URL: https://rapid.hilton.com/
Submission: On December 23 via manual from SI — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 167.187.100.53, located in United States and belongs to HILTON-C, US. The main domain is rapid.hilton.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on June 14th 2023. Valid for: a year.
This is the only time rapid.hilton.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 167.187.100.53 3826 (HILTON-C)
13 1
Apex Domain
Subdomains
Transfer
13 hilton.com
rapid.hilton.com
76 KB
13 1
Domain Requested by
13 rapid.hilton.com rapid.hilton.com
13 1

This site contains links to these domains. Also see Links.

Domain
www1.hilton.com
Subject Issuer Validity Valid
rapid.hilton.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-06-14 -
2024-06-13
a year crt.sh

This page contains 1 frames:

Primary Page: https://rapid.hilton.com/
Frame ID: A6049F5FE6573671490D376705492D29
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

Verify your group details

Detected technologies

Overall confidence: 100%
Detected patterns
  • <input[^>]+name="__VIEWSTATE

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

76 kB
Transfer

75 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
rapid.hilton.com/
22 KB
23 KB
Document
General
Full URL
https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
7697162a7b5d5b6a5eeee29a0ff715df5a8064541bf33c44fe27b7a9a4337273
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
HackerOne
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
content-length
22749
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
content-type
text/html; charset=utf-8
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
server
strict-transport-policy
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
thickbox.css
rapid.hilton.com/css/
4 KB
4 KB
Stylesheet
General
Full URL
https://rapid.hilton.com/css/thickbox.css
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
ba26d6b345d76be5ed9a27a01219bf5f443eaa3bd38b42eb20f188d9f11c2f3b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:29 GMT
server
etag
"7ac3a9ac131dda1:0"
x-frame-options
SAMEORIGIN
content-type
text/css
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
4067
x-xss-protection
1; mode=block
rapid-style.css
rapid.hilton.com/css/
12 KB
12 KB
Stylesheet
General
Full URL
https://rapid.hilton.com/css/rapid-style.css
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
d7ae24cd59b846b66dbc03e134c56d7a3e725351a2cb07f02fa4c003bafb856f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:29 GMT
server
etag
"7ac3a9ac131dda1:0"
x-frame-options
SAMEORIGIN
content-type
text/css
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
12029
x-xss-protection
1; mode=block
calendar.js
rapid.hilton.com/js/
14 KB
14 KB
Script
General
Full URL
https://rapid.hilton.com/js/calendar.js
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
16910797d3cab55f84b148ac83b8a8426a63ffb04fc7c317ab854037083c39d6
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"6d6f36ad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
14632
x-xss-protection
1; mode=block
common.js
rapid.hilton.com/js/
2 KB
2 KB
Script
General
Full URL
https://rapid.hilton.com/js/common.js
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
485740ebf09578e65b079307a61f4108c67b5bf5a55cdcccd8deaacbdf806c78
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"6d6f36ad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
2169
x-xss-protection
1; mode=block
untitled.png
rapid.hilton.com/en_US/hi/media/images/logos/
3 KB
3 KB
Image
General
Full URL
https://rapid.hilton.com/en_US/hi/media/images/logos/untitled.png
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
6520838b5491126cdc9b9699b0e8464194c943d6c393dd56c0843880e5755484
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"54e15ad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
image/png
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
2819
x-xss-protection
1; mode=block
trckr_verify_on.gif
rapid.hilton.com/images/
854 B
923 B
Image
General
Full URL
https://rapid.hilton.com/images/trckr_verify_on.gif
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
f4bf6d2e53432f0292c4b709ed624d6e6fc8b1bf0e9a4a02131c11a58820e842
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"14d34ad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
image/gif
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
854
x-xss-protection
1; mode=block
trckr_gstRm_0.gif
rapid.hilton.com/images/
474 B
566 B
Image
General
Full URL
https://rapid.hilton.com/images/trckr_gstRm_0.gif
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
8c030aa940bf2533339c7eac9945a32c7334160bb62c8b713e49a72f636f2cbb
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"14d34ad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
image/gif
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
474
x-xss-protection
1; mode=block
trckr_confirm_off.gif
rapid.hilton.com/images/
526 B
611 B
Image
General
Full URL
https://rapid.hilton.com/images/trckr_confirm_off.gif
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
824f42da8ef2b90d4d9eb28ae56bce2ce081911cc01825a7b84a48bc45d66944
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"d3aa31ad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
image/gif
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
526
x-xss-protection
1; mode=block
ico_help.gif
rapid.hilton.com/images/
150 B
234 B
Image
General
Full URL
https://rapid.hilton.com/images/ico_help.gif
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
def255cf963d0692d6cb6838bbe7efd2cb28e50aefbd2a144838943a24cf26a4
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"5f482fad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
image/gif
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
150
x-xss-protection
1; mode=block
ico_calendar.gif
rapid.hilton.com/images/
197 B
282 B
Image
General
Full URL
https://rapid.hilton.com/images/ico_calendar.gif
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
674d447059ea78458be73b8db23d1ba734d2705aecec3e396251162ea352a5b7
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"23e62cad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
image/gif
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
197
x-xss-protection
1; mode=block
continue.jpg
rapid.hilton.com/images/
2 KB
2 KB
Image
General
Full URL
https://rapid.hilton.com/images/continue.jpg
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
3e39f714263eccac740596f6cbba2bb8a1124cf41d7e1d864cab0fe86d8bdab3
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"c7832aad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
1746
x-xss-protection
1; mode=block
bg1.jpg
rapid.hilton.com/images/
14 KB
14 KB
Image
General
Full URL
https://rapid.hilton.com/images/bg1.jpg
Requested by
Host: rapid.hilton.com
URL: https://rapid.hilton.com/css/rapid-style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.187.100.53 , United States, ASN3826 (HILTON-C, US),
Reverse DNS
Software
/
Resource Hash
cb7d2fd1fa75dd9ae8713770a21e6ad90901be10ad511b1610c46085a9e12944
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
HackerOne

Response headers

content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval';
date
Sat, 23 Dec 2023 12:50:02 GMT
referrer-policy
no-referrer
x-content-type-options
nosniff
last-modified
Wed, 22 Nov 2023 07:15:30 GMT
server
etag
"e0be25ad131dda1:0"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
strict-transport-policy
max-age=31536000
accept-ranges
bytes
content-length
14106
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| ValidateArrDepDate function| ValidateARRDate function| ValidateDepDate function| valCompareDates function| valCheckPastDates function| CheckForGroup function| LoadSRPCode function| LoadReservationSrcCode function| CheckForReservationSource function| Trim function| DefaultAddressType function| DefaultPhoneType function| DefaultEmailType function| ChangeToUpperCase function| openHelpPage function| ViewPopup boolean| IE function| ShowToolTip function| ShowCustomerToolTip function| ShowCommentToolTip function| HideToolTip function| findPos function| MakeCaps

1 Cookies

Domain/Path Name / Value
rapid.hilton.com/ Name: ASP.NET_SessionId
Value: 2iskte5po122ou3jd1iv0n2y

1 Console Messages

Source Level URL
Text
security error URL: https://rapid.hilton.com/(Line 235)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-JkGnOslGdki+cAJ0jMTP5qe77KIjK1m0ZhoelpxwfZU='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block