r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aabe410b4bbe4d8beb0e4561d3aa158e
e1788632902ddea62cdd9e7ad6009a75ffb69788
ad535e27b201e92670770b2b868c58f7c05633ec66490a41ef4592f062834c1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AD535E27B201E92670770B2B868C58F7C05633EC66490A41EF4592F062834C1F"
Last-Modified: Wed, 09 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9055
Expires: Fri, 11 Nov 2022 02:14:49 GMT
Date: Thu, 10 Nov 2022 23:43:54 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a19a5555cc9ea92581b0cc504cb64345
01a86ce33d5eb33420ed76266360f32c62a96f31
9ebd48b4053bb4a7a27718670c44075b1f35d037be7fd16750fcbc3ffd68b18c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3348
Cache-Control: max-age=128581
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:54 GMT
Etag: "636cd2eb-1d7"
Expires: Sat, 12 Nov 2022 11:26:55 GMT
Last-Modified: Thu, 10 Nov 2022 10:31:07 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 10 Nov 2022 23:43:54 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 0
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2b57492bf85f4ae6abbd1641b17dc9ab
008e71ec05d47bf025ca64e17da2ea1bd8e71111
17894427c471f7fa02ca274795dc55df1bfc99d7bd83f9ee36249394035110fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "17894427C471F7FA02CA274795DC55DF1BFC99D7BD83F9EE36249394035110FD"
Last-Modified: Wed, 09 Nov 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10675
Expires: Fri, 11 Nov 2022 02:41:49 GMT
Date: Thu, 10 Nov 2022 23:43:54 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: MjdAD3QuZ/xbTkXsztCsSL6Uy/Pvse1358+qgoFpopcnaW0xzbTwfPIY2dmh4L109elBHtqww7c=
x-amz-request-id: ZTRE4XEGH4VP21RP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 10 Nov 2022 22:49:34 GMT
age: 3260
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
cosmopolitan-lv.com/
165.160.13.20301 Moved Permanently 0 B IP 165.160.13.20:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: cosmopolitan-lv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Thu, 10 Nov 2022 23:43:54 GMT
Location: http://www.cosmopolitanlasvegas.com
Content-Length: 0
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 10 Nov 2022 23:43:54 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Cache-Control, Pragma, Retry-After, ETag, Alert, Expires, Backoff, Content-Type, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 10 Nov 2022 22:44:47 GMT
cache-control: public,max-age=3600
age: 3548
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
www.cosmopolitanlasvegas.com/
40.112.142.148301 Moved Permanently 0 B URL HTTP/1.1 www.cosmopolitanlasvegas.com/
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Content-Length: 0
Date: Thu, 10 Nov 2022 23:43:55 GMT
Location: https://www.cosmopolitanlasvegas.com/
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 081ea13ba4390a4baab25cf57c2672f3
30cc9c329228e3d7bc6041f1aa553f06f8136eed
5a48c189581edd8ae4a4e58e2d54359bb75ba769828436394e4c256fe861814e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4475
Cache-Control: max-age=124653
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:55 GMT
Etag: "636cbf2d-1d7"
Expires: Sat, 12 Nov 2022 10:21:28 GMT
Last-Modified: Thu, 10 Nov 2022 09:06:53 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
35.161.136.21101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.161.136.21:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: KH9FG7TlSoJ17KqHmP9aZg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: WAktkuwHnGSe/z1yTRv0UULrr10=
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 621516962cadd71e39b5cc6a736d9d4b
85e1ae10a49442c14ce83b0292865383b62e6303
dc2c3dcc5df43d8ab3622f04492e1667888d8856f9dca9eb4a340b32c6817ccb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6217
Cache-Control: max-age=142603
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:56 GMT
Etag: "636cfe7e-117"
Expires: Sat, 12 Nov 2022 15:20:39 GMT
Last-Modified: Thu, 10 Nov 2022 13:37:02 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 621516962cadd71e39b5cc6a736d9d4b
85e1ae10a49442c14ce83b0292865383b62e6303
dc2c3dcc5df43d8ab3622f04492e1667888d8856f9dca9eb4a340b32c6817ccb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6217
Cache-Control: max-age=142603
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:56 GMT
Etag: "636cfe7e-117"
Expires: Sat, 12 Nov 2022 15:20:39 GMT
Last-Modified: Thu, 10 Nov 2022 13:37:02 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 83b99092f19a38763c0b6ffc5e05e5aa
4cacf0a4adc46e28bc867d666a3fb45738dd1501
168478f1e03d83548fbfeed6dfad20ef23cb5a1dbf18f7312e5cf6dd290e9339
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 621516962cadd71e39b5cc6a736d9d4b
85e1ae10a49442c14ce83b0292865383b62e6303
dc2c3dcc5df43d8ab3622f04492e1667888d8856f9dca9eb4a340b32c6817ccb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6217
Cache-Control: max-age=142603
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:56 GMT
Etag: "636cfe7e-117"
Expires: Sat, 12 Nov 2022 15:20:39 GMT
Last-Modified: Thu, 10 Nov 2022 13:37:02 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 621516962cadd71e39b5cc6a736d9d4b
85e1ae10a49442c14ce83b0292865383b62e6303
dc2c3dcc5df43d8ab3622f04492e1667888d8856f9dca9eb4a340b32c6817ccb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4093
Cache-Control: max-age=140479
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:56 GMT
Etag: "636cfe7e-117"
Expires: Sat, 12 Nov 2022 14:45:15 GMT
Last-Modified: Thu, 10 Nov 2022 13:37:02 GMT
Server: ECS (amb/6BA9)
X-Cache: HIT
Content-Length: 279
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
142.250.74.138200 OK 31 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (65451)
Hash 81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396
GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 14:27:33 GMT
expires: Fri, 10 Nov 2023 14:27:33 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
age: 33383
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.cosmopolitanlasvegas.com/
40.112.142.148200 OK 34 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (6249)
Hash 36c65450a684fc8b2a4cd8d14ead7570
4d176d4891df2b4edb917cc310b789af4a4b8227
8f9ea82de0e360aaa47438b4a1e377b19b6dbc9431a5d651409533a2e6e33c06
GET / HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Content-Length: 34407
Content-Type: text/html; charset=utf-8
Date: Thu, 10 Nov 2022 23:43:56 GMT
Server: Microsoft-IIS/10.0
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: no-cache, private
Content-Encoding: gzip
Set-Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; expires=Fri, 11-Nov-2022 01:43:56 GMT; Max-Age=7200; path=/; secure
tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; expires=Fri, 11-Nov-2022 01:43:56 GMT; Max-Age=7200; path=/; secure; httponly
ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44;Path=/;HttpOnly;Secure;Domain=www.cosmopolitanlasvegas.com
ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44;Path=/;HttpOnly;SameSite=None;Secure;Domain=www.cosmopolitanlasvegas.com
Vary: Accept-Encoding
X-Powered-By: PHP/7.4.30, ASP.NET
Content-Security-Policy: child-src 'self' *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com;frame-ancestors 'self' *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com;frame-src 'self' *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Feature-Policy: geolocation 'self'; midi 'self'; camera 'self'; usb 'self'; magnetometer 'self'; payment 'self'; picture-in-picture 'self'; vr 'self'; fullscreen *;
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 83b99092f19a38763c0b6ffc5e05e5aa
4cacf0a4adc46e28bc867d666a3fb45738dd1501
168478f1e03d83548fbfeed6dfad20ef23cb5a1dbf18f7312e5cf6dd290e9339
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
images.ctfassets.net/sahy2rpqbnsp/3ryXL7Dnos68OkYWWoAaeQ/f0edc366bb89c2fa191519512d617b6f/home-cabaret-scene.jpg?w=600&h=315&fm=jpg&q=100&fit=fill
54.230.111.2200 OK 211 kB URL HTTP/2 images.ctfassets.net/sahy2rpqbnsp/3ryXL7Dnos68OkYWWoAaeQ/f0edc366bb89c2fa191519512d617b6f/home-cabaret-scene.jpg?w=600&h=315&fm=jpg&q=100&fit=fill
IP 54.230.111.2:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, baseline, precision 8, 600x315, components 3\012- data
Size 211 kB (211344 bytes)
Hash 376b7f5306822637fb04b64743b03a5c
d6a75c5fdfcdb23a887d67569bed09543a229fb3
d9080ad310d1066e503cb0202e927f6d74c71c833cf6f762272dc13cf73352a5
GET /sahy2rpqbnsp/3ryXL7Dnos68OkYWWoAaeQ/f0edc366bb89c2fa191519512d617b6f/home-cabaret-scene.jpg?w=600&h=315&fm=jpg&q=100&fit=fill HTTP/1.1
Host: images.ctfassets.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 211344
last-modified: Fri, 14 Oct 2022 14:43:40 GMT
date: Thu, 10 Nov 2022 09:29:04 GMT
cache-control: max-age=31536000
server: Contentful Images API
access-control-allow-origin: *
etag: "376b7f5306822637fb04b64743b03a5c"
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UKppMTJhH_sZii0WTt68jO4TUqKnc4MBnTNBF2nZgD89SzN9z1tAyw==
age: 51292
X-Firefox-Spdy: h2
images.ctfassets.net/sahy2rpqbnsp/7vxSKRd2TRE28DHBE1nly8/77730224669ebce3d10ccb94040329d3/chandy-crop-3.jpg?w=1920&h=1080&fm=jpg&q=50&fit=fill
54.230.111.2200 OK 346 kB URL HTTP/2 images.ctfassets.net/sahy2rpqbnsp/7vxSKRd2TRE28DHBE1nly8/77730224669ebce3d10ccb94040329d3/chandy-crop-3.jpg?w=1920&h=1080&fm=jpg&q=50&fit=fill
IP 54.230.111.2:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size 346 kB (345515 bytes)
Hash b24e7fcbb2dd1db0b93b3b70ff2ef917
a87b2180dcc31561482e801a4cab70469a0e91f3
d579f94c8305972d58ff2a948393dd154d470b4ea67c02a76dba82b9a3bdf90c
GET /sahy2rpqbnsp/7vxSKRd2TRE28DHBE1nly8/77730224669ebce3d10ccb94040329d3/chandy-crop-3.jpg?w=1920&h=1080&fm=jpg&q=50&fit=fill HTTP/1.1
Host: images.ctfassets.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 345515
etag: "b24e7fcbb2dd1db0b93b3b70ff2ef917"
last-modified: Tue, 08 Nov 2022 22:15:28 GMT
date: Thu, 10 Nov 2022 06:43:45 GMT
cache-control: max-age=31536000
server: Contentful Images API
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YqE87EZuWwbZ1Oglh6QphM5hbuOBKV7rOdUA9AOL0yic9RBRxaeqUQ==
age: 61211
X-Firefox-Spdy: h2
use.typekit.net/xur1jib.css
23.36.76.186200 OK 726 B URL HTTP/2 use.typekit.net/xur1jib.css
IP 23.36.76.186:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with very long lines (516)
Hash abda852d68cbd09bdcbc99d21a03b6bc
832493fdc76de00d7e0ccb7de8da955df80164f4
93231b47308649f02cfad12e18480abddbb89982e2c7d4cf3b71658da23d85b4
GET /xur1jib.css HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css;charset=utf-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains;
cache-control: private, max-age=600, stale-while-revalidate=604800
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
content-length: 726
date: Thu, 10 Nov 2022 23:43:56 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash abc1b6dead712b3905b9b0c0c8b63b56
e63b4c3f61604e313af85d9577866b98f75faa2a
fe7ff7563830e4fd0ab0af0eb929ca26e7a59d6ac147115d127a9585867d139a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
p.typekit.net/p.css?s=1&k=xur1jib&ht=tk&f=6768.6769.6770.6771&a=13717435&app=typekit&e=css
23.36.76.186200 OK 5 B URL HTTP/2 p.typekit.net/p.css?s=1&k=xur1jib&ht=tk&f=6768.6769.6770.6771&a=13717435&app=typekit&e=css
IP 23.36.76.186:0
ASN #20940 Akamai International B.V.
Hash 83d24d4b43cc7eef2b61e66c95f3d158
f0cafc285ee23bb6c28c5166f305493c4331c84d
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
GET /p.css?s=1&k=xur1jib&ht=tk&f=6768.6769.6770.6771&a=13717435&app=typekit&e=css HTTP/1.1
Host: p.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cache-control: public, max-age=604800
content-type: text/css
cross-origin-resource-policy: cross-origin
etag: "613bee4d-5"
last-modified: Fri, 10 Sep 2021 23:46:21 GMT
server: nginx
content-length: 5
unused62: 8096267
date: Thu, 10 Nov 2022 23:43:56 GMT
X-Firefox-Spdy: h2
assets.pxlecdn.com/assets/pixlee_widget_1_0_0.js
151.101.86.132200 OK 133 kB URL HTTP/2 assets.pxlecdn.com/assets/pixlee_widget_1_0_0.js
IP 151.101.86.132:0
File type ASCII text, with very long lines (32767)
Size 133 kB (133199 bytes)
Hash e875a5404af4a1ac3afa17b2a6d6f4bc
f80232b22799aab7d3a5f868548d921e44ba0188
35e95a717be22e23144a1d7a9dcbf1424b284c47bb188632a567774b7e020c43
GET /assets/pixlee_widget_1_0_0.js HTTP/1.1
Host: assets.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Hm2TNLkhTlpU2BwwBu5i5dqyGJyo9vW/ua4yWu+jBOxmyGRmbCMowd3c7igEOJe8pL7srPoMk/E=
x-amz-request-id: QGNAGVM826JJ3MBB
last-modified: Wed, 26 Oct 2022 13:51:45 GMT
etag: "5583f9213bc228c80c624246f2ce0cd1"
expires: Wed, 26 Oct 2022 23:44:16 GMT
x-amz-version-id: null
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:56 GMT
age: 12754
x-served-by: cache-iad-kiad7000041-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 98, 2
x-timer: S1668123837.608367,VS0,VE0
vary: Accept-Encoding
content-length: 133199
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=GOOGLE_ANALYTICS_ID
142.250.74.168200 OK 38 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=GOOGLE_ANALYTICS_ID
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 42a6c29058f533b4d6e3d7fee7bf1513
5d6e41fa2306f900ec3e4a02c6b85f95a0b9c246
d5795e6dd91d0bd177d5f3f4a6930228bc7ed78925838c2c43b964d8a0d9692e
GET /gtag/js?id=GOOGLE_ANALYTICS_ID HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 10 Nov 2022 23:43:56 GMT
expires: Thu, 10 Nov 2022 23:43:56 GMT
cache-control: private, max-age=900
last-modified: Thu, 10 Nov 2022 22:55:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 37507
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash abc1b6dead712b3905b9b0c0c8b63b56
e63b4c3f61604e313af85d9577866b98f75faa2a
fe7ff7563830e4fd0ab0af0eb929ca26e7a59d6ac147115d127a9585867d139a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cosmopolitanlasvegas.com/css/orchid.css?v=1
40.112.142.148200 OK 25 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/css/orchid.css?v=1
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash c65419d4fa0ec413bf0dee27dc91d005
bb0bfed9ac2d852ee8baa2f8736eade9e52883c2
bb7e4119902ec5d885b58452dbc15dc8f89755f0af3cbc0f207227dffd483553
GET /css/orchid.css?v=1 HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 25086
Content-Type: text/css
Date: Thu, 10 Nov 2022 23:43:56 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
Content-Encoding: gzip
ETag: "0e571b87d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:20:02 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
images.ctfassets.net/sahy2rpqbnsp/3cVyMZVjuwGg664QsKOyew/e0e5819c1f8e35f5ac6910a2384a5e00/Rose_Shifter_1600x900.jpg?w=800&h=450&fm=jpg&q=50&fit=fill
54.230.111.2200 OK 14 kB URL HTTP/2 images.ctfassets.net/sahy2rpqbnsp/3cVyMZVjuwGg664QsKOyew/e0e5819c1f8e35f5ac6910a2384a5e00/Rose_Shifter_1600x900.jpg?w=800&h=450&fm=jpg&q=50&fit=fill
IP 54.230.111.2:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 800x450, components 3\012- data
Hash cd77c7925440a471b96ee160cd536346
cb5316d2084ad479e990f03cd6ff978908d6483f
16cb5813fd94d5fceb137c7bb5b68fd39763036c83ff99f23444d2f8d52b948d
GET /sahy2rpqbnsp/3cVyMZVjuwGg664QsKOyew/e0e5819c1f8e35f5ac6910a2384a5e00/Rose_Shifter_1600x900.jpg?w=800&h=450&fm=jpg&q=50&fit=fill HTTP/1.1
Host: images.ctfassets.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 13996
etag: "cd77c7925440a471b96ee160cd536346"
last-modified: Thu, 20 Oct 2022 03:52:53 GMT
date: Thu, 10 Nov 2022 06:43:45 GMT
cache-control: max-age=31536000
server: Contentful Images API
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: AauIEGo9S5UW2N0Lsn0Fa9BRVidGgFQzke9ijrXuwI7xJPcryY3dbQ==
age: 61211
X-Firefox-Spdy: h2
use.typekit.net/af/5cace6/00000000000000003b9b00c2/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
23.36.76.186200 OK 46 kB URL HTTP/2 use.typekit.net/af/5cace6/00000000000000003b9b00c2/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
IP 23.36.76.186:0
ASN #20940 Akamai International B.V.
File type Web Open Font Format (Version 2), CFF, length 46248, version 1.0\012- data
Hash 1bed79cd2323269f03f2c0be39ad6e62
c81dac7badf21ff74032858ca73d5f49c1beedd9
03337b42dd67db1a69d3b935c4a8408d25b216c8c2c6d94603d6ae99e85dffa6
GET /af/5cace6/00000000000000003b9b00c2/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3 HTTP/1.1
Host: use.typekit.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://use.typekit.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/font-woff2
content-length: 46248
etag: "e6717517dba1fda79bbfc5daf1c1929c64c941f1"
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: public, max-age=31536000
date: Thu, 10 Nov 2022 23:43:56 GMT
X-Firefox-Spdy: h2
photos.pixlee.co/lightbox?widget_id=2326898&api_key=ikJ8N5McrbJpLWPfNbzu&parent_url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
151.101.86.132200 OK 8.1 kB URL HTTP/2 photos.pixlee.co/lightbox?widget_id=2326898&api_key=ikJ8N5McrbJpLWPfNbzu&parent_url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
IP 151.101.86.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (18497)
Hash 174d5ce5cf30b828a929b9052b640429
201645200d32b7d01fce6515bf0af30824f00538
4db470cf793b6fe6a80267adc94045f3ac19c0747455f66d612b6cb159f0cf02
GET /lightbox?widget_id=2326898&api_key=ikJ8N5McrbJpLWPfNbzu&parent_url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F HTTP/1.1
Host: photos.pixlee.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Cowboy
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
report-to: { "group": "csp", "max-age": 10886400, "endpoints": [{ "url": "https://sentry.io/api/1227414/security/?sentry_key=a8d877c6035547e193eff7baa44c7501;" }] }
content-security-policy: default-src http: https:;script-src *.kube.pixlee.io *.dev.pixlee.com:9001 *.feedshop.net *.pxlecdn.com *.pixlee.gallery *.pixleeteam.com data: *.nanovisor.io http://photos.test localhost:8000 http://photos.pixlee.test *.pixlee.com *.pixlee.co https://cdn.ravenjs.com https://browser.sentry-cdn.com cdnjs.cloudflare.com https://*.cloudfront.net *.pusher.com *.pinterest.com *.googleapis.com https://api-ssl.bitly.com *.google-analytics.com graph.instagram.com connect.facebook.net googletagmanager.com pixlee.gallery https://www.tiktok.com https://*.ibytedtos.com https://*.tiktokcdn.com https://*.ttwstatic.com/ 'unsafe-inline' 'unsafe-eval';style-src *.kube.pixlee.io *.dev.pixlee.com:9001 *.pixleeteam.com http://photos.test localhost:8000 http://photos.pixlee.test *.pixlee.com *.pixlee.co *.pxlecdn.com https://cdnjs.cloudflare.com fonts.googleapis.com graph.instagram.com https://*.tiktokcdn.com 'unsafe-inline';font-src http: https: data:;img-src *.kube.pixlee.io *.pixleeteam.com android-webview-video-poster: *.pixlee.com *.pixlee.co *.pxlecdn.com http: https: data: blob:;connect-src *.kube.pixlee.io *.dev.pixlee.com:9001 *.feedshop.net *.pxlecdn.com *.pixlee.gallery *.pixleeteam.com *.nanovisor.io *.pixlee.com *.pixlee.co *.pixlee.test localhost:8000 distillery.test photos.test *.pixleeteam.com:9000 *.pixleeteam.com:9001 ws://*.pixlee.com wss://*.pixlee.com ws://*.pixlee.co wss://*.pixlee.co ws://*.pxlecdn.com wss://*.pxlecdn.com *.pusherapp.com ws://*.pusherapp.com wss://*.pusherapp.com https://api-ssl.bitly.com *.facebook.com pixlee-staging-distillery.herokuapp.com s3.amazonaws.com youtube.com sentry.io code.jquery.com *.googleapis.com pixlee-backstage-analytics.herokuapp.com https://www.tiktok.com https://*.ibytedtos.com;report-to csp;report-uri https://sentry.io/api/1227414/security/?sentry_key=a8d877c6035547e193eff7baa44c7501
content-type: text/html; charset=utf-8
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
etag: W/"5a1b4b6b3568a44f89a0fc53ecb9fffd"
x-request-id: 77cfc4a3-cd5c-4e17-ba30-8d6c4b56bbf9
x-runtime: 0.036390
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
content-encoding: gzip
cache-control: max-age=300,s-maxage=300
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:56 GMT
age: 42
x-served-by: cache-iad-kcgs7200084-IAD, cache-bma1673-BMA
x-cache: HIT, MISS
x-cache-hits: 3, 0
x-timer: S1668123837.840100,VS0,VE107
vary: Origin, Accept-Encoding
true-client-ip: 91.90.42.154
strict-transport-security: max-age=31557600
content-length: 8099
X-Firefox-Spdy: h2
photos.pixlee.co/widget?widget_id=2326898&api_key=ikJ8N5McrbJpLWPfNbzu&parent_url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
151.101.86.132200 OK 8.2 kB URL HTTP/2 photos.pixlee.co/widget?widget_id=2326898&api_key=ikJ8N5McrbJpLWPfNbzu&parent_url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
IP 151.101.86.132:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (18456)
Hash 9e59e7896465beffda07560d32efdb82
ea01a8d8d9acc65215415ec90c2e0b78eee4aea3
04a53050be31f3b1eb677808fd04c0a6d1c034abe8c3dbb9f954d1353d3fea49
GET /widget?widget_id=2326898&api_key=ikJ8N5McrbJpLWPfNbzu&parent_url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F HTTP/1.1
Host: photos.pixlee.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Cowboy
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
report-to: { "group": "csp", "max-age": 10886400, "endpoints": [{ "url": "https://sentry.io/api/1227414/security/?sentry_key=a8d877c6035547e193eff7baa44c7501;" }] }
content-security-policy: default-src http: https:;script-src *.kube.pixlee.io *.dev.pixlee.com:9001 *.feedshop.net *.pxlecdn.com *.pixlee.gallery *.pixleeteam.com data: *.nanovisor.io http://photos.test localhost:8000 http://photos.pixlee.test *.pixlee.com *.pixlee.co https://cdn.ravenjs.com https://browser.sentry-cdn.com cdnjs.cloudflare.com https://*.cloudfront.net *.pusher.com *.pinterest.com *.googleapis.com https://api-ssl.bitly.com *.google-analytics.com graph.instagram.com connect.facebook.net googletagmanager.com pixlee.gallery https://www.tiktok.com https://*.ibytedtos.com https://*.tiktokcdn.com https://*.ttwstatic.com/ 'unsafe-inline' 'unsafe-eval';style-src *.kube.pixlee.io *.dev.pixlee.com:9001 *.pixleeteam.com http://photos.test localhost:8000 http://photos.pixlee.test *.pixlee.com *.pixlee.co *.pxlecdn.com https://cdnjs.cloudflare.com fonts.googleapis.com graph.instagram.com https://*.tiktokcdn.com 'unsafe-inline';font-src http: https: data:;img-src *.kube.pixlee.io *.pixleeteam.com android-webview-video-poster: *.pixlee.com *.pixlee.co *.pxlecdn.com http: https: data: blob:;connect-src *.kube.pixlee.io *.dev.pixlee.com:9001 *.feedshop.net *.pxlecdn.com *.pixlee.gallery *.pixleeteam.com *.nanovisor.io *.pixlee.com *.pixlee.co *.pixlee.test localhost:8000 distillery.test photos.test *.pixleeteam.com:9000 *.pixleeteam.com:9001 ws://*.pixlee.com wss://*.pixlee.com ws://*.pixlee.co wss://*.pixlee.co ws://*.pxlecdn.com wss://*.pxlecdn.com *.pusherapp.com ws://*.pusherapp.com wss://*.pusherapp.com https://api-ssl.bitly.com *.facebook.com pixlee-staging-distillery.herokuapp.com s3.amazonaws.com youtube.com sentry.io code.jquery.com *.googleapis.com pixlee-backstage-analytics.herokuapp.com https://www.tiktok.com https://*.ibytedtos.com;report-to csp;report-uri https://sentry.io/api/1227414/security/?sentry_key=a8d877c6035547e193eff7baa44c7501
content-type: text/html; charset=utf-8
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
etag: W/"a1162d2086f486ebe2c3e71511f06a21"
x-request-id: 27fbd13c-9ce2-412a-8c81-7a952a819825
x-runtime: 0.041179
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
content-encoding: gzip
cache-control: max-age=300,s-maxage=300
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:56 GMT
age: 243
x-served-by: cache-iad-kcgs7200051-IAD, cache-bma1673-BMA
x-cache: HIT, MISS
x-cache-hits: 14, 0
x-timer: S1668123837.840943,VS0,VE109
vary: Origin, Accept-Encoding
true-client-ip: 91.90.42.154
strict-transport-security: max-age=31557600
content-length: 8229
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15019
Expires: Fri, 11 Nov 2022 03:54:15 GMT
Date: Thu, 10 Nov 2022 23:43:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15019
Expires: Fri, 11 Nov 2022 03:54:15 GMT
Date: Thu, 10 Nov 2022 23:43:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15019
Expires: Fri, 11 Nov 2022 03:54:15 GMT
Date: Thu, 10 Nov 2022 23:43:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15019
Expires: Fri, 11 Nov 2022 03:54:15 GMT
Date: Thu, 10 Nov 2022 23:43:56 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1b6e55fb9c16b8ec503ca6fb935f650f
1e392159765235158a218248677dc21c46bc4f42
89cc50a881ff8fae94b7bfa2732d133df59bae06680f6d2147281ee7bf8ab00b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89CC50A881FF8FAE94B7BFA2732D133DF59BAE06680F6D2147281EE7BF8AB00B"
Last-Modified: Tue, 08 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15019
Expires: Fri, 11 Nov 2022 03:54:15 GMT
Date: Thu, 10 Nov 2022 23:43:56 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90fb2375-b31d-4383-99b0-d1eb98b6950c.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90fb2375-b31d-4383-99b0-d1eb98b6950c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9d69309818ae2e0fee77135165b5e634
dcae7a9a9e51458dc08c6d60c6528ea5e686a17d
9f9a0bebef380c7971dd47c6fec71c1a7c48d483165d15b3e012316de267529c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90fb2375-b31d-4383-99b0-d1eb98b6950c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10876
x-amzn-requestid: 28392857-2df7-48c9-990d-bd75c1c9c2d0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bXSrpH-kIAMF6pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c64b0-47908a656ade0308317372e6;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 02:40:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oZW379FNavGyrKZgoEkYYV5T6GxOhvUiid9U4bzwOxKzC6ociJtjJA==
via: 1.1 d042f60a962591f741406f28a8170c5a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 06:31:02 GMT
age: 61974
etag: "dcae7a9a9e51458dc08c6d60c6528ea5e686a17d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8a087e0-6803-4782-af79-e6b6225befa5.webp
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8a087e0-6803-4782-af79-e6b6225befa5.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e008606f3f8c8e0d3b0b8a37eabc829a
98a80b1eaf4c774b5dca5bb86cfe53dd88bd89a4
2282526c03afe7e8919dbe4d3893cc5743860344f01ef616e15eeabae492ab6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb8a087e0-6803-4782-af79-e6b6225befa5.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6670
x-amzn-requestid: 3d1dfe08-b9ae-4354-8066-93c078d6fbbd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bQx-NGftIAMFSXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6369c9f4-54411a3f7eafb46a0cf9659e;Sampled=0
x-amzn-remapped-date: Tue, 08 Nov 2022 03:16:04 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aA60n9sUi1jH7ohG2InQg0Z440iAXdTHXu2C-palDJvMrOCHc7bfVw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 06:54:01 GMT
age: 60596
etag: "98a80b1eaf4c774b5dca5bb86cfe53dd88bd89a4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8403ff83-77b6-40bf-b7e1-ab07f5cd626b.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8403ff83-77b6-40bf-b7e1-ab07f5cd626b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 93699f63986977bb5e3926c0d7aad77b
50f1d3a664c1c64ddf933568af39de89dfbc2703
d70ccf11660c242f9681dd84388f0873eb6a3aeba86e18deb5adc96f82c148b0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8403ff83-77b6-40bf-b7e1-ab07f5cd626b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10090
x-amzn-requestid: 2eab8b67-08fc-4a40-a3fb-269a3f4950d2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bURx0HTfoAMF1wQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636b300b-1aebba620dc11e1d6c48f934;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 04:43:55 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lKJQ-yYSwAVRZTy6zs1le8bL6AIQ8akcPqWJCe-0spFidY5zEJ9uSg==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 12:24:10 GMT
age: 40787
etag: "50f1d3a664c1c64ddf933568af39de89dfbc2703"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg
34.120.237.76200 OK 6.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 90a78b0f806c0c5ef5e7128cc37b2edf
7339ad7b4f37cc37cb712207a7b3a5ac9355d9dc
770a2247a0f8d6b44c61cecc8a11e9882e4dd39269e181eef52cf6816407022b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F50b47142-be82-4ddc-85e8-45dc7102abe9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6696
x-amzn-requestid: 19f91da1-beeb-400a-b4c0-059851ca839f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ_F3doAMFr6A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-2ef73e121ff2c3cf0e95b450;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: skH-uMPMGVOwM2RoMjuNh3YaYVIYhfytSdJ5-YFcH4GhUXyOKehfFA==
via: 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 31119c39c5a6dc62dfa1fe940afd7be2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 09:59:00 GMT
age: 49497
etag: "7339ad7b4f37cc37cb712207a7b3a5ac9355d9dc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 85c6f450b38f41a2fb924d6d9a9cbff8
691f59b65ca9fde4f59bbf96b37071e07351f190
c8f877488a2cf65f0d9829384fd4113847722a1b4df94b6b1d5788699689722c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa6f7d2f5-4807-4bbd-a3db-7a239962aca5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5583
x-amzn-requestid: e844f42a-e87e-4e61-8c97-137c07c5ae28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bNeQ9Ho7IAMF5_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63687739-62c44d2f7d23632e74895bd8;Sampled=0
x-amzn-remapped-date: Mon, 07 Nov 2022 03:10:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: uHlIN1IVGCFUVl5lx5pFSux0YncseT2HQjiwFDL9eaEaBa9CdnCl8g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 0d4ebcaa87ba94709def0eaac9371e5a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 09:09:40 GMT
age: 52457
etag: "691f59b65ca9fde4f59bbf96b37071e07351f190"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F667624bc-2936-43a3-a61d-c78d93882c08.jpeg
34.120.237.76200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F667624bc-2936-43a3-a61d-c78d93882c08.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7b5823a9c71634acb47fa788ecab8ae6
89ab77412f6bc271a086af04570efe2c47fb5456
da82ec223e069b1899cb96dee5669734b8371aa65cf300e727471cd452df3463
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F667624bc-2936-43a3-a61d-c78d93882c08.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4201
x-amzn-requestid: 789865bc-5471-4ac4-b4e5-985302564f29
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bXPXfEtAoAMFnPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636c5f62-37305952485d36d13d55be85;Sampled=0
x-amzn-remapped-date: Thu, 10 Nov 2022 02:18:10 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: k67cesBnF8jwgsw__YqI4iX73k2DQaBix7mKJRCVb0_vSRf_-cs-cw==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 05:55:31 GMT
age: 64106
etag: "89ab77412f6bc271a086af04570efe2c47fb5456"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.cosmopolitanlasvegas.com/js/libraries.min.js?v=1
40.112.142.148200 OK 132 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/js/libraries.min.js?v=1
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (27739)
Size 132 kB (132395 bytes)
Hash f2ae5f535cd20f2ad71b192b75666e6a
a240fdd9f7403b5c74a1af57c8f8dabefadeb2d3
3ef062eadbcbcb7af6229cc0bed6da4ffd778b229526f6d2b34213ad7ab97184
GET /js/libraries.min.js?v=1 HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 132395
Content-Type: application/x-javascript
Date: Thu, 10 Nov 2022 23:43:56 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
Content-Encoding: gzip
ETag: "0e571b87d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:20:02 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
assets0.pxlecdn.com/assets/carousel_header_v3-e335a0c27601d2ab467dfba15ca9cff5425092d3f2a6f6479269edc8206aaff1.css
151.101.86.132200 OK 12 kB URL HTTP/2 assets0.pxlecdn.com/assets/carousel_header_v3-e335a0c27601d2ab467dfba15ca9cff5425092d3f2a6f6479269edc8206aaff1.css
IP 151.101.86.132:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 2e5cf990b70fb7ce75af9a82c98a99fd
e560a97b122c3e59a192fcfd6002588f0f450a4a
f1d51c60e46fc5c80d9314e9b555156ff35df6b9a95eb5269b2ae378c6802bdc
GET /assets/carousel_header_v3-e335a0c27601d2ab467dfba15ca9cff5425092d3f2a6f6479269edc8206aaff1.css HTTP/1.1
Host: assets0.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: HoskSQYs6SohdyDK/P+4GnnyOiGJChhZJDxZvOMxUKI5KHYua+6UWVB3QqhOazPOZX/Qz1anT9M=
x-amz-request-id: QGN3J8WDZY4BJ3WE
last-modified: Thu, 20 Oct 2022 09:20:48 GMT
etag: "9c9d20286b13032227c1fdea1719c29b"
expires: Fri, 20 Oct 2023 15:20:47 GMT
x-amz-version-id: null
content-type: text/css
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 12755
x-served-by: cache-iad-kiad7000107-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 93, 2
x-timer: S1668123837.086009,VS0,VE0
vary: Accept-Encoding
content-length: 12368
X-Firefox-Spdy: h2
assets0.pxlecdn.com/assets/localization-927cff71e04c1194866c6f6970512827492105c722511c4692efa9b8807daf0f.css
151.101.86.132200 OK 942 B URL HTTP/2 assets0.pxlecdn.com/assets/localization-927cff71e04c1194866c6f6970512827492105c722511c4692efa9b8807daf0f.css
IP 151.101.86.132:0
File type ASCII text, with very long lines (7126)
Hash 0729db513b7c6880b6faafe2d22fbf19
f81444af86b5930f3c1bdceeeadc552a47d6cd3e
176dc37fac02867b94fd78ed2626b16514034b23fba6d2244c7a130a8820e679
GET /assets/localization-927cff71e04c1194866c6f6970512827492105c722511c4692efa9b8807daf0f.css HTTP/1.1
Host: assets0.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: KapwXmYiTtDNnp7+mQsWWSxAl//nbhIvQVJhbUvOzrCdkiubejw/fDS8GO8YnFU5JtGh+oJc1NY=
x-amz-request-id: YVE0D6Z6QA83EV9X
last-modified: Mon, 26 Jul 2021 16:19:36 GMT
etag: "904e3ef3cd3c8a756ba3185bff320ba6"
expires: Tue, 26 Jul 2022 22:19:35 GMT
x-amz-version-id: null
content-type: text/css
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 12755
x-served-by: cache-iad-kcgs7200168-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 72, 54
x-timer: S1668123837.086210,VS0,VE0
vary: Accept-Encoding
content-length: 942
X-Firefox-Spdy: h2
www.cosmopolitanlasvegas.com/js/scripts.js?v=1
40.112.142.148200 OK 15 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/js/scripts.js?v=1
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (13818)
Hash 5f2ce0897c3f5f63e134b10b709c7836
2c839d30ee0f4a401af9a1a1875487c142553972
bbe4a54077686abb2ffdf8f332ede22d633c524d8898e002a856355f431fed90
GET /js/scripts.js?v=1 HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 14860
Content-Type: application/x-javascript
Date: Thu, 10 Nov 2022 23:43:56 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
Content-Encoding: gzip
ETag: "0e571b87d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:20:02 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
assets2.pxlecdn.com/assets/lightbox_gallery_v2-6ceea98749f43489d66adc9da90c042d094b8c027c904ec7033da91a68986173.css
151.101.86.132200 OK 16 kB URL HTTP/2 assets2.pxlecdn.com/assets/lightbox_gallery_v2-6ceea98749f43489d66adc9da90c042d094b8c027c904ec7033da91a68986173.css
IP 151.101.86.132:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 78b3718af9b73fb531f531d4a4401b04
ba902e6a2ae3b0814b9a642e9b923fc1b2270636
7c202f7f1627032c4bb362f7fa0fa51be6548822439a29697bf65cb82b68b427
GET /assets/lightbox_gallery_v2-6ceea98749f43489d66adc9da90c042d094b8c027c904ec7033da91a68986173.css HTTP/1.1
Host: assets2.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: PX760wqQwC22ihh5PJwDnY65FZL7hhWRCGl2Tyoqb3rmAdt/mOU6M2j80aiDd9Ctpgf7NSfmoYI=
x-amz-request-id: WD4TNXQBR70EJX6R
last-modified: Thu, 18 Aug 2022 09:10:21 GMT
etag: "58c53ce99428fa26b09bdba76726cc4e"
expires: Fri, 18 Aug 2023 15:10:20 GMT
x-amz-version-id: null
content-type: text/css
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 12756
x-served-by: cache-iad-kcgs7200139-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 471, 14
x-timer: S1668123837.086415,VS0,VE0
vary: Accept-Encoding
content-length: 15503
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash b5c02423b4932343467a4395820d995b
385483671c21d4a37ee28e7c26e8cc198342c7bc
6bd8edc328d729a185f6d4e8fdc03e00bba73c92f941c232ffaeeb5a180c9c16
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2370edf39ca0f9641a1042f75e7614d5
f88b6beafbcd5744b9114c61e2c4abf489014d3c
4854992f6132c2b9017f7930b1905442bb1c9782d246ec98f73f85e27308c513
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3298
Cache-Control: max-age=96116
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Etag: "636c544f-118"
Expires: Sat, 12 Nov 2022 02:25:53 GMT
Last-Modified: Thu, 10 Nov 2022 01:30:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
151.101.85.229200 OK 1.3 kB URL HTTP/2 cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.css
IP 151.101.85.229:0
File type ASCII text, with very long lines (1460)
Hash 8786cd8041431d860694eed4e4df5493
ad176b25138137c05527a1a93f9b1d2bd9819bb6
2f1ab64452cbd8b4a75b5f778aaadd7f8a9c194ef48c5e2e9132393b68d21a85
GET /npm/cookieconsent@3/build/cookieconsent.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 3.1.1
x-jsd-version-type: version
etag: W/"135e-3nthfC1sCV/yhiNebPZMMo2hpL8"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 19158
x-served-by: cache-fra-eddf8230021-FRA, cache-bma1644-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1299
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
151.101.85.229200 OK 6.8 kB URL HTTP/2 cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js
IP 151.101.85.229:0
File type ASCII text, with very long lines (20693), with no line terminators
Hash 58a872ad8da4bad737e618cf78b55feb
1917e7662a1c0d1034c3056c6ebd0e9ae2d542f1
5ddc446ff4623ed98a827c66171c9d5d2809d7f679b0681eb088765e272849bb
GET /npm/cookieconsent@3/build/cookieconsent.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 3.1.1
x-jsd-version-type: version
etag: W/"50d5-nLraS9YXyGxjjPLr3exyStWWkHs"
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 19126
x-served-by: cache-fra-eddf8230087-FRA, cache-bma1644-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 6756
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 5438277cc973221fbc764018e02f2795
7521bbd97854d3943f82c59c33e64c5d4053cfdf
1d10c8e413b0c0fe9a3bef6c2922355934e735ac66aa4ccd2dc0a8f5c43a1d11
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
browser.sentry-cdn.com/6.7.2/bundle.min.js
151.101.2.217200 OK 21 kB URL HTTP/2 browser.sentry-cdn.com/6.7.2/bundle.min.js
IP 151.101.2.217:0
File type ASCII text, with very long lines (65448)
Hash ae50468c2d7a0850aa0d00aecba12c49
0a4e9ac1dfb6d9f07c6065000a1766c7381a4bbe
550e78156e2c148e69becae20ed944b9bcdc98b8b2b0dd21497718ac284ae6a7
GET /6.7.2/bundle.min.js HTTP/1.1
Host: browser.sentry-cdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Origin: https://photos.pixlee.co
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=31536000
expires: Tue, 21 Jun 2022 16:39:53 GMT
last-modified: Mon, 21 Jun 2021 15:37:17 GMT
etag: "ae50468c2d7a0850aa0d00aecba12c49"
content-type: application/javascript; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 12294242
vary: Accept-Encoding
access-control-allow-origin: *
server: Fastly
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 21234
X-Firefox-Spdy: h2
5258867.fls.doubleclick.net/activityi;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F?
142.250.74.70200 OK 246 B URL HTTP/2 5258867.fls.doubleclick.net/activityi;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (468), with no line terminators
Hash 3e43afe062bd76c3a13effaf907baeaa
4e78df9d098db22c21dd94ee08e76a2e529d270e
32dd1352af61678dc729a357e3ba9dced07804ce10f8d4ba7da9718976c2c47e
GET /activityi;src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F? HTTP/1.1
Host: 5258867.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 246
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 10-Nov-2022 23:58:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
assets1.pxlecdn.com/assets/lightbox_v2-385fbbcdc19df1c5cfd9f0e8eca5bdeebb7b7a88bcfcf21975187de281e82db5.js
151.101.86.132200 OK 207 kB URL HTTP/2 assets1.pxlecdn.com/assets/lightbox_v2-385fbbcdc19df1c5cfd9f0e8eca5bdeebb7b7a88bcfcf21975187de281e82db5.js
IP 151.101.86.132:0
File type C source, ASCII text, with very long lines (32767)
Size 207 kB (207344 bytes)
Hash 287deffb10b73a17155c67ed03124255
6326fcc609c1c1f66015fc1cd0a093e23205afb2
92a419b65889ab9992fb7058a58f52147b192a97cc217affffa4d25b3e0a2683
GET /assets/lightbox_v2-385fbbcdc19df1c5cfd9f0e8eca5bdeebb7b7a88bcfcf21975187de281e82db5.js HTTP/1.1
Host: assets1.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Origin: https://photos.pixlee.co
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TktyYSGJh0nS7/FP0ctyQXfS2qPBdbk8Dp6uRDKsDhZPh/Mi75MvIfcPTtYk8MOu2i+9f03n83s=
x-amz-request-id: XFN85EKYPKJEAP4Y
last-modified: Thu, 13 Oct 2022 18:23:18 GMT
etag: "906d3fdf11653bc3110fb4da19469bcb"
expires: Sat, 14 Oct 2023 00:23:17 GMT
x-amz-version-id: null
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 12738
x-served-by: cache-iad-kjyo7100124-IAD, cache-bma1667-BMA
x-cache: HIT, HIT
x-cache-hits: 27, 12
x-timer: S1668123837.186579,VS0,VE0
vary: Accept-Encoding
content-length: 207344
X-Firefox-Spdy: h2
cdn.bttrack.com/js/15652/analytics/1.0/analytics.min.js
69.16.175.10200 OK 369 B URL HTTP/1.1 cdn.bttrack.com/js/15652/analytics/1.0/analytics.min.js
IP 69.16.175.10:0
File type ASCII text, with very long lines (599), with no line terminators
Hash b854bb9ed86a165006e9b9e318a3d280
77c73b361ea06c367a0ce32ef3154bc828a19197
59d055ef61d286a330b6b5bd3c6a543576fd0248d635156b7522b85534b60524
GET /js/15652/analytics/1.0/analytics.min.js HTTP/1.1
Host: cdn.bttrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 23:43:57 GMT
Connection: Keep-Alive
Cache-Control: max-age=81352
Content-Encoding: gzip
Content-Length: 369
Content-Type: text/javascript; charset=utf-8
Accept-Ranges: bytes
X-HW: 1668123837.dop218.sk1.t,1668123837.cds017.sk1.shn,1668123837.dop218.sk1.t,1668123837.cds012.sk1.c
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.21.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.21.226:0
Hash 2e4fe1449f0746ee92d3cdf27cfad8dc
c330e932f0a3ae8e7bc382122e12fd91ce54577f
8689edfe3f99bbceb9cce8ad65fa78bc22bb8bcbe68992cb60094d1824b90785
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 23:43:57 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "FFFC2DD99CA661047FE7898F401E75B46DFF445E"
Expires: Fri, 11 Nov 2022 10:00:00 GMT
Last-Modified: Thu, 10 Nov 2022 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 1582
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7682a73e9feab529-OSL
5258867.fls.doubleclick.net/activityi;src=5258867;type=tcolvge0;cat=endtt0;ord=7060653662400;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F?
142.250.74.70200 OK 241 B URL HTTP/2 5258867.fls.doubleclick.net/activityi;src=5258867;type=tcolvge0;cat=endtt0;ord=7060653662400;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F?
IP 142.250.74.70:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (461), with no line terminators
Hash 901c0e4a46df803f306729a8ee48f4cf
b6bcb3198ce2de18462f11867884094d0c535818
5add2e1c8683780eb94c0d48598a38eb4cd7d5af55d07b5fcb820e7c4aa6db86
GET /activityi;src=5258867;type=tcolvge0;cat=endtt0;ord=7060653662400;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F? HTTP/1.1
Host: 5258867.fls.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 241
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 10-Nov-2022 23:58:57 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
assets3.pxlecdn.com/assets/carousel-75716f250feb8fffd10c8f26728f3d52240c02f11aee7815fec2f2921965ae79.js
151.101.86.132200 OK 268 kB URL HTTP/2 assets3.pxlecdn.com/assets/carousel-75716f250feb8fffd10c8f26728f3d52240c02f11aee7815fec2f2921965ae79.js
IP 151.101.86.132:0
File type ASCII text, with very long lines (32767)
Size 268 kB (268302 bytes)
Hash 59da5e98c814906b5e78fa51c3bb953e
b1376a0d0cc0379fdd4d385d2806f5b1eb1d0c0b
0e4d8508424813c8126507ef1e0b69c76b0a2467ccd694778b3ff9dc8d0ed269
GET /assets/carousel-75716f250feb8fffd10c8f26728f3d52240c02f11aee7815fec2f2921965ae79.js HTTP/1.1
Host: assets3.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Origin: https://photos.pixlee.co
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: GN0Q+BOYtd35sGsViUoouXZRywG01HlPMi4yXg1Q2Vrbwksihafz2fVj5Mw6D07ubR2896CMkKU=
x-amz-request-id: 0HFG0K5K68H968D7
last-modified: Wed, 21 Sep 2022 20:58:22 GMT
etag: "61876e9e88aa889e47b5c495acb15464"
expires: Fri, 22 Sep 2023 02:58:21 GMT
x-amz-version-id: null
content-type: application/javascript
server: AmazonS3
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 12711
x-served-by: cache-iad-kiad7000080-IAD, cache-bma1658-BMA
x-cache: HIT, HIT
x-cache-hits: 6, 1
x-timer: S1668123837.186826,VS0,VE1
vary: Accept-Encoding
content-length: 268302
X-Firefox-Spdy: h2
www.cosmopolitanlasvegas.com/fonts/34BD98_2_0.woff
40.112.142.148200 OK 72 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/fonts/34BD98_2_0.woff
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format, TrueType, length 71810, version 0.0\012- data
Hash b242bece915d4e359e23e6a8302456be
ea228a2397dcb8148e81d95ccf03ef3834254454
82a3ee10e51d93fc50a771bde551aa8c7f697460166a8144a2cce9a72af583f7
GET /fonts/34BD98_2_0.woff HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/css/orchid.css?v=1
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 71810
Content-Type: application/font-woff
Date: Thu, 10 Nov 2022 23:43:56 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
ETag: "0e571b87d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:20:02 GMT
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
siteimproveanalytics.com/js/siteanalyze_6131764.js
172.64.104.36200 OK 5.1 kB URL HTTP/2 siteimproveanalytics.com/js/siteanalyze_6131764.js
IP 172.64.104.36:0
File type ASCII text, with very long lines (14675), with no line terminators
Hash baee201eb296dd638f591025b9c9b11a
16e6cb942be88bb27a35d9e8345c52a0bbbbef5d
f0214149c63da01d092b3362f2b2ec0eebd464d0aae4b062dff7856ae40167d9
GET /js/siteanalyze_6131764.js HTTP/1.1
Host: siteimproveanalytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:57 GMT
content-type: application/javascript; charset=utf-8
content-length: 5130
x-amz-id-2: QHM8TaUclP3uMRIXT2M0ypNL7joP2cMnToiLux2XVcYMy5l6jCuDwJ6GgvkMlsoQWzvhSFfWs2w=
x-amz-request-id: 2X05RFW183SC5XD8
cache-control: max-age=86400, no-transform
content-encoding: gzip
last-modified: Mon, 16 May 2022 09:44:08 GMT
etag: "baee201eb296dd638f591025b9c9b11a"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0dD4J5WBfv3UMxIdxBfu0%2FqPDah3erzZ5GXLGaxB3ME%2BsxyxOE7343ZTtALp1Gz%2FB8D7BEirtiVCOq9ODzMdUmt7z2kMaoCmKY%2BELJXNmXMCvrF3%2BDDSWqPEnNr1db5v2%2BRU7VpYMmF1s1I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7682a73e6a8f7403-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
images.ctfassets.net/sahy2rpqbnsp/2rxCtLOWu8CgcWQSgumUwy/2f6370b7a64c5102d47d0a404a6cb08f/Terrace-1-bed-bedroom-FV-NEW-wide.jpg?w=640&h=360&fm=jpg&q=50&fit=fill
54.230.111.2200 OK 27 kB URL HTTP/2 images.ctfassets.net/sahy2rpqbnsp/2rxCtLOWu8CgcWQSgumUwy/2f6370b7a64c5102d47d0a404a6cb08f/Terrace-1-bed-bedroom-FV-NEW-wide.jpg?w=640&h=360&fm=jpg&q=50&fit=fill
IP 54.230.111.2:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 80fc46f5ae180e6cf402634b3e3ed1ae
efd2e69fc6c26b196a0201cfb0ab53022b83dff3
2c596ee64751b535026ac6f5f8d9cf708dfd5691cfe479e1a66a23704bbe9dbf
GET /sahy2rpqbnsp/2rxCtLOWu8CgcWQSgumUwy/2f6370b7a64c5102d47d0a404a6cb08f/Terrace-1-bed-bedroom-FV-NEW-wide.jpg?w=640&h=360&fm=jpg&q=50&fit=fill HTTP/1.1
Host: images.ctfassets.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 27303
etag: "80fc46f5ae180e6cf402634b3e3ed1ae"
last-modified: Thu, 13 Oct 2022 15:55:53 GMT
date: Thu, 10 Nov 2022 06:43:46 GMT
cache-control: max-age=31536000
server: Contentful Images API
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cE60z2ycVeajvd-BGbY-l3qwp4k6MrlgOvgJm4DEOVFGRkYoj7ToJw==
age: 61211
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 2370edf39ca0f9641a1042f75e7614d5
f88b6beafbcd5744b9114c61e2c4abf489014d3c
4854992f6132c2b9017f7930b1905442bb1c9782d246ec98f73f85e27308c513
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3298
Cache-Control: max-age=96116
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Etag: "636c544f-118"
Expires: Sat, 12 Nov 2022 02:25:53 GMT
Last-Modified: Thu, 10 Nov 2022 01:30:55 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash d9816b09ba841c2ee1136c6c604b2778
ddb1d0dee334917ef3d9046ef606dd9244ca4e60
0a612dc2d374660a0fd469d273b40e0ff60b74719e8b8a9963aac054408dc4a4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125613
Date: Thu, 10 Nov 2022 23:43:57 GMT
Etag: "636ccbf6-1d7"
Expires: Sat, 12 Nov 2022 10:37:30 GMT
Last-Modified: Thu, 10 Nov 2022 10:01:26 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GzIzMDPF5EDUvKGwfbTrtd3Ujs7o9KlZN28_u8Z38CMYUCIA1TkB5g==
Age: 2164
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash d9816b09ba841c2ee1136c6c604b2778
ddb1d0dee334917ef3d9046ef606dd9244ca4e60
0a612dc2d374660a0fd469d273b40e0ff60b74719e8b8a9963aac054408dc4a4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=125413
Date: Thu, 10 Nov 2022 23:43:57 GMT
Etag: "636ccbf6-1d7"
Expires: Sat, 12 Nov 2022 10:34:10 GMT
Last-Modified: Thu, 10 Nov 2022 10:01:26 GMT
Server: ECS (nyb/1D23)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: iYEEwPAPQYjDCUV7jAeQwSSSG7WEGT6Y3KC0ZzH3ua5JM3ksyPGwBA==
Age: 1964
px.adentifi.com/Pixels?a_id=529>mcb=1976456328
34.192.159.16204 No Content 0 B URL HTTP/2 px.adentifi.com/Pixels?a_id=529>mcb=1976456328
IP 34.192.159.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Pixels?a_id=529>mcb=1976456328 HTTP/1.1
Host: px.adentifi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 10 Nov 2022 23:43:57 GMT
X-Firefox-Spdy: h2
px.adentifi.com/Pixels?a_id=530>mcb=1529240152
34.192.159.16204 No Content 0 B URL HTTP/2 px.adentifi.com/Pixels?a_id=530>mcb=1529240152
IP 34.192.159.16:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Pixels?a_id=530>mcb=1529240152 HTTP/1.1
Host: px.adentifi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
date: Thu, 10 Nov 2022 23:43:57 GMT
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash d59fc618df7bedc7ee0dc6a981ffb367
c6a34614c12b4cf56d53bb940cfdfaa7986c247b
bd9d6d46c0b2535967b1408e9b62c33e8a773868e1f5e5ffae7b7764a652707b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=132361
Date: Thu, 10 Nov 2022 23:43:57 GMT
Etag: "636cd723-1d7"
Expires: Sat, 12 Nov 2022 12:29:58 GMT
Last-Modified: Thu, 10 Nov 2022 10:49:07 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GqpIJwFT5d2E7qSHJ_wz9JBv63vkMsi8rfg6hRGDU9o0OteI8-GiXg==
Age: 6051
www.cosmopolitanlasvegas.com/icons.svg?v=1
40.112.142.148200 OK 79 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/icons.svg?v=1
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (65356)
Hash 0b4499e6da3f47cb521e7d8a738a541a
fdb3a66b21622d6302641158f55e5dc9138b40d4
1ed2d7ec0c60eb5f0832621c69f23de3fc289777f30c36f014d5644f532d1e74
GET /icons.svg?v=1 HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 78565
Content-Type: image/svg+xml
Date: Thu, 10 Nov 2022 23:43:57 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
Content-Encoding: gzip
ETag: "0b5841e87d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:20:34 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
www.cosmopolitanlasvegas.com/fonts/34BD98_1_0.woff
40.112.142.148200 OK 65 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/fonts/34BD98_1_0.woff
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format, TrueType, length 65190, version 0.0\012- data
Hash 1039845573694a5b5656324c7cec2e2f
f04bb82b7e41e05730a42b7db459a2c535613402
0b018084377f11a2cfb5ad48c0646b1bc97bd06f6f86c7ce48b13ef7c29da1f6
GET /fonts/34BD98_1_0.woff HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/css/orchid.css?v=1
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 65190
Content-Type: application/font-woff
Date: Thu, 10 Nov 2022 23:43:56 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
ETag: "0e571b87d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:20:02 GMT
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 0fb17c5b5daca07fff7fcff446bef6f3
91ce4c9d7cc3bee32ee345399380a422a6c93abc
33adfcd17861ddbff6f8f258823214aa82d34697959fc46598a3b2a7c2953ab1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 0fb17c5b5daca07fff7fcff446bef6f3
91ce4c9d7cc3bee32ee345399380a422a6c93abc
33adfcd17861ddbff6f8f258823214aa82d34697959fc46598a3b2a7c2953ab1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
assets2.pxlecdn.com/assets/embed/glyph/next-6129ae65f9752efd8b4e9e6b897a17573a8319fcbaf63c95d2276a2b51a116e8.png
151.101.86.132200 OK 90 B URL HTTP/2 assets2.pxlecdn.com/assets/embed/glyph/next-6129ae65f9752efd8b4e9e6b897a17573a8319fcbaf63c95d2276a2b51a116e8.png
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash ee858bbbc8730ef246ee039e13af9a07
5e0b5f5320857f4e1d4474985abb8b9172fab894
b1eadfab72426c4b446c517f1173511912586ff61df0ebcb9c4df6a8ace3531d
GET /assets/embed/glyph/next-6129ae65f9752efd8b4e9e6b897a17573a8319fcbaf63c95d2276a2b51a116e8.png HTTP/1.1
Host: assets2.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://assets0.pxlecdn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "2NeGqw7tgqDJrWhMC+OJdfHxiA4Imclxr7jJjUfpKGs"
expires: Fri, 08 Nov 2019 03:13:59 GMT
fastly-io-info: ifsz=19005 idim=20x40 ifmt=png ofsz=90 odim=20x40 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: W1gcn3p4ll8yreakHvLZQK26ppMD0lvWEz3uzQ6BbvoacxHcZ9Y53FIqX9QWTIO3d+0CDgx7UIA=
x-amz-request-id: QGNDBRZRAQN9JGZG
x-amz-version-id: null
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 12756
x-served-by: cache-iad-kcgs7200175-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 65, 4
x-timer: S1668123838.684624,VS0,VE0
vary: Accept
content-length: 90
X-Firefox-Spdy: h2
assets3.pxlecdn.com/assets/embed/glyph/prev-01025e7a2582b2e7022c70a4e2fe57854c0e5552fe15113961556acbbb265fe6.png
151.101.86.132200 OK 84 B URL HTTP/2 assets3.pxlecdn.com/assets/embed/glyph/prev-01025e7a2582b2e7022c70a4e2fe57854c0e5552fe15113961556acbbb265fe6.png
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 05b85b6ad00a9d1854403aa344896a41
c0d709d4aeed78e69488ee068425df6159579ac5
ea34b13f58c3544a2c47e6763e8bcf668cf8c5247080e4db81a9106e08cb0431
GET /assets/embed/glyph/prev-01025e7a2582b2e7022c70a4e2fe57854c0e5552fe15113961556acbbb265fe6.png HTTP/1.1
Host: assets3.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://assets0.pxlecdn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "xHL7ekaW+ZOIsvQbih2y4WPt1JvnPPqzRlOrCpYVcAU"
expires: Fri, 08 Nov 2019 03:13:56 GMT
fastly-io-info: ifsz=18988 idim=20x40 ifmt=png ofsz=84 odim=20x40 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: SF0eS05eDcynGLDvp5xvgjze9S0v+9KJY85eGx6EnhwimMoiP08vFTCI3YDPUn0vNT2/IV1W0QY=
x-amz-request-id: QGNAY6HGDF4X4FQ3
x-amz-version-id: null
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 12756
x-served-by: cache-iad-kiad7000166-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 37, 8
x-timer: S1668123838.688833,VS0,VE0
vary: Accept
content-length: 84
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
142.250.74.34200 OK 247 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (467), with no line terminators
Hash 3fcea98d8d0172ba56e87499e7d23924
198ed02a9760341e97da920641631b24076a2c92
56591241aa3298436632081672db6bd69f824dee475170a5b5f9444524752303
GET /ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt0;ord=7060653662400;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
142.250.74.34200 OK 242 B URL HTTP/2 adservice.google.com/ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt0;ord=7060653662400;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (460), with no line terminators
Hash 802a757097ab77605bd4a863cec1f5ee
5688860b2be88657d095793dcde4c26b8f68c60e
45617cc80298d38fab0b8309e4ac62a54884fe94035aaf44506bfea9c4c9195f
GET /ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt0;ord=7060653662400;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:57 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
pragma: no-cache
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 242
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
images.ctfassets.net/sahy2rpqbnsp/7I21cNs4WwphMVcPbdQHh3/70aee2d7e34000c1f35203ff1635eba5/closed-doors-16-9.jpg?w=1920&h=1080&fm=jpg&q=100&fit=fill
54.230.111.2200 OK 1.6 MB URL HTTP/2 images.ctfassets.net/sahy2rpqbnsp/7I21cNs4WwphMVcPbdQHh3/70aee2d7e34000c1f35203ff1635eba5/closed-doors-16-9.jpg?w=1920&h=1080&fm=jpg&q=100&fit=fill
IP 54.230.111.2:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1920x1080, components 3\012- data
Size 1.6 MB (1616087 bytes)
Hash adf7457b4c1c6b8c7859b83db74083cb
21ebc66d6f09ded62ca6a76d45c996383551074b
335edb838e95bb0a43a3c5692e21e56d6835b9517ff52cff7a4de6647a5137da
GET /sahy2rpqbnsp/7I21cNs4WwphMVcPbdQHh3/70aee2d7e34000c1f35203ff1635eba5/closed-doors-16-9.jpg?w=1920&h=1080&fm=jpg&q=100&fit=fill HTTP/1.1
Host: images.ctfassets.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/jpeg
content-length: 1616087
last-modified: Sun, 16 Oct 2022 01:33:23 GMT
server: Contentful Images API
access-control-allow-origin: *
date: Thu, 10 Nov 2022 08:03:00 GMT
cache-control: max-age=31536000
etag: "adf7457b4c1c6b8c7859b83db74083cb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TCTRo4GtMeeo4HiUU1swVAuPTxeNTFZOs7bgev1mMOm9iNetH69bTA==
age: 56457
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 0fb17c5b5daca07fff7fcff446bef6f3
91ce4c9d7cc3bee32ee345399380a422a6c93abc
33adfcd17861ddbff6f8f258823214aa82d34697959fc46598a3b2a7c2953ab1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.cosmopolitanlasvegas.com/icons.svg
40.112.142.148200 OK 79 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/icons.svg
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (65356)
Hash 0b4499e6da3f47cb521e7d8a738a541a
fdb3a66b21622d6302641158f55e5dc9138b40d4
1ed2d7ec0c60eb5f0832621c69f23de3fc289777f30c36f014d5644f532d1e74
GET /icons.svg HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; _gcl_au=1.1.1995027409.1668123833
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 78565
Content-Type: image/svg+xml
Date: Thu, 10 Nov 2022 23:43:57 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
Content-Encoding: gzip
ETag: "0b5841e87d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:20:34 GMT
Vary: Accept-Encoding
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
distillery.pixlee.co/getJSON?api_key=ikJ8N5McrbJpLWPfNbzu&updated_at=2022-11-07T18:56:26.272Z&page=1&filter_id=2326898&unique_id=16&per_page=9&sortType=
151.101.86.132200 OK 8.8 kB URL HTTP/2 distillery.pixlee.co/getJSON?api_key=ikJ8N5McrbJpLWPfNbzu&updated_at=2022-11-07T18:56:26.272Z&page=1&filter_id=2326898&unique_id=16&per_page=9&sortType=
IP 151.101.86.132:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (43735), with no line terminators
Hash 0df1b0918396d1fc1adcc1ab4bb25015
146eb8d37f8fd60e49e68946f561d9c797516d1a
6f9240e0722f01a6695ff7fc9a9bf6090299e44dd87d74a9100f1972e01dbcd1
GET /getJSON?api_key=ikJ8N5McrbJpLWPfNbzu&updated_at=2022-11-07T18:56:26.272Z&page=1&filter_id=2326898&unique_id=16&per_page=9&sortType= HTTP/1.1
Host: distillery.pixlee.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Origin: https://photos.pixlee.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
server: Cowboy
etag: 1622-1360988784
expires: 300
cache-control: max-age=300, smax-age=300
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'
access-control-allow-origin: https://photos.pixlee.co
access-control-allow-credentials: true
x-permitted-cross-domain-policies: master-only
content-type: application/json
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:57 GMT
age: 231
x-served-by: cache-iad-kiad7000085-IAD, cache-bma1678-BMA
x-cache: HIT, MISS
x-cache-hits: 6, 0
x-timer: S1668123838.699276,VS0,VE96
vary: Origin, Accept-Encoding
true-client-ip: 91.90.42.154
strict-transport-security: max-age=31557600
content-length: 8847
X-Firefox-Spdy: h2
www.cosmopolitanlasvegas.com/fonts/34BD98_0_0.woff
40.112.142.148200 OK 82 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/fonts/34BD98_0_0.woff
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format, TrueType, length 81814, version 0.0\012- data
Hash 4734373e9190ce1780283db5d55459ba
2062d1c611c14d7801b140b7976500d1f8571d8d
a6cd4b6c0ed5513f3c190bf21dfbf21d3f6ff633835ada97a64317ea5298e978
GET /fonts/34BD98_0_0.woff HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/css/orchid.css?v=1
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 81814
Content-Type: application/font-woff
Date: Thu, 10 Nov 2022 23:43:57 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
ETag: "0e571b87d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:20:02 GMT
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
www.cosmopolitanlasvegas.com/fonts/35CE65_0_0.woff
40.112.142.148200 OK 84 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/fonts/35CE65_0_0.woff
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type Web Open Font Format, TrueType, length 83743, version 0.0\012- data
Hash a7af335ec0d9fc08d5a7cffcefe9314e
ef911db7a03773d73d3af8170f9a35adeffce141
18cf414b2e7746b79dc3d6e1ed267c4da4e24e96183d28fd0353c6e34ed2e0fb
GET /fonts/35CE65_0_0.woff HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/css/orchid.css?v=1
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 83743
Content-Type: application/font-woff
Date: Thu, 10 Nov 2022 23:43:57 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
ETag: "0e571b87d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:20:02 GMT
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dbfb46e8bdaa19ddaed629adf779c7d0
b8600d1af8e94f3c2d9dd41cc6d006dedfb09d16
bd87911e5dda0e290bde8bc02ffe35fd6b7538c0afec0703fdcb1bf86e4a27ee
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dbfb46e8bdaa19ddaed629adf779c7d0
b8600d1af8e94f3c2d9dd41cc6d006dedfb09d16
bd87911e5dda0e290bde8bc02ffe35fd6b7538c0afec0703fdcb1bf86e4a27ee
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
142.250.74.34302 Found 0 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
IP 142.250.74.34:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://5258867.fls.doubleclick.net/ddm/fls/r/src=5258867;type=tcolvge0;cat=endtt00;ord=1;num=1878982688761;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.no/ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt0;ord=7060653662400;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
142.250.74.34200 OK 85 B URL HTTP/2 adservice.google.no/ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt0;ord=7060653662400;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F
IP 142.250.74.34:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Hash 4a3b3637744caa4a0b08fabbd76cc830
755e5626762ecf38f55012da892a227bf50f15f1
6a12009f3d99f10dd5acb27389beefed79eddd7fa55ddcc591baf92861d51bfb
GET /ddm/fls/i/src=5258867;type=tcolvge0;cat=endtt0;ord=7060653662400;gtm=2wgb90;auiddc=1995027409.1668123833;~oref=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:57 GMT
expires: Thu, 10 Nov 2022 23:43:57 GMT
cache-control: private, max-age=0
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 85
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash aac9a44d90ef332039316f3f8e75ef7f
7f14695c3512f762b53a5f2d4577c3b831ffd3e2
a190e6eaacda76e8f75d18d36d7a65916550ca96acceb6f597d7b0d3055e9113
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
analytics.tiktok.com/i18n/pixel/config.js?sdkid=CBKNRFJC77U4K6SR6SN0&hostname=www.cosmopolitanlasvegas.com
23.36.79.32200 OK 357 B URL HTTP/2 analytics.tiktok.com/i18n/pixel/config.js?sdkid=CBKNRFJC77U4K6SR6SN0&hostname=www.cosmopolitanlasvegas.com
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Hash 08e883f15ce1ffa5a3eb666b4a53e80b
be23748010284d0319e57964de24226206975805
d9969a6ec4b45f759a307f0da8f1d2eeade75f54b7f37771da74e6cfd112d8bf
GET /i18n/pixel/config.js?sdkid=CBKNRFJC77U4K6SR6SN0&hostname=www.cosmopolitanlasvegas.com HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 202211102343578074FC77755253546776
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60d78171413f71ac7f621bddf9de079e3df4ee6a58184963502083b081d2af8f446b3ed1adaab34c201136b4d729c064c6cd1086a6edb773ce599c5a561c73fd1ca19c18965840112d5b30defde528f02a
content-encoding: gzip
content-length: 357
x-origin-response-time: 82,23.36.66.15
x-akamai-request-id: 34094478.1287253d
expires: Thu, 10 Nov 2022 23:43:57 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 10 Nov 2022 23:43:57 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
vary: Accept-Encoding
set-cookie: _ttp=2HNS21jxW5PPayAKoiu0SruKFtQ; Path=/; Domain=tiktok.com; Max-Age=33696000; Secure; SameSite=None
x-cache-remote: TCP_MISS from a23-36-66-15.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=355, origin; dur=82, inner; dur=3
x-parent-response-time: 437,23.36.79.28
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 95f494f864a0b905f0b559b8aac9e32c
90868276c65ed46ccbf7b59d901c33f7e1d371ca
d7ab495a9b3dff99b6f283fc09cf0fffc4eef742fd6d9b36435ae83e0fd8138b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:57 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash d23f8b85fd95953e8763e39a149ed312
6755f2024bffb76e8f4023c4132c89bbf6c918c9
1f32142ddce37ef97d576d795d6d078b7ed9865e61b151e99b6af008d8b10fb7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=171078
Date: Thu, 10 Nov 2022 23:43:57 GMT
Etag: "636d7fbd-1d7"
Expires: Sat, 12 Nov 2022 23:15:15 GMT
Last-Modified: Thu, 10 Nov 2022 22:48:29 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: f0KaMSREKldgbLgHw657k1N9Y8URepZA1xyOYkezz_SRvAe0UTFHvA==
Age: 1606
www.googleadservices.com/pagead/conversion.js
142.250.74.34200 OK 17 kB URL HTTP/2 www.googleadservices.com/pagead/conversion.js
IP 142.250.74.34:0
File type ASCII text, with very long lines (2772)
Hash b35d12690e9c6e47db4029679ee2781f
94e4897b8cdb5d59e152f769fe957e4a9378076e
e4f4f9737e41f74659cf628355236059a9de67d3188ce191a2bcd8f521df8696
GET /pagead/conversion.js HTTP/1.1
Host: www.googleadservices.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 10 Nov 2022 23:43:58 GMT
expires: Thu, 10 Nov 2022 23:43:58 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 18350181343482815798
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 16829
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/504903064/medium/83812bd30460458b9ff7.jpg
151.101.86.132200 OK 62 kB URL HTTP/2 static.pxlecdn.com/photos/504903064/medium/83812bd30460458b9ff7.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x562, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c2e2a552d1d7fbb447ea44bab8c72685
674505297a4032c8a94e38e160f3efc355bd5a96
27b67b6f8c9ade2de9e8714912b623e70ed975b6a69d5e3366c6345fa138c3a1
GET /photos/504903064/medium/83812bd30460458b9ff7.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "6EULKFsG//GKrGYphVQESKeANG5r0L+0ncCTYtfVhJY"
fastly-io-info: ifsz=82227 idim=450x562 ifmt=jpeg ofsz=62106 odim=450x562 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: LiQLYJLYIU32sHWt7rhAoIliUNJipPArQfO6wjbmwZWsZUEOysXMytv63/fVe8o+GIgN7FNgCQw=
x-amz-request-id: 0VBRRDAV05EQY8ZV
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 46715
x-served-by: cache-iad-kiad7000027-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 1
x-timer: S1668123838.011596,VS0,VE1
vary: Accept
content-length: 62106
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/440653781/medium/98e5e93d75277aac2931.jpg
151.101.86.132200 OK 32 kB URL HTTP/2 static.pxlecdn.com/photos/440653781/medium/98e5e93d75277aac2931.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 620x450, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fde88f2cb9b8e4fd82a68ed0fdf1af57
465e529d2028d3140398c76c88663e1f99a49687
87005c5b290108d42846aadcef565658fe71ace92f80b9c30fe2d5a7116cdba1
GET /photos/440653781/medium/98e5e93d75277aac2931.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "rvp6+BdPVPWaEmy9Xiu13zVJcoZvN6BrKOgmEMrJg/I"
fastly-io-info: ifsz=58656 idim=620x450 ifmt=jpeg ofsz=32076 odim=620x450 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: 3bgEPNPue8TNsmuZpL+vCDYqPjd/PwpHJHh4wjhf7AdRKBcrfSssWCe99gTvz8lc/TKCzYIEM9g=
x-amz-request-id: QN5HRMKXK5VHRJ1T
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 1455310
x-served-by: cache-iad-kiad7000095-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 16, 1
x-timer: S1668123838.011553,VS0,VE1
vary: Accept
content-length: 32076
X-Firefox-Spdy: h2
6131764.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&title=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&res=1280x1024&accountid=6131764&rt=3045&prev=cff5456c-7973-0a2f-9ebf-3929046e444e&luid=07115f5c-a714-b77d-2088-050c58413857&rnd=89420
18.158.237.5200 OK 34 B URL HTTP/2 6131764.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&title=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&res=1280x1024&accountid=6131764&rt=3045&prev=cff5456c-7973-0a2f-9ebf-3929046e444e&luid=07115f5c-a714-b77d-2088-050c58413857&rnd=89420
IP 18.158.237.5:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash a82ba3a9d42148e9cf209df13d8c3f3d
dba80835d31175bdcf0bcad1abafefb06d86e304
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
GET /image.aspx?url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&title=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&res=1280x1024&accountid=6131764&rt=3045&prev=cff5456c-7973-0a2f-9ebf-3929046e444e&luid=07115f5c-a714-b77d-2088-050c58413857&rnd=89420 HTTP/1.1
Host: 6131764.global.siteimproveanalytics.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:58 GMT
content-type: image/gif
content-length: 34
set-cookie: AWSALB=+EF0usFdQLQlGMRBLmyUoknIqSrCCK6UHR5lqFShnLcVagJkJiOYIae715O02wjGR+idDXVmsSQ8uRG7BYaOa5y9M5wGQTUWMXSY+F8FqzWWjpCTcX1SQfhwDHA6; Expires=Thu, 17 Nov 2022 23:43:58 GMT; Path=/
AWSALBCORS=+EF0usFdQLQlGMRBLmyUoknIqSrCCK6UHR5lqFShnLcVagJkJiOYIae715O02wjGR+idDXVmsSQ8uRG7BYaOa5y9M5wGQTUWMXSY+F8FqzWWjpCTcX1SQfhwDHA6; Expires=Thu, 17 Nov 2022 23:43:58 GMT; Path=/; SameSite=None; Secure
cache-control: max-age=0
expires: Thu, 10 Nov 2022 23:43:58 UTC
X-Firefox-Spdy: h2
analytics.tiktok.com/i18n/pixel/events.js?sdkid=CBKNRFJC77U4K6SR6SN0&lib=ttq
23.36.79.32200 OK 117 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/events.js?sdkid=CBKNRFJC77U4K6SR6SN0&lib=ttq
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Size 117 kB (116822 bytes)
Hash 6c0931298864b10d596a0aca9d093c10
e9f76b325d3942dfff062eca64fd750a5f032949
6aea4b815c6a80bbb1d4e1e7789f0c119af9fb895a3ed743f62e5276e455b300
GET /i18n/pixel/events.js?sdkid=CBKNRFJC77U4K6SR6SN0&lib=ttq HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 20221110234357B015C94B375D8455BADC
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60d78171413f71ac7f621bddf9de079e3d01dc0f06a4cf97f21654739c9fd5cf03d8e9836f5e4931511b17e6fce798fc88deb060ff7926b59f00617508a660e7735a098a7ff2b2d8a95ff1af73d55cb59b
content-encoding: gzip
x-origin-response-time: 19,23.36.66.38
x-akamai-request-id: 3b10f002.12872409
expires: Thu, 10 Nov 2022 23:43:57 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 10 Nov 2022 23:43:57 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a23-36-66-38.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=95, origin; dur=19, inner; dur=3
x-parent-response-time: 114,23.36.79.28
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/484986561/medium/9b6572aafd579c958026.jpg
151.101.86.132200 OK 41 kB URL HTTP/2 static.pxlecdn.com/photos/484986561/medium/9b6572aafd579c958026.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x563, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 8df16cb5f7810e946890fe24021e6b1b
1a279c39fcdbbfc0eef99664d31fdf0ef0afcdab
d42ce19e378cc51304ea27bf5563b2cb1fcfe27e3f0b6b9363bf244bfc7ab291
GET /photos/484986561/medium/9b6572aafd579c958026.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "x6hHmC0ekvnjTIRgNZN/YUrxcLc1l+Jb5oYELtfBFcQ"
fastly-io-info: ifsz=68085 idim=450x563 ifmt=jpeg ofsz=41402 odim=450x563 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: v2Mo9Kv4XkM0kGKGh3Lsqko79i+tT+2ye+GL8y9705f7JER7J4tYfaVw9crRyb78lUUWTViwuqM=
x-amz-request-id: WXQX80K120HCYKAS
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 46715
x-served-by: cache-iad-kjyo7100059-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 7, 1
x-timer: S1668123838.026250,VS0,VE1
vary: Accept
content-length: 41402
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/510963740/medium/56188336e0ef02cac169.jpg
151.101.86.132200 OK 52 kB URL HTTP/2 static.pxlecdn.com/photos/510963740/medium/56188336e0ef02cac169.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x563, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9fad27e0b9caf8a9a229fee8c28ccf8e
b5cfb6891187e10c88f8724a9ec1deeba0d88daa
d116ba9e55a89349a449276873d95fdf0df332813734081b0937629b1026cc78
GET /photos/510963740/medium/56188336e0ef02cac169.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "lqPaPP6A97/8ecirkLgclElLYkzp1MON2OicpjQDYdY"
fastly-io-info: ifsz=78887 idim=450x563 ifmt=jpeg ofsz=51600 odim=450x563 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: cxkwA4tkL/skNoQGOak62onYA43nEmxjMokOxJljCW4Zj3M2PwIq363VJaACLBfTdSBfT/HbIAE=
x-amz-request-id: SRM94XNYTNY2G2ZD
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 46715
x-served-by: cache-iad-kcgs7200139-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 2, 1
x-timer: S1668123838.043845,VS0,VE1
vary: Accept
content-length: 51600
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/520595916/medium/c29b2d20239f50e381d0.jpg
151.101.86.132200 OK 94 kB URL HTTP/2 static.pxlecdn.com/photos/520595916/medium/c29b2d20239f50e381d0.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x563, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f6163cdc596b4c2dc2a2cba47f36e4d8
bb0ebbbdc0aaf28f25f3510236e6fdf8e2dd8220
9c5cf232d6a01532582d788fda1c062109c1b63f7fdef54ebb8f8c88c4ce6d9b
GET /photos/520595916/medium/c29b2d20239f50e381d0.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "c4cU+UpVoz1hnc2ePBKWf/vtR1E0K3mJAQ02BkBOzjE"
fastly-io-info: ifsz=127538 idim=450x563 ifmt=jpeg ofsz=93548 odim=450x563 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: A+K0ouGpFVuJpSsVoOvTZKPh/j4zeP55bG3/iEV5Cy9RgOTA3kuQw+nGprOq4JcawBSGAaQLJZk=
x-amz-request-id: HCGD1X62FT9F3HR8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 223604
x-served-by: cache-iad-kiad7000091-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1668123838.043859,VS0,VE1
vary: Accept
content-length: 93548
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/311187170/medium/f1738fc64bb70f699317.jpg
151.101.86.132200 OK 72 kB URL HTTP/2 static.pxlecdn.com/photos/311187170/medium/f1738fc64bb70f699317.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x563, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c1079e3d4f8cdc2d9f34917b83e8d502
a1ef36436d60fa2f5bb9e6fd703c4f84276a501f
61952f4927d6e758581278f035474c1c02f85dbee9eb4c74713fad4bb1fde5cc
GET /photos/311187170/medium/f1738fc64bb70f699317.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "YBGq6XtD4nYu5b2lC6w30kP0GIB+muFNK4hr4AX50LI"
fastly-io-info: ifsz=101016 idim=450x563 ifmt=jpeg ofsz=72120 odim=450x563 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: 8ZD4gOs/NHZnSF+fBhHwtv44pEFtjMNrGrWqJ7gnZ5m2e0S6RRXZlwGqhqEI6694Vx2kkqqm3Bo=
x-amz-request-id: 5881NR391MQXWNBW
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 523182
x-served-by: cache-iad-kcgs7200070-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 9, 1
x-timer: S1668123838.043802,VS0,VE2
vary: Accept
content-length: 72120
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/341728854/medium/f7f4d6f7ae8b2a667bbb.jpg
151.101.86.132200 OK 36 kB URL HTTP/2 static.pxlecdn.com/photos/341728854/medium/f7f4d6f7ae8b2a667bbb.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x338, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ba5ba3c66ccad9da400e4029c76ff13d
45dc05b66e6b962a22c0ecb48bb600bc07c62d00
0bbe0c6f13cdee7580d2564adc47b8e82ddd23859a20adbd2e5a5b38037139ae
GET /photos/341728854/medium/f7f4d6f7ae8b2a667bbb.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "1YWWCIP3KRkjSK5Zi9iuwUvmkNr0w7q8hezTra11Fz8"
fastly-io-info: ifsz=52350 idim=450x338 ifmt=jpeg ofsz=36470 odim=450x338 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: Q7+Li8vjeCsD3kDQ7ulKXMVZSChYTbOQEvG3FspOvaYoUhXFD3lqPZHzZ4d2gjp8kRSWBGM8lc0=
x-amz-request-id: 5GKW9JP17B4EP17C
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 1794778
x-served-by: cache-iad-kjyo7100047-IAD, cache-bma1631-BMA
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1668123838.048322,VS0,VE2
vary: Accept
content-length: 36470
X-Firefox-Spdy: h2
assets3.pxlecdn.com/assets/embed/glyph/mag-3e8e45d2c2bf5a28dcdc11b188b5ed0cd3f8a4f72a6db395a16929d73b639185.png
151.101.86.132200 OK 1.0 kB URL HTTP/2 assets3.pxlecdn.com/assets/embed/glyph/mag-3e8e45d2c2bf5a28dcdc11b188b5ed0cd3f8a4f72a6db395a16929d73b639185.png
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 539784d7e981f72da4dd05a5731cae5f
21285f21908d4717f6c9d1eb4e59cb57ff0d0c53
d9519c4df6b35d424a6c4726f2c5db5dc2f5e370f0b5ef36785d2774ea270c45
GET /assets/embed/glyph/mag-3e8e45d2c2bf5a28dcdc11b188b5ed0cd3f8a4f72a6db395a16929d73b639185.png HTTP/1.1
Host: assets3.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://assets0.pxlecdn.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "bgg5cB0w+qGuhfT0UCjdoiju+fS9RPYo95NjNMr5mdI"
expires: Fri, 22 Nov 2019 12:40:42 GMT
fastly-io-info: ifsz=1491 idim=40x40 ifmt=png ofsz=1006 odim=40x40 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: UQnp4szAVLmPTRlCpremU1RyZyFBB4RLZkEgB/9fZEgHFeA53hMPIet65vdZsEyAc0FQ7ym+quJA/Oj5qsgH6Q==
x-amz-request-id: WD4X250BPPYM2N8B
x-amz-version-id: null
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 12756
x-served-by: cache-iad-kiad7000125-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 338, 35
x-timer: S1668123838.058634,VS0,VE0
vary: Accept
content-length: 1006
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/341515741/medium/91fa098621b1b6dd143d.jpg
151.101.86.132200 OK 78 kB URL HTTP/2 static.pxlecdn.com/photos/341515741/medium/91fa098621b1b6dd143d.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x527, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 9d310a0b158c3ff10f8ee7771e9df430
05b9fd62660d88af71095c08448fa0557e5ddb9a
70f0a95f53c1739dca8a4752224a7a5422848bb953097cbb9bb0663746879630
GET /photos/341515741/medium/91fa098621b1b6dd143d.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "OWJnsxzYhnC9xXcUDCg4M6Vak+ANvDLGGcEVLfnm0l8"
fastly-io-info: ifsz=108566 idim=450x527 ifmt=jpeg ofsz=78220 odim=450x527 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: /jHXxI06i8Y/Rhyaj0waW66mD4a/EKVQlVZcuBylfr6tSkV9Fao1T/YEFsKskU9j8aWvjGQjPKo=
x-amz-request-id: SD94SWSV9ZKHMRJ2
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 1794777
x-served-by: cache-iad-kiad7000130-IAD, cache-bma1631-BMA
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1668123838.053771,VS0,VE11
vary: Accept
content-length: 78220
X-Firefox-Spdy: h2
assets.pxlecdn.com/pixlee_fonts/pixlee_icons.woff2
151.101.86.132200 OK 28 kB URL HTTP/2 assets.pxlecdn.com/pixlee_fonts/pixlee_icons.woff2
IP 151.101.86.132:0
File type Web Open Font Format (Version 2), TrueType, length 27864, version 1.0\012- data
Hash ea433f957559f17c616d2c4407b73aa5
823fce1256ae35603bf416b89df3d65e5f49b983
88338984462396e255d75f78415c718f6a5c886e1cda14b0e0f31c719221d63f
GET /pixlee_fonts/pixlee_icons.woff2 HTTP/1.1
Host: assets.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://photos.pixlee.co/
Origin: https://photos.pixlee.co
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-amz-id-2: E5CqAApLzKam1vSC0JeAD6dM33Ytp4mD1gaSWC5TFHKYv7HVR0u37IhIf4H3GZL4RVeC7MLPrLs=
x-amz-request-id: QGN2FCPCF2YR48MP
last-modified: Wed, 06 Oct 2021 21:30:30 GMT
etag: "ea433f957559f17c616d2c4407b73aa5"
x-amz-version-id: null
content-type: binary/octet-stream
server: AmazonS3
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 12756
x-served-by: cache-iad-kjyo7100122-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 77, 22
x-timer: S1668123838.077055,VS0,VE0
content-length: 27864
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash aea91bd3bba16f8bb8612f166decdb41
e970831535aaf00ea19af4ee20fa4cae6a9e5ab9
8be3599fbe20711e8405cec1f9516e44109b58bfb253ebf64a921dffe4505c42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c
151.101.85.182307 Temporary Redirect 63 B URL HTTP/2 static.triptease.io/paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c
IP 151.101.85.182:0
File type ASCII text, with no line terminators
Hash eeecb5627b88a80dfc278cf2b4a06549
d1c8f2b9c82339977619b069d4f8658d59efccbf
0b84fb963f2bc0d75ccd25740888b1429395598e024d3e8d1b6326333c332213
GET /paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c HTTP/1.1
Host: static.triptease.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/plain;charset=UTF-8
location: https://onboard.triptease.io/bootstrap/v5879.63954/bootstrap.js
access-control-allow-origin: *
cache-control: public, max-age=600
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2Y%2BSOC6HEkvosYuIn6KoGaNdmT6dKgynIuEb3TTnS%2BS%2B1sgTg4cTKX5RWnS54SMjkaoVVwh%2FsPPUt%2BfuOGaDPFwrxqR%2BvNt49lxsTktIJYCrNYqBioT%2BqzlFKHQj6B%2FDnBz4M5fuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7682a7437d6b16b3-DME
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
via: 1.1 varnish
x-served-by: cache-bma1659-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1668123838.888574,VS0,VE224
vary: Accept-Encoding
strict-transport-security: max-age=31557600
backend-url: /paperboy/KoP8XXWYLW.js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c
pseudo-device-id: ce3678a60bdd9475e11059d534cb5581793d88c2fea0c3958c03837f5a2b18f6
pseudo-session-id: 3422e73484dc258899f9d2c47f9d208b6a9f951e9b385ee322c0d21d0d2060d7
surrogate-key-debug: paperboy paperboy-KoP8XXWYLW paperboy-js?hotelKey=b46e2da70190d88425348ffad2967bf112aa252c
content-length: 63
X-Firefox-Spdy: h2
distillery.pixlee.co/getJSON?api_key=ikJ8N5McrbJpLWPfNbzu&updated_at=2022-11-07T18:56:26.272Z&page=2&filter_id=2326898&unique_id=16&per_page=9&sortType=
151.101.86.132200 OK 8.5 kB URL HTTP/2 distillery.pixlee.co/getJSON?api_key=ikJ8N5McrbJpLWPfNbzu&updated_at=2022-11-07T18:56:26.272Z&page=2&filter_id=2326898&unique_id=16&per_page=9&sortType=
IP 151.101.86.132:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (40746), with no line terminators
Hash c768c41d600534e45c51053b13a11bc2
3aee9f7d649c1a44748540a642a63e4404c3ee45
898e7d8bd0a4e48f2c336bc1c2b0276612768ef92ade0da410df48d8d17cd4aa
GET /getJSON?api_key=ikJ8N5McrbJpLWPfNbzu&updated_at=2022-11-07T18:56:26.272Z&page=2&filter_id=2326898&unique_id=16&per_page=9&sortType= HTTP/1.1
Host: distillery.pixlee.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Origin: https://photos.pixlee.co
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
server: Cowboy
etag: 1622-1358899991
expires: 300
cache-control: max-age=300, smax-age=300
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'self'
access-control-allow-origin: https://photos.pixlee.co
access-control-allow-credentials: true
x-permitted-cross-domain-policies: master-only
content-type: application/json
via: 1.1 vegur, 1.1 varnish, 1.1 varnish
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 231
x-served-by: cache-iad-kcgs7200167-IAD, cache-bma1678-BMA
x-cache: HIT, MISS
x-cache-hits: 6, 0
x-timer: S1668123838.093366,VS0,VE91
vary: Origin, Accept-Encoding
true-client-ip: 91.90.42.154
strict-transport-security: max-age=31557600
content-length: 8499
X-Firefox-Spdy: h2
analytics.tiktok.com/api/v2/pixel
23.36.79.32200 OK 0 B URL HTTP/2 analytics.tiktok.com/api/v2/pixel
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/pixel HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 778
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Cookie: _ttp=2HNS21jxW5PPayAKoiu0SruKFtQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/octet-stream
content-length: 0
access-control-allow-origin: *
x-tt-logid: 20221110234358D4B6692A562BC9531287
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60459c918a449af51d55daa38da0f8465beeebfaa23e7c4f229401f6382b9710dd3ca6ec829d3afe04d57f72be83b7dfe78688817ef23a4794e50437792edd618f
expires: Thu, 10 Nov 2022 23:43:58 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 10 Nov 2022 23:43:58 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: inner; dur=126, cdn-cache; desc=MISS, edge; dur=4, origin; dur=226
x-origin-response-time: 226,23.36.79.28
x-akamai-request-id: 12872770
X-Firefox-Spdy: h2
bat.bing.com/bat.js
204.79.197.200200 OK 11 kB IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (39007), with no line terminators
Hash 22e2e3226eb5ada04929a2e43307eeda
04615fa88f80567974bdeb0f103ca5909746ebd7
41feebdfb0b03cd7fee2eb886adef6f3f1f85d3f14215e9a388d2a50e42efb9b
GET /bat.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,max-age=1800
content-length: 11421
content-type: application/javascript
content-encoding: gzip
last-modified: Wed, 09 Nov 2022 21:23:50 GMT
accept-ranges: bytes
etag: "077538f81f4d81:0"
vary: Accept-Encoding
set-cookie: MUID=3AEC3584791C69D7286A27DC784B68D8; domain=.bing.com; expires=Tue, 05-Dec-2023 23:43:58 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 036103260430480CAE82AEA6053BB8CE Ref B: OSL30EDGE0309 Ref C: 2022-11-10T23:43:58Z
date: Thu, 10 Nov 2022 23:43:57 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f5cad36d280e6ebd32df3b31e0a0c95a
10bb233d916a3fe69ae2e3fccda13ed845e57d0d
18671a1823325ab372be504e3c31f46cdd26bc076010599a0fe02daa57924a49
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1666
Cache-Control: max-age=112503
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Etag: "636c9ab3-117"
Expires: Sat, 12 Nov 2022 06:59:01 GMT
Last-Modified: Thu, 10 Nov 2022 06:31:15 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7c89768eee117880b59f8644d2138e52
49a829a38293c8f1eb86dbbccc82017f1d5d86bb
c512960cca090441f3c7e9ffea25448965eb4068d1506b8afa6d391b3c3a07be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash c82a0ca73b87be586db34cf7d2c8ef00
f5d2a118f3bb8f950ef92ede3cdad188265a8474
6444a77f5ca874db87f8a49e7736a004657e7028d6e53a8ced5c90996cd36dad
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 10 Nov 2022 23:43:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 10 Nov 2022 23:28:27 GMT
Expires: Fri, 11 Nov 2022 23:28:27 GMT
ETag: "f5d2a118f3bb8f950ef92ede3cdad188265a8474"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
bat.bing.com/action/0?ti=5151589&Ver=2&mid=674b0cc0-4bca-4d5c-a917-3ee0f4f914cd&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=<=444&evt=pageLoad&ifm=1&sv=1&rn=964641
204.79.197.200204 No Content 0 B URL HTTP/2 bat.bing.com/action/0?ti=5151589&Ver=2&mid=674b0cc0-4bca-4d5c-a917-3ee0f4f914cd&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=<=444&evt=pageLoad&ifm=1&sv=1&rn=964641
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /action/0?ti=5151589&Ver=2&mid=674b0cc0-4bca-4d5c-a917-3ee0f4f914cd&msclkid=N&pi=0&lg=en-US&sw=1280&sh=1024&sc=24&p=https%3A%2F%2Fadservice.google.com%2F&r=<=444&evt=pageLoad&ifm=1&sv=1&rn=964641 HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=204D8AF975E467B01C8098A174B3669C; domain=.bing.com; expires=Tue, 05-Dec-2023 23:43:58 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8288085BBCC240569AAD366693479526 Ref B: OSL30EDGE0309 Ref C: 2022-11-10T23:43:58Z
date: Thu, 10 Nov 2022 23:43:57 GMT
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/viewthroughconversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=voxtY-K7Cpau6gS9myI&sscte=1&crd=
216.58.207.194302 Found 42 B URL HTTP/2 googleads.g.doubleclick.net/pagead/viewthroughconversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=voxtY-K7Cpau6gS9myI&sscte=1&crd=
IP 216.58.207.194:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/viewthroughconversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=voxtY-K7Cpau6gS9myI&sscte=1&crd= HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://www.google.com/pagead/1p-conversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=voxtY-K7Cpau6gS9myI&random=3352696213&resp=GooglemKTybQhCsO
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 10-Nov-2022 23:58:58 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cs.yieldoptimizer.com/cs/c?a=3000&cpid=3586&
35.186.212.60200 OK 43 B URL HTTP/2 cs.yieldoptimizer.com/cs/c?a=3000&cpid=3586&
IP 35.186.212.60:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /cs/c?a=3000&cpid=3586& HTTP/1.1
Host: cs.yieldoptimizer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: Apache-Coyote/1.1
cache-control: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: CP="NON DSP COR TAIo PSAo PSDo HISo OUR BUS UNI INT DEM OTC"
set-cookie: ph=%7B%22p%22%3A%5B%5D%2C%22t%22%3A%5B%5D%7D; Domain=yieldoptimizer.com; Expires=Fri, 10-Nov-2023 23:43:58 GMT; Path=/; Secure; SameSite=None
fbh0=%7B%7D; Domain=yieldoptimizer.com; Expires=Fri, 10-Nov-2023 23:43:58 GMT; Path=/; Secure; SameSite=None
dph=%7B%22t%22%3A%5B%5D%2C%22dp%22%3A%5B%5D%7D; Domain=yieldoptimizer.com; Expires=Fri, 10-Nov-2023 23:43:58 GMT; Path=/; Secure; SameSite=None
gcma=%7B%22t%22%3A0%2C%22o%22%3Afalse%7D; Domain=yieldoptimizer.com; Expires=Fri, 10-Nov-2023 23:43:58 GMT; Path=/; Secure
rmxc=%7B%22t%22%3A0%2C%22e%22%3A%22%22%2C%22i%22%3Afalse%7D; Domain=yieldoptimizer.com; Expires=Fri, 10-Nov-2023 23:43:58 GMT; Path=/; Secure
pragma: no-cache
content-type: image/gif
content-length: 43
date: Thu, 10 Nov 2022 23:43:58 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7c89768eee117880b59f8644d2138e52
49a829a38293c8f1eb86dbbccc82017f1d5d86bb
c512960cca090441f3c7e9ffea25448965eb4068d1506b8afa6d391b3c3a07be
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash 5e64d1299b32fce2bce8b69da5b02229
5eabd9bea3db3dc9cc479e6243768822669d2add
d3e312fda19d5392ac37745dd1b4e6f52f132afeb8ad74117b10dc64c5f1d87e
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 10 Nov 2022 23:43:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 10 Nov 2022 19:42:08 GMT
Expires: Fri, 11 Nov 2022 19:42:08 GMT
ETag: "5eabd9bea3db3dc9cc479e6243768822669d2add"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
analytics.tiktok.com/i18n/pixel/identify.js
23.36.79.32200 OK 66 kB URL HTTP/2 analytics.tiktok.com/i18n/pixel/identify.js
IP 23.36.79.32:0
ASN #20940 Akamai International B.V.
Hash 4b3e41171892095de0e52fd22c645a6b
45adab8fce3330346f6f85e7488bca4846f5cdc3
0823d3934534201eb2b3da0719bb0fa30cd06cb5d78a77688470ded418701e19
GET /i18n/pixel/identify.js HTTP/1.1
Host: analytics.tiktok.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=UTF-8
x-tt-logid: 2022111023435706B68FB51D38D1519648
x-tt-trace-host: 016eabbbec2a80a817c88fdee8d986cf60d78171413f71ac7f621bddf9de079e3dfbe8655c9df84b1af1fddcf1928c73cb45a0d7b3ff63c5c5dc02efec7700cde51011cfa3f4245c5adcf71539c67917ad156b0295ccd1e6ade7f42ac4d6f412d8
content-encoding: gzip
x-origin-response-time: 6,23.36.66.28
x-akamai-request-id: 1ce7be94.12872526
expires: Thu, 10 Nov 2022 23:43:57 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 10 Nov 2022 23:43:57 GMT
x-cache: TCP_MISS from a23-36-79-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
vary: Accept-Encoding
x-cache-remote: TCP_MISS from a23-36-66-28.deploy.akamaitechnologies.com (AkamaiGHost/10.10.1-44825277) (-)
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
server-timing: cdn-cache; desc=MISS, edge; dur=98, origin; dur=6, inner; dur=3
x-parent-response-time: 104,23.36.79.28
X-Firefox-Spdy: h2
onboard.triptease.io/bootstrap/v5879.63954/bootstrap.js
172.64.139.11200 OK 116 kB URL HTTP/2 onboard.triptease.io/bootstrap/v5879.63954/bootstrap.js
IP 172.64.139.11:0
File type ASCII text, with very long lines (42898)
Size 116 kB (116507 bytes)
Hash bd6135d78b1181ae3c7886738a6f6988
24b2549bd0a969489bc93f50cc35f699bdf8872f
aefc64fe7543fc14f01437fb3e10b40f68ce6c8657e5358860ea84040f37cf53
GET /bootstrap/v5879.63954/bootstrap.js HTTP/1.1
Host: onboard.triptease.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:58 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 7682a7454c127779-LHR
access-control-allow-origin: *
age: 42293
cache-control: public, max-age=31536000
etag: W/"33be472626ce29b32c873e6874912eaa"
expires: Fri, 10 Nov 2023 11:59:05 GMT
last-modified: Thu, 10 Nov 2022 11:52:23 GMT
strict-transport-security: max-age=15552000
vary: Accept-Encoding
cf-cache-status: HIT
access-control-expose-headers: Content-Type
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-goog-generation: 1668081143081332
x-goog-hash: crc32c=t9CZMg==, md5=M75HJibOKbMshz5odJEuqg==
x-goog-meta-build-version: 5879.63954
x-goog-meta-git-hash: 7b886a76c54118f2d52a41666b146e8930a849ee
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 102038
x-guploader-uploadid: ADPycdvkCsbgd4LFhL2ytzME5RapAD44yqGGjjMM6qYUN-O9CNVyYVTu-zeRh9UhYD2ZCx2ugHq4a-hZLXJwuTomSysO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0sXbLOnbe%2BZ94FEH6BkQ6pvYPbARPYdMGJvxR3kdtG306MEojxDpyfMJPEZlApO0K9J%2FAI39E2BVpER78g9VbJsnxqESYckPstIxnVJ%2FJvZDK8J4ILT9aa5iw5nPBvggi91nSohx7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 006bc2d8ab25bb41f907cbf7aae72496
edfa83f56f1c0e75d1785b84b1ac749c4460787e
b31c79d23217ebe327b55bea3133ebf472781ee7101df47de0f87019e182fa0b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.pxlecdn.com/photos/456867356/medium/1dced4e6fbd68ec3d6a9.jpg
151.101.86.132200 OK 82 kB URL HTTP/2 static.pxlecdn.com/photos/456867356/medium/1dced4e6fbd68ec3d6a9.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x533, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6465f83794f96bd6c777ab56ecd7d326
3ce5ab6d4880824a8f88045e5f1fbd806aa9b64b
6f1f009d768553d3accc4296a0c73cd21c400ceb9cd6a3b89d2ee05fae37e3ae
GET /photos/456867356/medium/1dced4e6fbd68ec3d6a9.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "ztv6TJe07OMLFlU4A0zT7L9Z48n20BIq6sccLm/QE/4"
fastly-io-info: ifsz=109066 idim=450x533 ifmt=jpeg ofsz=81490 odim=450x533 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: vF4wIT86n4z23Ik//NF6WGCLvzPJQfnT6kHvD4FiVz1yMBqqQqZAkjFRtO+ZuAYounUO/Dm/ce0=
x-amz-request-id: 15ZQ2JAE4GMNHQC7
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 523108
x-served-by: cache-iad-kjyo7100152-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 3, 1
x-timer: S1668123838.342820,VS0,VE2
vary: Accept
content-length: 81490
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/372897397/medium/da9d55073cec77cc31b0.jpg
151.101.86.132200 OK 76 kB URL HTTP/2 static.pxlecdn.com/photos/372897397/medium/da9d55073cec77cc31b0.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x562, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash c53e4225c7a801888ec372ba5ee02b4b
d67ed9411d19442b490e3a2f76c3b813747861d7
cba8c1036127e9bf65188a3992ab83b5c9e4442f81f35a59e153b3d9ec36a2e8
GET /photos/372897397/medium/da9d55073cec77cc31b0.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "3Eto6P1NXvXNH3tLL6n89SaXLj00ps5OgWA8NfvEitY"
fastly-io-info: ifsz=104346 idim=450x562 ifmt=jpeg ofsz=75668 odim=450x562 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: zqhNus4ODk+EgmoDa9Y4KpiN5y3zO5+S5rBRUKpVYgqjk8KHX8hUPfZ8s7AU46lEy4FgWPeDIAM=
x-amz-request-id: NNM65674K6ZWPJZ8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 46715
x-served-by: cache-iad-kiad7000147-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 6, 1
x-timer: S1668123838.352522,VS0,VE1
vary: Accept
content-length: 75668
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/341526222/medium/eaee56e98d2cbf277403.jpg
151.101.86.132200 OK 71 kB URL HTTP/2 static.pxlecdn.com/photos/341526222/medium/eaee56e98d2cbf277403.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x450, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1925a89d2c7355a15e910d3a9af54b9b
3f4ff9f5a9b10f7927fffa6597a6c2f036671b70
8756c1e64be91403d57eace863b8aeec24be7478213808615caf86d35df9bde8
GET /photos/341526222/medium/eaee56e98d2cbf277403.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "GX1fyndr5V8Gs+km7qDlWotw3GsNNooHCXo6kClzEnY"
fastly-io-info: ifsz=93670 idim=450x450 ifmt=jpeg ofsz=70706 odim=450x450 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: xuFhRSGq2wviKddvMNMSJPNHJSesBjSWBhgFOV/BbfWHzzQu7APj+J1W+HOX9oVUivzqErKTkbE=
x-amz-request-id: G74VV8TPQWAGYPC8
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 1772736
x-served-by: cache-iad-kcgs7200168-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 12, 1
x-timer: S1668123838.356431,VS0,VE2
vary: Accept
content-length: 70706
X-Firefox-Spdy: h2
112.xg4ken.com/media/redir.php?track=1&token=d9b93881-47b5-4e55-aab8-2704bbb4339c&type=pageview&val=0.0&orderId=&promoCode=&valueCurrency=USD&GCID=&kw=&product=
52.212.17.249200 OK 44 B URL HTTP/2 112.xg4ken.com/media/redir.php?track=1&token=d9b93881-47b5-4e55-aab8-2704bbb4339c&type=pageview&val=0.0&orderId=&promoCode=&valueCurrency=USD&GCID=&kw=&product=
IP 52.212.17.249:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b798f4ce7359fd815df4bdf76503b295
f8cc6addf1707ad236ad9970b0a48f9733d07da5
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
GET /media/redir.php?track=1&token=d9b93881-47b5-4e55-aab8-2704bbb4339c&type=pageview&val=0.0&orderId=&promoCode=&valueCurrency=USD&GCID=&kw=&product= HTTP/1.1
Host: 112.xg4ken.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:58 GMT
content-type: image/gif
content-length: 44
x-debug-kenshoo-server: ip-10-174-92-125
cache-control: no-cache, no-transform
p3p: policyref="http://www.xg4ken.com/w3c/p3p.xml", CP="ADMa DEVa OUR IND DSP NON LAW"
X-Firefox-Spdy: h2
bat.bing.com/p/action/5151589.js
204.79.197.200200 OK 1.4 kB URL HTTP/2 bat.bing.com/p/action/5151589.js
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with CRLF line terminators
Hash d6f5e70db9db3d60f4209882f9ee7f48
befaeda59019b71326c43942149dab15c2cd541e
e06fe29367ac512885c2198686dd39d184c63926e17b55e13fd300759b5aae25
GET /p/action/5151589.js HTTP/1.1
Host: bat.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private,max-age=60
content-length: 1421
content-type: application/javascript; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
set-cookie: MUID=2656123CAF4B6406116C0064AE1C6564; domain=.bing.com; expires=Tue, 05-Dec-2023 23:43:58 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5D5BB216B5C741958212F17C0E6AFD50 Ref B: OSL30EDGE0309 Ref C: 2022-11-10T23:43:58Z
date: Thu, 10 Nov 2022 23:43:57 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f5cad36d280e6ebd32df3b31e0a0c95a
10bb233d916a3fe69ae2e3fccda13ed845e57d0d
18671a1823325ab372be504e3c31f46cdd26bc076010599a0fe02daa57924a49
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1666
Cache-Control: max-age=112503
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Etag: "636c9ab3-117"
Expires: Sat, 12 Nov 2022 06:59:01 GMT
Last-Modified: Thu, 10 Nov 2022 06:31:15 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
static.pxlecdn.com/photos/519945161/medium/6b34ce952f9a32be164c.jpg
151.101.86.132200 OK 83 kB URL HTTP/2 static.pxlecdn.com/photos/519945161/medium/6b34ce952f9a32be164c.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x561, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b777ac79fe327e8ef77f9b79c15f1e72
f3f3c19d09a4dd64e07f8218f775731e88763f29
98b716b819cf41f1fbc1771e92122c768765c933c2cfa5b9d3a7b1e8ea92f66f
GET /photos/519945161/medium/6b34ce952f9a32be164c.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "neMDt1tsklLVJdguvfHghIKvDEmNXO2+Qt8czmqsuPc"
fastly-io-info: ifsz=108919 idim=450x561 ifmt=jpeg ofsz=82772 odim=450x561 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: RuLdZbVpd+iqmZCktee9e2GFu+pTGutBMZIGp1iuPv0qcPvVDo4AN9EDI1S1Zs4dRP8igL8fiNo=
x-amz-request-id: JN3A3D93ADBBQRD7
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 2058922
x-served-by: cache-iad-kcgs7200074-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 1, 1
x-timer: S1668123838.361450,VS0,VE1
vary: Accept
content-length: 82772
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/366454193/medium/def4c268917ad19fa233.jpg
151.101.86.132200 OK 85 kB URL HTTP/2 static.pxlecdn.com/photos/366454193/medium/def4c268917ad19fa233.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x450, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash f719efdbbbb222b817cf42db08fdea23
4581336a9ebd49952b937de810a2fa096f43a08f
60a14cb1c758a4e9ef03a90241d8e7fd82f8140e6223a0dda90b08b63ef1b5e6
GET /photos/366454193/medium/def4c268917ad19fa233.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "fB5c+wv75TrMjxdc9IMNvunGZp9GoINHrOYxHDqNolI"
fastly-io-info: ifsz=108088 idim=450x450 ifmt=jpeg ofsz=84964 odim=450x450 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: Mafsg177sH4dXMLNaA84dSsVOOew9iXJcIFHDm74/teIY1E9PdH0WHz5H4Z/UHsoTAj24b4PB7o=
x-amz-request-id: Y1DGFN4HE6A59K1Z
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 1459301
x-served-by: cache-iad-kiad7000108-IAD, cache-bma1631-BMA
x-cache: MISS, HIT
x-cache-hits: 0, 1
x-timer: S1668123838.375972,VS0,VE2
vary: Accept
content-length: 84964
X-Firefox-Spdy: h2
b.videoamp.com/d2/5accefe2-3b52-11ec-9653-f74770577853/2534/impression?dnt=false&vpxid=2534&bwb=35&cevt=LANDING_PAGE
23.23.175.40200 OK 42 B URL HTTP/2 b.videoamp.com/d2/5accefe2-3b52-11ec-9653-f74770577853/2534/impression?dnt=false&vpxid=2534&bwb=35&cevt=LANDING_PAGE
IP 23.23.175.40:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /d2/5accefe2-3b52-11ec-9653-f74770577853/2534/impression?dnt=false&vpxid=2534&bwb=35&cevt=LANDING_PAGE HTTP/1.1
Host: b.videoamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:58 GMT
content-type: image/gif
content-length: 42
server: Beacon Server
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
set-cookie: vampid=93dd697f-8e6d-4b65-95f0-bcaaa5540eea; expires=Fri, 10 Nov 2023 23:43:57 GMT; domain=.videoamp.com; path=/; SameSite=None
X-Firefox-Spdy: h2
static.pxlecdn.com/photos/457299972/medium/9ca4a194546efa984945.jpg
151.101.86.132200 OK 101 kB URL HTTP/2 static.pxlecdn.com/photos/457299972/medium/9ca4a194546efa984945.jpg
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x563, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size 101 kB (100722 bytes)
Hash 88cc651e9473f6e3e29f7b26c5a15f36
c3aab457cfe80ec4c9b06e6026535daa8f503f59
82776595e92b3e011b72a3d7a36a145cef5c39b536c1f0049143d7c2b9556c16
GET /photos/457299972/medium/9ca4a194546efa984945.jpg HTTP/1.1
Host: static.pxlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://photos.pixlee.co/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: image/webp
etag: "WS+QRar0OJBkDPB7K+WXytTvIFRpoEr2oW9CnqsZ/3o"
fastly-io-info: ifsz=131439 idim=450x563 ifmt=jpeg ofsz=100722 odim=450x563 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: XBGolSv6LJQm5ZsQd+TIT8bPIszDflWl7M/Ouuu/fSTvG8DQ658Xgi1Z98no1cdgCYT0JdMDUF0=
x-amz-request-id: TTH4T7SMM6XZA2BR
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 523108
x-served-by: cache-iad-kjyo7100113-IAD, cache-bma1631-BMA
x-cache: HIT, HIT
x-cache-hits: 3, 1
x-timer: S1668123838.411508,VS0,VE2
vary: Accept
content-length: 100722
X-Firefox-Spdy: h2
www.google.com/pagead/1p-conversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=voxtY-K7Cpau6gS9myI&random=3352696213&resp=GooglemKTybQhCsO
142.250.74.164302 Found 42 B URL HTTP/2 www.google.com/pagead/1p-conversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=voxtY-K7Cpau6gS9myI&random=3352696213&resp=GooglemKTybQhCsO
IP 142.250.74.164:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=voxtY-K7Cpau6gS9myI&random=3352696213&resp=GooglemKTybQhCsO HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5258867.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=voxtY-K7Cpau6gS9myI&random=3352696213&resp=GooglemKTybQhCsO&ipr=y&prhg=0
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash c82a0ca73b87be586db34cf7d2c8ef00
f5d2a118f3bb8f950ef92ede3cdad188265a8474
6444a77f5ca874db87f8a49e7736a004657e7028d6e53a8ced5c90996cd36dad
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 10 Nov 2022 23:43:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 10 Nov 2022 23:28:27 GMT
Expires: Fri, 11 Nov 2022 23:28:27 GMT
ETag: "f5d2a118f3bb8f950ef92ede3cdad188265a8474"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
www.google.com/pagead/1p-conversion/985659074/?random=1668123832918&cv=11&fst=1668123832918&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=sNI-CP2woJEBEMLt_9UD&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&tiba=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&value=0&bttype=purchase&auid=1995027409.1668123833&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
142.250.74.164302 Found 63 B URL HTTP/2 www.google.com/pagead/1p-conversion/985659074/?random=1668123832918&cv=11&fst=1668123832918&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=sNI-CP2woJEBEMLt_9UD&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&tiba=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&value=0&bttype=purchase&auid=1995027409.1668123833&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4
IP 142.250.74.164:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/985659074/?random=1668123832918&cv=11&fst=1668123832918&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=sNI-CP2woJEBEMLt_9UD&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&tiba=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&value=0&bttype=purchase&auid=1995027409.1668123833&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
location: https://www.google.no/pagead/1p-conversion/985659074/?random=1668123832918&cv=11&fst=1668123832918&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=sNI-CP2woJEBEMLt_9UD&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&tiba=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&value=0&bttype=purchase&auid=1995027409.1668123833&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3d17c7f30f0e4c98aa1c36876e9fdf9f
a49862d9612337b780dc915d28f8e5a755ebab02
712a948567d0ddf111e5ee0a6dc846c9646f94dda75d10277039b0b3221093ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 992
Cache-Control: max-age=161851
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Etag: "636d5e19-1d7"
Expires: Sat, 12 Nov 2022 20:41:29 GMT
Last-Modified: Thu, 10 Nov 2022 20:24:57 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7afacd2cd53df99eecc84a193728e36b
2ad25eeb2df94f7839b6d603b67408f3fab12569
57e989cfa39a8cd59bb594a2713557ddf88021f8febd38a41c7fe6b076e223c0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6461
Cache-Control: max-age=128421
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Etag: "636cc626-1d7"
Expires: Sat, 12 Nov 2022 11:24:19 GMT
Last-Modified: Thu, 10 Nov 2022 09:36:38 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 10 Nov 2022 22:41:09 GMT
expires: Fri, 11 Nov 2022 00:41:09 GMT
cache-control: public, max-age=7200
age: 3769
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
assets.pixlee.com/images/logo.png
151.101.86.132200 OK 12 kB URL HTTP/2 assets.pixlee.com/images/logo.png
IP 151.101.86.132:0
File type RIFF (little-endian) data, Web/P image\012- data
Hash 916b09b0d0a9c6bdc1b6ccb274229f84
f6a578a6cbeb8b029cfa75f88f994555bb5771ef
e93f5333daac0ab2fc142035e316295858c94e373cea2c2b1bfee531f809278f
GET /images/logo.png HTTP/1.1
Host: assets.pixlee.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/webp
etag: "FRgFAwWNmoAAQic1oBJbh4HYqp3yQixaw8juwGraDvM"
fastly-io-info: ifsz=23512 idim=200x200 ifmt=png ofsz=11480 odim=200x200 ofmt=webp
fastly-stats: io=1
server: AmazonS3
x-amz-id-2: BEVlLxcr+6KSi2t71w4YExg2D2CujhMHBZbfjz6E4e/oMEEZcL0GzuHo5hr66rlzGUEA1zF3rDs=
x-amz-request-id: YVE35DZWJ67QN089
x-amz-version-id: null
via: 1.1 varnish, 1.1 varnish
cache-control: max-age=26280000,s-maxage=2628000,immutable
access-control-allow-origin: *
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:43:58 GMT
age: 12758
x-served-by: cache-iad-kcgs7200154-IAD, cache-bma1683-BMA
x-cache: HIT, HIT
x-cache-hits: 102, 5
x-timer: S1668123839.507947,VS0,VE0
vary: Accept
content-length: 11480
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 6cc99b2b74ebf6c9ade5ceda39375f70
a173fa17944a336ac34b99bc7b6d29cd55af1f1e
676a140411e6ebdfd6e21d0b583df06f78ddd84759ecf38d5bbb8390b4ffb891
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 05bb9af901ca5b651e88fcbe236711f5
18412da7fc2d868fc74bc3e7c44b4add4bbbdef9
9b87e90e4f5356da47fd562f7d06c8fbdef90d011e8c20e5687afbeaf6e7d29b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 0ac10debd3a9ea8147a26d045bb93e6e
ff45f3442508e8695f2303701682ebdb6e016464
5dee7b453b2c72c07ff1d62432493a044507835a8031ea62edf2fa7cc26219b9
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: S2SjElfJlrd7FNes27gEFdaxGTin7kJ2qX0fXWCNCPzrJtjTbncITfDiQf9F32z73JYSxvxTLuOmRJJlY2VstQ==
content-length: 27337
x-fb-trip-id: 1904183273
date: Thu, 10 Nov 2022 23:43:58 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
beacon.sojern.com/pixel/p/74839?f_v=v6_js&p_v=1&vid=hot&cid=
107.178.244.119200 OK 1.1 kB URL HTTP/2 beacon.sojern.com/pixel/p/74839?f_v=v6_js&p_v=1&vid=hot&cid=
IP 107.178.244.119:0
File type ASCII text, with very long lines (401)
Hash 54def936c346b542adf2760d148ee54f
b42919ecdf81d910a9fb80432cfaba7c557f7003
4458ab188fadff15f9c9d8da94ff86f207ff8cf1a5a957559f671f839eaa98a6
GET /pixel/p/74839?f_v=v6_js&p_v=1&vid=hot&cid= HTTP/1.1
Host: beacon.sojern.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
content-type: application/javascript
p3p: policyref="/w3c/p3p.xml", CP="ADMa OUR IND DSP NON LAW"
set-cookie: cid=39d0155a-86a1-eabb-ccdb-6dfe7e5d158e#1668643200000; Path=/; Domain=sojern.com; Max-Age=31536000; Secure; SameSite=None
vary: Accept-Encoding
date: Thu, 10 Nov 2022 23:43:58 GMT
content-length: 1084
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
pubads.g.doubleclick.net/activity;dc_iu=/5349/DFPAudiencePixel;ord=4981471633654.96;dc_seg=733005471?
216.58.211.2200 OK 42 B URL HTTP/2 pubads.g.doubleclick.net/activity;dc_iu=/5349/DFPAudiencePixel;ord=4981471633654.96;dc_seg=733005471?
IP 216.58.211.2:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /activity;dc_iu=/5349/DFPAudiencePixel;ord=4981471633654.96;dc_seg=733005471? HTTP/1.1
Host: pubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 10-Nov-2022 23:58:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s.adroll.com/j/RXAACTFK5RCEDMFHKE4ZQ3/roundtrip.js
54.230.111.98200 OK 17 kB URL HTTP/1.1 s.adroll.com/j/RXAACTFK5RCEDMFHKE4ZQ3/roundtrip.js
IP 54.230.111.98:0
File type ASCII text, with very long lines (1326)
Hash 55f6ee04561706da52efbe9bd7ab9652
8b9a37121d58ad37337448fe3d3137f02d4eb97f
8f5a2cd50ccf19c2f8faea011387453b7f0bcbd49f106dfef9e833befaa28332
GET /j/RXAACTFK5RCEDMFHKE4ZQ3/roundtrip.js HTTP/1.1
Host: s.adroll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Date: Thu, 10 Nov 2022 22:49:49 GMT
Last-Modified: Thu, 10 Nov 2022 19:06:50 GMT
X-Amz-Server-Side-Encryption: AES256
Cache-Control: max-age=3600, must-revalidate
X-Amz-Version-Id: ZCtEHcPTwStU9gOtRXI2MH22FGNNfNWc
Server: AmazonS3
Content-Encoding: gzip
Etag: W/"23bcb0dc2b7af7cd27053268aa795a95"
Vary: Accept-Encoding
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
Age: 3250
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: c60WIqP_FqfINJYjTU0p_J2qVmr1CqxsWZ_9iug0w9Zer6Qz7XrtHQ==
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3d17c7f30f0e4c98aa1c36876e9fdf9f
a49862d9612337b780dc915d28f8e5a755ebab02
712a948567d0ddf111e5ee0a6dc846c9646f94dda75d10277039b0b3221093ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 992
Cache-Control: max-age=161851
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Etag: "636d5e19-1d7"
Expires: Sat, 12 Nov 2022 20:41:29 GMT
Last-Modified: Thu, 10 Nov 2022 20:24:57 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/collect?v=1&_v=j98&a=1342274232&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&ul=en-us&de=UTF-8&dt=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YGBAiEABBAAAAAAAI~&jid=1332273612&gjid=1661326315&cid=1992958717.1668123834&tid=UA-15129230-8&_gid=268449971.1668123834>m=2wgb90TXCSKP&z=542704955
142.250.74.174200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&_v=j98&a=1342274232&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&ul=en-us&de=UTF-8&dt=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YGBAiEABBAAAAAAAI~&jid=1332273612&gjid=1661326315&cid=1992958717.1668123834&tid=UA-15129230-8&_gid=268449971.1668123834>m=2wgb90TXCSKP&z=542704955
IP 142.250.74.174:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&_v=j98&a=1342274232&t=pageview&_s=1&dl=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&ul=en-us&de=UTF-8&dt=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=YGBAiEABBAAAAAAAI~&jid=1332273612&gjid=1661326315&cid=1992958717.1668123834&tid=UA-15129230-8&_gid=268449971.1668123834>m=2wgb90TXCSKP&z=542704955 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 10 Nov 2022 03:42:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 72086
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 7f8e0fc0c21e58c8861535dbc3798992
c58668c0fd5fc1a981917025580f1064eb2c3744
27dc5ed4893e7e608cd11c09bf2d82e80119a994354a80dd8de4644c3333665e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 23:43:58 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 03:43:27 GMT
Expires: Wed, 16 Nov 2022 03:43:26 GMT
Etag: "c58668c0fd5fc1a981917025580f1064eb2c3744"
Cache-Control: max-age=445767,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7682a746ffbeb503-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 7afacd2cd53df99eecc84a193728e36b
2ad25eeb2df94f7839b6d603b67408f3fab12569
57e989cfa39a8cd59bb594a2713557ddf88021f8febd38a41c7fe6b076e223c0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6461
Cache-Control: max-age=128421
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Etag: "636cc626-1d7"
Expires: Sat, 12 Nov 2022 11:24:19 GMT
Last-Modified: Thu, 10 Nov 2022 09:36:38 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
www.cosmopolitanlasvegas.com/favicon.ico
40.112.142.148200 OK 35 kB URL HTTP/1.1 www.cosmopolitanlasvegas.com/favicon.ico
IP 40.112.142.148:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash d5da56a791427e1f70d6974768a7ea19
6394c2332fe4c17bff9d1a2d31e833c95a570526
f345656d3266b6cd029e4b64b4b0e810b6a06151843edb244aef5cd47f981a51
GET /favicon.ico HTTP/1.1
Host: www.cosmopolitanlasvegas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IklSSmNuVU01cUx3ZSt2c3BFc1JwNkE9PSIsInZhbHVlIjoiQUxXQ20wZlliZ1BLWHRab3VGdzZMSXJYUThpUXJIV3lIUW5WejNZRDlpVzFid0ZtSDh2MWRpcHNYdlo2ckZIRCIsIm1hYyI6IjEwMTdmZWY1MzA3NmIzZGI4ODczMzMyZTY0MTJkMzY2NTU3MTI1NWI3YmI2YWY1NmYxODYwOWI4YjBmMzM1ZjUifQ%3D%3D; tcolv_identity_prod2_session=eyJpdiI6InNOcytBUzdkMFVMRW41emtBOXM3V3c9PSIsInZhbHVlIjoicnI1VU9LUnVUeEYyUFAwS1ZoQkdac0UrdFhoSGo2R1NqeTBxYTRtb281N1M0RWo0TlkydVhLakVLMGJXMUlZXC8iLCJtYWMiOiIwYjI4YTk3OGU1OTFiMjA3NGMxZWZlMWFmY2NhMzk4NzU5YWExODNkMTVhMDI1MDExYWY5YWY5ZTZmMDFkNDQxIn0%3D; ARRAffinity=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; ARRAffinitySameSite=3c6025fc34a17cad1512ce646e497b94986c95b8bf10948b07059158f6ab2c44; _gcl_au=1.1.1995027409.1668123833; nmstat=cff5456c-7973-0a2f-9ebf-3929046e444e; _tt_enable_cookie=1; _ttp=bf1a2344-b610-4a7a-85a3-8419861a6770
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Content-Length: 35279
Content-Type: image/x-icon
Date: Thu, 10 Nov 2022 23:43:58 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With,Content-Type
Access-Control-Allow-Methods: POST,GET,OPTIONS,DELETE,PUT,PATCH
Access-Control-Allow-Origin: *
Cache-Control: immutable,max-age=31536000
ETag: "047c587d7d81:0"
Last-Modified: Tue, 04 Oct 2022 00:19:52 GMT
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-conversion/985659074/?random=1668123832918&cv=11&fst=1668123832918&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=sNI-CP2woJEBEMLt_9UD&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&tiba=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&value=0&bttype=purchase&auid=1995027409.1668123833&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
142.250.74.35200 OK 63 B URL HTTP/2 www.google.no/pagead/1p-conversion/985659074/?random=1668123832918&cv=11&fst=1668123832918&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=sNI-CP2woJEBEMLt_9UD&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&tiba=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&value=0&bttype=purchase&auid=1995027409.1668123833&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0
IP 142.250.74.35:0
File type ASCII text, with no line terminators
Hash 0339f8f57d1bf75003db591e28957e45
ae2286e497c9f76a02cb40c40a674b73bd293b76
609cd8e12464fe137cfaa9f1ab6637150d44e105559c901b6df50303fd05aa26
GET /pagead/1p-conversion/985659074/?random=1668123832918&cv=11&fst=1668123832918&bg=ffffff&guid=ON&async=1>m=2wgb90&u_w=1280&u_h=1024&label=sNI-CP2woJEBEMLt_9UD&hn=www.google.com&frm=0&url=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&tiba=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&value=0&bttype=purchase&auid=1995027409.1668123833&gcp=1&sscte=1&ct_cookie_present=1&rfmt=3&fmt=4&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript; charset=UTF-8
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 63
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/pagead/1p-conversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=voxtY-K7Cpau6gS9myI&random=3352696213&resp=GooglemKTybQhCsO&ipr=y&prhg=0
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-conversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=voxtY-K7Cpau6gS9myI&random=3352696213&resp=GooglemKTybQhCsO&ipr=y&prhg=0
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-conversion/1010940168/?random=1373506212&cv=9&fst=1668123834078&num=1&label=_66tCKOrs2MQiPKG4gM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=375603261&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=1&u_tz=0&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=2&url=https%3A%2F%2F5258867.fls.doubleclick.net%2Fddm%2Ffls%2Fr%2Fsrc%3D5258867%3Btype%3Dtcolvge0%3Bcat%3Dendtt00%3Bord%3D1%3Bnum%3D1878982688761%3Bgtm%3D2wgb90%3Bauiddc%3D1995027409.1668123833%3B~oref%3Dhttps%253A%252F%252Fwww.cosmopolitanlasvegas.com%252F&ref=https%3A%2F%2Fadservice.google.com%2F&hn=www.googleadservices.com&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=voxtY-K7Cpau6gS9myI&random=3352696213&resp=GooglemKTybQhCsO&ipr=y&prhg=0 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5258867.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 19 kB IP 142.250.74.35:0
Hash e1b3b4b38760b613f3c4a661277e7008
db511f57cdda1499bb7dde52bbd362883410e63e
2d624289998c6a0808b283ec937dcff976b8728265320920e5c66971e5c58f48
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lptag.liveperson.net/tag/tag.js?site=88246722
178.249.101.23200 OK 7.6 kB URL HTTP/2 lptag.liveperson.net/tag/tag.js?site=88246722
IP 178.249.101.23:0
File type ASCII text, with very long lines (21652), with no line terminators
Hash 6b675640425ec8551a433e26a377d954
7234f02cce1ccb2a4facf2b34b9185cfcf27299d
8c9716f14d2e964be7c93d3d8c28819cb35c529fce6206a79061cda509e05bfd
GET /tag/tag.js?site=88246722 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:58 GMT
content-type: application/javascript
content-length: 7567
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
etag: "5f50a905-1d8f"
content-encoding: gzip
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
cache-control: public, max-age=630
x-content-type-options: nosniff
X-Firefox-Spdy: h2
s.adroll.com/j/exp/RXAACTFK5RCEDMFHKE4ZQ3/index.js
54.230.111.98302 Moved Temporarily 0 B URL HTTP/1.1 s.adroll.com/j/exp/RXAACTFK5RCEDMFHKE4ZQ3/index.js
IP 54.230.111.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /j/exp/RXAACTFK5RCEDMFHKE4ZQ3/index.js HTTP/1.1
Host: s.adroll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Content-Type: application/xml
Content-Length: 0
Connection: keep-alive
Date: Thu, 10 Nov 2022 20:13:37 GMT
Server: AmazonS3
Location: https://s.adroll.com/j/exp/index.js
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
Age: 12621
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Headers: *
X-Cache: Hit from cloudfront
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FUH7UJtvai-zXFu-0GB1RpgU4opI-AYV70PwA4gYkhKdQntwgMcqEA==
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash a33e2695f109c4b3dd90fc9d8175e2be
b488ebfdfe6d0622b0ce127c6536127e73055156
3c59a8fa9707bb9a7691c71a63635500bd3ee7590923a1e018674f5b1b644f4a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.clarity.ms/tag/uet/5151589
13.107.213.53200 OK 1.5 kB URL HTTP/2 www.clarity.ms/tag/uet/5151589
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type ASCII text, with very long lines (1521), with no line terminators
Hash 6c2585f5eb839fbb2ca5c8a81a061a2f
2f8b136fc0bcc529a1e8dd0af1449163d70f90bc
d938f4ca7f775230a3a6c7014c4c3247983e85d0b68b0917c31a02b6e6fe070b
GET /tag/uet/5151589 HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: no-cache, no-store
content-type: application/x-javascript
expires: -1
set-cookie: CLID=803112095341496a9e6c5c83507beef7.20221110.20231110; expires=Fri, 10 Nov 2023 23:43:58 GMT; path=/; secure; samesite=none; httponly
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0voxtYwAAAAB2vozwRKkETp6EKxpr5THVU1ZHMjBFREdFMDUwOAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Thu, 10 Nov 2022 23:43:58 GMT
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-15129230-8&cid=1992958717.1668123834&jid=1332273612&gjid=1661326315&_gid=268449971.1668123834&_u=YGBAiEABBAAAAEAAI~&z=1821490448
64.233.165.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-15129230-8&cid=1992958717.1668123834&jid=1332273612&gjid=1661326315&_gid=268449971.1668123834&_u=YGBAiEABBAAAAEAAI~&z=1821490448
IP 64.233.165.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-15129230-8&cid=1992958717.1668123834&jid=1332273612&gjid=1661326315&_gid=268449971.1668123834&_u=YGBAiEABBAAAAEAAI~&z=1821490448 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.cosmopolitanlasvegas.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash dbfb46e8bdaa19ddaed629adf779c7d0
b8600d1af8e94f3c2d9dd41cc6d006dedfb09d16
bd87911e5dda0e290bde8bc02ffe35fd6b7538c0afec0703fdcb1bf86e4a27ee
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/gsgccr3dvtlsca2020
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsgccr3dvtlsca2020
IP 104.18.21.226:0
Hash d32c385adfbee0109847426f56f81d1f
2a36ff5cd1b328d359d024fd819e3175aa6ae85c
cc548c610f11ad436dc025e4de57a8031456c02238c6bdfdb9b06c540a2d8c7a
POST /gsgccr3dvtlsca2020 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 23:43:58 GMT
Content-Type: application/ocsp-response
Content-Length: 1414
Connection: keep-alive
Expires: Mon, 14 Nov 2022 20:38:09 GMT
ETag: "2a36ff5cd1b328d359d024fd819e3175aa6ae85c"
Last-Modified: Thu, 10 Nov 2022 20:38:10 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2859
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7682a747fdf2b529-OSL
ad.doubleclick.net/ddm/activity/src=8133443;type=homep0;cat=theco0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID
142.250.74.102302 Found 0 B URL HTTP/2 ad.doubleclick.net/ddm/activity/src=8133443;type=homep0;cat=theco0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID
IP 142.250.74.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ddm/activity/src=8133443;type=homep0;cat=theco0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
location: https://adservice.google.com/ddm/fls/p/src=8133443;type=homep0;cat=theco0;qty=1;cost=0;u1=;u16=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=orderID;~oref=https://www.cosmopolitanlasvegas.com/
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 10-Nov-2022 23:58:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern_adh
142.250.74.162302 Found 305 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern_adh
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 61529ff0c7566669f09446794b191877
452addcf3c79b60bc003cdf1634cefe02948abc3
ef2e02259a89b846b80a6853914419df2f11e79c21172418033ab5a91c68aa01
GET /pixel?google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern_adh HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern_adh&google_tc=
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 305
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 10-Nov-2022 23:58:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_cm=true&google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&sjrn_ula=476905989
142.250.74.162302 Found 461 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_cm=true&google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&sjrn_ula=476905989
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 598db013e7c1894870e0861001550c80
9cee7be12b2666911f75de95ec875aea6d60d6f4
ad615c831527fb9179e0d5e83c5c1682729662eeb85174f9cc6ad654be147135
GET /pixel?google_cm=true&google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&sjrn_ula=476905989 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_cm=true&google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&sjrn_ula=476905989&google_tc=
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 461
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Thu, 10-Nov-2022 23:58:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 62d835d5c67b5c11824d794b8f69cd59
4d51e3cb378f22b82e1bb79bf7a0430679ab39c2
bafb9e7627b08ccd0bf68fe0e5f0865ed2682005673c5fa8672b5c4a576d746e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:43:58 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cm.g.doubleclick.net/pixel?google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern_adh&google_tc=
142.250.74.162302 Found 247 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern_adh&google_tc=
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 6663c4e96572aa227be6da6b6c13cc8f
f502f1eb980f339b01f00bea96d61c1ed1fddf25
2047fa6b2f448fe92c1ba8527f3e3a549ab8ae35f7a7bd9ce380aba58134d759
GET /pixel?google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern_adh&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://pixel.sojern.com/idsync/adh?google_error=3
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 247
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
cm.g.doubleclick.net/pixel?google_cm=true&google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&sjrn_ula=476905989&google_tc=
142.250.74.162302 Found 370 B URL HTTP/2 cm.g.doubleclick.net/pixel?google_cm=true&google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&sjrn_ula=476905989&google_tc=
IP 142.250.74.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 03cfdea326346b1df7a7764c50db9461
a0eef3a06c042d2c5dc39c382ac6894a53c50e94
035cae6e6e5da4a6040dff6726e2cdb550e46eb577ab5c40b3ebc1e60b71a0df
GET /pixel?google_cm=true&google_hm=OdAVWoah6rvM223-fl0Vjg&google_nid=sojern__adx_open_bidder_seat&google_sc=true&sjrn_id=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&sjrn_ula=476905989&google_tc= HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: https://pixel.sojern.com/idSync/AdX?exchangeProfileId=&sjrn_id=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&sjrn_ula=476905989&google_error=3
date: Thu, 10 Nov 2022 23:43:58 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 370
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
match.adsrvr.org/track/cmf/generic?ttd_pid=ombl9hp&ttd_puid=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&ttd_tpi=1
52.223.40.198200 OK 70 B URL HTTP/2 match.adsrvr.org/track/cmf/generic?ttd_pid=ombl9hp&ttd_puid=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&ttd_tpi=1
IP 52.223.40.198:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 58a7930cd4577fc33c35828c271eab8f
406e57f86dc101e10f3a57be1e2f7b93c4580474
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
GET /track/cmf/generic?ttd_pid=ombl9hp&ttd_puid=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS&ttd_tpi=1 HTTP/1.1
Host: match.adsrvr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:58 GMT
content-type: image/gif
content-length: 70
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
X-Firefox-Spdy: h2
www.clarity.ms/eus2/s/0.6.43/clarity.js
13.107.213.53200 OK 55 kB URL HTTP/2 www.clarity.ms/eus2/s/0.6.43/clarity.js
IP 13.107.213.53:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
File type Unicode text, UTF-8 text, with very long lines (55029)
Hash 441723b72633b1ac9757ad7c63168005
806166ca9ebb5839dd90a5e5c9335e3e0b18c169
cc8a16ce849d72f106bd67187e4b60c20da3093375202bf0b53f23e8f40a8b11
GET /eus2/s/0.6.43/clarity.js HTTP/1.1
Host: www.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public,max-age=86400
content-length: 55116
content-type: application/javascript;charset=utf-8
last-modified: Wed, 01 Jun 2022 12:22:22 GMT
accept-ranges: bytes
etag: "1d8eec314a76b4c"
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
x-cache: CONFIG_NOCACHE
x-azure-ref: 0voxtYwAAAABdmM5/g3QiSa0eYevMv/mEU1ZHMjBFREdFMDUwOAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
date: Thu, 10 Nov 2022 23:43:58 GMT
X-Firefox-Spdy: h2
secure.adnxs.com/px?id=1461894&t=1
37.252.171.84307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/px?id=1461894&t=1
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /px?id=1461894&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 10 Nov 2022 23:43:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1461894%26t%3D1
AN-X-Request-Uuid: 0f7ac0e0-8ff2-4005-a935-943886deedb5
Set-Cookie: uuid2=6217761385977304866; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Feb-2023 23:43:58 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/seg?add=25996318&t=1
37.252.171.84307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=25996318&t=1
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=25996318&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Thu, 10 Nov 2022 23:43:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D25996318%26t%3D1
AN-X-Request-Uuid: 946fb1d3-a94d-4f39-9ef1-15c0e2d418eb
Set-Cookie: uuid2=2387036862929151819; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Feb-2023 23:43:58 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
www.facebook.com/tr/?id=824887740956797&ev=PageView&dl=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&rl=&if=false&ts=1668123834753&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1668123834753.1284241310&it=1668123834519&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=824887740956797&ev=PageView&dl=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&rl=&if=false&ts=1668123834753&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1668123834753.1284241310&it=1668123834519&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=824887740956797&ev=PageView&dl=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&rl=&if=false&ts=1668123834753&sw=1280&sh=1024&v=2.9.89&r=stable&ec=0&o=30&fbp=fb.1.1668123834753.1284241310&it=1668123834519&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Thu, 10 Nov 2022 23:43:58 GMT
X-Firefox-Spdy: h2
lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
178.249.101.23200 OK 100 kB URL HTTP/2 lptag.liveperson.net/lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3
IP 178.249.101.23:0
Size 100 kB (100181 bytes)
Hash ebf91046953c934e05267b8475a2bcc9
5086b914af4bef5deed3b304f3bfa366fdac0cbd
413d2ca81cc45c05bc94ea3d2943a597f3dbbf33e1231951e85e03cad940c381
GET /lptag/api/account/88246722/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=3 HTTP/1.1
Host: lptag.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:58 GMT
content-type: application/x-javascript
cache-control: public, max-age=630
server: ws
strict-transport-security: max-age=300; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D25996318%26t%3D1
37.252.171.84200 OK 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D25996318%26t%3D1
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fseg%3Fadd%3D25996318%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 10 Nov 2022 23:43:58 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: df60b01a-bd6c-43ef-b057-33042ea7f141
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Ildj!p5>!]tbP6j2F-XstGt!@E'W%#x?A; SameSite=None; Path=/; Max-Age=7776000; Expires=Wed, 08-Feb-2023 23:43:58 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fpixel.sojern.com%2Fidsync%2Fapn%3Fid%3D%24UID%26sjrn_id%3D2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS
37.252.171.84302 Found 0 B URL HTTP/1.1 ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fpixel.sojern.com%2Fidsync%2Fapn%3Fid%3D%24UID%26sjrn_id%3D2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fgetuid%3Fhttps%3A%2F%2Fpixel.sojern.com%2Fidsync%2Fapn%3Fid%3D%24UID%26sjrn_id%3D2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx/1.21.3
Date: Thu, 10 Nov 2022 23:43:58 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://pixel.sojern.com/idsync/apn?id=0&sjrn_id=2VQX5OvgdZ4EOpLDPwGQnCUtytBmAwtf3227wsTDUY4Hwk6DYqY1DkWDW0B1bGVS
AN-X-Request-Uuid: 99f63ea0-09f1-4b9d-beb3-9a8858215a9f
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/bounce?%2Fpx%3Fid%3D1461894%26t%3D1
37.252.171.84200 OK 0 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fpx%3Fid%3D1461894%26t%3D1
IP 37.252.171.84:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /bounce?%2Fpx%3Fid%3D1461894%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Thu, 10 Nov 2022 23:43:58 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: c5ec2f69-b892-4138-a86b-581cf804521c
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
bttrack.com/Pixel/Retarget/1960
192.132.33.46200 OK 35 B URL HTTP/2 bttrack.com/Pixel/Retarget/1960
IP 192.132.33.46:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /Pixel/Retarget/1960 HTTP/1.1
Host: bttrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,no-cache
pragma: no-cache
content-type: image/gif
expires: -1
server: Microsoft-IIS/8.5
x-aspnetmvc-version: 5.2
x-aspnet-version: 4.0.30319
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
x-servername: Track004-iad
date: Thu, 10 Nov 2022 23:43:57 GMT
content-length: 35
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash d72a6d072d3e3b4950470cffa4b6622b
a07879d806b37cbafa45a6c371c296ea96cfac79
21314cbcc2abeec48d174d1a314a8145c79a86aeaa9f938d805bf46a4490a078
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=169030
Date: Thu, 10 Nov 2022 23:43:58 GMT
Etag: "636d7b92-1d7"
Expires: Sat, 12 Nov 2022 22:41:08 GMT
Last-Modified: Thu, 10 Nov 2022 22:30:42 GMT
Server: ECS (nyb/1D0B)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RQc2Sz3_7MD-hUc96N9p--4Y1WFgmyR8mqVMli_PArOjO8a0qk_MMA==
Age: 626
c.clarity.ms/c.gif
20.234.93.27302 Found 0 B IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.bing.com/c.gif?CtsSyncId=9B3892846399439DA3A95B1B4E0DDE50&RedC=c.clarity.ms&MXFR=1F3070A2CBD6672E0E7F62FACFD6695D
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SM=T; domain=c.clarity.ms; path=/; SameSite=None; Secure;
MUID=1F3070A2CBD6672E0E7F62FACFD6695D; domain=.clarity.ms; expires=Tue, 05-Dec-2023 23:43:59 GMT; path=/; SameSite=None; Secure; Priority=High;
date: Thu, 10 Nov 2022 23:43:58 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 1c931d4d23f9d6b83f3348f51f5194c7
268301f0694b3dac30bcb360b4af97eb2efadd06
dbeb068aec178fa13e25c8468b91d1bab663839b12922ea16257024ca73cc2ed
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 23:43:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 08 Nov 2022 04:31:54 GMT
Expires: Tue, 15 Nov 2022 04:31:53 GMT
Etag: "268301f0694b3dac30bcb360b4af97eb2efadd06"
Cache-Control: max-age=362273,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7682a749fa5cb503-OSL
c.bing.com/c.gif?CtsSyncId=9B3892846399439DA3A95B1B4E0DDE50&RedC=c.clarity.ms&MXFR=1F3070A2CBD6672E0E7F62FACFD6695D
204.79.197.200302 Found 0 B URL HTTP/2 c.bing.com/c.gif?CtsSyncId=9B3892846399439DA3A95B1B4E0DDE50&RedC=c.clarity.ms&MXFR=1F3070A2CBD6672E0E7F62FACFD6695D
IP 204.79.197.200:0
ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c.gif?CtsSyncId=9B3892846399439DA3A95B1B4E0DDE50&RedC=c.clarity.ms&MXFR=1F3070A2CBD6672E0E7F62FACFD6695D HTTP/1.1
Host: c.bing.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5258867.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
location: https://c.clarity.ms/c.gif?CtsSyncId=9B3892846399439DA3A95B1B4E0DDE50&MUID=1D522338BB4E644F091C3160BA1965E4
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: SRM_B=1D522338BB4E644F091C3160BA1965E4; domain=c.bing.com; expires=Tue, 05-Dec-2023 23:43:59 GMT; path=/; SameSite=None; Secure;
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 44D87686138A4F33A8E16B2F79750605 Ref B: OSL30EDGE0309 Ref C: 2022-11-10T23:43:59Z
date: Thu, 10 Nov 2022 23:43:58 GMT
content-length: 0
X-Firefox-Spdy: h2
d.adroll.com/consent/check/RXAACTFK5RCEDMFHKE4ZQ3?pv=22164755022.51444&arrfrr=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&_s=f3114f2a51d27f94a32ae48910f725dd&_b=2
34.248.61.82200 OK 462 B URL HTTP/2 d.adroll.com/consent/check/RXAACTFK5RCEDMFHKE4ZQ3?pv=22164755022.51444&arrfrr=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&_s=f3114f2a51d27f94a32ae48910f725dd&_b=2
IP 34.248.61.82:0
File type ASCII text, with very long lines (462), with no line terminators
Hash f4ea56710452dc7cee651da611e3215f
600cb4f5dc1d2a2882927059449e4876f214844b
a858cd3d1faa145d3fe38b8af718535bb157a6bfad1906941eb70a137979ec1b
GET /consent/check/RXAACTFK5RCEDMFHKE4ZQ3?pv=22164755022.51444&arrfrr=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&_s=f3114f2a51d27f94a32ae48910f725dd&_b=2 HTTP/1.1
Host: d.adroll.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:59 GMT
content-type: application/javascript
content-length: 462
server: nginx/1.22.0
X-Firefox-Spdy: h2
c.clarity.ms/c.gif?CtsSyncId=9B3892846399439DA3A95B1B4E0DDE50&MUID=1D522338BB4E644F091C3160BA1965E4
20.234.93.27200 OK 42 B URL HTTP/2 c.clarity.ms/c.gif?CtsSyncId=9B3892846399439DA3A95B1B4E0DDE50&MUID=1D522338BB4E644F091C3160BA1965E4
IP 20.234.93.27:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type GIF image data, version 89a, 1 x 1\012- data
Hash 32023bb33cfb2a1990a4ef2d85b6ac16
23dcc6d4b5bfe00357fd0248bb5955b8e36bb8f1
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
GET /c.gif?CtsSyncId=9B3892846399439DA3A95B1B4E0DDE50&MUID=1D522338BB4E644F091C3160BA1965E4 HTTP/1.1
Host: c.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://5258867.fls.doubleclick.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
content-type: image/gif
last-modified: Thu, 13 Oct 2022 20:07:05 GMT
accept-ranges: bytes
etag: "40db785d3fdfd81:0"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
set-cookie: ANONCHK=0; domain=c.clarity.ms; expires=Thu, 10-Nov-2022 23:53:59 GMT; path=/; SameSite=None; Secure;
date: Thu, 10 Nov 2022 23:43:58 GMT
content-length: 42
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 1c931d4d23f9d6b83f3348f51f5194c7
268301f0694b3dac30bcb360b4af97eb2efadd06
dbeb068aec178fa13e25c8468b91d1bab663839b12922ea16257024ca73cc2ed
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 23:43:59 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 08 Nov 2022 04:31:54 GMT
Expires: Tue, 15 Nov 2022 04:31:53 GMT
Etag: "268301f0694b3dac30bcb360b4af97eb2efadd06"
Cache-Control: max-age=362273,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7682a749ff990b4d-OSL
b.clarity.ms/collect
20.75.32.255204 No Content 0 B IP 20.75.32.255:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /collect HTTP/1.1
Host: b.clarity.ms
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1025
Origin: https://5258867.fls.doubleclick.net
Connection: keep-alive
Referer: https://5258867.fls.doubleclick.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
vary: Origin
server: Microsoft-IIS/10.0
request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
access-control-allow-origin: https://5258867.fls.doubleclick.net
access-control-allow-credentials: true
date: Thu, 10 Nov 2022 23:43:58 GMT
X-Firefox-Spdy: h2
bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2215652%22%2C%22sessionId%22%3A%228756c369-9864-41d5-8411-d7f9cad9019c%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
192.132.33.46200 OK 0 B URL HTTP/2 bttrack.com/engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2215652%22%2C%22sessionId%22%3A%228756c369-9864-41d5-8411-d7f9cad9019c%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D
IP 192.132.33.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /engagement/event?input=%7B%22globalId%22%3A%2200000000-0000-0000-0000-000000000042%22%2C%22creativeId%22%3A%22%22%2C%22placementId%22%3A%22%22%2C%22goalId%22%3A%2215652%22%2C%22sessionId%22%3A%228756c369-9864-41d5-8411-d7f9cad9019c%22%2C%22parentPublisherId%22%3A%22%22%2C%22publisherId%22%3A%22%22%2C%22siteId%22%3A%22%22%2C%22commonId%22%3A%22%22%2C%22heartbeat%22%3A1%2C%22url%22%3A%22https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F%22%2C%22fingerprint%22%3A%22%22%2C%22fingerprintProvider%22%3A%22%22%7D HTTP/1.1
Host: bttrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private,no-cache
pragma: no-cache
content-type: text/plain
content-encoding: gzip
expires: -1
server: Microsoft-IIS/8.5
x-aspnetmvc-version: 5.2
access-control-allow-origin: *
x-aspnet-version: 4.0.30319
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
x-servername: Track001-iad
date: Thu, 10 Nov 2022 23:43:58 GMT
content-length: 0
X-Firefox-Spdy: h2
bttrack.com/engagement/getpixels?gid=15652
192.132.33.46200 OK 0 B URL HTTP/2 bttrack.com/engagement/getpixels?gid=15652
IP 192.132.33.46:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /engagement/getpixels?gid=15652 HTTP/1.1
Host: bttrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private,no-cache
pragma: no-cache
content-type: text/html
content-encoding: gzip
expires: -1
server: Microsoft-IIS/8.5
x-aspnetmvc-version: 5.2
access-control-allow-origin: *
x-aspnet-version: 4.0.30319
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
x-servername: Track002-iad
date: Thu, 10 Nov 2022 23:43:58 GMT
content-length: 0
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 8eeb310669223fb1c476adfa1350e1a6
70479e3561e0ff9428e6da14b27769df07932ac4
a2b00c9dcac9eb11e2b9b7ad57c134a26705426b64db8d1da41c9a33a257f0f5
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 23:44:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 07 Nov 2022 23:37:43 GMT
Expires: Mon, 14 Nov 2022 23:37:42 GMT
Etag: "70479e3561e0ff9428e6da14b27769df07932ac4"
Cache-Control: max-age=344620,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7682a7561b5eb503-OSL
lpcdn-a.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=https%3A%2F%2Fwww.cosmopolitanlasvegas.com&site=88246722&env=prod
208.89.12.80200 OK 30 kB URL HTTP/2 lpcdn-a.lpsnmedia.net/le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=https%3A%2F%2Fwww.cosmopolitanlasvegas.com&site=88246722&env=prod
IP 208.89.12.80:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (33360)
Hash 40f6cb530f52db41dcb38753fb8cecb4
6bc3e541cca34f694f2b86c60c48bd75166768b7
18986e26f6c0b6e3deffdaf7a83efa3234d3a4f7b4c2df72ba775149362bd177
GET /le_secure_storage/3.19.0.0-release_5079/storage.secure.min.html?loc=https%3A%2F%2Fwww.cosmopolitanlasvegas.com&site=88246722&env=prod HTTP/1.1
Host: lpcdn-a.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:59 GMT
content-type: text/html
last-modified: Mon, 31 Oct 2022 21:44:06 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 10 Nov 2023 23:43:59 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
vt.myvisualiq.net/2/RCs7mM0Lvog02Tyt9Qd4Uw%3D%3D/vt-226.js
54.230.111.102200 OK 4.5 kB URL HTTP/1.1 vt.myvisualiq.net/2/RCs7mM0Lvog02Tyt9Qd4Uw%3D%3D/vt-226.js
IP 54.230.111.102:0
File type ASCII text, with very long lines (10419)
Hash a8d26aaebbf678239ad9fbe5a28028c2
32ceadf2175c47d459858221a71f78b77fc26d0c
1188414210dd88500234b4cfc2228f327d211d8fbca3eee6bc6a821019eba1e3
GET /2/RCs7mM0Lvog02Tyt9Qd4Uw%3D%3D/vt-226.js HTTP/1.1
Host: vt.myvisualiq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: 6G9YfLIvLu3ANBOfMpHIto6YCMi0O2oSpII1N1VvhZbE3pu5c4hMawLHU1oQ39KkbHZXjv/J8hg=
x-amz-request-id: 4AZVRMA6R0WWQGWG
Last-Modified: Mon, 31 Oct 2022 13:02:38 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: PlbwUm5RtzTUQ3DBcA7nk5S6rBO1Vslg
Server: AmazonS3
Content-Encoding: gzip
Date: Thu, 10 Nov 2022 16:01:00 GMT
ETag: W/"97605ac6dfb9708f58351f703c3b1d8f"
Vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: C6-ES4N1MsSAA2gZ6_5F75hLl3wTsSe_BG-xhUaAeYFWIGx1naaYRA==
Age: 27782
ocsp.godaddy.com/
192.124.249.41200 OK 1.8 kB IP 192.124.249.41:0
Hash cbe91621061ece0ef5fe046d977ca39f
362cf8fd55ca7d4d8c1a106b544afbab8d23b016
eb9b7d77eb5803d1200c0c8168ae7325f7bf9105bf96840744050d86913769be
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Thu, 10 Nov 2022 23:44:02 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 10 Nov 2022 22:44:31 GMT
Expires: Fri, 11 Nov 2022 22:44:31 GMT
ETag: "362cf8fd55ca7d4d8c1a106b544afbab8d23b016"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
t.myvisualiq.net/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1992958717.1668123834
3.123.165.27302 Moved Temporarily 0 B URL HTTP/1.1 t.myvisualiq.net/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1992958717.1668123834
IP 3.123.165.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1992958717.1668123834 HTTP/1.1
Host: t.myvisualiq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Date: Thu, 10 Nov 2022 23:44:01 GMT
Location: https://t.myvisualiq.net/ul_cb/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1992958717.1668123834
Set-Cookie: tuuid=f1def2fd-80df-4b21-a718-d194e1f23653; path=/; expires=Sat, 09-Nov-2024 23:44:01 GMT; domain=.myvisualiq.net
c=1668123841; path=/; expires=Sat, 09-Nov-2024 23:44:01 GMT; domain=.myvisualiq.net
tuuid_lu=1668123841; path=/; expires=Sat, 09-Nov-2024 23:44:01 GMT; domain=.myvisualiq.net
Content-Length: 0
Connection: keep-alive
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
208.89.12.80200 OK 30 kB URL HTTP/2 lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549
IP 208.89.12.80:0
File type ASCII text, with very long lines (32003)
Hash c056f2c25888ae9be53244eff3723a5f
d5ea4859673ec0582f5c27f50942b4a09229e7fb
2ac27139be3d39cea531a680a357065175043772135dec8f3736faa652c8756d
GET /le_unified_window/10.23.0.0-release_5549/UMSClientAPI.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn-a.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:59 GMT
content-type: application/javascript
last-modified: Mon, 31 Oct 2022 21:42:12 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 10 Nov 2023 23:43:59 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
t.myvisualiq.net/sync?prid=1002&ao=0&red=https://idsync.rlcdn.com/420356.gif?partner_uid=${UUID}
3.123.165.27302 Moved Temporarily 0 B URL HTTP/1.1 t.myvisualiq.net/sync?prid=1002&ao=0&red=https://idsync.rlcdn.com/420356.gif?partner_uid=${UUID}
IP 3.123.165.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?prid=1002&ao=0&red=https://idsync.rlcdn.com/420356.gif?partner_uid=${UUID} HTTP/1.1
Host: t.myvisualiq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
access-control-allow-origin: *
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Date: Thu, 10 Nov 2022 23:44:01 GMT
Location: https://idsync.rlcdn.com/420356.gif?partner_uid=0-edbaa21a-a8c1-4afc-a860-7e9c8cbb10a5
Content-Length: 0
Connection: keep-alive
t.myvisualiq.net/sync?prid=BUKIPNR1&red=https://tags.bluekai.com/site/21398?id=$%7BUUID%7D
3.123.165.27302 Moved Temporarily 0 B URL HTTP/1.1 t.myvisualiq.net/sync?prid=BUKIPNR1&red=https://tags.bluekai.com/site/21398?id=$%7BUUID%7D
IP 3.123.165.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?prid=BUKIPNR1&red=https://tags.bluekai.com/site/21398?id=$%7BUUID%7D HTTP/1.1
Host: t.myvisualiq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
access-control-allow-origin: *
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Date: Thu, 10 Nov 2022 23:44:01 GMT
Location: https://tags.bluekai.com/site/21398?id=0-7817a73e-789a-4ac4-84f9-078e0638a539
Content-Length: 0
Connection: keep-alive
t.myvisualiq.net/sync?prid=AOEPNR1&ao=0&red=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D125310%26dpuuid%3D%24%7BUUID%7D%26redir%3Dhttps%253A%252F%252Ft.myvisualiq.net%252Fsync%253Fprid%253DAOEPNR1%2526ao%253D0%2526pruuid%253D%2524%257BDD_UUID%257D%250A
3.123.165.27302 Moved Temporarily 0 B URL HTTP/1.1 t.myvisualiq.net/sync?prid=AOEPNR1&ao=0&red=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D125310%26dpuuid%3D%24%7BUUID%7D%26redir%3Dhttps%253A%252F%252Ft.myvisualiq.net%252Fsync%253Fprid%253DAOEPNR1%2526ao%253D0%2526pruuid%253D%2524%257BDD_UUID%257D%250A
IP 3.123.165.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sync?prid=AOEPNR1&ao=0&red=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D125310%26dpuuid%3D%24%7BUUID%7D%26redir%3Dhttps%253A%252F%252Ft.myvisualiq.net%252Fsync%253Fprid%253DAOEPNR1%2526ao%253D0%2526pruuid%253D%2524%257BDD_UUID%257D%250A HTTP/1.1
Host: t.myvisualiq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Moved Temporarily
access-control-allow-origin: *
Cache-Control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
Date: Thu, 10 Nov 2022 23:44:01 GMT
Location: https://dpm.demdex.net/ibs:dpid=125310&dpuuid=0-9ebc5761-0434-4b9e-9a6c-175ef77d4969&redir=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3DAOEPNR1%26ao%3D0%26pruuid%3D%24%7BDD_UUID%7D
Content-Length: 0
Connection: keep-alive
t.myvisualiq.net/impression_pixel?r=2770273&et=i&ago=212&ao=849&aca=-10&si=-10&ci=-10&pi=-10&ad=-10&advt=-10&chnl=-10&vndr=1495&sz=6142&u=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&pt=i&othercookie_id=1992958717.1668123834
3.123.165.27200 OK 43 B URL HTTP/1.1 t.myvisualiq.net/impression_pixel?r=2770273&et=i&ago=212&ao=849&aca=-10&si=-10&ci=-10&pi=-10&ad=-10&advt=-10&chnl=-10&vndr=1495&sz=6142&u=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&pt=i&othercookie_id=1992958717.1668123834
IP 3.123.165.27:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /impression_pixel?r=2770273&et=i&ago=212&ao=849&aca=-10&si=-10&ci=-10&pi=-10&ad=-10&advt=-10&chnl=-10&vndr=1495&sz=6142&u=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&pt=i&othercookie_id=1992958717.1668123834 HTTP/1.1
Host: t.myvisualiq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
cross-origin-resource-policy: cross-origin
Date: Thu, 10 Nov 2022 23:44:01 GMT
Content-Length: 43
Connection: keep-alive
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
208.89.12.80200 OK 14 kB URL HTTP/2 lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549
IP 208.89.12.80:0
File type ASCII text, with very long lines (32006)
Hash 9e4c683787d49bbaa091deaf240aaf8b
0f82eb717dd78040777812ba5a7bd80328ff7f0c
391401db6985f076c374abe210de4a776c05ba8e7a5ea15a497e36f9d91043a3
GET /le_unified_window/10.23.0.0-release_5549/ui-framework.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn-a.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:59 GMT
content-type: application/javascript
last-modified: Mon, 31 Oct 2022 21:42:14 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 10 Nov 2023 23:43:59 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
t.myvisualiq.net/ul_cb/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1992958717.1668123834
3.123.165.27200 OK 0 B URL HTTP/1.1 t.myvisualiq.net/ul_cb/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1992958717.1668123834
IP 3.123.165.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ul_cb/activity_pixel?pt=s&et=a&r=23234765&ago=212&ao=849&px=343&ord=[order_id]&revenue=[revenue]&othercookie_id=1992958717.1668123834 HTTP/1.1
Host: t.myvisualiq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
Date: Thu, 10 Nov 2022 23:44:01 GMT
Content-Length: 0
Connection: keep-alive
t.myvisualiq.net/ul_cb/sync_pixel?r=8335908&ago=212&ao=849&p1_eml=|||&p1_uid=1992958717.1668123834
3.123.165.27200 OK 43 B URL HTTP/1.1 t.myvisualiq.net/ul_cb/sync_pixel?r=8335908&ago=212&ao=849&p1_eml=|||&p1_uid=1992958717.1668123834
IP 3.123.165.27:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /ul_cb/sync_pixel?r=8335908&ago=212&ao=849&p1_eml=|||&p1_uid=1992958717.1668123834 HTTP/1.1
Host: t.myvisualiq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
cross-origin-resource-policy: cross-origin
Date: Thu, 10 Nov 2022 23:44:01 GMT
Content-Length: 43
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16a93e9f6c621cf5a2415e1e35fdacc1
5f42fad357873b4e115382e62ed6e3d9c5de878f
1abf8317ed79b911f261fcebcbf5d5c386eb3a93a544b6e17d1a5b61897e10ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6317
Cache-Control: max-age=108470
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:44:01 GMT
Etag: "636c78ca-1d7"
Expires: Sat, 12 Nov 2022 05:51:51 GMT
Last-Modified: Thu, 10 Nov 2022 04:06:34 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
tapestry.tapad.com/tapestry/1?ta_partner_id=950&ta_redirect=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3D1001%26ao%3D0%26pruuid%3DTAPAD_%24%7BIDS%3Akey%7D
35.227.248.159302 Found 0 B URL HTTP/2 tapestry.tapad.com/tapestry/1?ta_partner_id=950&ta_redirect=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3D1001%26ao%3D0%26pruuid%3DTAPAD_%24%7BIDS%3Akey%7D
IP 35.227.248.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tapestry/1?ta_partner_id=950&ta_redirect=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3D1001%26ao%3D0%26pruuid%3DTAPAD_%24%7BIDS%3Akey%7D HTTP/1.1
Host: tapestry.tapad.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 10 Nov 2022 23:44:01 GMT
strict-transport-security: max-age=31536000
set-cookie: TapAd_TS=1668123841858;Expires=Mon, 09 Jan 2023 23:44:01 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
TapAd_DID=8386ba78-e7c9-4404-a2cb-9acc5fc356ca;Expires=Mon, 09 Jan 2023 23:44:01 GMT;Path=/;Domain=.tapad.com;Secure;SameSite=None
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_8386ba78-e7c9-4404-a2cb-9acc5fc356ca
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash cc4e3eb8710f88a05222eedb9848e0ee
2f2c541048ba27356279d0625e4eba8937aeb03d
207db185311648d9a5b4e6974670ecc88cb8a8461edc4f3e791837fce15173d8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 23:44:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 13:42:55 GMT
Expires: Wed, 16 Nov 2022 13:42:54 GMT
Etag: "2f2c541048ba27356279d0625e4eba8937aeb03d"
Cache-Control: max-age=481732,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7682a75b7f2cb503-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 5b99fde0259db3e8b51b62ee9534edd3
24579a985b3e5ed4a14ab83f92986b5ec1c0f98f
f3b892dd118cd5eda4dec2dfc337ebee978a7aebb175e0e7001e50c99e015e98
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5216
Cache-Control: max-age=114591
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:44:01 GMT
Etag: "636c9500-1d7"
Expires: Sat, 12 Nov 2022 07:33:52 GMT
Last-Modified: Thu, 10 Nov 2022 06:06:56 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 16a93e9f6c621cf5a2415e1e35fdacc1
5f42fad357873b4e115382e62ed6e3d9c5de878f
1abf8317ed79b911f261fcebcbf5d5c386eb3a93a544b6e17d1a5b61897e10ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6317
