youtube.com	authority.cosmopolitanlasvegas.com
1	fcmatch.google.com	1 redirects
1	stats.g.doubleclick.net	www.google-analytics.com
1	b.videoamp.com	authority.cosmopolitanlasvegas.com
1	pubads.g.doubleclick.net	authority.cosmopolitanlasvegas.com
1	px.adentifi.com	authority.cosmopolitanlasvegas.com
1	cdn.bttrack.com	www.googletagmanager.com
1	siteimproveanalytics.com	authority.cosmopolitanlasvegas.com
1	beacon.sojern.com	authority.cosmopolitanlasvegas.com
1	t2.em.cosmopolitan-lv.com	1 redirects
158	68

This site contains links to these domains. Also see Links.

Domain
www.cosmopolitanlasvegas.com

Subject Issuer	Validity	Valid
authority.cosmopolitanlasvegas.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-18` - `2023-05-19`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2022-07-11` - `2023-07-11`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-04-26` - `2023-04-26`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-18` - `2022-12-17`	3 months	crt.sh
*.sojern.com DigiCert TLS RSA SHA256 2020 CA1	`2021-12-16` - `2023-01-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-05` - `2023-06-04`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-21` - `2023-04-20`	a year	crt.sh
s.adroll.com Amazon	`2022-07-03` - `2023-08-01`	a year	crt.sh
*.tiktok.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-13` - `2023-01-13`	a year	crt.sh
adentifi.com Amazon	`2022-08-05` - `2023-09-03`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.videoamp.com Amazon	`2022-09-06` - `2023-10-04`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.global.r1.siteimproveanalytics.io Amazon	`2022-09-09` - `2023-10-08`	a year	crt.sh
*.lpsnmedia.net Sectigo RSA Organization Validation Secure Server CA	`2022-02-07` - `2023-02-07`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2022-11-08` - `2023-12-07`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.yieldoptimizer.com Go Daddy Secure Certificate Authority - G2	`2021-12-14` - `2023-01-15`	a year	crt.sh
*.xg4ken.com Go Daddy Secure Certificate Authority - G2	`2022-10-18` - `2023-11-19`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
www.bing.com Microsoft RSA TLS CA 02	`2022-11-25` - `2023-05-25`	6 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
*.v.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2022-03-22` - `2023-03-22`	a year	crt.sh
*.myvisualiq.net Amazon	`2022-08-18` - `2023-09-16`	a year	crt.sh
*.triptease.io GlobalSign Atlas R3 DV TLS CA 2022 Q3	`2022-09-27` - `2023-10-29`	a year	crt.sh
*.guest-experience.triptease.io R3	`2022-10-25` - `2023-01-23`	3 months	crt.sh
*.segment.prod.bidr.io Amazon	`2022-01-27` - `2023-02-25`	a year	crt.sh
*.match.prod.bidr.io Amazon	`2022-01-27` - `2023-02-25`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
*.ads.stickyadstv.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-14` - `2023-06-16`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2022-09-06` - `2023-09-21`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2022-06-13` - `2023-07-14`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-07` - `2023-01-30`	3 months	crt.sh

This page contains 14 frames:

Primary Page: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Frame ID: 7FD29CE7818BDCE0A4826951FB44F5DE
Requests: 103 HTTP requests in this frame

Frame: https://5258867.fls.doubleclick.net/activityi;dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4
Frame ID: 80DD9364FBCF3779B6F9B0BF9FCD007D
Requests: 1 HTTP requests in this frame

Frame: https://5258867.fls.doubleclick.net/activityi;dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4
Frame ID: 5B7A859D435CE79FB4DD9534DAE75202
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4
Frame ID: F1B776C6C07BDC4FF9820FBC9AF8B0C5
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4
Frame ID: 5A6815AFBA8274D30566192AB8862FB9
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4
Frame ID: 70BAEAD9A70DB947BD29D8CEFD14E638
Requests: 1 HTTP requests in this frame

Frame: https://5258867.fls.doubleclick.net/ddm/fls/r/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4
Frame ID: E57F3076AF913FDC65F2FE144D6F5EF5
Requests: 13 HTTP requests in this frame

Frame: https://onboard.triptease.io/kernel/v6007.65819/kernel-host.html?originHost=authority.cosmopolitanlasvegas.com
Frame ID: AA591F0EA72C83E5D09721E14AA1F7A4
Requests: 2 HTTP requests in this frame

Frame: https://lpcdn-a.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com&site=88246722&env=prod
Frame ID: 9D3255465E34BDD7E21502F4A5DEA98C
Requests: 1 HTTP requests in this frame

Frame: https://static.triptease.io/message-porter/dist/storageIframe.html
Frame ID: 9E44204A2DFE47C1D46B435D7FEAC633
Requests: 1 HTTP requests in this frame

Frame: https://b.triptease.io/?apikey=b46e2da70190d88425348ffad2967bf112aa252c&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GKWMXFM0YX5CYRF7NYJYERB6
Frame ID: A7D2F6AB573C84062F08EBB7E776A461
Requests: 12 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Frame ID: 603AD9F41A4B41B003988BF0325365FE
Requests: 11 HTTP requests in this frame

Frame: https://static.triptease.io/message-porter/dist/fullscreen.html
Frame ID: 6E26CD8DAF3E9D243FC103825B126B0E
Requests: 5 HTTP requests in this frame

Frame: https://static.triptease.io/message-porter/dist/nudge.html
Frame ID: 504ED584925CB42F23F9010AF59842A3
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Create your online account - Cosmopolitan.OAuthThe Cosmopolitan of Las Vegas

Page URL History Show full URLs

http://t2.em.cosmopolitan-lv.com/r/?id=tb9df368,15c34faf,15de16ee&utm_source=CRM&utm_medium=email&utm_campaig... HTTP 302
https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

158
Requests

82 %
HTTPS

33 %
IPv6

44
Domains

68
Subdomains

61
IPs

7
Countries

2667 kB
Transfer

6385 kB
Size

60
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cosmopolitanlasvegas.com/data-privacy-opt-out
Title: opt-out of the sale of personal information

Search URL Search Domain Scan URL

URL: https://www.cosmopolitanlasvegas.com/privacy-policy
Title: updated privacy policy

Search URL Search Domain Scan URL

URL: https://www.cosmopolitanlasvegas.com/
Title: .cosmopolitan-logo-1 { isolation: isolate; } .cosmopolitan-logo-3 { fill: #dbd9d6; } .cosmopolitan-logo-4, .cosmopolitan-logo-5 { mix-blend-mode: multiply; } .cosmopolitan-logo-5 { fill: #b3b2b1; } .cosmopolitan-logo-6 { fill: #8c189b; } The Cosmopolitan of Las Vegas

Search URL Search Domain Scan URL

URL: https://www.cosmopolitanlasvegas.com/identity/about
Title: Identity

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://t2.em.cosmopolitan-lv.com/r/?id=tb9df368,15c34faf,15de16ee&utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4&p1=authority.cosmopolitanlasvegas.com/Account/RegisterExisting HTTP 302
https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

https://5258867.fls.doubleclick.net/activityi;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4 HTTP 302
https://5258867.fls.doubleclick.net/activityi;dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Request Chain 19

https://5258867.fls.doubleclick.net/activityi;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4 HTTP 302
https://5258867.fls.doubleclick.net/activityi;dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Request Chain 34

https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c HTTP 307
https://onboard.triptease.io/bootstrap/v6007.65819/bootstrap.js

Request Chain 38

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/985659074/?random=1558048574&cv=11&fst=1670629994680&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&label=sNI-CP2woJEBEMLt_9UD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&tiba=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&value=0&auid=1496045068.1670629995&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=asqTY4uJLMroxwK57pTIDQ&sscte=1&crd=&eitems=ChAIgNbLnAYQva3vvpWC65ovEh0AdUs7huomyjxoZQBWI9xv8dbDzI3SG1Uk389OTQ&pscrd=Ek5DaEFJZ05iTG5BWVF6b19ueUlMbi03Z3hFaVlBM0dwd1pMdHRIblljamVSNUFucVlDbG92NVQtXzRXVGI2VXVGOHJ0OFJwREMxb2lsOXcaWENoQUlnTmJMbkFZUTZPcWlzWUdFLXQwbkVpNEFOUTN5RUg5WkxmS2NVbDNZbUZLUnB2MWtSdTQzZTJXUFM5dFN5ZTdPOEprUlZyUXotSTRZLS1wWXpoQlY HTTP 302
https://www.google.com/pagead/1p-conversion/985659074/?random=1558048574&cv=11&fst=1670629994680&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&label=sNI-CP2woJEBEMLt_9UD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&tiba=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&value=0&auid=1496045068.1670629995&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ05iTG5BWVF6b19ueUlMbi03Z3hFaVlBM0dwd1pMdHRIblljamVSNUFucVlDbG92NVQtXzRXVGI2VXVGOHJ0OFJwREMxb2lsOXcaWENoQUlnTmJMbkFZUTZPcWlzWUdFLXQwbkVpNEFOUTN5RUg5WkxmS2NVbDNZbUZLUnB2MWtSdTQzZTJXUFM5dFN5ZTdPOEprUlZyUXotSTRZLS1wWXpoQlY&is_vtc=1&ocp_id=asqTY4uJLMroxwK57pTIDQ&eitems=ChAIgNbLnAYQva3vvpWC65ovEh0AdUs7hhb1PZ3MVd-othCyTrse0Q1auD_AxSl_Vw&random=1907266406 HTTP 302
https://www.google.de/pagead/1p-conversion/985659074/?random=1558048574&cv=11&fst=1670629994680&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&label=sNI-CP2woJEBEMLt_9UD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&tiba=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&value=0&auid=1496045068.1670629995&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ05iTG5BWVF6b19ueUlMbi03Z3hFaVlBM0dwd1pMdHRIblljamVSNUFucVlDbG92NVQtXzRXVGI2VXVGOHJ0OFJwREMxb2lsOXcaWENoQUlnTmJMbkFZUTZPcWlzWUdFLXQwbkVpNEFOUTN5RUg5WkxmS2NVbDNZbUZLUnB2MWtSdTQzZTJXUFM5dFN5ZTdPOEprUlZyUXotSTRZLS1wWXpoQlY&is_vtc=1&ocp_id=asqTY4uJLMroxwK57pTIDQ&eitems=ChAIgNbLnAYQva3vvpWC65ovEh0AdUs7hhb1PZ3MVd-othCyTrse0Q1auD_AxSl_Vw&random=1907266406&ipr=y&prhg=0

Request Chain 39

https://ad.doubleclick.net/ddm/activity/src=8133443;type=track0;cat=theco00;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID HTTP 302
https://ad.doubleclick.net/ddm/activity/src=8133443;dc_pre=CJS_ktvd7fsCFa9GHgIdw0EP6w;type=track0;cat=theco00;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID HTTP 302
https://adservice.google.com/ddm/fls/z/src=8133443;dc_pre=CJS_ktvd7fsCFa9GHgIdw0EP6w;type=track0;cat=theco00;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID

Request Chain 40

https://secure.adnxs.com/px?id=1474714&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1474714%26t%3D1

Request Chain 41

https://secure.adnxs.com/seg?add=26344827&t=1 HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D26344827%26t%3D1

Request Chain 42

https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=zTMHx9Sh_k1d4_WxSsbQdg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg&sjrn_ula=476905866 HTTP 302
https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg&sjrn_ula=476905866&google_gid=CAESEOZBerYeHqA04idQLRyP1PI&google_cver=1

Request Chain 43

https://cm.g.doubleclick.net/pixel?google_hm=zTMHx9Sh_k1d4_WxSsbQdg&google_nid=sojern_adh HTTP 302
https://fcmatch.google.com/pixel?google_gm=AMnCDoo-0l_MZyz6q9fCfxPO6H4qe05iEz-FY816KLl3NvBuBUJkjpIi2KMCAsnlJQ6y68bR_y2bfVe7maustcmaekQj1_y922HkbJBKm9k3wv6ITz2nf8Y HTTP 302
https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo-0l_MZyz6q9fCfxPO6H4qe05iEz-FY816KLl3NvBuBUJkjpIi2KMCAsnlJQ6y68bR_y2bfVe7maustcmaekQj1_y922HkbJBKm9k3wv6ITz2nf8Y

Request Chain 44

https://ib.adnxs.com/getuid?https://pixel.sojern.com/idsync/apn?id=$UID&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg HTTP 302
https://pixel.sojern.com/idsync/apn?id=4272677983417470035&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg

Request Chain 61

https://s.adroll.com/j/exp/RXAACTFK5RCEDMFHKE4ZQ3/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 69

https://adservice.google.de/ddm/fls/i/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4 HTTP 302
https://5258867.fls.doubleclick.net/ddm/fls/r/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Request Chain 85

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1010940168/?random=1968893130&cv=9&fst=1670629995223&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXsjNvd7fsCFQKXGQodoZ4M7g%3Bsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D496250804733%3Bgtm%3D2wgbu0%3Bauiddc%3D1496045068.1670629995%3B~oref%3Dhttps%253A%252F%252Fauthority.cosmopolitanlasvegas.com%252FAccount%252FRegisterExisting%253Futm_source%253DCRM%2526utm_medium%253Demail%2526utm_campaign%253DLET_IT_GLOW_R4&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=a8qTY5uiDou5xgLWvrBA&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/1010940168/?random=1968893130&cv=9&fst=1670629995223&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXsjNvd7fsCFQKXGQodoZ4M7g%3Bsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D496250804733%3Bgtm%3D2wgbu0%3Bauiddc%3D1496045068.1670629995%3B~oref%3Dhttps%253A%252F%252Fauthority.cosmopolitanlasvegas.com%252FAccount%252FRegisterExisting%253Futm_source%253DCRM%2526utm_medium%253Demail%2526utm_campaign%253DLET_IT_GLOW_R4&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=a8qTY5uiDou5xgLWvrBA&cid=CAQSKQDq26N97-I-W0j2gvQbpZAplCpHnwxufvbtmmNAxGsslwd56HE_8wgtIBM&random=2523565286&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/1010940168/?random=1968893130&cv=9&fst=1670629995223&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXsjNvd7fsCFQKXGQodoZ4M7g%3Bsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D496250804733%3Bgtm%3D2wgbu0%3Bauiddc%3D1496045068.1670629995%3B~oref%3Dhttps%253A%252F%252Fauthority.cosmopolitanlasvegas.com%252FAccount%252FRegisterExisting%253Futm_source%253DCRM%2526utm_medium%253Demail%2526utm_campaign%253DLET_IT_GLOW_R4&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=a8qTY5uiDou5xgLWvrBA&cid=CAQSKQDq26N97-I-W0j2gvQbpZAplCpHnwxufvbtmmNAxGsslwd56HE_8wgtIBM&random=2523565286&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Request Chain 87

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=3D33B10DF9084E41AA98DEA28E2EC080&RedC=c.clarity.ms&MXFR=143DE799AC396BE41383F5ECA8396587 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=3D33B10DF9084E41AA98DEA28E2EC080&MUID=2859FBB7D4156CC3285EE9C2D57E6D85

Request Chain 97

https://t.myvisualiq.net/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1984631461.1670629995 HTTP 302
https://t.myvisualiq.net/ul_cb/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1984631461.1670629995

Request Chain 98

https://tapestry.tapad.com/tapestry/1?ta_partner_id=950&ta_redirect=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3D1001%26ao%3D0%26pruuid%3DTAPAD_%24%7BIDS%3Akey%7D HTTP 302
https://t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_1aafcdbe-17a7-4779-a349-f5bb7632b0ab

Request Chain 99

https://t.myvisualiq.net/sync?prid=1002&ao=0&red=https://idsync.rlcdn.com/420356.gif?partner_uid=${UUID} HTTP 302
https://t.myvisualiq.net/ul_cb/sync?prid=1002&ao=0&red=https://idsync.rlcdn.com/420356.gif?partner_uid=${UUID} HTTP 302
https://idsync.rlcdn.com/420356.gif?partner_uid=17623021-8737-45d9-9861-d324805d53d7

Request Chain 100

https://t.myvisualiq.net/sync?prid=BUKIPNR1&red=https://tags.bluekai.com/site/21398?id=$%7BUUID%7D HTTP 302
https://tags.bluekai.com/site/21398?id=0-379701a3-7ba0-4c05-aa7e-661b6a7a7f8b

Request Chain 101

https://t.myvisualiq.net/sync?prid=AOEPNR1&ao=0&red=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D125310%26dpuuid%3D%24%7BUUID%7D%26redir%3Dhttps%253A%252F%252Ft.myvisualiq.net%252Fsync%253Fprid%253DAOEPNR1%2526ao%253D0%2526pruuid%253D%2524%257BDD_UUID%257D%250A HTTP 302
https://dpm.demdex.net/ibs:dpid=125310&dpuuid=0-e544e755-610f-414d-b2af-f13cd0b1e76a&redir=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3DAOEPNR1%26ao%3D0%26pruuid%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=125310&dpuuid=0-e544e755-610f-414d-b2af-f13cd0b1e76a&redir=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3DAOEPNR1%26ao%3D0%26pruuid%3D%24%7BDD_UUID%7D HTTP 302
https://t.myvisualiq.net/sync?prid=AOEPNR1&ao=0&pruuid=29162296805374227231820908910038130372

Request Chain 102

https://t.myvisualiq.net/sync?prid=123&ao=0&red=https%3A%2F%2Fwww.facebook.com%2Ftr%3Fid%3D1626311104111572%26ev%3DPageView%26cd%5Border_id%5D%3D%24%7BUUID%7D%26dpo%3DLDU%26dpoco%3D0%26dpost%3D0 HTTP 302
https://www.facebook.com/tr?id=1626311104111572&ev=PageView&cd[order_id]=0-968cf141-a404-49b9-8943-86e26ae58ac5&dpo=LDU&dpoco=0&dpost=0

Request Chain 103

https://t.myvisualiq.net/sync_pixel?r=1073146&ago=212&ao=849&p1_eml=|||&p1_uid=1984631461.1670629995 HTTP 302
https://t.myvisualiq.net/ul_cb/sync_pixel?r=1073146&ago=212&ao=849&p1_eml=|||&p1_uid=1984631461.1670629995

Request Chain 115

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value= HTTP 303
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=&_bee_ppp=1

Request Chain 116

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value= HTTP 303
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=&_bee_ppp=1

Request Chain 117

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value= HTTP 303
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=&_bee_ppp=1

Request Chain 118

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value= HTTP 303
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=&_bee_ppp=1

Request Chain 119

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18692&value=1 HTTP 303
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18692&value=1&_bee_ppp=1

Request Chain 120

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18693&value= HTTP 303
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18693&value=&_bee_ppp=1

Request Chain 125

https://match.prod.bidr.io/cookie-sync/triptease?buyer_user_id=01GKWMXFM0YX5CYRF7NYJYERB6|b46e2da70190d88425348ffad2967bf112aa252c HTTP 303
https://match.prod.bidr.io/cookie-sync/triptease?buyer_user_id=01GKWMXFM0YX5CYRF7NYJYERB6%7Cb46e2da70190d88425348ffad2967bf112aa252c&_bee_ppp=1 HTTP 303
https://b.triptease.io/cookie-sync?partner=beeswax&beeswax_id=AAOb907HJ5UAACDekZSS1g&buyer_user_id=01GKWMXFM0YX5CYRF7NYJYERB6%7Cb46e2da70190d88425348ffad2967bf112aa252c

Request Chain 126

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-1&value=0.5&forward_to_cookie_sync=1 HTTP 303
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-1&value=0.5&forward_to_cookie_sync=1&_bee_ppp=1 HTTP 303
https://match.prod.bidr.io/cookie-msync?buzz_key=triptease

Request Chain 139

https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCckcwN0hKNVVBQUNBR1BIemhFZw&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1

Request Chain 145

https://loadus.exelator.com/load/?BUID=AABrG07HJ5UAACAGPHzhEg&p=204&g=117&j=0 HTTP 302
https://loadus.exelator.com/load/?BUID=AABrG07HJ5UAACAGPHzhEg&p=204&g=117&j=0&xl8blockcheck=1

Request Chain 146

https://segments.company-target.com/log?vendor=choca&user_id=AABrG07HJ5UAACAGPHzhEg HTTP 303
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABrG07HJ5UAACAGPHzhEg&verifyHash=299d670181b389067fe401f9880391eb5a1275d7

Request Chain 147

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AABrG07HJ5UAACAGPHzhEg&expiration=1671839599 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AABrG07HJ5UAACAGPHzhEg&expiration=1671839599&C=1

158 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request RegisterExisting Show response
authority.cosmopolitanlasvegas.com/Account/
Redirect Chain

http://t2.em.cosmopolitan-lv.com/r/?id=tb9df368,15c34faf,15de16ee&utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4&p1=authority.cosmopolitanlasvegas.com/Account/RegisterExisting
https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

26 KB
10 KB

730ms
176ms

Document
text/html

40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

65a0dbfe0f7b81844603a256fdfe1573bf230a2dbc597215cc9b49de29c62d10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Dec 2022 23:53:13 GMT
Pragma: no-cache
Server: Kestrel
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Powered-By: ASP.NET
X-XSS-Protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 17
Content-Type: text/plain; charset=utf-8
Date: Fri, 09 Dec 2022 23:53:12 GMT
Location: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
P3P: CP="CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV"
Server: Apache
X-Robots-Tag: noindex

GET
H/1.1 200
OK style.css
authority.cosmopolitanlasvegas.com/sf/css/ 320 KB
72 KB 185ms
175ms Stylesheet
text/css 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/sf/css/style.css

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

3491ef1ca659bccbaec555c73b1c829b05f72373b0a5588d9387b089b8e8983f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcb99b79"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
X-Frame-Options: DENY
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sf-override.css
authority.cosmopolitanlasvegas.com/sf/css/ 1 KB
1 KB 183ms
174ms Stylesheet
text/css 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/sf/css/sf-override.css

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

e307f4d4d2208c8b5e06543d942e1348ea1e1e520518647680e24067365de030

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbc9e87"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
X-Frame-Options: DENY
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK custom-autocomplete.css
authority.cosmopolitanlasvegas.com/css/ 1 KB
1001 B 358ms
175ms Stylesheet
text/css 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/css/custom-autocomplete.css

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

5074816757bcced52a7851e776f5b784ad2a8b085de80d0d391e7da45bf657f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbc9f9e"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
X-Frame-Options: DENY
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK jquery.js Show response
authority.cosmopolitanlasvegas.com/lib/jquery/dist/ 262 KB
102 KB 502ms
174ms Script
application/javascript 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/lib/jquery/dist/jquery.js

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

03903375e5192415755f63297022c723f882093152a41027d91bd9b612aae403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcb88cbb"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Frame-Options: DENY
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK bootstrap.js Show response
authority.cosmopolitanlasvegas.com/lib/bootstrap/dist/js/ 70 KB
21 KB 509ms
180ms Script
application/javascript 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/lib/bootstrap/dist/js/bootstrap.js

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

d5fa375baaa8c2ae0f8a7a42b0ab21695a9ec04c68166ceb44118a6d27405449

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbd8294"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Frame-Options: DENY
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK site.js Show response
authority.cosmopolitanlasvegas.com/js/ 5 B
574 B 503ms
174ms Script
application/javascript 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/js/site.js?v=8Bo3TpyB49uJs6QpQMTWpUR2hJhqEpbkK_E_GW7tYpU

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbc9b05"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Frame-Options: DENY
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sf-override.js Show response
authority.cosmopolitanlasvegas.com/sf/js/ 502 B
831 B 506ms
178ms Script
application/javascript 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/sf/js/sf-override.js

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

f6a1edd7e817eaba3aa6efc1dbebaf2f9c80b03cc6ded9945a1a70dd27ad8610

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbc9af6"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Frame-Options: DENY
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H2 200 jquery.validate.min.js Show response
ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ 21 KB
7 KB 43ms
9ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/jquery.validate.min.js

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CCC) /

Resource Hash

2e3e3b2660cbfaac5febf7a50b31d0494159989626a84102b2c3792cffe27d13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Origin: https://authority.cosmopolitanlasvegas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7432791
x-cache: HIT
content-length: 6807
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Oct 2016 23:42:30 GMT
server: ECAcc (frc/4CCC)
etag: "0b7a471d033d21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 jquery.validate.unobtrusive.min.js Show response
ajax.aspnetcdn.com/ajax/jquery.validation.unobtrusive/3.2.6/ 5 KB
3 KB 41ms
7ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jquery.validation.unobtrusive/3.2.6/jquery.validate.unobtrusive.min.js

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CF9) /

Resource Hash

13243171b1f5976e74f79647f612a1d879bfa606816a204f72a833c0e89f269a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Origin: https://authority.cosmopolitanlasvegas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7432501
x-cache: HIT
content-length: 2475
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Oct 2016 23:43:24 GMT
server: ECAcc (frc/4CF9)
etag: "53b63b92d033d21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK cleave.js Show response
authority.cosmopolitanlasvegas.com/js/ 38 KB
11 KB 521ms
169ms Script
application/javascript 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/js/cleave.js

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

87808c44df49da290a28df90c690f7bcb1e5619ccdf21d072a50b22b6f185947

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbc0d70"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Frame-Options: DENY
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK autoComplete.min.js Show response
authority.cosmopolitanlasvegas.com/js/ 7 KB
3 KB 526ms
171ms Script
application/javascript 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/js/autoComplete.min.js

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

eab915ac4386036f18a76eb8a330957f93ccb79f4291c9ab472869d0750852ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbc8171"
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
X-Frame-Options: DENY
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK turquoise.png
authority.cosmopolitanlasvegas.com/sf/images/ 298 KB
299 KB 176ms
176ms Image
image/png 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://authority.cosmopolitanlasvegas.com/sf/images/turquoise.png

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

def5a8ee75fd584a03109d0d6db139dbe5e962e0a9a4b9a9caf36abd7341f3c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:13 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcb83272"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 305522
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 277 KB
84 KB 37ms
16ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

67e247429030584fc6693af52f505c0b747712d61f4745dca405dec3c77d64cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 85436
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Dec 2022 23:53:14 GMT

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 21 KB
8 KB 83ms
18ms Script
application/javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/tag/tag.js?site=88246722

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=300; includeSubDomains
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
server: ws
etag: "5f50a905-1d8f"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 7567

GET
H/1.1 200
OK icons.svg
authority.cosmopolitanlasvegas.com/sf/ 104 KB
105 KB 183ms
182ms Other
image/svg+xml 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/sf/icons.svg

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

abb78d31c33ab80d8dce5b86ab97f511b9dd18336b5be9af057bb72314eb0a0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:14 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbd3ac1"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 106945
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 34BD98_0_0.woff
authority.cosmopolitanlasvegas.com/sf/fonts/ 80 KB
80 KB 177ms
176ms Font
application/font-woff 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/sf/fonts/34BD98_0_0.woff

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/sf/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

a6cd4b6c0ed5513f3c190bf21dfbf21d3f6ff633835ada97a64317ea5298e978

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/sf/css/style.css
Origin: https://authority.cosmopolitanlasvegas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:14 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbda496"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: application/font-woff
Accept-Ranges: bytes
Content-Length: 81814
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 35CE65_0_0.woff
authority.cosmopolitanlasvegas.com/sf/fonts/ 82 KB
82 KB 176ms
175ms Font
application/font-woff 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/sf/fonts/35CE65_0_0.woff

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/sf/css/style.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

18cf414b2e7746b79dc3d6e1ed267c4da4e24e96183d28fd0353c6e34ed2e0fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/sf/css/style.css
Origin: https://authority.cosmopolitanlasvegas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:14 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Last-Modified: Wed, 18 Aug 2021 18:34:54 GMT
Server: Kestrel
ETag: "1d7945fbcbddc1f"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: application/font-woff
Accept-Ranges: bytes
Content-Length: 83743
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK GetCountryCodes Show response
authority.cosmopolitanlasvegas.com/Account/ 9 KB
3 KB 203ms
203ms Fetch
application/json 40.80.155.102
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://authority.cosmopolitanlasvegas.com/Account/GetCountryCodes

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

40.80.155.102 San Jose, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

6dd638c736434fa39902ac9fd514ca318c964cd652f6fcb1d1a0c48c871284c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:14 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Server: Kestrel
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block

GET
H3

200

activityi;dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.c... Show response
5258867.fls.doubleclick.net/ Frame 80DD
Redirect Chain

https://5258867.fls.doubleclick.net/activityi;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas...
https://5258867.fls.doubleclick.net/activityi;dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2...

605 B
373 B

92ms
78ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5258867.fls.doubleclick.net/activityi;dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

8a56ec7545fc72c81e7601274bfd7e84c6206c9ef74038f7b589bdb695755d61

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 348
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:53:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:53:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5258867.fls.doubleclick.net/activityi;dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

activityi;dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FA... Show response
5258867.fls.doubleclick.net/ Frame 5B7A
Redirect Chain

https://5258867.fls.doubleclick.net/activityi;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2...
https://5258867.fls.doubleclick.net/activityi;dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fau...

599 B
366 B

61ms
46ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5258867.fls.doubleclick.net/activityi;dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

e1b3b065433bc2af4ba975e98b90816e0040b1193bdec393a8623f1aa28fe9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 341
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:53:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:53:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5258867.fls.doubleclick.net/activityi;dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 09 Dec 2022 23:15:46 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 2248
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Sat, 10 Dec 2022 01:15:46 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/985659074/ 2 KB
2 KB 47ms
20ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/985659074/?random=1670629994680&cv=11&fst=1670629994680&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&label=sNI-CP2woJEBEMLt_9UD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&tiba=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&value=0&bttype=purchase&auid=1496045068.1670629995&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8654cd40def2f86dd5b0d0475efc98487ec5c0b5b85bc43fd0e75f74ba924cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1328
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 46ms
16ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Dec 2022 23:53:14 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27340
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: ar7ddQf4gLdY/xSZb3Cy/JNjhJHc0+0c26oD9lkdeCiAHZ3UmKkUGzF/cvwGNsomb+zERTQI4/EUmm4q1KywDw==
x-fb-trip-id: 1679558926
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 74843 Show response
beacon.sojern.com/pixel/p/ 5 KB
1 KB 55ms
15ms Script
application/javascript 107.178.244.119
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://beacon.sojern.com/pixel/p/74843?f_v=v6_js&p_v=1&vid=hot&cid=
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 107.178.244.119 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: b47cb76c0b81c7198badbc81d916ac195bebbc72b779b5c886d409bc618d59fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:14 GMT
content-encoding: gzip
via: 1.1 google
vary: Accept-Encoding
content-type: application/javascript
p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1086

GET
H2 200 siteanalyze_6131764.js Show response
siteimproveanalytics.com/js/ 14 KB
6 KB 49ms
30ms Script
application/javascript 2606:4700:e4::ac40:ac0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6131764.js
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:ac0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e3d849ed7939bc46f6f33547c1cd617c1a639fa4d07cc080534218b91fad883

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:14 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 92RXZ0YH8XRN30HG
age: 2433
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5130
x-amz-id-2: sH/soYeZkc3/yL4OZOSVavVB8Vr33VPKyc0zVRxeGysOKsNVr/h8LnFhonz7pXKLMquVImH91Ik=
last-modified: Mon, 16 May 2022 09:44:08 GMT
server: cloudflare
etag: "baee201eb296dd638f591025b9c9b11a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6uEsoRI1O5Tfy97GOAf868xHiCu9Y%2B%2FsxUoAbPJV7pudshvgr%2Fvck7S%2FrjQSVeodnwzACQ1f5kCkD%2BGsSssdYmaQTG76LUQbcxsTBfp4PrU6U%2FePA1OJyJCYpN7jghPkVLfgxsu82ujLDTiNgr5PaKAHXejY3M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 7771a8baff4cbc04-FRA

GET
H2 200 cookieconsent.min.css
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 5 KB
2 KB 32ms
14ms Stylesheet
text/css 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8436
x-jsd-version: 3.1.1
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19145-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"135e-3nthfC1sCV/yhiNebPZMMo2hpL8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bkrvpQsyfvHIvnaw%2FUvjlNlwKV1bYF2QxjGZiyMpIW1B4gH036fMzyy%2Fb4%2F5KJktBqaQfyeAyRTJp5noAgZh8HO0Qb0m71NC8UzzteQ1krgE0Zm8rqeDMLdan45B%2BENt3GzOXJ8yjcVJiC2PjJQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7771a8baf9ac6977-FRA

GET
H2 200 cookieconsent.min.js Show response
cdn.jsdelivr.net/npm/cookieconsent@3/build/ 20 KB
7 KB 34ms
16ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 8397
x-jsd-version: 3.1.1
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19155-FRA, cache-hhn4023-HHN
x-jsd-version-type: version
server: cloudflare
etag: W/"50d5-nLraS9YXyGxjjPLr3exyStWWkHs"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HXlxJJ9BlAiVoHixRLMmlTLgV5T0vT9CfzXNe%2BnXkN0uV8MBYiuc0E3VZZwSEDnPJ6ioIQHaoyXBw51egRuMFBRTDCKsHEN4%2F5PqRAhxWJPSLpQCtww2CUwJJq3UiX7Ck1NDsU947UEHGpV%2FtFY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7771a8baf9b06977-FRA

GET
H/1.1 200
OK analytics.min.js Show response
cdn.bttrack.com/js/15652/analytics/1.0/ 599 B
697 B 86ms
21ms Script
text/javascript 69.16.175.42
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bttrack.com/js/15652/analytics/1.0/analytics.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: hwcdn.net
Software: /
Resource Hash: 4f01f04dbd7b442cd8406e430ad8aba43f2f32cc17fae9aa80d1737ba80f5e3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:14 GMT
Content-Encoding: gzip
X-HW: 1670629994.dop045.lo4.t,1670629994.cds321.lo4.shn,1670629994.dop045.lo4.t,1670629994.cds211.lo4.c
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=51154
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 369

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/RXAACTFK5RCEDMFHKE4ZQ3/ 53 KB
17 KB 129ms
40ms Script
text/javascript 2600:9000:20a5:3a00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/RXAACTFK5RCEDMFHKE4ZQ3/roundtrip.js
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20a5:3a00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 37b05d6c8c039b8fc18a815fee4c0602429b0fd49a3756854726554ce9d93d3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

X-Amz-Version-Id: z4uL0IHJAIKLejmqy2D3gONJ65TFSWhs
Content-Encoding: gzip
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
Date: Fri, 09 Dec 2022 23:53:01 GMT
Age: 1258
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 08 Dec 2022 03:59:54 GMT
Server: AmazonS3
Etag: W/"0e079d0d5fdf7666ef1eae06a5ca9d3a"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: hZt48y8B23UmAXtczqo79EbAzeOgdQVdvyKRtR2gu7IQIAWi3ToL-Q==

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 3 KB
2 KB 136ms
107ms Script
application/javascript 23.3.88.16
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CBKNRFJC77U4K6SR6SN0&lib=ttq
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.88.16 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-3-88-16.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: b83bf1249c810f5e3fbf7d29fa04ab2e660f468180f91ad4342d91f8e08cbfb8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-akamai-request-id: 34cd968d.7a246495
date: Fri, 09 Dec 2022 23:53:14 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-3-88-12.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-parent-response-time: 95,23.3.88.12
server-timing: cdn-cache; desc=MISS, edge; dur=91, origin; dur=6, inner; dur=4
content-length: 1064
pragma: no-cache
server: nginx
x-tt-logid: 2022120923531464DCCB9E52C0BDD6A9C5
x-cache-remote: TCP_MISS from a23-220-104-7.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 6,23.220.104.7
x-tt-trace-host: 013997db90c15a6d2895995b6e0ed9e8a82444869d06df76bcb36eddef053ecd35a1a29581cb8326fe002b28b1b1683537c74d91825af9de30781b057034e881ae2701276618b6913ec381ef8698d6caede57ae04d7d307ad6d22daae16507be12
expires: Fri, 09 Dec 2022 23:53:14 GMT

GET
H2 204 Pixels
px.adentifi.com/ 0
35 B 309ms
98ms Image
text/plain 54.147.255.25
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.adentifi.com/Pixels?a_id=529&gtmcb=7329152
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.147.255.25 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-147-255-25.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:14 GMT

GET
H2 200 DFPAudiencePixel;ord=9140382125439.137;dc_seg=733005471
pubads.g.doubleclick.net/activity;dc_iu=/5349/ 42 B
634 B 66ms
45ms Image
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pubads.g.doubleclick.net/activity;dc_iu=/5349/DFPAudiencePixel;ord=9140382125439.137;dc_seg=733005471?

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1960
bttrack.com/Pixel/Retarget/ 35 B
263 B 310ms
100ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/Pixel/Retarget/1960
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-servername: Track004-iad
pragma: no-cache
date: Fri, 09 Dec 2022 23:52:49 GMT
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
content-type: image/gif
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
cache-control: private,no-cache
content-length: 35
expires: -1

GET
H2 200 impression
b.videoamp.com/d2/5accefe2-3b52-11ec-9653-f74770577853/2534/ 42 B
312 B 352ms
121ms Image
image/gif 34.205.226.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://b.videoamp.com/d2/5accefe2-3b52-11ec-9653-f74770577853/2534/impression?dnt=false&vpxid=2534&bwb=35&cevt=LANDING_PAGE
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.205.226.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-205-226-12.compute-1.amazonaws.com
Software: Beacon Server /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 09 Dec 2022 23:53:15 GMT
access-control-allow-credentials: true
server: Beacon Server
access-control-allow-headers: Content-Type
content-length: 42
content-type: image/gif

GET
H2

200

bootstrap.js Show response
onboard.triptease.io/bootstrap/v6007.65819/
Redirect Chain

https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c
https://onboard.triptease.io/bootstrap/v6007.65819/bootstrap.js

102 KB
32 KB

74ms
53ms

Script
application/javascript

2606:4700:3030::ac43:9d93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/bootstrap/v6007.65819/bootstrap.js

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Server

2606:4700:3030::ac43:9d93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d0541f7385fd9c22e2d87d8b665660d57cf5e7c59979176d055000d4884572b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:14 GMT
strict-transport-security: max-age=15552000
content-encoding: br
cf-cache-status: HIT
x-goog-meta-git-hash: daef1902c9583199e6b180a5aa38c79722e1fcfb
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 37420
x-guploader-uploadid: ADPycdth23pFsHuV7ZacGVYIFOxUutKEhMAX6WnrvrQ5k5leGpuh3c-dBdB-pCWFy11vk2W92ONZWAcngtveJJ_oZ7S7eQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-build-version: 6007.65819
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 09 Dec 2022 13:22:40 GMT
server: cloudflare
etag: W/"322dcf6b9c4174bce6f8a55a495dc45b"
vary: Accept-Encoding
x-goog-generation: 1670592160273116
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=ITieOw==, md5=Mi3Pa5xBdLzm+KVaSV3EWw==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rjvBDmSFJkvXiqLLicedIAIWPUf7n%2FjexUuzdqxrNCaN%2FP4SpzjisNdIc9zyfqrHGd5BtDm%2BJbk%2B76fV6C60r6B1wPu%2Fckn%2Bm816%2B2f9%2FopDO7eQiLDgofuVHCE7cxNzoDi7lWcrPdYs5VVk2IMxnepkfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 104121
cf-ray: 7771a8bc1d8191ff-FRA
expires: Sat, 09 Dec 2023 13:29:10 GMT

Redirect headers

date: Fri, 09 Dec 2022 23:53:14 GMT
via: 1.1 varnish
surrogate-key-debug: paperboy paperboy-KoP8XXWYLW paperboy-js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c
strict-transport-security: max-age=31557600
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache: MISS
backend-url: /paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c
content-length: 63
x-served-by: cache-hhn-etou8220083-HHN
server: cloudflare
x-timer: S1670629995.783061,VS0,VE78
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ESal8c5ibR1%2Ft3k9qA88f55Dq8IAFWZ1kCQJxUdF1sty96qCCaydsUdfgGu5gj6GTnAgQrUvYGkjAjc%2BoSlezAcozPXPSsfrYEeAzLXEPY2g14aWkLD%2FINwsxah7A14O7TBOVTYZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
location: https://onboard.triptease.io/bootstrap/v6007.65819/bootstrap.js
access-control-allow-origin: *
pseudo-device-id: a4a8a5a7b68879445a2a46a09f4b24e24684f5f2b10b4dea15daac687ce68585
cache-control: public, max-age=600
pseudo-session-id: f25e161c58adcc1c4a13b53c71b88515db0c11cbe9a319020bbdd4354c131e28
accept-ranges: bytes
cf-ray: 7771a8bb681190c0-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
x-cache-hits: 0

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/ 276 KB
99 KB 24ms
24ms Script
application/x-javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.101.23 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

56ad0167e39327ff5024fd50208c25fe7ecd6279c3467b6c1a763bc1659c5292

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:14 GMT
strict-transport-security: max-age=300; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: ws
x-cache-status: MISS
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
454 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c02::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-15129230-8&cid=1984631461.1670629995&jid=1468992693&gjid=1052999509&_gid=1085791551.1670629995&_u=YGBAiEABBAAAAEAAI~&z=867543478

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c02::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Dec 2022 23:53:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://authority.cosmopolitanlasvegas.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 7ms
6ms Image
image/gif 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j98&a=1132852714&t=pageview&_s=1&dl=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&ul=en-us&de=UTF-8&dt=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiEABBAAAAAAAI~&jid=1468992693&gjid=1052999509&cid=1984631461.1670629995&tid=UA-15129230-8&_gid=1085791551.1670629995&gtm=2wgbu0TXCSKP&z=1111449022

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 17:43:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 22180
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/985659074/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/985659074/?random=1558048574&cv=11&fst=1670629994680&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&label=sNI-CP2woJEBEMLt_9...
https://www.google.com/pagead/1p-conversion/985659074/?random=1558048574&cv=11&fst=1670629994680&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&label=sNI-CP2woJEBEMLt_9UD&hn=www.googleadser...
https://www.google.de/pagead/1p-conversion/985659074/?random=1558048574&cv=11&fst=1670629994680&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&label=sNI-CP2woJEBEMLt_9UD&hn=www.googleadserv...

42 B
154 B

45ms
23ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/985659074/?random=1558048574&cv=11&fst=1670629994680&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&label=sNI-CP2woJEBEMLt_9UD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&tiba=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&value=0&auid=1496045068.1670629995&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ05iTG5BWVF6b19ueUlMbi03Z3hFaVlBM0dwd1pMdHRIblljamVSNUFucVlDbG92NVQtXzRXVGI2VXVGOHJ0OFJwREMxb2lsOXcaWENoQUlnTmJMbkFZUTZPcWlzWUdFLXQwbkVpNEFOUTN5RUg5WkxmS2NVbDNZbUZLUnB2MWtSdTQzZTJXUFM5dFN5ZTdPOEprUlZyUXotSTRZLS1wWXpoQlY&is_vtc=1&ocp_id=asqTY4uJLMroxwK57pTIDQ&eitems=ChAIgNbLnAYQva3vvpWC65ovEh0AdUs7hhb1PZ3MVd-othCyTrse0Q1auD_AxSl_Vw&random=1907266406&ipr=y&prhg=0

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/985659074/?random=1558048574&cv=11&fst=1670629994680&bg=ffffff&guid=ON&async=1&gtm=2wgbu0&u_w=1600&u_h=1200&label=sNI-CP2woJEBEMLt_9UD&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&tiba=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&value=0&auid=1496045068.1670629995&uaw=0&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&pscrd=Ek5DaEFJZ05iTG5BWVF6b19ueUlMbi03Z3hFaVlBM0dwd1pMdHRIblljamVSNUFucVlDbG92NVQtXzRXVGI2VXVGOHJ0OFJwREMxb2lsOXcaWENoQUlnTmJMbkFZUTZPcWlzWUdFLXQwbkVpNEFOUTN5RUg5WkxmS2NVbDNZbUZLUnB2MWtSdTQzZTJXUFM5dFN5ZTdPOEprUlZyUXotSTRZLS1wWXpoQlY&is_vtc=1&ocp_id=asqTY4uJLMroxwK57pTIDQ&eitems=ChAIgNbLnAYQva3vvpWC65ovEh0AdUs7hhb1PZ3MVd-othCyTrse0Q1auD_AxSl_Vw&random=1907266406&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

src=8133443;dc_pre=CJS_ktvd7fsCFa9GHgIdw0EP6w;type=track0;cat=theco00;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID
adservice.google.com/ddm/fls/z/
Redirect Chain

https://ad.doubleclick.net/ddm/activity/src=8133443;type=track0;cat=theco00;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID
https://ad.doubleclick.net/ddm/activity/src=8133443;dc_pre=CJS_ktvd7fsCFa9GHgIdw0EP6w;type=track0;cat=theco00;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID
https://adservice.google.com/ddm/fls/z/src=8133443;dc_pre=CJS_ktvd7fsCFa9GHgIdw0EP6w;type=track0;cat=theco00;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID

42 B
63 B

58ms
43ms

Image
image/gif

2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/src=8133443;dc_pre=CJS_ktvd7fsCFa9GHgIdw0EP6w;type=track0;cat=theco00;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://adservice.google.com/ddm/fls/z/src=8133443;dc_pre=CJS_ktvd7fsCFa9GHgIdw0EP6w;type=track0;cat=theco00;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1474714&t=1
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1474714%26t%3D1

0
1015 B

14ms
14ms

Image
application/javascript

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1474714%26t%3D1

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:14 GMT
AN-X-Request-Uuid: 647e71ed-4363-4062-bbf2-4823fb1452bb
Server: nginx/1.21.3
Content-Type: application/javascript; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:14 GMT
AN-X-Request-Uuid: 669bd05f-351f-4262-b959-cabb5599a7d8
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1474714%26t%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?add=26344827&t=1
https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D26344827%26t%3D1

0
1015 B

13ms
13ms

Image
application/javascript

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D26344827%26t%3D1

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

HTTP/1.1

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:14 GMT
AN-X-Request-Uuid: 7b9ba409-7663-47b3-9a0d-0793be6e79b4
Server: nginx/1.21.3
Content-Type: application/javascript; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:14 GMT
AN-X-Request-Uuid: f3a2cdde-88be-4b79-a485-ee4c199f6517
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D26344827%26t%3D1
Connection: keep-alive
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

AdX
pixel.sojern.com/idSync/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=zTMHx9Sh_k1d4_WxSsbQdg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJt...
https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg&sjrn_ula=476905866&google_gid=CAESEOZBerYeHqA04idQLRyP1PI&google_cver=1

42 B
282 B

16ms
15ms

Image
image/gif

107.178.244.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg&sjrn_ula=476905866&google_gid=CAESEOZBerYeHqA04idQLRyP1PI&google_cver=1
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Server: 107.178.244.119 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
date: Fri, 09 Dec 2022 23:53:14 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
vary: Accept-Encoding
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg&sjrn_ula=476905866&google_gid=CAESEOZBerYeHqA04idQLRyP1PI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 412
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
fcmatch.youtube.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_hm=zTMHx9Sh_k1d4_WxSsbQdg&google_nid=sojern_adh
https://fcmatch.google.com/pixel?google_gm=AMnCDoo-0l_MZyz6q9fCfxPO6H4qe05iEz-FY816KLl3NvBuBUJkjpIi2KMCAsnlJQ6y68bR_y2bfVe7maustcmaekQj1_y922HkbJBKm9k3wv6ITz2nf8Y
https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo-0l_MZyz6q9fCfxPO6H4qe05iEz-FY816KLl3NvBuBUJkjpIi2KMCAsnlJQ6y68bR_y2bfVe7maustcmaekQj1_y922HkbJBKm9k3wv6ITz2nf8Y

170 B
525 B

74ms
51ms

Image
image/png

2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo-0l_MZyz6q9fCfxPO6H4qe05iEz-FY816KLl3NvBuBUJkjpIi2KMCAsnlJQ6y68bR_y2bfVe7maustcmaekQj1_y922HkbJBKm9k3wv6ITz2nf8Y

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:15 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
server: HTTP server (unknown)
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://fcmatch.youtube.com/pixel?google_gm=AMnCDoo-0l_MZyz6q9fCfxPO6H4qe05iEz-FY816KLl3NvBuBUJkjpIi2KMCAsnlJQ6y68bR_y2bfVe7maustcmaekQj1_y922HkbJBKm9k3wv6ITz2nf8Y
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 360
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

apn
pixel.sojern.com/idsync/
Redirect Chain

https://ib.adnxs.com/getuid?https://pixel.sojern.com/idsync/apn?id=$UID&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg
https://pixel.sojern.com/idsync/apn?id=4272677983417470035&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg

42 B
58 B

27ms
16ms

Image
image/gif

107.178.244.119
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.sojern.com/idsync/apn?id=4272677983417470035&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H3
Server: 107.178.244.119 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 119.244.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
date: Fri, 09 Dec 2022 23:53:15 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
vary: Accept-Encoding
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:14 GMT
AN-X-Request-Uuid: 4045c7de-14df-4acc-b151-ca60c5d79df4
Server: nginx/1.21.3
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Location: https://pixel.sojern.com/idsync/apn?id=4272677983417470035&sjrn_id=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg
Connection: keep-alive
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
265 B 106ms
32ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=ombl9hp&ttd_puid=I3wBdcSPMiX-JX4yLVCK-zS1jDX1tToPt5THlYu2P4WXv7zNnJtRv4BgV4xxHWXg&ttd_tpi=1
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 824887740956797 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 31ms
15ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/824887740956797?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

80138bfba0589f5e4cf0a1c380126105715fea8735202fe5df4327305927680f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Dec 2022 23:53:14 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86080
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: Nc+suwcx2q+8OQUhpA9nzbPmW2ueO8UdPGME0T4+ZahAz9lBHq8NJIFMXWbh4pASMiR3sz0/1q67BiU1KQRl+A==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 35ms
17ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-15129230-8&cid=1984631461.1670629995&jid=1468992693&_u=YGBAiEABBAAAAEAAI~&z=846197374

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 29ms
18ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-15129230-8&cid=1984631461.1670629995&jid=1468992693&_u=YGBAiEABBAAAAEAAI~&z=846197374

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
bttrack.com/engagement/ 10 KB
4 KB 114ms
102ms Script
text/javascript 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/js?goalId=15652&cb=1670629994786
Requested by: Host: cdn.bttrack.com
URL: https://cdn.bttrack.com/js/15652/analytics/1.0/analytics.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 71cef4a50ef3f57ad280e784cbfcc0967e87975383dbc80bf01a168c2ff216d2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-servername: Track002-iad
pragma: no-cache
date: Fri, 09 Dec 2022 23:52:49 GMT
content-encoding: gzip
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
content-type: text/javascript; charset=utf-8
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
cache-control: private,no-cache
expires: -1

GET
H2 200 image.aspx
6131764.global.siteimproveanalytics.io/ 34 B
469 B 36ms
6ms Image
image/gif 18.185.197.230
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6131764.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&title=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&res=1600x1200&accountid=6131764&rt=2312&prev=a890815a-6e90-94a1-6a6f-3b930c69c6eb&luid=60493ef2-afbb-c391-5158-3bffe7271894&rnd=61051
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.197.230 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-197-230.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
date: Fri, 09 Dec 2022 23:53:14 GMT
cache-control: max-age=0
content-length: 34
expires: Fri, 09 Dec 2022 23:53:14 UTC

GET
H3 200 398598353829808 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 15ms
15ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/398598353829808?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4b8e932f6edc091277b09ebae632ee9b1bac5b54ab8b359a9b7de2dd9aa95748

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Dec 2022 23:53:14 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86005
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: XxRudFe/iK+vzh6fT29Zk9nk4iJXlgauaFE/Oh8jMiguoHeP/PoeTyXEbXmoWFm4nS+qlpck/SGUFJx8pnYcIw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 43ms
13ms Image
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=824887740956797&ev=PageView&dl=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&rl=&if=false&ts=1670629994833&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670629994831.540857418&it=1670629994760&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Dec 2022 23:53:14 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FR... Show response
adservice.google.com/ddm/fls/i/ Frame F1B7 598 B
810 B 66ms
44ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Requested by

Host: 5258867.fls.doubleclick.net
URL: https://5258867.fls.doubleclick.net/activityi;dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

119d4155d7fb2265439dc2304366662bb3e43dcd7409d8eceac58215bf452ae8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5258867.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 342
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:53:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
accdn.lpsnmedia.net/api/account/88246722/configuration/setting/accountproperties/ 6 KB
3 KB 102ms
23ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/88246722/configuration/setting/accountproperties/?cb=accountSettingsCB

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

de20f5b1f85c69c76abc5482ce8994a407dd94b4e6e3b0dfa4859b4ceda78520

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
strict-transport-security: max-age=99999999999; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Fri, 09 Dec 2022 23:54:15 GMT

GET
H2 200 ui-framework.js Show response
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 40 KB
15 KB 649ms
160ms Script
application/javascript 162.252.76.20
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.252.76.20 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 31 Oct 2022 21:42:14 GMT
server: ws
x-cache-status: HIT
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sat, 09 Dec 2023 23:53:15 GMT

GET
H2 200 UMSClientAPI.min.js Show response
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 88 KB
30 KB 800ms
317ms Script
application/javascript 162.252.76.20
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.252.76.20 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

57554877947a356911e17034359412ea444c15f58884c0100062788dd3660bb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 31 Oct 2022 21:42:12 GMT
server: ws
x-cache-status: HIT
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sat, 09 Dec 2023 23:53:15 GMT

GET
H2 200 lpChatV3.min.js Show response
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 92 KB
31 KB 773ms
311ms Script
application/javascript 162.252.76.20
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.252.76.20 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 31 Oct 2022 21:42:13 GMT
server: ws
x-cache-status: HIT
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sat, 09 Dec 2023 23:53:15 GMT

GET
H2 200 surveylogicinstance.min.js Show response
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 8 KB
3 KB 762ms
314ms Script
application/javascript 162.252.76.20
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.252.76.20 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 31 Oct 2022 21:42:14 GMT
server: ws
x-cache-status: HIT
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sat, 09 Dec 2023 23:53:15 GMT

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/88246722/configuration/le-campaigns/ 2 KB
2 KB 46ms
40ms Script
application/javascript 178.249.97.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://accdn.lpsnmedia.net/api/account/88246722/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

lo-accdn.lpsnmedia.net

Software

ws /

Resource Hash

73554174a7a1f1e6d2276ece0d30acf848eb28a872939732fe5cb45363766d64

Security Headers

Name	Value
Strict-Transport-Security	max-age=99999999999; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
strict-transport-security: max-age=99999999999; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
vary: Accept
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
x-envoy-upstream-service-time: 2
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Fri, 09 Dec 2022 23:54:15 GMT

GET
H2 200 main.MTRjZDliOGFlMA.js Show response
analytics.tiktok.com/i18n/pixel/static/ 211 KB
62 KB 11ms
11ms Script
application/javascript 23.3.88.16
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTRjZDliOGFlMA.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CBKNRFJC77U4K6SR6SN0&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.88.16 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-3-88-16.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 26ffdc4c21800007afa59f4958232ceb5b7ee1c74daf7f283117a13387346b74

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-akamai-request-id: 7a246519
date: Fri, 09 Dec 2022 23:53:14 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20221201150856860CF34FF1651BADCEA4
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-3-88-12.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01eff03000b136c4a21bbba0f7bb7157792690bb22e2809a49748d2825bb1fbf7b105f7010676cffb48b5acab4f4b94b45de870ea88386d75c2a72863ed60500eaf8903b7f31336223f023e31fdebc88fe
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
content-length: 62332

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/RXAACTFK5RCEDMFHKE4ZQ3/index.js
https://s.adroll.com/j/exp/index.js

28 B
785 B

41ms
40ms

Script
application/javascript

2600:9000:20a5:3a00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: HTTP/1.1
Server: 2600:9000:20a5:3a00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

X-Amz-Version-Id: 3TnMO1iw0qw17MhnYw4sprJhuU7ahGp7
Date: Fri, 09 Dec 2022 14:45:10 GMT
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
Age: 82274
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Fri, 14 Oct 2022 18:57:24 GMT
Server: AmazonS3
Etag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Max-Age: 600
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Qi7L8wq1EbxxdyUR2HeI2UOPVKK1iAZE4sZudjhc8BZNHzE8_UXFRA==

Redirect headers

Date: Fri, 09 Dec 2022 08:16:41 GMT
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
Age: 56194
X-Amz-Cf-Pop: OSL50-C1
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: UdNbwrB2-wwfmXo-3a41Zal7ZWdMY_Cymi3gmiktb6PJrTCCY5-9XQ==

GET
H2 200 dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccou... Show response
adservice.google.com/ddm/fls/i/ Frame 5A68 604 B
419 B 45ms
44ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Requested by

Host: 5258867.fls.doubleclick.net
URL: https://5258867.fls.doubleclick.net/activityi;dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95d9ba8df5840f58812d48d41266716e70dfc83d530592c8e54cdc3b495801a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5258867.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 349
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:53:14 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 722264932049379 Show response
connect.facebook.net/signals/config/ 293 KB
84 KB 15ms
14ms Script
application/x-javascript 2a03:2880:f080:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/722264932049379?v=2.9.89&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f080:9:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

95538a3c7f311cde2254abff8fa18c042290111b9928c0861b051f1f0fff7210

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Dec 2022 23:53:14 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86033
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: DNZEtTMbR8+sX2hv2kHtbKXXbJ4VM1d0ZmVhb8slg1pDi2NIjBSnrcKLAwWopoEKxqiv3oTvzeVY4CwjRaausg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 16ms
13ms Image
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=398598353829808&ev=PageView&dl=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&rl=&if=false&ts=1670629994883&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670629994831.540857418&it=1670629994760&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Dec 2022 23:53:15 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H2 200 identify_87671.js Show response
analytics.tiktok.com/i18n/pixel/static/ 114 KB
31 KB 10ms
10ms Script
application/javascript 23.3.88.16
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_87671.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTRjZDliOGFlMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.88.16 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-3-88-16.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6efa775a864aba5b3b1bc9ce6335a617693c712d3a65633cbe6751fa1d291a9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-akamai-request-id: 7a246549
date: Fri, 09 Dec 2022 23:53:14 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202210251323519D95531E1B4A326B7892
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-3-88-12.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01c27780f7e726c0c39f2fd37446749ccf316dd690a335b2c4184efda6227fd1db4844050c7751319780d53379c9730eadfb72f0480ff5be0060962d310b4872e170fbf364109fc81b83688444adeca306
server-timing: cdn-cache; desc=HIT, edge; dur=0, inner; dur=2
content-length: 30945

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
689 B 120ms
120ms Ping
application/octet-stream 23.3.88.16
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTRjZDliOGFlMA.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.88.16 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-3-88-16.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 61a6e8bc.7a246599
date: Fri, 09 Dec 2022 23:53:15 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-cache: TCP_MISS from a23-3-88-12.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-parent-response-time: 106,23.3.88.12
server-timing: cdn-cache; desc=MISS, edge; dur=92, origin; dur=19, inner; dur=16
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20221209235315E71628DD71B08DD49E1E
x-cache-remote: TCP_MISS from a23-220-104-19.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 19,23.220.104.19
x-tt-trace-host: 013997db90c15a6d2895995b6e0ed9e8a82444869d06df76bcb36eddef053ecd35acc37b169bf1bcbf367349a5ef2e5617795096c6304c267bb434f9a83431f37bf125b3c5e9e2f0d92ec7eb26db596477249a37bfecc94c9a4df15498d53d5ab7
expires: Fri, 09 Dec 2022 23:53:15 GMT

GET
H2 200 RXAACTFK5RCEDMFHKE4ZQ3 Show response
d.adroll.com/consent/check/ 463 B
556 B 91ms
30ms Script
application/javascript 2a05:d018:cc3:fe04:f373:8994:d3a2:58c
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/RXAACTFK5RCEDMFHKE4ZQ3?pv=49060263967.83738&arrfrr=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&_s=e15882ed12b9f314ea1c18bb6aa5081b&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/RXAACTFK5RCEDMFHKE4ZQ3/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:f373:8994:d3a2:58c Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.0 /
Resource Hash: d5f5d990e654d6079fa7ed17323e9f896daf8ddf44b72d5b5f3ebd9368125017

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
server: nginx/1.22.0
content-length: 463
content-type: application/javascript

GET
H2 200 dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FR... Show response
adservice.google.de/ddm/fls/i/ Frame 70BA 194 B
776 B 67ms
44ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COvsjNvd7fsCFUBIHgIdIUsPDA;src=5258867;type=tcolvge0;cat=endtt0;ord=6682126539916;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:53:15 GMT
expires: Fri, 09 Dec 2022 23:53:15 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccou... Show response
5258867.fls.doubleclick.net/ddm/fls/r/ Frame E57F
Redirect Chain

https://adservice.google.de/ddm/fls/i/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauth...
https://5258867.fls.doubleclick.net/ddm/fls/r/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2...

2 KB
795 B

45ms
45ms

Document
text/html

142.250.185.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5258867.fls.doubleclick.net/ddm/fls/r/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f6.1e100.net

Software

cafe /

Resource Hash

d210fc924192750921a3a178c7d4e090f32a5d13b648c2bf059e7285d68d2857

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: br
content-length: 772
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:53:15 GMT
expires: Fri, 09 Dec 2022 23:53:15 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 23:53:15 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://5258867.fls.doubleclick.net/ddm/fls/r/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 30ms
14ms Image
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=722264932049379&ev=PageView&dl=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&rl=&if=false&ts=1670629995033&sw=1600&sh=1200&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1670629994831.540857418&it=1670629994760&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=1&rqm=GET

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Dec 2022 23:53:15 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 30ms
14ms Image
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=722264932049379&ev=Tracking&dl=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&rl=&if=false&ts=1670629995033&cd[content_type]=hotel&sw=1600&sh=1200&v=2.9.89&r=stable&ec=1&o=30&fbp=fb.1.1670629994831.540857418&it=1670629994760&coo=false&dpo=LDU&dpoco=0&dpost=0&tm=2&rqm=GET

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Dec 2022 23:53:15 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 kernel-host.html Show response
onboard.triptease.io/kernel/v6007.65819/ Frame AA59 56 KB
19 KB 41ms
29ms Document
text/html 2606:4700:3030::ac43:9d93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/kernel/v6007.65819/kernel-host.html?originHost=authority.cosmopolitanlasvegas.com

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:9d93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c376aad686d4901e7d152495b7a1dc91f3f558e2bc028c1f1224edec99c6edc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-expose-headers: Content-Type
age: 35382
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=31536000
cf-cache-status: HIT
cf-ray: 7771a8bd2fca68f7-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 09 Dec 2022 23:53:15 GMT
expires: Sat, 09 Dec 2023 14:03:33 GMT
last-modified: Fri, 09 Dec 2022 13:22:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGgJOyvPKn%2ByPKr%2FJBXh1ACSBFYV%2BeHFizFT4Dt4tIKwk6ICqTKEV87Apk4tlqQvoOKIdYFsCWLXW6bUdwlxxUj8%2BalJmVYr9Xlm0mZlcmLY9RpMfEqtJiCJ34OBc9UVD9V4Htbk3RO6JtWFKQd89k%2Fz3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000
vary: Accept-Encoding
x-goog-generation: 1670592159952127
x-goog-hash: crc32c=MxwP4w== md5=7TOFLfvaYsevoGpBhWjsbg==
x-goog-meta-build-version: 6007.65819
x-goog-meta-git-hash: daef1902c9583199e6b180a5aa38c79722e1fcfb
x-goog-metageneration: 2
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 57568
x-guploader-uploadid: ADPycdtD-UoOBCXe9fWIhB3sHtpZq8HPux1M0T8p7Rp9aMuRGR07eX5i419w3Y5PXCq6B_7xMtYof5G_dXIOxVRLZ_IyIz6iIp9j

GET
H2 200 event Show response
bttrack.com/engagement/ 0
34 B 286ms
101ms XHR
text/plain 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2215652%22%2C%22sessionId%22%3A%22f11baf39-8a25-455a-9a25-5245c692960f%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=15652&cb=1670629994786
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-servername: Track004-iad
pragma: no-cache
date: Fri, 09 Dec 2022 23:52:50 GMT
content-encoding: gzip
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
content-type: text/plain
access-control-allow-origin: *
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
cache-control: private,no-cache
content-length: 0
expires: -1

GET
H2 200 getpixels Show response
bttrack.com/engagement/ 0
226 B 284ms
99ms XHR
text/html 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/getpixels?gid=15652
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=15652&cb=1670629994786
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-servername: Track004-iad
pragma: no-cache
date: Fri, 09 Dec 2022 23:52:50 GMT
content-encoding: gzip
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
content-type: text/html
access-control-allow-origin: *
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
cache-control: private,no-cache
content-length: 0
expires: -1

GET
H2 200 storage.secure.min.html Show response
lpcdn-a.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/ Frame 9D32 39 KB
16 KB 562ms
156ms Document
text/html 162.252.76.20
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn-a.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com&site=88246722&env=prod

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.252.76.20 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-allow-methods: GET, POST, PATCH
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
content-encoding: gzip
content-type: text/html
date: Fri, 09 Dec 2022 23:53:15 GMT
expires: Sat, 09 Dec 2023 23:53:15 GMT
last-modified: Mon, 31 Oct 2022 21:44:06 GMT
server: ws
strict-transport-security: max-age=31536000; includeSubDomains
vary: Origin
x-cache-status: HIT
x-content-type-options: nosniff

GET
H3 200 kernel.js
onboard.triptease.io/kernel/v6007.65819/ Frame AA59 62 KB
20 KB 40ms
40ms Other
application/javascript 2606:4700:3030::ac43:9d93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/kernel/v6007.65819/kernel.js?

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:9d93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af2537c0c0067f5bd234d2d9b9d829b4078088b0786f7fc9e2904b7907a27c07

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://onboard.triptease.io/kernel/v6007.65819/kernel-host.html?originHost=authority.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
strict-transport-security: max-age=15552000
content-encoding: br
cf-cache-status: HIT
x-goog-meta-git-hash: daef1902c9583199e6b180a5aa38c79722e1fcfb
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 37444
x-guploader-uploadid: ADPycdvk3Px08Uffg1rqWcZ-isDt2NPWL6DMHxs-dDJJxUrWh2Q7fGAQiXQ4E0TcF5SKYvxV48h40pLukiBzs4iceqZ-BUTwF2MY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-build-version: 6007.65819
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 09 Dec 2022 13:22:40 GMT
server: cloudflare
etag: W/"3ad6c17df9d47bffd7bfcfca2e49f4e7"
vary: Accept-Encoding
x-goog-generation: 1670592159941968
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=iDUGzg==, md5=OtbBffnUe//Xv8/KLkn05w==
access-control-expose-headers: Content-Type
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wSDC7e%2FGkFcgXoLragj0CjKklsmY6OF7pxb7XU6SVqKqaAqsjwXVJvvspg0E0CA0o3rOxrav2nRyEymPoYfVIvxGWrFMzOtLswWs6x2m0LATDoHb4hCUrE4OdPdEyPQm9UDe%2FivF1F03T4ZkHQC%2Bu9qxQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 63328
cf-ray: 7771a8bd783168f7-FRA
expires: Sat, 09 Dec 2023 13:29:11 GMT

GET
H2 200 c
cs.yieldoptimizer.com/cs/ Frame E57F 43 B
781 B 38ms
15ms Image
image/gif 35.186.212.60
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.yieldoptimizer.com/cs/c?a=3000&cpid=3586&
Requested by: Host: 5258867.fls.doubleclick.net
URL: https://5258867.fls.doubleclick.net/ddm/fls/r/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.212.60 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 60.212.186.35.bc.googleusercontent.com
Software: Apache-Coyote/1.1 /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:14 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NON DSP COR TAIo PSAo PSDo HISo OUR BUS UNI INT DEM OTC"
content-type: image/gif
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 redir.php
112.xg4ken.com/media/ Frame E57F 44 B
241 B 119ms
29ms Image
image/gif 52.50.26.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://112.xg4ken.com/media/redir.php?track=1&token=d9b93881-47b5-4e55-aab8-2704bbb4339c&type=pageview&val=0.0&orderId=&promoCode=&valueCurrency=USD&GCID=&kw=&product=
Requested by: Host: 5258867.fls.doubleclick.net
URL: https://5258867.fls.doubleclick.net/ddm/fls/r/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.50.26.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-50-26-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif
date: Fri, 09 Dec 2022 23:53:15 GMT
cache-control: no-cache, no-transform
x-debug-kenshoo-server: ip-10-174-92-125
content-length: 44
p3p: policyref="http://www.xg4ken.com/w3c/p3p.xml", CP="ADMa DEVa OUR IND DSP NON LAW"

GET
H3 200 conversion.js Show response
www.googleadservices.com/pagead/ Frame E57F 45 KB
16 KB 77ms
62ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: 5258867.fls.doubleclick.net
URL: https://5258867.fls.doubleclick.net/ddm/fls/r/dc_pre=COXsjNvd7fsCFQKXGQodoZ4M7g;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=496250804733;gtm=2wgbu0;auiddc=1496045068.1670629995;~oref=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

ebcd43274f956ef6d5c0f690695cc56c35a3a77180c9d1b80791febe4e27f601

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16823
x-xss-protection: 0
server: cafe
etag: 6351308751113588399
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 09 Dec 2022 23:53:15 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ Frame E57F 38 KB
12 KB 49ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 09 Dec 2022 23:53:14 GMT
last-modified: Mon, 05 Dec 2022 17:15:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8A20AAC2CEF6440CBBA6E3CD70E192BB Ref B: FRAEDGE1511 Ref C: 2022-12-09T23:53:15Z
etag: "027e538cd8d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 11460

GET
H2 200 5151589.js Show response
bat.bing.com/p/action/ Frame E57F 3 KB
2 KB 33ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/5151589.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

483978dff3e42975a8ec56854bf633f2f8f4fdf3decdc4068744a1d174ffd349

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 09 Dec 2022 23:53:14 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2196DFEB99AA4F66AF8A0ED06F322724 Ref B: FRAEDGE1511 Ref C: 2022-12-09T23:53:15Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
content-length: 1443

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/1010940168/ Frame E57F 2 KB
1 KB 24ms
23ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1010940168/?random=1670629995223&cv=9&fst=1670629995223&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXsjNvd7fsCFQKXGQodoZ4M7g%3Bsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D496250804733%3Bgtm%3D2wgbu0%3Bauiddc%3D1496045068.1670629995%3B~oref%3Dhttps%253A%252F%252Fauthority.cosmopolitanlasvegas.com%252FAccount%252FRegisterExisting%253Futm_source%253DCRM%2526utm_medium%253Demail%2526utm_campaign%253DLET_IT_GLOW_R4&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

b0bb31cbd2ec1fba32fea2c09b0ba2649e1f5b53d520e1d314b998a1ff7a465e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1258
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ Frame E57F 0
174 B 30ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=5151589&Ver=2&mid=e16f09d6-f0a0-4026-b5fc-9dfac77e904f&sid=a5adc500781c11ed9c4ea3acb90d3f30&vid=a5adcdf0781c11eda7512fef9c7671b5&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=&lt=206&evt=pageLoad&ifm=1&sv=1&rn=452840

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 09 Dec 2022 23:53:15 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4003D2580F2A4D9189B53F3242601756 Ref B: FRAEDGE1511 Ref C: 2022-12-09T23:53:15Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5151589 Show response
www.clarity.ms/tag/uet/ Frame E57F 1 KB
2 KB 117ms
97ms Script
application/x-javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/5151589
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/5151589.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 81b76f8016365c2e50aa510d35267c0860174054e028a393e2486f8f8f8416d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: application/x-javascript
date: Fri, 09 Dec 2022 23:53:15 GMT
cache-control: no-cache, no-store
expires: -1
x-azure-ref: 0a8qTYwAAAAABG26ybUZ9S5Kpa+JyYe/JRlJBMzFFREdFMDMxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H3

200

/
www.google.de/pagead/1p-conversion/1010940168/ Frame E57F
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1010940168/?random=1968893130&cv=9&fst=1670629995223&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&e...
https://www.google.com/pagead/1p-conversion/1010940168/?random=1968893130&cv=9&fst=1670629995223&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200...
https://www.google.de/pagead/1p-conversion/1010940168/?random=1968893130&cv=9&fst=1670629995223&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&...

42 B
64 B

52ms
26ms

Image
image/gif

2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1010940168/?random=1968893130&cv=9&fst=1670629995223&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXsjNvd7fsCFQKXGQodoZ4M7g%3Bsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D496250804733%3Bgtm%3D2wgbu0%3Bauiddc%3D1496045068.1670629995%3B~oref%3Dhttps%253A%252F%252Fauthority.cosmopolitanlasvegas.com%252FAccount%252FRegisterExisting%253Futm_source%253DCRM%2526utm_medium%253Demail%2526utm_campaign%253DLET_IT_GLOW_R4&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=a8qTY5uiDou5xgLWvrBA&cid=CAQSKQDq26N97-I-W0j2gvQbpZAplCpHnwxufvbtmmNAxGsslwd56HE_8wgtIBM&random=2523565286&resp=GooglemKTybQhCsO&ipr=y&prhg=0

Requested by

Protocol

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/1010940168/?random=1968893130&cv=9&fst=1670629995223&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fdc_pre%3DCOXsjNvd7fsCFQKXGQodoZ4M7g%3Bsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D496250804733%3Bgtm%3D2wgbu0%3Bauiddc%3D1496045068.1670629995%3B~oref%3Dhttps%253A%252F%252Fauthority.cosmopolitanlasvegas.com%252FAccount%252FRegisterExisting%253Futm_source%253DCRM%2526utm_medium%253Demail%2526utm_campaign%253DLET_IT_GLOW_R4&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=a8qTY5uiDou5xgLWvrBA&cid=CAQSKQDq26N97-I-W0j2gvQbpZAplCpHnwxufvbtmmNAxGsslwd56HE_8wgtIBM&random=2523565286&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/eus-c/s/0.6.43/ Frame E57F 54 KB
18 KB 11ms
10ms Script
application/javascript 2620:1ec:4f:1::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/eus-c/s/0.6.43/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/5151589
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:4f:1::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
content-encoding: br
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0ykmTYwAAAAB1pn4xFNOITJSpw6VOH1x1RlJBMjMxMDUwNDE4MDE5ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
etag: "1d90b0402dd6f4c"
x-azure-ref: 0a8qTYwAAAAB3h48WaG81TrTQNGQ1ed/dRlJBMzFFREdFMDMxMQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: TCP_HIT
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

GET
H2

200

c.gif
c.clarity.ms/ Frame E57F
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=3D33B10DF9084E41AA98DEA28E2EC080&RedC=c.clarity.ms&MXFR=143DE799AC396BE41383F5ECA8396587
https://c.clarity.ms/c.gif?CtsSyncId=3D33B10DF9084E41AA98DEA28E2EC080&MUID=2859FBB7D4156CC3285EE9C2D57E6D85

42 B
369 B

28ms
28ms

Image
image/gif

20.234.93.27
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=3D33B10DF9084E41AA98DEA28E2EC080&MUID=2859FBB7D4156CC3285EE9C2D57E6D85
Requested by: Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4
Protocol: H2
Server: 20.234.93.27 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5258867.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:15 GMT
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
server: Microsoft-IIS/10.0
etag: "40db785d3fdfd81:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:15 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1D2286BC582D436A9CA38816DE24C122 Ref B: FRAEDGE1511 Ref C: 2022-12-09T23:53:15Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=3D33B10DF9084E41AA98DEA28E2EC080&MUID=2859FBB7D4156CC3285EE9C2D57E6D85
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H2 204 collect Show response
h.clarity.ms/ Frame E57F 0
173 B 812ms
334ms XHR
text/plain 52.224.31.34
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://h.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/eus-c/s/0.6.43/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.224.31.34 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://5258867.fls.doubleclick.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: https://5258867.fls.doubleclick.net
date: Fri, 09 Dec 2022 23:53:15 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
vary: Origin
request-context: appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8

GET
H2 200 desktopEmbedded.js Show response
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ 961 KB
300 KB 267ms
266ms Script
application/javascript 162.252.76.20
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.252.76.20 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

6622b5e1a9d93d6b5a2f4eb7a0556f802fb002e5efde0d0f4e3781a94776e331

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 31 Oct 2022 21:42:12 GMT
server: ws
x-cache-status: HIT
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sat, 09 Dec 2023 23:53:15 GMT

GET
H2 200 storage.secure.min.js Show response
lpcdn-a.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/ 37 KB
15 KB 1166ms
1166ms Script
application/javascript 162.252.76.20
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lpcdn-a.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.js?loc=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com&site=88246722&force=1&env=prod

Requested by

Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

162.252.76.20 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

a2721298ae526f997c556afcd0a7f768abfd6ad9b0ce4ec449d5b27b86929f04

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
last-modified: Mon, 31 Oct 2022 21:44:05 GMT
server: ws
x-cache-status: HIT
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
cache-control: max-age=31536000
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
expires: Sat, 09 Dec 2023 23:53:15 GMT

GET
H2 200 88246722 Show response
va.v.liveperson.net/api/js/ 247 B
1 KB 470ms
179ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/88246722?&cb=lpCb31364x36784&t=sp&ts=1670629994859&pid=3390937921&tid=6718894288&pt=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&u=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 6d9d1c5aaa88ce25123bea2c437894589afdbd86317e5f0f81822ef6034a3c7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:16 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 88246722 Show response
va.v.liveperson.net/api/js/ 111 B
854 B 92ms
92ms Script
application/javascript 208.89.12.87
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://va.v.liveperson.net/api/js/88246722?sid=gQwORzOlSPamQLV8Y0Nipg&cb=lpCb68724x29005&t=pl&ts=1670629995699&pid=3390937921&tid=6718894288&vid=VhMGY3M2M0ZWRlNzQwNzRl
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&b=undefined
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS: va.v.liveperson.net
Software: ws /
Resource Hash: 02b1a2288fa97ab2da8eee21036673daa75e4bf4befdd57a7fc0067ff82026f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:16 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 14ms
13ms Image
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=824887740956797&ev=Microdata&dl=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&rl=&if=false&ts=1670629996339&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Create%20your%20online%20account%20-%20Cosmopolitan.OAuth%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.89&r=stable&ec=1&o=30&fbp=fb.1.1670629994831.540857418&it=1670629994760&coo=false&dpo=LDU&dpoco=0&dpost=0&es=automatic&tm=3&rqm=GET

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Dec 2022 23:53:16 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 13ms
13ms Image
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=398598353829808&ev=Microdata&dl=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&rl=&if=false&ts=1670629996385&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Create%20your%20online%20account%20-%20Cosmopolitan.OAuth%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.89&r=stable&ec=1&o=30&fbp=fb.1.1670629994831.540857418&it=1670629994760&coo=false&dpo=LDU&dpoco=0&dpost=0&es=automatic&tm=3&rqm=GET

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Dec 2022 23:53:16 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 /
www.facebook.com/tr/ 0
15 B 14ms
14ms Image
text/plain 2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=722264932049379&ev=Microdata&dl=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&rl=&if=false&ts=1670629996535&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Create%20your%20online%20account%20-%20Cosmopolitan.OAuth%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.89&r=stable&ec=2&o=30&fbp=fb.1.1670629994831.540857418&it=1670629994760&coo=false&dpo=LDU&dpoco=0&dpost=0&es=automatic&tm=3&rqm=GET

Requested by

Host: authority.cosmopolitanlasvegas.com
URL: https://authority.cosmopolitanlasvegas.com/Account/RegisterExisting?utm_source=CRM&utm_medium=email&utm_campaign=LET_IT_GLOW_R4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Dec 2022 23:53:16 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H/1.1 200
OK vt-226.js Show response
vt.myvisualiq.net/2/RCs7mM0Lvog02Tyt9Qd4Uw%3D%3D/ 16 KB
5 KB 106ms
54ms Script
application/x-javascript 18.66.2.30
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vt.myvisualiq.net/2/RCs7mM0Lvog02Tyt9Qd4Uw%3D%3D/vt-226.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.2.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-2-30.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d1b7a617951177d643abbae142ec04a01f273d9ce1434123035cb44c54fd60db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-amz-version-id: PlbwUm5RtzTUQ3DBcA7nk5S6rBO1Vslg
Content-Encoding: gzip
Via: 1.1 a7a57ed5dae93341c1cc3784ae7d9628.cloudfront.net (CloudFront)
Date: Fri, 09 Dec 2022 13:43:53 GMT
x-amz-request-id: KFCKHMFEW2WYZ0TE
X-Amz-Cf-Pop: TXL50-P1
x-amz-server-side-encryption: AES256
Age: 36563
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
Connection: keep-alive
x-amz-id-2: aYALrdByUHo4LQPzlOoepR7ooF9zZ2fafC9HVTlP/P1Ye75jVs1+vqV6JI3joV5hIdxFtMq47jc=
Last-Modified: Mon, 31 Oct 2022 13:02:38 GMT
Server: AmazonS3
ETag: W/"97605ac6dfb9708f58351f703c3b1d8f"
Vary: Accept-Encoding
Content-Type: application/x-javascript
access-control-allow-origin: *
X-Amz-Cf-Id: vGy_Po85N8lzsLZKSl-L1ioNceu5yWG31E8S96J6hYt0PPkX7rbCJg==

GET
H/1.1

200
OK

activity_pixel Show response
t.myvisualiq.net/ul_cb/
Redirect Chain

https://t.myvisualiq.net/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1984631461.1670629995
https://t.myvisualiq.net/ul_cb/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1984631461.1670629995

0
550 B

165ms
99ms

Script
text/javascript

54.227.133.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://t.myvisualiq.net/ul_cb/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1984631461.1670629995
Protocol: HTTP/1.1
Server: 54.227.133.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-133-78.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Fri, 09 Dec 2022 23:53:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 0
Content-Type: text/javascript; charset=UTF-8

Redirect headers

Location: https://t.myvisualiq.net/ul_cb/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1984631461.1670629995
Date: Fri, 09 Dec 2022 23:53:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

sync
t.myvisualiq.net/
Redirect Chain

https://tapestry.tapad.com/tapestry/1?ta_partner_id=950&ta_redirect=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3D1001%26ao%3D0%26pruuid%3DTAPAD_%24%7BIDS%3Akey%7D
https://t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_1aafcdbe-17a7-4779-a349-f5bb7632b0ab

43 B
296 B

396ms
107ms

Image
image/gif

54.227.133.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_1aafcdbe-17a7-4779-a349-f5bb7632b0ab
Protocol: HTTP/1.1
Server: 54.227.133.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-133-78.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Fri, 09 Dec 2022 23:53:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

location: https://t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_1aafcdbe-17a7-4779-a349-f5bb7632b0ab
date: Fri, 09 Dec 2022 23:53:17 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2

451

420356.gif
idsync.rlcdn.com/
Redirect Chain

https://t.myvisualiq.net/sync?prid=1002&ao=0&red=https://idsync.rlcdn.com/420356.gif?partner_uid=${UUID}
https://t.myvisualiq.net/ul_cb/sync?prid=1002&ao=0&red=https://idsync.rlcdn.com/420356.gif?partner_uid=${UUID}
https://idsync.rlcdn.com/420356.gif?partner_uid=17623021-8737-45d9-9861-d324805d53d7

0
98 B

49ms
15ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/420356.gif?partner_uid=17623021-8737-45d9-9861-d324805d53d7
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:17 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

access-control-allow-origin: *
Location: https://idsync.rlcdn.com/420356.gif?partner_uid=17623021-8737-45d9-9861-d324805d53d7
Date: Fri, 09 Dec 2022 23:53:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 0

GET
H2

200

21398
tags.bluekai.com/site/
Redirect Chain

https://t.myvisualiq.net/sync?prid=BUKIPNR1&red=https://tags.bluekai.com/site/21398?id=$%7BUUID%7D
https://tags.bluekai.com/site/21398?id=0-379701a3-7ba0-4c05-aa7e-661b6a7a7f8b

62 B
227 B

219ms
184ms

Image
image/gif

104.76.200.221
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/21398?id=0-379701a3-7ba0-4c05-aa7e-661b6a7a7f8b
Protocol: H2
Server: 104.76.200.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-76-200-221.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Fri, 09 Dec 2022 23:53:17 GMT
content-length: 62
content-type: image/gif

Redirect headers

access-control-allow-origin: *
Location: https://tags.bluekai.com/site/21398?id=0-379701a3-7ba0-4c05-aa7e-661b6a7a7f8b
Date: Fri, 09 Dec 2022 23:53:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

sync
t.myvisualiq.net/
Redirect Chain

https://t.myvisualiq.net/sync?prid=AOEPNR1&ao=0&red=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D125310%26dpuuid%3D%24%7BUUID%7D%26redir%3Dhttps%253A%252F%252Ft.myvisualiq.net%252Fsync%253Fprid%253D...
https://dpm.demdex.net/ibs:dpid=125310&dpuuid=0-e544e755-610f-414d-b2af-f13cd0b1e76a&redir=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3DAOEPNR1%26ao%3D0%26pruuid%3D%24%7BDD_UUID%7D
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=125310&dpuuid=0-e544e755-610f-414d-b2af-f13cd0b1e76a&redir=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3DAOEPNR1%26ao%3D0%26pruuid%3D%24%7BDD_...
https://t.myvisualiq.net/sync?prid=AOEPNR1&ao=0&pruuid=29162296805374227231820908910038130372

43 B
296 B

99ms
98ms

Image
image/gif

54.227.133.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.myvisualiq.net/sync?prid=AOEPNR1&ao=0&pruuid=29162296805374227231820908910038130372
Protocol: HTTP/1.1
Server: 54.227.133.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-133-78.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Fri, 09 Dec 2022 23:53:18 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

DCS: dcs-prod-irl1-2-v045-0e1f48b6d.edge-irl1.demdex.com 3 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: FxPJHxXATBc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://t.myvisualiq.net/sync?prid=AOEPNR1&ao=0&pruuid=29162296805374227231820908910038130372
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3

200

tr
www.facebook.com/
Redirect Chain

https://t.myvisualiq.net/sync?prid=123&ao=0&red=https%3A%2F%2Fwww.facebook.com%2Ftr%3Fid%3D1626311104111572%26ev%3DPageView%26cd%5Border_id%5D%3D%24%7BUUID%7D%26dpo%3DLDU%26dpoco%3D0%26dpost%3D0
https://www.facebook.com/tr?id=1626311104111572&ev=PageView&cd[order_id]=0-968cf141-a404-49b9-8943-86e26ae58ac5&dpo=LDU&dpoco=0&dpost=0

0
15 B

13ms
13ms

Image
text/plain

2a03:2880:f145:82:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr?id=1626311104111572&ev=PageView&cd[order_id]=0-968cf141-a404-49b9-8943-86e26ae58ac5&dpo=LDU&dpoco=0&dpost=0

Protocol

Server

2a03:2880:f145:82:face:b00c:0:25de Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Dec 2022 23:53:17 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

Redirect headers

access-control-allow-origin: *
Location: https://www.facebook.com/tr?id=1626311104111572&ev=PageView&cd[order_id]=0-968cf141-a404-49b9-8943-86e26ae58ac5&dpo=LDU&dpoco=0&dpost=0
Date: Fri, 09 Dec 2022 23:53:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

sync_pixel
t.myvisualiq.net/ul_cb/
Redirect Chain

https://t.myvisualiq.net/sync_pixel?r=1073146&ago=212&ao=849&p1_eml=|||&p1_uid=1984631461.1670629995
https://t.myvisualiq.net/ul_cb/sync_pixel?r=1073146&ago=212&ao=849&p1_eml=|||&p1_uid=1984631461.1670629995

43 B
573 B

99ms
99ms

Image
image/gif

54.227.133.78
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.myvisualiq.net/ul_cb/sync_pixel?r=1073146&ago=212&ao=849&p1_eml=|||&p1_uid=1984631461.1670629995
Protocol: HTTP/1.1
Server: 54.227.133.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-227-133-78.compute-1.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

access-control-allow-origin: *
Date: Fri, 09 Dec 2022 23:53:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://t.myvisualiq.net/ul_cb/sync_pixel?r=1073146&ago=212&ao=849&p1_eml=|||&p1_uid=1984631461.1670629995
Date: Fri, 09 Dec 2022 23:53:17 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3 200 default.js Show response
onboard.triptease.io/integrations/v6007.65819/ 149 KB
47 KB 106ms
94ms Script
application/javascript 2606:4700:3030::ac43:9d93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/integrations/v6007.65819/default.js

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:9d93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bfaa0f222b5ce5a88941e32d672fed4c20a9ede1b6bec36d423fbe63cf54a6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Origin: https://authority.cosmopolitanlasvegas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:17 GMT
strict-transport-security: max-age=15552000
content-encoding: br
cf-cache-status: HIT
x-goog-meta-git-hash: daef1902c9583199e6b180a5aa38c79722e1fcfb
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3779
x-guploader-uploadid: ADPycdu1A3kupgipkavi8ipGREPpnVNIaZyTrlrXk42pEjT9-bL2eA-hs7LqBp8TcdfBnLEluloErldsPpFsjvyxH0c9
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-meta-build-version: 6007.65819
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 09 Dec 2022 13:27:27 GMT
server: cloudflare
etag: W/"c6015b34489ad81a9d06685142d977c4"
vary: Accept-Encoding
x-goog-generation: 1670592447521883
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-goog-hash: crc32c=SK8x0Q==, md5=xgFbNEia2BqdBmhRQtl3xA==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VWbOrlOWcdIqudk7Ch%2FdvJebG4JNmAWitr4q5CNTuGD6cAL2vqJkQ5Cqe%2FfHe6SGjMvnTcx9RfBRBUV7Vqs0M0DAiQ7OivFj4LiKEw%2Bqp9yNYY%2F5mt2GhdA7h%2B12Ba6AtlytaDsSyxVgJWqh4JiL9ddR5w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 152301
cf-ray: 7771a8cecdc19a0b-FRA
expires: Sat, 09 Dec 2023 22:36:34 GMT

GET
H3 200 identity Show response
onboard.triptease.io/ 161 B
862 B 16ms
15ms Fetch
application/json 2606:4700:3030::ac43:9d93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/identity

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:9d93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30530a52bc5461a15f4f50fe1972c0ac56b5f3ee445511b392bd0ca66bdabccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:18 GMT
strict-transport-security: max-age=15552000
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GHwskVYHj%2FeoLdlpqgfse5XfUP8iU3NqbOMHNdv4%2BWgXsefgkJuQDuFDgliR663NHHai4M%2B4yOHNJ5YiGa03LGf7bjZ7APzyBrM%2Bjl1%2FzaKhhm00lKe9QcA5CwgK3%2FBPqM2VHwbCVHlMpnTNcj3cu%2Bcg3w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://authority.cosmopolitanlasvegas.com
cache-control: no-store, no-cache
access-control-allow-credentials: true
cf-ray: 7771a8d0cd5c68f7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 claim Show response
onboard.triptease.io/ 0
571 B 216ms
215ms Fetch
application/json 2606:4700:3030::ac43:9d93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/claim?apiKey=b46e2da70190d88425348ffad2967bf112aa252c

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:9d93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:18 GMT
strict-transport-security: max-age=15552000
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ghFZeScDX5%2BD21h58Q5eLmNdQONHjHecyNC5jOpnXevFjp9v%2BO%2BlktCG33D9JL65FAQixCQjLkq1%2BItnQcgZC6RFi4lY1HySNzq1s3U2ViKx7WaTonVmKHnGyuqU5uRNXRrPtvsdTSfIx8FvEAXgXWWi8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: https://authority.cosmopolitanlasvegas.com
cache-control: no-cache, no-store, max-age=0
access-control-allow-credentials: true
accept-ranges: bytes
cf-ray: 7771a8d0cd6a68f7-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 bootstrap-message-engine.js Show response
static.triptease.io/message-porter/dist/ 82 KB
28 KB 21ms
6ms Script
application/javascript 151.101.1.182
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.182 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

99ec1155ca51fe44988c932a93a9732533236aae633aea3c2fe6a3b0043f094a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Origin: https://authority.cosmopolitanlasvegas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-encoding: gzip
age: 380
x-guploader-uploadid: ADPycdvoJ2w967hekUd5gUENRJVtVzyRm7K-nMgSWaxBXguC-w3uMwVlADMnqxg2KFZtp37CHJXzzpb94h1NIr6NnC9xAw
x-goog-stored-content-encoding: identity
backend-url: /message-porter/dist/bootstrap-message-engine.js
x-served-by: cache-hhn-etou8220047-HHN
x-timer: S1670629999.522213,VS0,VE0
etag: "ecd22e863527c55723f2dd1c0318362e"
vary: Accept-Encoding
x-goog-generation: 1670528350962453
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=600
pseudo-session-id: 24d2d7b4a0fdaace68d7ae9e88ec40f01a9a891758b50423ecbbbc71af93ea0f
x-cache-hits: 2
expires: Thu, 08 Dec 2022 19:55:15 GMT
date: Fri, 09 Dec 2022 23:53:18 GMT
via: 1.1 varnish
surrogate-key-debug: message-porter message-porter-bootstrap-message-engine message-porter-js
strict-transport-security: max-age=31557600
x-goog-meta-goog-reserved-file-mtime: 1670528347
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
content-length: 28204
last-modified: Thu, 08 Dec 2022 19:39:11 GMT
server: UploadServer
x-goog-hash: crc32c=i4qm8Q==, md5=7NIuhjUnxVcj8t0cAxg2Lg==
pseudo-device-id: a4a8a5a7b68879445a2a46a09f4b24e24684f5f2b10b4dea15daac687ce68585
x-goog-stored-content-length: 83651
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 main.js Show response
static-meta.triptease.io/client/ 54 KB
17 KB 157ms
140ms Script
text/plain 151.101.129.182
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-meta.triptease.io/client/main.js
Requested by: Host: static.triptease.io
URL: https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.182 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 1e49eec740d31fbfbbe69037b0d2993ddf62156ddd46582a4295c3d10bc3e84b

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Origin: https://authority.cosmopolitanlasvegas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:18 GMT
via: 1.1 google, 1.1 varnish
content-encoding: gzip
age: 0
x-envoy-upstream-healthchecked-cluster: client-api.management
x-cache: MISS
x-envoy-upstream-service-time: 2
content-length: 17418
x-served-by: cache-hhn-etou8220079-HHN
server: istio-envoy
x-timer: S1670629999.524310,VS0,VE134
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600,stale-while-revalidate=1800
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1 200
OK application.js Show response
b.triptease.io/ 3 KB
3 KB 34ms
7ms Script
application/javascript 151.101.129.62
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://b.triptease.io/application.js

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.62 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

54d464dcbb274e2f142eb6e78e14dd6885edc21e72d0989717a1318c170777df

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Origin: https://authority.cosmopolitanlasvegas.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

X-Served-By: cache-hhn-etou8220056-HHN
Date: Fri, 09 Dec 2022 23:53:18 GMT
Via: 1.1 google, 1.1 varnish
Strict-Transport-Security: max-age=300
Age: 3187
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
X-Cache: HIT
cache-control: max-age=60
Connection: keep-alive
Accept-Ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, session-token
Content-Length: 2870
X-Cache-Hits: 1

GET
H2 200 b46e2da70190d88425348ffad2967bf112aa252c Show response
static-meta.triptease.io/client/bundle-data/ 421 B
379 B 256ms
255ms Fetch
application/json 151.101.129.182
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-meta.triptease.io/client/bundle-data/b46e2da70190d88425348ffad2967bf112aa252c
Requested by: Host: static-meta.triptease.io
URL: https://static-meta.triptease.io/client/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.182 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 952325f88358abd487e263464e5b7e331e06ee6c2abb186eebde1c817fb92b6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:18 GMT
via: 1.1 google, 1.1 varnish
content-encoding: gzip
age: 0
x-cache: MISS
x-envoy-upstream-service-time: 126
content-length: 315
x-served-by: cache-hhn-etou8220079-HHN
server: istio-envoy
x-timer: S1670629999.701556,VS0,VE249
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600,stale-while-revalidate=1800
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 storageIframe.html Show response
static.triptease.io/message-porter/dist/ Frame 9E44 7 KB
3 KB 7ms
6ms Document
text/html 151.101.1.182
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static.triptease.io/message-porter/dist/storageIframe.html

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.182 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

21d2b359cbb02ef13dab5f81357cc0510498bb95cc1e3a1a68eaabd169f8d92c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type
age: 169
backend-url: /message-porter/dist/storageIframe.html
cache-control: public, max-age=600
content-encoding: gzip
content-length: 2691
content-type: text/html
date: Fri, 09 Dec 2022 23:53:18 GMT
etag: "15066e1421723db08847ce51bce5ecd5"
expires: Thu, 08 Dec 2022 19:44:05 GMT
last-modified: Mon, 05 Dec 2022 12:14:20 GMT
pseudo-device-id: 138c0ad65bbcd5f9856b026d392ac861a17e098e9d266dc16ed29b53f36be83e
pseudo-session-id: bc805d2ca16c36651fdfef23411dcbcb51b369331037546cc3f68bbb568d7aad
server: UploadServer
strict-transport-security: max-age=31557600
surrogate-key-debug: message-porter message-porter-storageIframe message-porter-html
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 2
x-goog-generation: 1670242460568015
x-goog-hash: crc32c=a3lbEg== md5=FQZuFCFyPbCIR85RvOXs1Q==
x-goog-meta-goog-reserved-file-mtime: 1670242456
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6951
x-guploader-uploadid: ADPycdvcmTc0Lu3wc9P2Cq3n0LYLBV965MOzWk3Ydwl77JsdbUUrOnEsD7aYBTO-JVPSueAGiPjjF7UClrFtT8AtnSMUgA
x-served-by: cache-hhn-etou8220083-HHN
x-timer: S1670629999.710430,VS0,VE0

GET
H/1.1 200
OK / Show response
b.triptease.io/ Frame A7D2 3 KB
3 KB 155ms
139ms Document
text/html 151.101.129.62
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://b.triptease.io/?apikey=b46e2da70190d88425348ffad2967bf112aa252c&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GKWMXFM0YX5CYRF7NYJYERB6

Requested by

Host: b.triptease.io
URL: https://b.triptease.io/application.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.129.62 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ba5986e8f1801806b13c5af39262d5abf484ea364c0349a214d836f0df71ed9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Date: Fri, 09 Dec 2022 23:53:18 GMT
Strict-Transport-Security: max-age=300
Via: 1.1 google, 1.1 varnish
X-Cache: MISS
X-Cache-Hits: 0
X-Served-By: cache-hhn-etou8220031-HHN
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, session-token
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
access-control-allow-origin: *
cache-control: private, no-store
transfer-encoding: chunked

GET
H2 200 b46e2da70190d88425348ffad2967bf112aa252c Show response
static-meta.triptease.io/client/bundle-data/ 421 B
415 B 245ms
243ms Fetch
application/json 151.101.129.182
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static-meta.triptease.io/client/bundle-data/b46e2da70190d88425348ffad2967bf112aa252c
Requested by: Host: static-meta.triptease.io
URL: https://static-meta.triptease.io/client/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.182 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 952325f88358abd487e263464e5b7e331e06ee6c2abb186eebde1c817fb92b6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:18 GMT
via: 1.1 google, 1.1 varnish
content-encoding: gzip
age: 0
x-cache: HIT
x-envoy-upstream-service-time: 126
content-length: 315
x-served-by: cache-hhn-etou8220079-HHN
server: istio-envoy
x-timer: S1670629999.712903,VS0,VE237
vary: Origin, Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600,stale-while-revalidate=1800
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 1

GET
H2 200 messages Show response
messages.guest-experience.triptease.io/b46e2da70190d88425348ffad2967bf112aa252c/ 8 KB
8 KB 200ms
169ms Fetch
application/json 151.101.2.133
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://messages.guest-experience.triptease.io/b46e2da70190d88425348ffad2967bf112aa252c/messages?language=en-US
Requested by: Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.2.133 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 44a531b246b1e5487e3a583e0508e7c9545882ffb0a149a4b674584618baf853

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:18 GMT
via: 1.1 varnish
age: 0
x-cache: MISS
x-city: frankfurt am main
content-length: 7981
x-served-by: cache-hhn-etou8220056-HHN
server: Google Frontend
vary: Origin
tt_keys: campaigns-b46e2da70190d88425348ffad2967bf112aa252c campaigns-client-COSMOPOLITANOFLASVEGAS
access-control-allow-origin: https://authority.cosmopolitanlasvegas.com
x-region-code: HE
x-cloud-trace-context: 6dc5bcc19c42154ae94177b476998e1e
cache-control: max-age=600
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
tt_host: messages.guest-experience.triptease.io
access-control-expose-headers: X-Country-Code, X-Region-Code, X-City
accept-ranges: bytes
x-country-code: DE
x-cache-hits: 0

GET
H/1.1

200
OK

associate-segment
segment.prod.bidr.io/ Frame A7D2
Redirect Chain

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=&_bee_ppp=1

43 B
796 B

33ms
32ms

Image
image/gif

63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=&_bee_ppp=1

Requested by

Host: b.triptease.io
URL: https://b.triptease.io/?apikey=b46e2da70190d88425348ffad2967bf112aa252c&bucket=0&conversion=false&clicked=false&searched=false&tripteaseUserId=01GKWMXFM0YX5CYRF7NYJYERB6

Protocol

HTTP/1.1

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-138&value=&_bee_ppp=1
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

associate-segment
segment.prod.bidr.io/ Frame A7D2
Redirect Chain

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=&_bee_ppp=1

43 B
796 B

31ms
31ms

Image
image/gif

63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=&_bee_ppp=1

Requested by

Protocol

HTTP/1.1

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-139&value=&_bee_ppp=1
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

associate-segment
segment.prod.bidr.io/ Frame A7D2
Redirect Chain

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=&_bee_ppp=1

43 B
796 B

33ms
33ms

Image
image/gif

63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=&_bee_ppp=1

Requested by

Protocol

HTTP/1.1

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-140&value=&_bee_ppp=1
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

associate-segment
segment.prod.bidr.io/ Frame A7D2
Redirect Chain

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=&_bee_ppp=1

43 B
796 B

30ms
30ms

Image
image/gif

63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=&_bee_ppp=1

Requested by

Protocol

HTTP/1.1

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-136&value=&_bee_ppp=1
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

associate-segment
segment.prod.bidr.io/ Frame A7D2
Redirect Chain

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18692&value=1
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18692&value=1&_bee_ppp=1

43 B
796 B

32ms
30ms

Image
image/gif

63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18692&value=1&_bee_ppp=1

Requested by

Protocol

HTTP/1.1

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18692&value=1&_bee_ppp=1
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

associate-segment
segment.prod.bidr.io/ Frame A7D2
Redirect Chain

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18693&value=
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18693&value=&_bee_ppp=1

43 B
433 B

32ms
29ms

Image
image/gif

63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18693&value=&_bee_ppp=1

Requested by

Protocol

HTTP/1.1

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18693&value=&_bee_ppp=1
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK associate-segment
segment.prod.bidr.io/ Frame A7D2 43 B
433 B 32ms
31ms Image
image/gif 63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18694&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK associate-segment
segment.prod.bidr.io/ Frame A7D2 43 B
433 B 29ms
28ms Image
image/gif 63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18695&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK associate-segment
segment.prod.bidr.io/ Frame A7D2 43 B
433 B 32ms
31ms Image
image/gif 63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18696&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK associate-segment
segment.prod.bidr.io/ Frame A7D2 43 B
433 B 31ms
30ms Image
image/gif 63.32.161.99
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-18697&value=1

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.161.99 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-99.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

cookie-sync
b.triptease.io/ Frame A7D2
Redirect Chain

https://match.prod.bidr.io/cookie-sync/triptease?buyer_user_id=01GKWMXFM0YX5CYRF7NYJYERB6|b46e2da70190d88425348ffad2967bf112aa252c
https://match.prod.bidr.io/cookie-sync/triptease?buyer_user_id=01GKWMXFM0YX5CYRF7NYJYERB6%7Cb46e2da70190d88425348ffad2967bf112aa252c&_bee_ppp=1
https://b.triptease.io/cookie-sync?partner=beeswax&beeswax_id=AAOb907HJ5UAACDekZSS1g&buyer_user_id=01GKWMXFM0YX5CYRF7NYJYERB6%7Cb46e2da70190d88425348ffad2967bf112aa252c

137 B
137 B

123ms
123ms

Image
text/plain

151.101.129.62
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.triptease.io/cookie-sync?partner=beeswax&beeswax_id=AAOb907HJ5UAACDekZSS1g&buyer_user_id=01GKWMXFM0YX5CYRF7NYJYERB6%7Cb46e2da70190d88425348ffad2967bf112aa252c

Requested by

Protocol

HTTP/1.1

Server

151.101.129.62 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://b.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

X-Served-By: cache-hhn-etou8220031-HHN
Date: Fri, 09 Dec 2022 23:53:19 GMT
Via: 1.1 google, 1.1 varnish
Strict-Transport-Security: max-age=300
transfer-encoding: chunked
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
X-Cache: MISS
access-control-allow-origin: *
cache-control: private, no-store
Connection: keep-alive
Accept-Ranges: bytes
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, session-token
X-Cache-Hits: 0

Redirect headers

location: https://b.triptease.io/cookie-sync?partner=beeswax&beeswax_id=AAOb907HJ5UAACDekZSS1g&buyer_user_id=01GKWMXFM0YX5CYRF7NYJYERB6%7Cb46e2da70190d88425348ffad2967bf112aa252c
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

cookie-msync Show response
match.prod.bidr.io/ Frame 603A
Redirect Chain

https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-1&value=0.5&forward_to_cookie_sync=1
https://segment.prod.bidr.io/associate-segment?buzz_key=triptease&segment_key=triptease-1&value=0.5&forward_to_cookie_sync=1&_bee_ppp=1
https://match.prod.bidr.io/cookie-msync?buzz_key=triptease

1 KB
2 KB

63ms
30ms

Document
text/html

52.212.89.6
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://match.prod.bidr.io/cookie-msync?buzz_key=triptease

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.212.89.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-89-6.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

79b647f19f44a1cebbf12bcbb766b76f4523227e97991cebe0175f66fdcda647

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://b.triptease.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Length: 1444
Date: Fri, 09 Dec 2022 23:53:19 GMT
Server: gunicorn
cache-control: no-cache, must-revalidate
content-type: text/html; charset=utf-8
strict-transport-security: max-age=2592000; includeSubDomains

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Fri, 09 Dec 2022 23:53:19 GMT
Server: gunicorn
location: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
strict-transport-security: max-age=2592000; includeSubDomains

POST
H2 200 event
api.triptease.io/zappy/ 0
218 B 145ms
108ms Ping
text/plain 35.186.195.233
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.triptease.io/zappy/event?eventName=propensityToConvert&eventAppName=messageEngine
Requested by: Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.195.233 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 233.195.186.35.bc.googleusercontent.com
Software: nginx/1.11.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 09 Dec 2022 23:53:19 GMT
via: 1.1 google
server: nginx/1.11.3
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://authority.cosmopolitanlasvegas.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 event
api.triptease.io/zappy/ 0
43 B 203ms
169ms Ping
text/plain 35.186.195.233
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.triptease.io/zappy/event?eventName=messageAvailable%2CmessageAvailable
Requested by: Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.195.233 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 233.195.186.35.bc.googleusercontent.com
Software: nginx/1.11.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 09 Dec 2022 23:53:19 GMT
via: 1.1 google
server: nginx/1.11.3
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://authority.cosmopolitanlasvegas.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 fullscreen.html Show response
static.triptease.io/message-porter/dist/ Frame 6E26 262 KB
95 KB 19ms
19ms Document
text/html 151.101.1.182
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static.triptease.io/message-porter/dist/fullscreen.html

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.182 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a1f5f3b869efe898980a103d51362496f7f650ca2655ee6d244246daf5f961e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type
age: 428
backend-url: /message-porter/dist/fullscreen.html
cache-control: public, max-age=600
content-encoding: gzip
content-length: 96286
content-type: text/html
date: Fri, 09 Dec 2022 23:53:18 GMT
etag: "d616cf88602b24ffb3ca55b32fe4cc4e"
expires: Fri, 09 Dec 2022 22:05:08 GMT
last-modified: Mon, 05 Dec 2022 12:14:20 GMT
pseudo-device-id: 138c0ad65bbcd5f9856b026d392ac861a17e098e9d266dc16ed29b53f36be83e
pseudo-session-id: bc805d2ca16c36651fdfef23411dcbcb51b369331037546cc3f68bbb568d7aad
server: UploadServer
strict-transport-security: max-age=31557600
surrogate-key-debug: message-porter message-porter-fullscreen message-porter-html
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1
x-goog-generation: 1670242460487630
x-goog-hash: crc32c=MpbQRA== md5=1hbPiGArJP+zylWzL+TMTg==
x-goog-meta-goog-reserved-file-mtime: 1670242456
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 268268
x-guploader-uploadid: ADPycduu78OSONyzLmqi8bT658Y0QiXCoL4zv_bapheH_AsAF1u0S2Xt2j70ihp05xL-LV9oUF7tCF3bktTdoK7n_ZIj4-MOLlOv
x-served-by: cache-hhn-etou8220083-HHN
x-timer: S1670629999.946669,VS0,VE2

GET
H2 200 nudge.html Show response
static.triptease.io/message-porter/dist/ Frame 504E 253 KB
92 KB 6ms
6ms Document
text/html 151.101.1.182
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://static.triptease.io/message-porter/dist/nudge.html

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.182 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e91bec8cdac6b453d634c7f5157fd9baee7c5ebb7be05551783506a98fba814a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type
age: 484
backend-url: /message-porter/dist/nudge.html
cache-control: public, max-age=600
content-encoding: gzip
content-length: 93593
content-type: text/html
date: Fri, 09 Dec 2022 23:53:18 GMT
etag: "c7374293aae6865dbbdaad5fcab50370"
expires: Fri, 09 Dec 2022 21:53:10 GMT
last-modified: Mon, 05 Dec 2022 12:14:20 GMT
pseudo-device-id: 138c0ad65bbcd5f9856b026d392ac861a17e098e9d266dc16ed29b53f36be83e
pseudo-session-id: bc805d2ca16c36651fdfef23411dcbcb51b369331037546cc3f68bbb568d7aad
server: UploadServer
strict-transport-security: max-age=31557600
surrogate-key-debug: message-porter message-porter-nudge message-porter-html
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 2
x-goog-generation: 1670242460546025
x-goog-hash: crc32c=Ic8JJw== md5=xzdCk6rmhl272q1fyrUDcA==
x-goog-meta-goog-reserved-file-mtime: 1670242456
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 259275
x-guploader-uploadid: ADPycduds5QRC-aSLvjiwx1QOrvv0gvOz2PvHP2c6E5Y5xVag4dXVInjnhfNmW8lSMlue4tfrLiu9FjdNFO5h70AXOKW4nWcrQ6g
x-served-by: cache-hhn-etou8220083-HHN
x-timer: S1670629999.947722,VS0,VE0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 135 KB
52 KB 41ms
26ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-606547538

Requested by

Host: static-meta.triptease.io
URL: https://static-meta.triptease.io/client/main.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8e2f1ee06bf08d78278ec917f6d3d655b5e36b52f0abbafcb350ed31e94a0b15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52884
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Dec 2022 23:53:19 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 135 KB
52 KB 29ms
16ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-606547538&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXCSKP

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2a8465375a39a7134ca432e800a96a23569f1828821f0eec3f39d38c08387653

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52912
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Dec 2022 23:53:19 GMT

POST
H3 204 batch
onboard.triptease.io/message/ 0
500 B 163ms
163ms Ping
text/html 2606:4700:3030::ac43:9d93
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onboard.triptease.io/message/batch

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:9d93 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=15552000
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTbPb0seqJvkw7YUw4POUgwoWulzF%2Bj0jtBSXOBJeU7%2BWY1I%2FMvdPsm3yIfc7tHA6qBkC1yLhCeE4uujo80KITMSO4rXtqiplWSVtcNx5joOlkKX6cj%2BXNnWDK07RdcI%2BCE%2FnCyxow9kqPwirW313T%2F06g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
access-control-allow-origin: *
x-cloud-trace-context: 0611f1b6a276f51d3bf43095f425d6b7
cf-ray: 7771a8d61cc168f7-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ Frame 504E 5 KB
1 KB 39ms
16ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/nudge.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

910612fc65208677f4e2fff60558e0f1949138a3696402a17ed5582efe0d2649

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 09 Dec 2022 23:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 22:43:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 09 Dec 2022 23:53:19 GMT

GET
H2 200 86d82c5087bd750f9d91d4e56e442998.jpeg
static.triptease.io/message-porter/clients/COSMOPOLITANOFLASVEGAS/ Frame 504E 52 KB
52 KB 8ms
7ms Image
image/jpeg 151.101.1.182
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.triptease.io/message-porter/clients/COSMOPOLITANOFLASVEGAS/86d82c5087bd750f9d91d4e56e442998.jpeg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.182 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

e8ea3a9d34088d0ee4e830d50fecf4800e6f49954f451a76862ac40fecc5040a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.triptease.io/message-porter/dist/nudge.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 19:39:16 GMT
date: Fri, 09 Dec 2022 23:53:19 GMT
via: 1.1 varnish
surrogate-key-debug: message-porter message-porter-86d82c5087bd750f9d91d4e56e442998 message-porter-jpeg
strict-transport-security: max-age=31557600
age: 101642
x-guploader-uploadid: ADPycdtVGwuNPkOb1i6_QSSR98m0PG61g972c2d9zBV781mEFVNEbyX0a23UY--ihEaw_7VMSkuKBBCN0nWJ8IObbXBEBw
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
backend-url: /message-porter/clients/COSMOPOLITANOFLASVEGAS/86d82c5087bd750f9d91d4e56e442998.jpeg
content-length: 53089
x-served-by: cache-hhn-etou8220083-HHN
last-modified: Sun, 04 Dec 2022 16:15:35 GMT
server: UploadServer
x-timer: S1670629999.077630,VS0,VE1
etag: "bee1d5838432cd8d1eaa04f289005fa4"
pseudo-session-id: a821ee2716ad8d7c3226ae64c05f2eefea96c67509dc521d6008c1400256a290
x-goog-generation: 1670170535682043
x-goog-hash: crc32c=21WNzw==, md5=vuHVg4QyzY0eqgTyiQBfpA==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=31536000
x-goog-stored-content-length: 53089
content-type: image/jpeg
accept-ranges: bytes
timing-allow-origin: *
pseudo-device-id: 12c7c38ab2364054e81afec7afa8690c56a819ee74879293f1be3eb603eccba4
x-cache-hits: 1

GET
H2 200 css
fonts.googleapis.com/ Frame 6E26 5 KB
740 B 21ms
17ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700

Requested by

Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/fullscreen.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

910612fc65208677f4e2fff60558e0f1949138a3696402a17ed5582efe0d2649

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.triptease.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 09 Dec 2022 23:53:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 09 Dec 2022 22:36:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 09 Dec 2022 23:53:19 GMT

GET
H2 200 ef28e9f283af352aebd39d9d90797ced.jpeg
static.triptease.io/message-porter/clients/COSMOPOLITANOFLASVEGAS/ Frame 6E26 29 KB
29 KB 9ms
9ms Image
image/jpeg 151.101.1.182
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.triptease.io/message-porter/clients/COSMOPOLITANOFLASVEGAS/ef28e9f283af352aebd39d9d90797ced.jpeg

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.1.182 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0b2024ab96259b2c1e3517f1401ebfac067c4ae9a1adce1cbf1f0a0839f43f40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://static.triptease.io/message-porter/dist/fullscreen.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

expires: Fri, 08 Dec 2023 19:40:10 GMT
date: Fri, 09 Dec 2022 23:53:19 GMT
via: 1.1 varnish
surrogate-key-debug: message-porter message-porter-ef28e9f283af352aebd39d9d90797ced message-porter-jpeg
strict-transport-security: max-age=31557600
age: 101589
x-guploader-uploadid: ADPycdsTef5UVfKyxXzjnrmkf91HuHGcqRAqpGSWgnyc4ByjdkoZ0Pk6MwSTFvlz_Hsj1DxdI_wkR3T-iatGpIeubi4UqWkGLhYm
x-cache: HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
backend-url: /message-porter/clients/COSMOPOLITANOFLASVEGAS/ef28e9f283af352aebd39d9d90797ced.jpeg
content-length: 29519
x-served-by: cache-hhn-etou8220083-HHN
last-modified: Sun, 04 Dec 2022 16:35:43 GMT
server: UploadServer
x-timer: S1670629999.096940,VS0,VE1
etag: "6b4ebbfa4a2517442c5144d6bd9c7d7b"
pseudo-session-id: a821ee2716ad8d7c3226ae64c05f2eefea96c67509dc521d6008c1400256a290
x-goog-generation: 1670171743916873
x-goog-hash: crc32c=mmyemQ==, md5=a067+kolF0QsUUTWvZx9ew==
access-control-allow-origin: *
access-control-expose-headers: Content-Type
cache-control: public, max-age=31536000
x-goog-stored-content-length: 29519
content-type: image/jpeg
accept-ranges: bytes
timing-allow-origin: *
pseudo-device-id: 12c7c38ab2364054e81afec7afa8690c56a819ee74879293f1be3eb603eccba4
x-cache-hits: 1

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/606547538/ 2 KB
987 B 109ms
109ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/606547538/?random=1670629999113&cv=11&fst=1670629999113&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&hn=www.googleadservices.com&frm=0&url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&tiba=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&auid=1496045068.1670629995&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-606547538&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

965f915d74e6f6553e10fc95db6cfd1e33df7ce9cbcead5a9fbc08f55f541f18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 963
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

adx
match.prod.bidr.io/cookie-sync/ Frame 603A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCckcwN0hKNVVBQUNBR1BIemhFZw&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1

43 B
433 B

29ms
29ms

Image
image/gif

52.212.89.6
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1

Requested by

Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease

Protocol

HTTP/1.1

Server

52.212.89.6 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-212-89-6.eu-west-1.compute.amazonaws.com

Software

gunicorn /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Server: gunicorn
content-type: image/gif
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK ibs:dpid=275754&dpuuid=AABrG07HJ5UAACAGPHzhEg
dpm.demdex.net/ Frame 603A 42 B
942 B 118ms
118ms Image
image/gif 54.72.53.159
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=275754&dpuuid=AABrG07HJ5UAACAGPHzhEg

Requested by

Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.72.53.159 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-72-53-159.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v045-048420acf.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: e+x+t+eXSdA=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 35244
tags.bluekai.com/site/ Frame 603A 62 B
526 B 173ms
170ms Image
image/gif 104.76.200.221
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/35244?id=AABrG07HJ5UAACAGPHzhEg
Requested by: Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.76.200.221 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-76-200-221.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Fri, 09 Dec 2022 23:53:19 GMT
content-length: 62
bk-server: 5a87
content-type: image/gif

GET
H/1.1 200
OK user-registering
ads.stickyadstv.com/ Frame 603A 43 B
688 B 73ms
36ms Image
image/gif 23.213.161.145
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/user-registering?dataProviderId=817&userId=AABrG07HJ5UAACAGPHzhEg
Requested by: Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.213.161.145 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-213-161-145.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1670629999048098-586
Expires: Fri, 09 Dec 2022 23:53:19 GMT

GET
H2 200 g.pixel
aa.agkn.com/adscores/ Frame 603A 43 B
499 B 110ms
30ms Image
image/gif 18.200.78.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212314538&puid=AABrG07HJ5UAACAGPHzhEg
Requested by: Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.200.78.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-200-78-128.eu-west-1.compute.amazonaws.com
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:19 GMT
server: AAWebServer
access-control-allow-methods: GET, POST, OPTIONS
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type
content-length: 43
expires: 0

GET
H2 200 Pug
image2.pubmatic.com/AdServer/ Frame 603A 42 B
430 B 73ms
21ms Image
image/gif 185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABrG07HJ5UAACAGPHzhEg
Requested by: Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Fri, 09 Dec 2022 23:53:18 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

204

/
loadus.exelator.com/load/ Frame 603A
Redirect Chain

https://loadus.exelator.com/load/?BUID=AABrG07HJ5UAACAGPHzhEg&p=204&g=117&j=0
https://loadus.exelator.com/load/?BUID=AABrG07HJ5UAACAGPHzhEg&p=204&g=117&j=0&xl8blockcheck=1

0
771 B

35ms
34ms

Image
text/plain

54.78.254.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadus.exelator.com/load/?BUID=AABrG07HJ5UAACAGPHzhEg&p=204&g=117&j=0&xl8blockcheck=1
Requested by: Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol: H2
Server: 54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Fri, 09 Dec 2022 23:53:19 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date: Fri, 09 Dec 2022 23:53:19 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://loadus.exelator.com/load/?BUID=AABrG07HJ5UAACAGPHzhEg&p=204&g=117&j=0&xl8blockcheck=1
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

validateCookie
segments.company-target.com/ Frame 603A
Redirect Chain

https://segments.company-target.com/log?vendor=choca&user_id=AABrG07HJ5UAACAGPHzhEg
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABrG07HJ5UAACAGPHzhEg&verifyHash=299d670181b389067fe401f9880391eb5a1275d7

26 B
409 B

98ms
98ms

Image
image/gif

52.222.214.106
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABrG07HJ5UAACAGPHzhEg&verifyHash=299d670181b389067fe401f9880391eb5a1275d7
Requested by: Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol: HTTP/1.1
Server: 52.222.214.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-106.fra56.r.cloudfront.net
Software: /
Resource Hash: 3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Date: Fri, 09 Dec 2022 23:53:19 GMT
Via: 1.1 59439a13f6db75e801a63663b4f79372.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P3
Transfer-Encoding: chunked
X-Cache: Miss from cloudfront
Content-Type: image/gif
Vary: Origin
Connection: keep-alive
trace-id: 5c7f9a37068200ac
X-Amz-Cf-Id: EaH0q_HyFkab5GYc5D4j1FU3faA53W5N5aI9S74m4om3uiIbhKcSzw==

Redirect headers

Date: Fri, 09 Dec 2022 23:53:19 GMT
Via: 1.1 59439a13f6db75e801a63663b4f79372.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P3
Vary: Origin
X-Cache: Miss from cloudfront
Location: /validateCookie?vendor=choca&user_id=AABrG07HJ5UAACAGPHzhEg&verifyHash=299d670181b389067fe401f9880391eb5a1275d7
Connection: keep-alive
trace-id: 1ffc851eb2e5527d
Content-Length: 0
X-Amz-Cf-Id: MxN47mWbNud_YW-wFltBl7OdKsG5OSFHr0mWGvhCCB_2-J8uXkYg3Q==

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 603A
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AABrG07HJ5UAACAGPHzhEg&expiration=1671839599
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AABrG07HJ5UAACAGPHzhEg&expiration=1671839599&C=1

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=130&external_user_id=AABrG07HJ5UAACAGPHzhEg&expiration=1671839599&C=1
Requested by: Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=130&external_user_id=AABrG07HJ5UAACAGPHzhEg&expiration=1671839599&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H/1.1 200
OK setuid
ib.adnxs.com/ Frame 603A 43 B
1 KB 15ms
14ms Image
image/gif 185.89.210.153
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=331&seg=6290637&code=AABrG07HJ5UAACAGPHzhEg

Requested by

Host: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-msync?buzz_key=triptease

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.153 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://match.prod.bidr.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Dec 2022 23:53:19 GMT
AN-X-Request-Uuid: cf9aefd9-6bf8-411f-af37-59a50c0b12cb
Server: nginx/1.21.3
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 217.64.151.4; 217.64.151.4; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ Frame 504E 44 KB
44 KB 31ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://static.triptease.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 18:50:24 GMT
x-content-type-options: nosniff
age: 363775
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 18:50:24 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ Frame 504E 44 KB
44 KB 39ms
15ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://static.triptease.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 18:50:24 GMT
x-content-type-options: nosniff
age: 363775
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 18:50:24 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ Frame 6E26 44 KB
44 KB 32ms
18ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://static.triptease.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 18:50:24 GMT
x-content-type-options: nosniff
age: 363775
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 18:50:24 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ Frame 6E26 44 KB
44 KB 34ms
21ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://static.triptease.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Mon, 05 Dec 2022 18:50:24 GMT
x-content-type-options: nosniff
age: 363775
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 05 Dec 2023 18:50:24 GMT

POST
H3 200 event
api.triptease.io/zappy/ 0
14 B 121ms
107ms Ping
text/plain 35.186.195.233
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.triptease.io/zappy/event?eventName=opened&eventAppName=abandonment
Requested by: Host: static.triptease.io
URL: https://static.triptease.io/message-porter/dist/bootstrap-message-engine.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.195.233 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 233.195.186.35.bc.googleusercontent.com
Software: nginx/1.11.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://authority.cosmopolitanlasvegas.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 09 Dec 2022 23:53:19 GMT
via: 1.1 google
server: nginx/1.11.3
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://authority.cosmopolitanlasvegas.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/606547538/ 42 B
64 B 23ms
22ms Image
image/gif 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/606547538/?random=1670629999113&cv=11&fst=1670626800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&tiba=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1891511721&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:19 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.de/pagead/1p-user-list/606547538/ 42 B
64 B 20ms
19ms Image
image/gif 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/606547538/?random=1670629999113&cv=11&fst=1670626800000&bg=ffffff&guid=ON&async=1&gtm=2oabu0&u_w=1600&u_h=1200&frm=0&url=https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4&tiba=Create%20your%20online%20account%20-%20Cosmopolitan.OAuth&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1891511721&rmt_tld=1&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Dec 2022 23:53:19 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 event Show response
bttrack.com/engagement/ 0
60 B 96ms
96ms XHR
text/plain 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to

Full URL: https://bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2215652%22%2C%22sessionId%22%3A%22f11baf39-8a25-455a-9a25-5245c692960f%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A2%2C%22url%22%3A%22https%3A%2F%2Fauthority.cosmopolitanlasvegas.com%2FAccount%2FRegisterExisting%3Futm_source%3DCRM%26utm_medium%3Demail%26utm_campaign%3DLET_IT_GLOW_R4%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
Requested by: Host: bttrack.com
URL: https://bttrack.com/engagement/js?goalId=15652&cb=1670629994786
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://authority.cosmopolitanlasvegas.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

x-servername: Track003-iad
pragma: no-cache
date: Fri, 09 Dec 2022 23:52:54 GMT
content-encoding: gzip
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
content-type: text/plain
access-control-allow-origin: *
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
cache-control: private,no-cache
content-length: 0
expires: -1

Verdicts & Comments Add Verdict or Comment

114 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

60 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cosmopolitan-lv.com/	1970-01-20 17:39:49	Name: AMCV_9ECA57E358A5630D0A495C2E%40AdobeOrg Value: MCMID%7C91513144428168478710123206840602329087
.cosmopolitan-lv.com/	1969-12-31 23:59:59	Name: nlid Value: b9df368\|15c34faf
.cosmopolitan-lv.com/	1970-01-20 17:39:49	Name: nllastdelid Value: 15c34faf
authority.cosmopolitanlasvegas.com/	1969-12-31 23:59:59	Name: .AspNetCore.Antiforgery.9fXoN5jHCXs Value: CfDJ8B6dYz_11AFAk1-77TBJ8-4YkR3wcUjW6fuYoESSyWuPZ216Ds6LgTM6fNmL6rtT8-hH3rjHo7Z4WUgKFVJeEJL6avs1Q_4FB2Rp0iYqFaWZ-sOf6b8mbdn-LM5Y-ZXljpOejZUGcyfHTE1MtFajvLQ
.authority.cosmopolitanlasvegas.com/	1969-12-31 23:59:59	Name: ARRAffinity Value: 14bef14bf2e9b76694bc9b082cbb3443fa0028693a605a2fbe176639caf2e343
.authority.cosmopolitanlasvegas.com/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 14bef14bf2e9b76694bc9b082cbb3443fa0028693a605a2fbe176639caf2e343
.cosmopolitanlasvegas.com/	1970-01-20 10:13:25	Name: _gcl_au Value: 1.1.1496045068.1670629995
.cosmopolitanlasvegas.com/	1970-01-20 17:39:49	Name: _ga Value: GA1.2.1984631461.1670629995
.cosmopolitanlasvegas.com/	1970-01-20 08:05:16	Name: _gid Value: GA1.2.1085791551.1670629995
.cosmopolitanlasvegas.com/	1970-01-20 08:03:50	Name: _dc_gtm_UA-15129230-8 Value: 1
.cosmopolitanlasvegas.com/	1970-01-20 17:39:49	Name: nmstat Value: a890815a-6e90-94a1-6a6f-3b930c69c6eb
.cosmopolitanlasvegas.com/	1970-01-20 10:13:25	Name: _fbp Value: fb.1.1670629994831.540857418
.tiktok.com/	1970-01-20 17:25:25	Name: _ttp Value: 2IhNk6ADeU62r5cO9lF1QrgsldY
.adnxs.com/	1970-01-20 10:13:25	Name: uuid2 Value: 4272677983417470035
.sojern.com/	1970-01-20 16:49:25	Name: gid Value: CAESEOZBerYeHqA04idQLRyP1PI
.sojern.com/	1970-01-20 16:49:25	Name: cid Value: cd3307c7-d4a1-fe4d-5de3-f5b14ac6d076#1670544000000
.doubleclick.net/	1970-01-20 17:25:25	Name: IDE Value: AHWqTUmgVCF7LMpo5vnVs9adD95abqiK31rSGhs44gjkgHM_ot5O9Ep3S13sQK4ChJs
.cosmopolitanlasvegas.com/	1970-01-20 17:25:25	Name: _tt_enable_cookie Value: 1
.cosmopolitanlasvegas.com/	1970-01-20 17:25:25	Name: _ttp Value: 15af4596-bd58-4a8a-9a1f-d164564baa99
6131764.global.siteimproveanalytics.io/	1970-01-20 08:13:54	Name: AWSALBCORS Value: dH9a1a0Jf06JFQvotN305j3YYRqgZPn7QrsmBmeGZoh2Fp3/+nc3mbwlUJznG7AxTHINrOOOojgMSfkjQn8sLcarA/o2gPwcdsdcM3htxqAEEwfptq7omHRV3MV7
.sojern.com/	1970-01-20 10:13:25	Name: apnid Value: 4272677983417470035
.yieldoptimizer.com/	1970-01-20 16:49:25	Name: ph Value: %7B%22p%22%3A%5B%5D%2C%22t%22%3A%5B%5D%7D
.yieldoptimizer.com/	1970-01-20 16:49:25	Name: fbh0 Value: %7B%7D
.yieldoptimizer.com/	1970-01-20 16:49:25	Name: dph Value: %7B%22t%22%3A%5B%5D%2C%22dp%22%3A%5B%5D%7D
.bing.com/	1970-01-20 17:25:25	Name: MUID Value: 2859FBB7D4156CC3285EE9C2D57E6D85
www.clarity.ms/	1970-01-20 16:49:25	Name: CLID Value: a22d070f9ebd401599ba27b5604ce413.20221209.20231209
.c.bing.com/	1970-01-20 17:25:25	Name: SRM_B Value: 2859FBB7D4156CC3285EE9C2D57E6D85
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 17:25:25	Name: MUID Value: 2859FBB7D4156CC3285EE9C2D57E6D85
.c.clarity.ms/	1970-01-20 08:03:50	Name: ANONCHK Value: 0
.cosmopolitanlasvegas.com/	1970-01-20 08:03:55	Name: LPVID Value: VhMGY3M2M0ZWRlNzQwNzRl
.cosmopolitanlasvegas.com/	1969-12-31 23:59:59	Name: LPSID-88246722 Value: gQwORzOlSPamQLV8Y0Nipg
.tapad.com/	1970-01-20 09:30:13	Name: TapAd_TS Value: 1670629997014
.tapad.com/	1970-01-20 09:30:13	Name: TapAd_DID Value: 1aafcdbe-17a7-4779-a349-f5bb7632b0ab
.myvisualiq.net/	1970-01-20 17:39:49	Name: c Value: 1670629997
.myvisualiq.net/	1970-01-20 17:39:49	Name: tuuid_lu Value: 1670629997
.myvisualiq.net/	1970-01-20 17:39:49	Name: tuuid Value: 766978e6-15f7-4d5b-af1f-95f9651a9db4
.demdex.net/	1970-01-20 12:23:01	Name: demdex Value: 29162296805374227231820908910038130372
.dpm.demdex.net/	1970-01-20 12:23:01	Name: dpm Value: 29162296805374227231820908910038130372
.triptease.io/	1970-01-20 16:49:25	Name: triptease-user-id Value: 01GKWMXFM0YX5CYRF7NYJYERB6
.triptease.io/	1970-01-20 08:04:18	Name: triptease-session-id Value: 01GKWMXFM07SNNK4B7BD7BNMAG
.bidr.io/	1970-01-20 17:32:19	Name: bitoIsSecure Value: ok
.bidr.io/	1970-01-20 17:32:19	Name: bito Value: AAE8bk7HJ5UAAB-ofouGNg
.adnxs.com/	1970-01-20 10:13:25	Name: anj Value: dTM7k!M4/rE:2jUF']wIg2E>5om10L!]td=8i_j.f$%lK#^QR#<$MTX#-7z.isnT+F4Q`wS2e[CJJo3ghLkudCoP1wCrq_MD`_tg8LBDAZuIH_Ydoz9*eAjC!-'ywFI2$7
.casalemedia.com/	1970-01-20 16:49:25	Name: CMID Value: Y5PKb3KbT-f-DNprQYn2wAAA
.casalemedia.com/	1970-01-20 10:13:25	Name: CMPS Value: 3351
.casalemedia.com/	1970-01-20 10:13:25	Name: CMPRO Value: 3351
.ads.stickyadstv.com/	1970-01-20 08:47:01	Name: UID Value: 29b253d7dfff456f3a3f68082757f28
.ads.stickyadstv.com/	1970-01-20 08:47:01	Name: uid-bp-26913 Value: AABrG07HJ5UAACAGPHzhEg
.pubmatic.com/	1970-01-20 10:13:25	Name: KRTBCOOKIE_699 Value: 22727-AABrG07HJ5UAACAGPHzhEg
.pubmatic.com/	1970-01-20 08:47:01	Name: PugT Value: 1670629998
.triptease.io/	1970-01-20 16:49:25	Name: tt-bee-beeswax-id Value: AAOb907HJ5UAACDekZSS1g
.exelator.com/	1970-01-20 10:56:37	Name: EE Value: "c5fd3a6d682b98d22c5dfd6ff5cc891e"
.agkn.com/	1970-01-20 16:49:25	Name: ab Value: 0001%3A5eO5wZb76c8mC7uR2y7UDDUBCzc2hNCB
.company-target.com/	1970-01-20 17:39:49	Name: tuuid Value: aa16a534-5828-4bc5-bdae-5966b2cd7407
.company-target.com/	1970-01-20 17:39:49	Name: tuuid_lu Value: 1670629999
.exelator.com/	1970-01-20 10:56:37	Name: ud Value: "eJxrXxzq6XKLQSHZNC3FONEsxczCKMnSIsXIKNk0JS3FLC3NNDnZwtIwdXFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDAYkl%252BUWb6IhfXxUUpaQyLSopPBR%252BqWQ4A6iwrUA%253D%253D"
.bluekai.com/	1970-01-20 12:23:01	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 12:23:01	Name: bkpa Value: KJpEnXTLu5DlBMD01qcwEnaN5cx3zMzy2d90eUP65cj6edYG07OBOyevZxgu
.bluekai.com/	1970-01-20 12:23:01	Name: bku Value: g/A99sdvAtw/MOQk

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://idsync.rlcdn.com/420356.gif?partner_uid=17623021-8737-45d9-9861-d324805d53d7 Message: Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

112.xg4ken.com
5258867.fls.doubleclick.net
6131764.global.siteimproveanalytics.io
aa.agkn.com
accdn.lpsnmedia.net
ad.doubleclick.net
ads.stickyadstv.com
adservice.google.com
adservice.google.de
ajax.aspnetcdn.com
analytics.tiktok.com
api.triptease.io
authority.cosmopolitanlasvegas.com
b.triptease.io
b.videoamp.com
bat.bing.com
beacon.sojern.com
bttrack.com
c.bing.com
c.clarity.ms
cdn.bttrack.com
cdn.jsdelivr.net
cm.g.doubleclick.net
connect.facebook.net
cs.yieldoptimizer.com
d.adroll.com
dpm.demdex.net
dsum-sec.casalemedia.com
fcmatch.google.com
fcmatch.youtube.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
h.clarity.ms
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
loadus.exelator.com
lpcdn-a.lpsnmedia.net
lptag.liveperson.net
match.adsrvr.org
match.prod.bidr.io
messages.guest-experience.triptease.io
onboard.triptease.io
pixel.sojern.com
pubads.g.doubleclick.net
px.adentifi.com
s.adroll.com
secure.adnxs.com
segment.prod.bidr.io
segments.company-target.com
siteimproveanalytics.com
static-meta.triptease.io
static.triptease.io
stats.g.doubleclick.net
t.myvisualiq.net
t2.em.cosmopolitan-lv.com
tags.bluekai.com
tapestry.tapad.com
va.v.liveperson.net
vt.myvisualiq.net
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
104.76.200.221
107.178.244.119
142.250.185.102
142.250.185.194
142.250.185.198
151.101.1.182
151.101.129.182
151.101.129.62
151.101.2.133
152.199.19.160
162.252.76.20
172.217.18.2
178.249.101.23
178.249.97.99
18.185.197.230
18.200.78.128
18.66.2.30
185.64.190.80
185.80.39.216
185.89.210.153
185.89.210.46
192.132.33.46
20.234.93.27
208.89.12.87
23.213.161.145
23.3.88.16
2600:9000:20a5:3a00:6:9280:1080:93a1
2606:4700:3030::ac43:9d93
2606:4700::6810:5514
2606:4700:e4::ac40:ac0c
2620:1ec:4f:1::45
2620:1ec:c11::200
2a00:1450:4001:800::2003
2a00:1450:4001:810::2002
2a00:1450:4001:810::200e
2a00:1450:4001:813::200a
2a00:1450:4001:829::2002
2a00:1450:4001:829::2004
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2002
2a00:1450:4001:831::200e
2a00:1450:400c:c02::9d
2a03:2880:f080:9:face:b00c:0:3
2a03:2880:f145:82:face:b00c:0:25de
2a05:d018:cc3:fe04:f373:8994:d3a2:58c
34.205.226.12
35.186.195.233
35.186.212.60
35.227.248.159
35.244.174.68
35.71.131.137
40.80.155.102
52.212.89.6
52.222.214.106
52.224.31.34
52.50.26.223
54.147.255.25
54.148.94.238
54.227.133.78
54.72.53.159
54.78.254.47
63.32.161.99
69.16.175.42
02b1a2288fa97ab2da8eee21036673daa75e4bf4befdd57a7fc0067ff82026f2
03903375e5192415755f63297022c723f882093152a41027d91bd9b612aae403
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b2024ab96259b2c1e3517f1401ebfac067c4ae9a1adce1cbf1f0a0839f43f40
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
119d4155d7fb2265439dc2304366662bb3e43dcd7409d8eceac58215bf452ae8
13243171b1f5976e74f79647f612a1d879bfa606816a204f72a833c0e89f269a
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
18cf414b2e7746b79dc3d6e1ed267c4da4e24e96183d28fd0353c6e34ed2e0fb
1c376aad686d4901e7d152495b7a1dc91f3f558e2bc028c1f1224edec99c6edc
1e49eec740d31fbfbbe69037b0d2993ddf62156ddd46582a4295c3d10bc3e84b
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
21d2b359cbb02ef13dab5f81357cc0510498bb95cc1e3a1a68eaabd169f8d92c
26ffdc4c21800007afa59f4958232ceb5b7ee1c74daf7f283117a13387346b74
2a8465375a39a7134ca432e800a96a23569f1828821f0eec3f39d38c08387653
2e3e3b2660cbfaac5febf7a50b31d0494159989626a84102b2c3792cffe27d13
30530a52bc5461a15f4f50fe1972c0ac56b5f3ee445511b392bd0ca66bdabccd
3491ef1ca659bccbaec555c73b1c829b05f72373b0a5588d9387b089b8e8983f
37b05d6c8c039b8fc18a815fee4c0602429b0fd49a3756854726554ce9d93d3e
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983
44a531b246b1e5487e3a583e0508e7c9545882ffb0a149a4b674584618baf853
483978dff3e42975a8ec56854bf633f2f8f4fdf3decdc4068744a1d174ffd349
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b8e932f6edc091277b09ebae632ee9b1bac5b54ab8b359a9b7de2dd9aa95748
4f01f04dbd7b442cd8406e430ad8aba43f2f32cc17fae9aa80d1737ba80f5e3f
5074816757bcced52a7851e776f5b784ad2a8b085de80d0d391e7da45bf657f1
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54d464dcbb274e2f142eb6e78e14dd6885edc21e72d0989717a1318c170777df
56ad0167e39327ff5024fd50208c25fe7ecd6279c3467b6c1a763bc1659c5292
57554877947a356911e17034359412ea444c15f58884c0100062788dd3660bb8
5941d1622373ff4da4a0ec6ae2c474a80f2e65763aca377b069690ed4cc26d02
5bfaa0f222b5ce5a88941e32d672fed4c20a9ede1b6bec36d423fbe63cf54a6e
639fcd75ad19240531093db9d079f4be79913034b5ce3a7ae0b4006735f1fb2f
65a0dbfe0f7b81844603a256fdfe1573bf230a2dbc597215cc9b49de29c62d10
6622b5e1a9d93d6b5a2f4eb7a0556f802fb002e5efde0d0f4e3781a94776e331
67e247429030584fc6693af52f505c0b747712d61f4745dca405dec3c77d64cc
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d9d1c5aaa88ce25123bea2c437894589afdbd86317e5f0f81822ef6034a3c7e
6dd638c736434fa39902ac9fd514ca318c964cd652f6fcb1d1a0c48c871284c2
6efa775a864aba5b3b1bc9ce6335a617693c712d3a65633cbe6751fa1d291a9c
71cef4a50ef3f57ad280e784cbfcc0967e87975383dbc80bf01a168c2ff216d2
73554174a7a1f1e6d2276ece0d30acf848eb28a872939732fe5cb45363766d64
79b647f19f44a1cebbf12bcbb766b76f4523227e97991cebe0175f66fdcda647
7eb70257593da06f682a3ddda54a9d260d4fc514f645237f5ca74b08f8da61a6
80138bfba0589f5e4cf0a1c380126105715fea8735202fe5df4327305927680f
81b76f8016365c2e50aa510d35267c0860174054e028a393e2486f8f8f8416d4
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8654cd40def2f86dd5b0d0475efc98487ec5c0b5b85bc43fd0e75f74ba924cb8
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
87808c44df49da290a28df90c690f7bcb1e5619ccdf21d072a50b22b6f185947
8a56ec7545fc72c81e7601274bfd7e84c6206c9ef74038f7b589bdb695755d61
8d0541f7385fd9c22e2d87d8b665660d57cf5e7c59979176d055000d4884572b
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e2f1ee06bf08d78278ec917f6d3d655b5e36b52f0abbafcb350ed31e94a0b15
910612fc65208677f4e2fff60558e0f1949138a3696402a17ed5582efe0d2649
952325f88358abd487e263464e5b7e331e06ee6c2abb186eebde1c817fb92b6e
95538a3c7f311cde2254abff8fa18c042290111b9928c0861b051f1f0fff7210
95d9ba8df5840f58812d48d41266716e70dfc83d530592c8e54cdc3b495801a4
965f915d74e6f6553e10fc95db6cfd1e33df7ce9cbcead5a9fbc08f55f541f18
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99ec1155ca51fe44988c932a93a9732533236aae633aea3c2fe6a3b0043f094a
9e3d849ed7939bc46f6f33547c1cd617c1a639fa4d07cc080534218b91fad883
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1f5f3b869efe898980a103d51362496f7f650ca2655ee6d244246daf5f961e4
a2721298ae526f997c556afcd0a7f768abfd6ad9b0ce4ec449d5b27b86929f04
a6cd4b6c0ed5513f3c190bf21dfbf21d3f6ff633835ada97a64317ea5298e978
abb78d31c33ab80d8dce5b86ab97f511b9dd18336b5be9af057bb72314eb0a0a
af2537c0c0067f5bd234d2d9b9d829b4078088b0786f7fc9e2904b7907a27c07
b0bb31cbd2ec1fba32fea2c09b0ba2649e1f5b53d520e1d314b998a1ff7a465e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b47cb76c0b81c7198badbc81d916ac195bebbc72b779b5c886d409bc618d59fc
b83bf1249c810f5e3fbf7d29fa04ab2e660f468180f91ad4342d91f8e08cbfb8
ba5986e8f1801806b13c5af39262d5abf484ea364c0349a214d836f0df71ed9f
cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11
cd0d0b6e50ff01ff2f3a9a70d7cfb66a7c6cb9acf7a566325568be6d3bd31fc4
d1b7a617951177d643abbae142ec04a01f273d9ce1434123035cb44c54fd60db
d210fc924192750921a3a178c7d4e090f32a5d13b648c2bf059e7285d68d2857
d5c905d7ce4679b183eb11f7c6811682ddffbf0f037590360ae2b1a84a51ef1b
d5f5d990e654d6079fa7ed17323e9f896daf8ddf44b72d5b5f3ebd9368125017
d5fa375baaa8c2ae0f8a7a42b0ab21695a9ec04c68166ceb44118a6d27405449
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de20f5b1f85c69c76abc5482ce8994a407dd94b4e6e3b0dfa4859b4ceda78520
def5a8ee75fd584a03109d0d6db139dbe5e962e0a9a4b9a9caf36abd7341f3c4
e1b3b065433bc2af4ba975e98b90816e0040b1193bdec393a8623f1aa28fe9bf
e307f4d4d2208c8b5e06543d942e1348ea1e1e520518647680e24067365de030
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e55842a856a6d829feca3c3ad736c136b6c7549e9247274f78aa296259e06e24
e8ea3a9d34088d0ee4e830d50fecf4800e6f49954f451a76862ac40fecc5040a
e91bec8cdac6b453d634c7f5157fd9baee7c5ebb7be05551783506a98fba814a
eab915ac4386036f18a76eb8a330957f93ccb79f4291c9ab472869d0750852ae
ebcd43274f956ef6d5c0f690695cc56c35a3a77180c9d1b80791febe4e27f601
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2c4b7d20ff42a433d0c76631c460cd75128f8f0436d052ce2cf79dc4fa6a244
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f6a1edd7e817eaba3aa6efc1dbebaf2f9c80b03cc6ded9945a1a70dd27ad8610

authority.cosmopolitanlasvegas.com Open in urlscan Pro 40.80.155.102 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

158 Requests

82 %HTTPS

33 %IPv6

44 Domains

68 Subdomains

61 IPs

7 Countries

2667 kBTransfer

6385 kBSize

60 Cookies

4 Outgoing links

Page URL History

Redirected requests

158 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

authority.cosmopolitanlasvegas.com Open in urlscan Pro
40.80.155.102 Public Scan

Screenshot
Live screenshot

Full Image

158
Requests

82 %
HTTPS

33 %
IPv6

44
Domains

68
Subdomains

61
IPs

7
Countries

2667 kB
Transfer

6385 kB
Size

60
Cookies

158 HTTP transactions
0 data transactions