CONTINUOUS INTERNET TELEMETRY24H DRIFT2,960 material changesacross 2,609 domains · -438 vs yesterdayDNS DRIFT24 domains changed DNS providertop destination cloudflare.com · -3 vs yesterdayEMAIL DRIFT2 domains switched email providertop destination h-email.net · -4 vs yesterdayCERT DRIFT7 domains switched issuing CA24hNOW3,311 curated domains not answering-6,407 vs yesterdayERRORS10,956 responded with an errorlast probe · 5xx / 404 / 429 / 40324H DRIFT2,960 material changesacross 2,609 domains · -438 vs yesterdayDNS DRIFT24 domains changed DNS providertop destination cloudflare.com · -3 vs yesterdayEMAIL DRIFT2 domains switched email providertop destination h-email.net · -4 vs yesterdayCERT DRIFT7 domains switched issuing CA24hNOW3,311 curated domains not answering-6,407 vs yesterdayERRORS10,956 responded with an errorlast probe · 5xx / 404 / 429 / 403

do.co

Observed 2026-07-12T15:11:33.611Z (20h ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onCloudflare
Email byGoogle Workspace
Also usesGoogle Search Console
2 subdomains · tranco_40k
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat do.co actually stands on - every host below is a signed observation
do.co
A / AAAA
67.199.248.1367.199.248.12
Cloudflareserves the site
NS
kim.ns.cloudflare.comwalt.ns.cloudflare.com
cloudflare.comanswers its DNS
MX
alt2.aspmx.l.google.comaspmx3.googlemail.comalt1.aspmx.l.google.comaspmx.l.google.com+1 more
Google Workspacereceives its email

HTTPS probe

redirect Redirecting (3xx) 301 → https://www.digitalocean.com/
HTTP status301
Servercloudflare
TLS protocolHTTP/3
TLS issuernot observed
Behind Cloudflareyes
Response time133 ms
DNS resolutionNOERROR
Redirect chain
https://www.digitalocean.com/

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

A 2

  • 67.199.248.13
  • 67.199.248.12

MX 5

  • 30alt2.aspmx.l.google.com
  • 50aspmx3.googlemail.com
  • 20alt1.aspmx.l.google.com
  • 10aspmx.l.google.com
  • 40aspmx2.googlemail.com

TXT 4

  • google-site-verification=bvpmA_UzHhTwGo6A9foXA_W20lUsPZ-UjY-pJDjdoPk
  • v=spf1 include:_spf.google.com include:mg-spf.greenhouse.io -all
  • v=DMARC1; p=reject; pct=100; rua=mailto:fdpfb1lo@ag.dmarcian.com; ruf=mailto:fdpfb1lo@fr.dmarcian.com
  • v=DKIM1; (detected)

NS 2

  • kim.ns.cloudflare.com
  • walt.ns.cloudflare.com

SOA 1

  • kim.ns.cloudflare.com dns.cloudflare.com

CAA 12

  • issuewild comodoca.com
  • issuewild ssl.com
  • issue digicert.com; cansignhttpexchanges=yes
  • iodef mailto:security@digitalocean.com
  • issue globalsign.com
  • issue pki.goog; cansignhttpexchanges=yes
  • issuewild digicert.com; cansignhttpexchanges=yes
  • issue ssl.com
  • issue letsencrypt.org
  • issue comodoca.com

TLS Certificates (0)

None.

Subdomains (2)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for do.co. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for do.co <a href="https://domaindrift.io/t/do.co"> <img src="https://domaindrift.io/badge/do.co.svg" width="300" height="64" alt="DomainDrift signed observations for do.co"> </a>

Ed25519 Receipt

Receipt ID
dbd998fc-bd2d-491b-9a3e-14b415306c5d
Output Hash
1f598c01ddae44f41d61655b98b4ac65a3e5d804e4a1dbd655ab2ef8012a3c15
Signature
ed25519:55c6641243486a7e9736e7a1d78f75ab635ad591dca953d3756c87647083f1d920aa96b91cdb0ebbb88c37d25d9743fe33b054e2617e72964e7bfe863c60ca06
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser