CONTINUOUS INTERNET TELEMETRY24H DRIFT1,088 material changesacross 970 domains · +634 vs yesterdayDNS DRIFT24 domains changed DNS providertop destination parity.domains · +20 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination pphosted.com · +4 vs yesterdayNOW1,703 curated domains not answering-512 vs yesterdayERRORS6,632 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED3,884 throttled or blocked our scanner429 rate-limit / 403 bot-block24H DRIFT1,088 material changesacross 970 domains · +634 vs yesterdayDNS DRIFT24 domains changed DNS providertop destination parity.domains · +20 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination pphosted.com · +4 vs yesterdayNOW1,703 curated domains not answering-512 vs yesterdayERRORS6,632 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED3,884 throttled or blocked our scanner429 rate-limit / 403 bot-block

customer.io

Observed 2026-07-17T12:14:46.802892669+00:00 (1h ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onAmazon
Email byGoogle Workspace
Secured byLet's Encrypt
Also uses1PasswordDocuSignFacebook/MetaGoogle Search ConsoleHubSpotLinearMiroNotion
email_comms
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat customer.io actually stands on - every host below is a signed observation
customer.io
A / AAAA
76.76.21.21
Amazonserves the site
NS
ns-1181.awsdns-19.orgns-1893.awsdns-44.co.ukns-499.awsdns-62.comns-618.awsdns-13.net
awsdns-19.org + awsdns-44.co.uk + moreanswers its DNS
MX
aspmx.l.google.comaspmx2.googlemail.comaspmx3.googlemail.comalt1.aspmx.l.google.com+1 more
Google Workspacereceives its email
TLS
customer.io
Let's Encryptissued its certificate

DNS Records

A 1

  • 76.76.21.21

MX 5

  • 1aspmx.l.google.com
  • 10aspmx2.googlemail.com
  • 10aspmx3.googlemail.com
  • 5alt1.aspmx.l.google.com
  • 5alt2.aspmx.l.google.com

TXT 26

  • 1password-site-verification=NKRDO4YCMBDD7KNUO4PN6RZCA4
  • MS=ms56053829
  • OSSRH-70026
  • airtable-verification=a839ac25097d07e90b6725421494b506
  • anthropic-domain-verification-h4s30h=RXWAAyC4VDThCnWjaprWPkUET
  • asv=8738dd37f3c5a1368cba93d24b4a1e17
  • cursor-domain-verification-m2k2b5=XfoK2FPHAUqoNHiCpHtqY2fXP
  • docusign=48e7526a-7539-4ad0-b672-7a94c3a20c29
  • facebook-domain-verification=62g2j16g5qkvf38ekdrtxiez0bsqei
  • google-site-verification=HbwteWh_QF6HnNCDLL_1X_GRwURBkYEdFAVM00rxf_k

NS 4

  • ns-1181.awsdns-19.org
  • ns-1893.awsdns-44.co.uk
  • ns-499.awsdns-62.com
  • ns-618.awsdns-13.net

SOA 1

  • ns-1181.awsdns-19.org awsdns-hostmaster.amazon.com

TLS Certificates (3)

Common NameIssuerExpires
customer.io C=US, O=Let's Encrypt, CN=YR1 Tue, 22 Sep 2026 13:17:15 +0000
YR1 C=US, O=ISRG, CN=Root YR Sat, 02 Sep 2028 23:59:59 +0000
Root YR C=US, O=Internet Security Research Group, CN=ISRG Root X1 Thu, 02 Sep 2032 23:59:59 +0000

Subdomains (0)

None observed.

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for customer.io. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for customer.io <a href="https://domaindrift.io/t/customer.io"> <img src="https://domaindrift.io/badge/customer.io.svg" width="300" height="64" alt="DomainDrift signed observations for customer.io"> </a>

Ed25519 Receipt

Receipt ID
20c96f17-48e0-4f84-88f0-830e97f396c7
Output Hash
158ab37253ee90c998d5d8f7847ad3be99fda3cedf7c10d83cc370d1a48c8dca
Signature
ed25519:f4fe8c627bf5c5486c3600e8a950a08986042ae974d7bea0fcb55729f168f0227092bf45ccd987360a5282fb4b043c52b831e8dc159da42d32333bc7074faf01
Public Key
ed25519:178c3bd0f57d9d64b83cc4630753381e1a465005a2bbba3d032371f24af0bfd8
Parent
(genesis)
Plane
fast
Verify this in your browser