Cache-Control: max-age=108470
Content-Type: application/ocsp-response
Date: Thu, 10 Nov 2022 23:44:01 GMT
Etag: "636c78ca-1d7"
Expires: Sat, 12 Nov 2022 05:51:51 GMT
Last-Modified: Thu, 10 Nov 2022 04:06:34 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_8386ba78-e7c9-4404-a2cb-9acc5fc356ca
3.123.165.27200 OK 43 B URL HTTP/1.1 t.myvisualiq.net/sync?prid=1001&ao=0&pruuid=TAPAD_8386ba78-e7c9-4404-a2cb-9acc5fc356ca
IP 3.123.165.27:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /sync?prid=1001&ao=0&pruuid=TAPAD_8386ba78-e7c9-4404-a2cb-9acc5fc356ca HTTP/1.1
Host: t.myvisualiq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
access-control-allow-origin: *
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
cross-origin-resource-policy: cross-origin
Date: Thu, 10 Nov 2022 23:44:01 GMT
Content-Length: 43
Connection: keep-alive
idsync.rlcdn.com/420356.gif?partner_uid=0-edbaa21a-a8c1-4afc-a860-7e9c8cbb10a5
35.244.174.68451 Unavailable For Legal Reasons 0 B URL HTTP/2 idsync.rlcdn.com/420356.gif?partner_uid=0-edbaa21a-a8c1-4afc-a860-7e9c8cbb10a5
IP 35.244.174.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /420356.gif?partner_uid=0-edbaa21a-a8c1-4afc-a860-7e9c8cbb10a5 HTTP/1.1
Host: idsync.rlcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 451 Unavailable For Legal Reasons
date: Thu, 10 Nov 2022 23:44:01 GMT
content-length: 0
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accdn.lpsnmedia.net/api/account/88246722/configuration/setting/accountproperties/?cb=accountSettingsCB
178.249.101.99200 OK 1.6 kB URL HTTP/2 accdn.lpsnmedia.net/api/account/88246722/configuration/setting/accountproperties/?cb=accountSettingsCB
IP 178.249.101.99:0
File type ASCII text, with very long lines (6384), with no line terminators
Hash ed9a4a67723bd53679bb2a6153af7416
e7fa876907d1e120eae4bc7105b440fa30426124
b67f886360966cdede8a4534da45173bc74e9a00246dd4af80afc0b8653070a3
GET /api/account/88246722/configuration/setting/accountproperties/?cb=accountSettingsCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:59 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:37|g:84e2f48f-ada8-42da-a28e-26abfb4321f5; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/
ADRUM_BTa=R:37|g:84e2f48f-ada8-42da-a28e-26abfb4321f5|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/; Secure
ADRUM_BT1=R:37|i:2241585; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/
ADRUM_BT1=R:37|i:2241585|e:6; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/
vary: Accept
expires: Thu, 10 Nov 2022 23:44:59 GMT
x-envoy-upstream-service-time: 1
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
tags.bluekai.com/site/21398?id=0-7817a73e-789a-4ac4-84f9-078e0638a539
23.38.201.22200 OK 62 B URL HTTP/2 tags.bluekai.com/site/21398?id=0-7817a73e-789a-4ac4-84f9-078e0638a539
IP 23.38.201.22:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 3f386f5061436a0338a64e0910db495d
599fe4a552c991a2b3ce5a1660732bf7b21fb901
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
GET /site/21398?id=0-7817a73e-789a-4ac4-84f9-078e0638a539 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/gif
content-length: 62
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Thu, 10 Nov 2022 23:44:01 GMT
X-Firefox-Spdy: h2
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=125310&dpuuid=0-9ebc5761-0434-4b9e-9a6c-175ef77d4969&redir=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3DAOEPNR1%26ao%3D0%26pruuid%3D%24%7BDD_UUID%7D
18.202.164.188200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=125310&dpuuid=0-9ebc5761-0434-4b9e-9a6c-175ef77d4969&redir=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3DAOEPNR1%26ao%3D0%26pruuid%3D%24%7BDD_UUID%7D
IP 18.202.164.188:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=125310&dpuuid=0-9ebc5761-0434-4b9e-9a6c-175ef77d4969&redir=https%3A%2F%2Ft.myvisualiq.net%2Fsync%3Fprid%3DAOEPNR1%26ao%3D0%26pruuid%3D%24%7BDD_UUID%7D HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.cosmopolitanlasvegas.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-085e2ce89.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: SMKq/osMSDs=
Content-Length: 59
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash cc4e3eb8710f88a05222eedb9848e0ee
2f2c541048ba27356279d0625e4eba8937aeb03d
207db185311648d9a5b4e6974670ecc88cb8a8461edc4f3e791837fce15173d8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 10 Nov 2022 23:44:02 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 09 Nov 2022 13:42:55 GMT
Expires: Wed, 16 Nov 2022 13:42:54 GMT
Etag: "2f2c541048ba27356279d0625e4eba8937aeb03d"
Cache-Control: max-age=481731,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7682a75c2f96b503-OSL
static.triptease.io/message-porter/dist/bootstrap-message-engine.js
151.101.85.182200 OK 28 kB URL HTTP/2 static.triptease.io/message-porter/dist/bootstrap-message-engine.js
IP 151.101.85.182:0
File type Unicode text, UTF-8 text, with very long lines (58698)
Hash 6d408df8e724b4545f3a8b05e083e9b5
7b124dc009f175acd892ce08201e74c2e8dcc1d6
eecb99e4e1cc73be87c16e0d583a2da98bf0dcef69b799aa56f41838dad3b43a
GET /message-porter/dist/bootstrap-message-engine.js HTTP/1.1
Host: static.triptease.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-guploader-uploadid: ADPycdtS4wKJBwq5qY_Qv6BVUVERZ-23PKMfIZPAc3nczTCxv-dLzYiBpq9BRB_ffJAeLyCtn9uDSFqR_s-bRX9eCQ7-It1MqoLK
cache-control: no-cache, max-age=600
expires: Fri, 04 Nov 2022 15:07:36 GMT
last-modified: Fri, 04 Nov 2022 14:57:32 GMT
etag: "685f8889f0ecf64243b9f78286780406"
x-goog-generation: 1667573852344678
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 85130
x-goog-meta-goog-reserved-file-mtime: 1667573848
content-type: application/javascript
x-goog-hash: crc32c=NvUukw==, md5=aF+IifDs9kJDufeChngEBg==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
server: UploadServer
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:44:03 GMT
via: 1.1 varnish
age: 290
x-served-by: cache-bma1651-BMA
x-cache: HIT
x-cache-hits: 9
x-timer: S1668123844.635677,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
backend-url: /message-porter/dist/bootstrap-message-engine.js
pseudo-device-id: ce3678a60bdd9475e11059d534cb5581793d88c2fea0c3958c03837f5a2b18f6
pseudo-session-id: 3422e73484dc258899f9d2c47f9d208b6a9f951e9b385ee322c0d21d0d2060d7
surrogate-key-debug: message-porter message-porter-bootstrap-message-engine message-porter-js
timing-allow-origin: *
content-length: 28378
X-Firefox-Spdy: h2
static-meta.triptease.io/client/main.js
151.101.85.182200 OK 65 kB URL HTTP/2 static-meta.triptease.io/client/main.js
IP 151.101.85.182:0
Hash 6cbaa623175244b924f707e7c91a3e0b
2c190a244097ee48f5a056009d41386c775e41c2
1523b6b982cfae641d610fd5c13704dac3116b7555352464c261c5162e5a7f45
GET /client/main.js HTTP/1.1
Host: static-meta.triptease.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: max-age=3600,stale-while-revalidate=1800
content-type: text/plain; charset=utf-8
x-envoy-upstream-service-time: 2
x-envoy-upstream-healthchecked-cluster: client-api.management
server: istio-envoy
via: 1.1 google, 1.1 varnish
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:44:03 GMT
age: 5047
x-served-by: cache-bma1651-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668123844.662455,VS0,VE1
vary: Origin, Accept-Encoding
content-length: 17416
X-Firefox-Spdy: h2
b.triptease.io/application.js
151.101.85.62200 OK 2.9 kB URL HTTP/1.1 b.triptease.io/application.js
IP 151.101.85.62:0
File type ASCII text, with very long lines (2870), with no line terminators
Hash 1f869b259c276f47841720aec5a2058e
6366bc8e1b2fa39017194b14b4a5504fa41b27e9
54d464dcbb274e2f142eb6e78e14dd6885edc21e72d0989717a1318c170777df
GET /application.js HTTP/1.1
Host: b.triptease.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 2870
cache-control: max-age=60
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, session-token
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
Via: 1.1 google, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 10 Nov 2022 23:44:03 GMT
Age: 3206
X-Served-By: cache-bma1682-BMA
X-Cache: HIT
X-Cache-Hits: 19
Strict-Transport-Security: max-age=300
static-meta.triptease.io/client/bundle-data/b46e2da70190d88425348ffad2967bf112aa252c
151.101.85.182200 OK 315 B URL HTTP/2 static-meta.triptease.io/client/bundle-data/b46e2da70190d88425348ffad2967bf112aa252c
IP 151.101.85.182:0
File type JSON data\012- , ASCII text, with very long lines (421), with no line terminators
Hash e16aedd231658ac281f83d34d40f2c2d
f1c2c5d5581350e3bf51d9005a44724d3255cf28
9f66d76de81fa1bb1b7dd1e3f8b1f6cb300c82cf48edeaffadf4fcc4eb0adc50
GET /client/bundle-data/b46e2da70190d88425348ffad2967bf112aa252c HTTP/1.1
Host: static-meta.triptease.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: max-age=3600,stale-while-revalidate=1800
content-type: application/json; charset=utf-8
x-envoy-upstream-service-time: 126
server: istio-envoy
via: 1.1 google, 1.1 varnish
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:44:03 GMT
age: 5047
x-served-by: cache-bma1651-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1668123844.720770,VS0,VE1
vary: Origin, Accept-Encoding
content-length: 315
X-Firefox-Spdy: h2
static.triptease.io/message-porter/dist/storageIframe.html
151.101.85.182200 OK 89 kB URL HTTP/2 static.triptease.io/message-porter/dist/storageIframe.html
IP 151.101.85.182:0
File type ASCII text, with very long lines (64471)
Hash 5be128c93a9c2aa39cc459a5c80f17f5
ff6342537919bee9f5e24e6b5ffe9a53c66d4dff
500be4545d58659f21e93faf05adc9bc6aa1edfca3cd2cc7ad3626080c7726de
GET /message-porter/dist/storageIframe.html HTTP/1.1
Host: static.triptease.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Cookie: triptease-user-id=01GHHYVPNCDVKAR08GJY9JEPEB; triptease-session-id=01GHHYVPNC63GPDMT79JKK8S0N
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
x-guploader-uploadid: ADPycdsYiDjWjZT-GcW-N2s32bpNRyIyLgodBVv-avktbww2PeK9lSw58HNJyOkVQtoJRWPhOxQ8DGYD4VxSbVBoBDY0IQ
x-goog-generation: 1667397055211069
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 6979
x-goog-meta-goog-reserved-file-mtime: 1667397047
x-goog-hash: crc32c=0I3Wqw==, md5=wk7He6Vyt1LH1MzXpMh9dg==
x-goog-storage-class: STANDARD
access-control-allow-origin: *
access-control-expose-headers: Content-Type
server: UploadServer
expires: Fri, 04 Nov 2022 15:07:35 GMT
cache-control: no-cache, max-age=600
last-modified: Wed, 02 Nov 2022 13:50:55 GMT
etag: "c24ec77ba572b752c7d4ccd7a4c87d76"
content-type: text/html
content-encoding: gzip
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:44:03 GMT
via: 1.1 varnish
age: 566
x-served-by: cache-bma1659-BMA
x-cache: HIT
x-cache-hits: 6
x-timer: S1668123844.756769,VS0,VE0
vary: Accept-Encoding
strict-transport-security: max-age=31557600
backend-url: /message-porter/dist/storageIframe.html
pseudo-device-id: 10d93cb908495a5a16655fc754e6677bdabe68f48e1852cb3cbce52a0ba7acc2
pseudo-session-id: f2b7e0e62112dae35c3f6cb148f0b61ddc78780d4ee936af55dab16e758256cd
surrogate-key-debug: message-porter message-porter-storageIframe message-porter-html
timing-allow-origin: *
content-length: 2506
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff6e953b-c2b6-4feb-b47b-bdaf7a9bb2f5.jpeg
34.120.237.76200 OK 7.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff6e953b-c2b6-4feb-b47b-bdaf7a9bb2f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0365609d631ae42c9a141f22466b6928
b46c04b251170e93547d32d874e78b1daaec3504
52d84fdc7b47e64830292eebfedbb6b600f079d5be49209dd870c75a8c239c36
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fff6e953b-c2b6-4feb-b47b-bdaf7a9bb2f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7271
x-amzn-requestid: beeef56d-0be3-43aa-b0a6-abd222cf9131
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bUDz7EGfoAMF2XQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636b19b2-1347ac8966ac6b8f5ca4fa76;Sampled=0
x-amzn-remapped-date: Wed, 09 Nov 2022 03:08:34 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1yRMbqwORggycBsFW4u_ajIUBrX3UYCUv3hvfzEJMmQsH39-2oWZtw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 10 Nov 2022 13:52:48 GMT
age: 35475
etag: "b46c04b251170e93547d32d874e78b1daaec3504"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
messages.guest-experience.triptease.io/b46e2da70190d88425348ffad2967bf112aa252c/messages?language=en
151.101.86.133200 OK 7.2 kB URL HTTP/2 messages.guest-experience.triptease.io/b46e2da70190d88425348ffad2967bf112aa252c/messages?language=en
IP 151.101.86.133:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7171), with no line terminators
Hash d06f9c996dc3f6dd6347e607fda8b1f8
d07dd06ed2968b4b43118d760077968adc882edc
4ce43cfd3a8ca4adae8bbcea249700ab467c30f9b5e7b281583fe8b3db6f9667
GET /b46e2da70190d88425348ffad2967bf112aa252c/messages?language=en HTTP/1.1
Host: messages.guest-experience.triptease.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.cosmopolitanlasvegas.com
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.cosmopolitanlasvegas.com
content-type: application/json; charset=utf-8
cache-control: max-age=600
x-cloud-trace-context: 29ee8881aeed535f92ec54302174528b
server: Google Frontend
tt_keys: campaigns-b46e2da70190d88425348ffad2967bf112aa252c campaigns-client-COSMOPOLITANOFLASVEGAS
accept-ranges: bytes
date: Thu, 10 Nov 2022 23:44:03 GMT
via: 1.1 varnish
age: 3065
x-served-by: cache-bma1674-BMA
x-cache: HIT
x-cache-hits: 1
vary: Origin
access-control-expose-headers: X-Country-Code, X-Region-Code, X-City
x-city: oslo
x-country-code: NO
x-region-code: 03
tt_host: messages.guest-experience.triptease.io
content-length: 7173
X-Firefox-Spdy: h2
b.triptease.io/?apikey=b46e2da70190d88425348ffad2967bf112aa252c&bucket=1&conversion=false&clicked=false&searched=false&tripteaseUserId=01GHHYVPNCDVKAR08GJY9JEPEB
151.101.85.62200 OK 2.8 kB URL HTTP/1.1 b.triptease.io/?apikey=b46e2da70190d88425348ffad2967bf112aa252c&bucket=1&conversion=false&clicked=false&searched=false&tripteaseUserId=01GHHYVPNCDVKAR08GJY9JEPEB
IP 151.101.85.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text
Hash 496f9c499aef35a17991bdf2429e9299
9b416b6ccb7d1570e517c4ba84d1163028662778
da3622d6185b2debc5ce3b5339718e0777385483100e0a582482c7cd838eca3a
GET /?apikey=b46e2da70190d88425348ffad2967bf112aa252c&bucket=1&conversion=false&clicked=false&searched=false&tripteaseUserId=01GHHYVPNCDVKAR08GJY9JEPEB HTTP/1.1
Host: b.triptease.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Cookie: triptease-user-id=01GHHYVPNCDVKAR08GJY9JEPEB; triptease-session-id=01GHHYVPNC63GPDMT79JKK8S0N
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Connection: keep-alive
cache-control: private, no-store
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, session-token
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
Via: 1.1 google, 1.1 varnish
Accept-Ranges: bytes
Date: Thu, 10 Nov 2022 23:44:03 GMT
X-Served-By: cache-bma1626-BMA
X-Cache: MISS
X-Cache-Hits: 0
Strict-Transport-Security: max-age=300
transfer-encoding: chunked
bttrack.com/engagement/js?goalId=15652&cb=1668123833220
192.132.33.46200 OK 0 B URL HTTP/2 bttrack.com/engagement/js?goalId=15652&cb=1668123833220
IP 192.132.33.46:0
GET /engagement/js?goalId=15652&cb=1668123833220 HTTP/1.1
Host: bttrack.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: private,no-cache
pragma: no-cache
content-type: text/javascript; charset=utf-8
content-encoding: gzip
expires: -1
server: Microsoft-IIS/8.5
x-aspnetmvc-version: 5.2
x-aspnet-version: 4.0.30319
set-cookie: bt-es-15652=8756c369-9864-41d5-8411-d7f9cad9019c; path=/
p3p: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
x-servername: Track003-iad
date: Thu, 10 Nov 2022 23:43:57 GMT
X-Firefox-Spdy: h2
accdn.lpsnmedia.net/api/account/88246722/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
178.249.101.99200 OK 0 B URL HTTP/2 accdn.lpsnmedia.net/api/account/88246722/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
IP 178.249.101.99:0
GET /api/account/88246722/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB HTTP/1.1
Host: accdn.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:59 GMT
content-type: application/javascript
set-cookie: ADRUM_BTa=R:37|g:abbee56d-3c9f-4140-b486-af4ed4186196; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/
ADRUM_BTa=R:37|g:abbee56d-3c9f-4140-b486-af4ed4186196|n:livepersonltd_93a08561-b03e-475e-b29b-9ad4aa207daf; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/
SameSite=None; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/; Secure
ADRUM_BT1=R:37|i:2241585; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/
ADRUM_BT1=R:37|i:2241585|e:9; Max-Age=30; Expires=Thu, 10-Nov-2022 23:44:29 GMT; Path=/
vary: Accept
expires: Thu, 10 Nov 2022 23:44:59 GMT
x-envoy-upstream-service-time: 2
server: ws
strict-transport-security: max-age=99999999999; includeSubDomains
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
x-cache-status: EXPIRED
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
208.89.12.80200 OK 0 B URL HTTP/2 lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549
IP 208.89.12.80:0
GET /le_unified_window/10.23.0.0-release_5549/lpChatV3.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn-a.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:59 GMT
content-type: application/javascript
last-modified: Mon, 31 Oct 2022 21:42:13 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 10 Nov 2023 23:43:59 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
va.v.liveperson.net/api/js/88246722?&cb=lpCb89070x17844&t=sp&ts=1668123834815&pid=5659882755&tid=4169146653&pt=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&u=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
208.89.12.87200 OK 0 B URL HTTP/2 va.v.liveperson.net/api/js/88246722?&cb=lpCb89070x17844&t=sp&ts=1668123834815&pid=5659882755&tid=4169146653&pt=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&u=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
IP 208.89.12.87:0
GET /api/js/88246722?&cb=lpCb89070x17844&t=sp&ts=1668123834815&pid=5659882755&tid=4169146653&pt=Las%20Vegas%20Luxury%20Hotel%20%7C%20The%20Cosmopolitan&u=https%3A%2F%2Fwww.cosmopolitanlasvegas.com%2F&df=0&os=0&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:44:01 GMT
content-type: application/javascript
set-cookie: LPVisitorID=U3MDNiMDY5ZTIwZTY3NjMy; Expires=Fri, 11-Nov-2022 01:24:01 GMT; Path=/; HttpOnly
LPSessionID=rdxc_aUASVOFHwLF6oOLOA; Path=/api/js/88246722; HttpOnly
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
va.v.liveperson.net/api/js/88246722?sid=rdxc_aUASVOFHwLF6oOLOA&cb=lpCb459x11913&t=pl&ts=1668123836155&pid=5659882755&tid=4169146653&vid=U3MDNiMDY5ZTIwZTY3NjMy
208.89.12.87200 OK 0 B URL HTTP/2 va.v.liveperson.net/api/js/88246722?sid=rdxc_aUASVOFHwLF6oOLOA&cb=lpCb459x11913&t=pl&ts=1668123836155&pid=5659882755&tid=4169146653&vid=U3MDNiMDY5ZTIwZTY3NjMy
IP 208.89.12.87:0
GET /api/js/88246722?sid=rdxc_aUASVOFHwLF6oOLOA&cb=lpCb459x11913&t=pl&ts=1668123836155&pid=5659882755&tid=4169146653&vid=U3MDNiMDY5ZTIwZTY3NjMy HTTP/1.1
Host: va.v.liveperson.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:44:01 GMT
content-type: application/javascript
cache-control: no-store
server: ws
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
content-encoding: gzip
X-Firefox-Spdy: h2
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549
208.89.12.80200 OK 0 B URL HTTP/2 lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549
IP 208.89.12.80:0
GET /le_unified_window/10.23.0.0-release_5549/desktopEmbedded.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn-a.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:59 GMT
content-type: application/javascript
last-modified: Mon, 31 Oct 2022 21:42:12 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 10 Nov 2023 23:43:59 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2
assets.sitescdn.net/answers-search-bar/v1.0/answers.css
104.18.112.52200 OK 0 B URL HTTP/2 assets.sitescdn.net/answers-search-bar/v1.0/answers.css
IP 104.18.112.52:0
GET /answers-search-bar/v1.0/answers.css HTTP/1.1
Host: assets.sitescdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:56 GMT
content-type: text/css
x-amz-id-2: sHW6JX65H6geWvDjoAJ+MFjX3dJurLdmJf8sE3JEzNsBuQaUeKb6uNCxFWYaZBFV4i0ay1v9FeM=
x-amz-request-id: GV9GD8MVF79B3690
cache-control: max-age=43200
last-modified: Thu, 12 Aug 2021 12:40:41 GMT
x-amz-version-id: null
etag: W/"59a4e9ee9ab23940a022507bf6dda434"
cf-cache-status: HIT
age: 2604
set-cookie: __cf_bm=w4WCkIry4AWzSP24VtDtpRMIlerBvuBvyZj8Bnw4ilE-1668123836-0-AdLKVMS82gt3kbjQ4Vc2q9YYuQP8/QUdkHlQI1406HHEtU4pOBWGwwFhQ5eR0t8G7x6xE330xd8c+BPQ4kmw0LM=; path=/; expires=Fri, 11-Nov-22 00:13:56 GMT; domain=.sitescdn.net; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7682a739dd0d0af6-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
assets.sitescdn.net/answers-search-bar/v1.0/answerstemplates.compiled.min.js
104.18.112.52200 OK 0 B URL HTTP/2 assets.sitescdn.net/answers-search-bar/v1.0/answerstemplates.compiled.min.js
IP 104.18.112.52:0
GET /answers-search-bar/v1.0/answerstemplates.compiled.min.js HTTP/1.1
Host: assets.sitescdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:56 GMT
content-type: application/javascript
x-amz-id-2: 7QPM0ukFpwPqss+QHZGrJpVjy641t81ULzfjBAkc+ldZn0CFK55YrT19qI4BQ1uNR0BJW9BuqW4=
x-amz-request-id: 00P5EGEWKQYE7Y21
cache-control: max-age=43200
last-modified: Thu, 12 Aug 2021 12:40:41 GMT
x-amz-version-id: null
etag: W/"9862faba1058f30f1cfb9a7f9174e322"
cf-cache-status: HIT
age: 14932
set-cookie: __cf_bm=pyh1QyX6D9NyAx6iMB_BaUEww4tlTFJ.O.qorb8uyxk-1668123836-0-AYrq0oJJVTn7k1/noIch+IpLWyec5FEK/OR655hdwbtjBDxW//8cPYFedhB0Zh2bche0h2r4FC7zLmZsxzPqywc=; path=/; expires=Fri, 11-Nov-22 00:13:56 GMT; domain=.sitescdn.net; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7682a739dd0e0af6-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
208.89.12.80200 OK 0 B URL HTTP/2 lpcdn-a.lpsnmedia.net/le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549
IP 208.89.12.80:0
GET /le_unified_window/10.23.0.0-release_5549/surveylogicinstance.min.js?version=10.23.0.0-release_5549 HTTP/1.1
Host: lpcdn-a.lpsnmedia.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.cosmopolitanlasvegas.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 10 Nov 2022 23:43:59 GMT
content-type: application/javascript
last-modified: Mon, 31 Oct 2022 21:42:14 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options, x-lp-state-rev
access-control-allow-credentials: true
expires: Fri, 10 Nov 2023 23:43:59 GMT
cache-control: max-age=31536000
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
x-cache-status: HIT
X-Firefox-Spdy: h2