CONTINUOUS INTERNET TELEMETRY24H DRIFT2,108 material changesacross 1,905 domains · -443 vs yesterdayDNS DRIFT12 domains changed DNS providertop destination afternic.com · -4 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination google.com · +1 vs yesterdayCERT DRIFT1 domains switched issuing CA24h · -4 vs yesterdayNOW3,394 curated domains not answeringlast probe, steadyERRORS10,895 responded with an errorlast probe · 5xx / 404 / 429 / 40324H DRIFT2,108 material changesacross 1,905 domains · -443 vs yesterdayDNS DRIFT12 domains changed DNS providertop destination afternic.com · -4 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination google.com · +1 vs yesterdayCERT DRIFT1 domains switched issuing CA24h · -4 vs yesterdayNOW3,394 curated domains not answeringlast probe, steadyERRORS10,895 responded with an errorlast probe · 5xx / 404 / 429 / 403

cigna.com

Observed 2026-07-14T02:00:25.871Z (11h ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onCloudflare
Email byProofpoint
Registered withCSC Corporate Domains, Inc.
Also usesFacebook/MetaAtlassianZoomDockerGoogle Search ConsoleMiroDocuSign
8 subdomains · healthcare
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat cigna.com actually stands on - every host below is a signed observation
cigna.com
A / AAAA
170.48.29.90170.48.10.90
Cloudflareserves the site
NS
ns2.cigna.comns.cigna.com
cigna.comanswers its DNS
MX
mxa-000e5c18.gslb.pphosted.commxb-000e5c18.gslb.pphosted.com
Proofpointreceives its email

HTTPS probe

redirect Redirecting (3xx) 301 → https://www.cigna.com/
HTTP status301
Servercloudflare
TLS protocolHTTP/2
TLS issuernot observed
Behind Cloudflareyes
Response time347 ms
DNS resolutionNOERROR
Redirect chain
https://www.cigna.com/

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

A 2

  • 170.48.29.90
  • 170.48.10.90

MX 2

  • 10mxa-000e5c18.gslb.pphosted.com
  • 10mxb-000e5c18.gslb.pphosted.com

TXT 54

  • DirectFedAuthUrl=https://cigna.okta.com/app/cigna_massloadtoolprod_1/exkshnxuvhIrVgnJ84x7/sso/saml
  • mongodb-site-verification=zTarNnkaed939qLY0tE6DgSvlSFI0Whm
  • smartsheet-site-validation=TuhXlMqiUJ3n6qUaF7WSu-yWqKtYyp5S
  • smartsheet-site-validation=4LMJYxXDEBS6ZZ2z1fqGCu2nsWfCCLb1
  • adobe-idp-site-verification=2153d23c7de397f35d7065ec964ffe60973cc506a82564651c5790c7a203ff69
  • apple-domain-verification=D1GNhYf1NmjA9VYB
  • facebook-domain-verification=llt3bsfsg8tlryh3h7lhnjb4vf3w0a
  • adobe-sign-verification=107e2cde1ace30939bec5712a100a21
  • webexdomainverification.5c50f2772498d388e053ab06fc0a3a57=990d715a-97e0-4059-84f4-e2cc27e2cb5b
  • DirectFedAuthUrl=https://cigna.oktapreview.com/app/cigna_massloadtooldev_1/exk2f64bzy165xPiW0h8/sso/saml

NS 2

  • ns2.cigna.com
  • ns.cigna.com

SOA 1

  • ns.cigna.com dnsdhcpipam.cigna.com

TLS Certificates (0)

None.

Subdomains (8)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for cigna.com. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for cigna.com <a href="https://domaindrift.io/t/cigna.com"> <img src="https://domaindrift.io/badge/cigna.com.svg" width="300" height="64" alt="DomainDrift signed observations for cigna.com"> </a>

Ed25519 Receipt

Receipt ID
66b86bdc-f049-4415-8e1a-4c4e4334c08e
Output Hash
e2a729777e04bca9f3a5c2cfd2d6186b5dadb133595868d320eea64474c3ae23
Signature
ed25519:dcc99ba675dc3f0aa5b9017f1a4f564ef7708a617458a0f6674a082bbfee38b4f066e0933b63a4e318aa8ad78c0f19d74072370399e1d4592195c43ac183670a
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser