CONTINUOUS INTERNET TELEMETRY24H DRIFT2,098 material changesacross 1,895 domains · -453 vs yesterdayDNS DRIFT12 domains changed DNS providertop destination afternic.com · -4 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination google.com · +1 vs yesterdayCERT DRIFT1 domains switched issuing CA24h · -4 vs yesterdayNOW3,392 curated domains not answeringlast probe, steadyERRORS10,896 responded with an errorlast probe · 5xx / 404 / 429 / 40324H DRIFT2,098 material changesacross 1,895 domains · -453 vs yesterdayDNS DRIFT12 domains changed DNS providertop destination afternic.com · -4 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination google.com · +1 vs yesterdayCERT DRIFT1 domains switched issuing CA24h · -4 vs yesterdayNOW3,392 curated domains not answeringlast probe, steadyERRORS10,896 responded with an errorlast probe · 5xx / 404 / 429 / 403

marriott.com

Observed 2026-07-14T01:06:22.427Z (12h ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onCloudflare
Email byMicrosoft 365
Registered withCSC Corporate Domains, Inc.
Also usesAtlassianDocuSignGoogle Search ConsoleFigmaFacebook/Meta
18 subdomains · fortune_500
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat marriott.com actually stands on - every host below is a signed observation
marriott.com
A / AAAA
23.62.132.128
Cloudflareserves the site
NS
usc1.akam.netusc2.akam.netns1-7.akam.neteur1.akam.net+4 more
akam.netanswers its DNS
MX
marriott-com.mail.protection.outlook.com
Microsoft 365receives its email

HTTPS probe

redirect Redirecting (3xx) 301 → https://www.marriott.com/default.mi
HTTP status301
Servercloudflare
TLS protocolHTTP/2
TLS issuernot observed
Behind Cloudflareyes
Response time78 ms
DNS resolutionNOERROR
Redirect chain
https://www.marriott.com/default.mi

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

A 1

  • 23.62.132.128

MX 1

  • 10marriott-com.mail.protection.outlook.com

TXT 53

  • amazonses:T+PiZncc85hp45Hh5rxnadRc3PqQCxeWhb2Iulxh+HI=
  • e2ma-verification=g23cb
  • e2ma-verification=i7b3
  • e2ma-verification=rzicb
  • liveramp-site-verification=dphz_fboDvNf-L04XjGWSNpfcEjqykIGaOetpgtRFrY
  • cisco-ci-domain-verification=510f4042252171cd62c2992306c3623499318270fcef3f0266e4bc2bc4df9053
  • e2ma-verification=t4xeb
  • e2ma-verification=qohib
  • amazonses:dRwYaeqcRYgOr0nfuNpgfwcye7qC/+W7j9+4l95WmfA=
  • EMMA-VALIDATION2-22-21

NS 8

  • usc1.akam.net
  • usc2.akam.net
  • ns1-7.akam.net
  • eur1.akam.net
  • eur3.akam.net
  • ns1-22.akam.net
  • eur4.akam.net
  • use4.akam.net

SOA 1

  • use4.akam.net infrahostmastergtm.marriott.com

TLS Certificates (0)

None.

Subdomains (18)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for marriott.com. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for marriott.com <a href="https://domaindrift.io/t/marriott.com"> <img src="https://domaindrift.io/badge/marriott.com.svg" width="300" height="64" alt="DomainDrift signed observations for marriott.com"> </a>

Ed25519 Receipt

Receipt ID
71502afa-9cc1-49b5-b1f4-42ace5a2b11f
Output Hash
3f93697dac56634815076138fd3f4069aebe2e6152f1d1f4e4a30e7d62b55e1e
Signature
ed25519:55ce889a28aa46173996e99a889314a71bbb497105cfa6fb6223e04254a4ca0d36aee0ed677fb4df20bfef5d6857bf9c2d73b040e22bb0f1d5a51d590435db0f
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser