CONTINUOUS INTERNET TELEMETRY24H DRIFT1,208 material changesacross 992 domains · -870 vs yesterdayDNS DRIFT3 domains changed DNS providertop destination ac.in · -12 vs yesterdayNOW2,330 curated domains not answering+1,204 vs yesterdayERRORS15,576 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED39,535 throttled or blocked our scanner429 rate-limit / 403 bot-block24H DRIFT1,208 material changesacross 992 domains · -870 vs yesterdayDNS DRIFT3 domains changed DNS providertop destination ac.in · -12 vs yesterdayNOW2,330 curated domains not answering+1,204 vs yesterdayERRORS15,576 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED39,535 throttled or blocked our scanner429 rate-limit / 403 bot-block

DomainDrift for compliance and GRC

Prove posture on a date. Catch vendor drift mid-contract.

The questionnaire was true at signing. The job is what a vendor’s public posture is now, whether it has drifted since, and being able to show what it was on any date, in a form an auditor or insurer can check.

Third party risk monitoring that runs continuously

Put each vendor’s domains in a group. DomainDrift watches their DNS, certificates, and reachability continuously and alerts you on material change. Email authentication posture (SPF, DMARC) is collected on every scan and readable on the record. Monitoring runs between reviews, which is exactly when drift happens.

Vendor security posture change alerts

A certificate from a new issuer, a nameserver move, a mail-exchanger change: each lands as a drift event carrying the value before and the value after, timestamped. You learn about the change from the alert, not from next year’s reassessment.

How do I prove security posture to a cyber insurer?

Every observation is Ed25519 signed at the moment it is made, with a timestamp, chained to the previous scan. What a domain’s DNS, certificate, and email authentication posture was on a given date is not a claim in a spreadsheet; it is a signed record you can produce.

Evidence that verifies years later

The signing keys are published, receipts are public, and the verifier runs in a browser at /verify with no account. A signature proves who made the observation and that it has not been altered since; it is added trust, on the record, permanently.

Check the record yourself

Every observation is Ed25519 signed the moment it is made and chained to the previous scan, against published keys. The verifier checks any receipt in your browser, and on any domain page the probe panel reruns the live checks from your own network: your resolver, the registry, your own route to the site. A signature proves who observed something and that the record has not been altered since. DomainDrift puts its name on every observation, permanently.

Start free

A free account puts 5 of your own domains under watch in a group, with signed webhook alerts on change and the complete signed record open. Paid plans raise the dials; pricing is on its own page.

Watching something we have not built for yet? Tell us what you would watch.