CONTINUOUS INTERNET TELEMETRY24H DRIFT3,255 material changesacross 2,841 domains · -143 vs yesterdayDNS DRIFT21 domains changed DNS providertop destination digicertdns.com + digicertdns.net · -6 vs yesterdayEMAIL DRIFT5 domains switched email providertop destination 365cool.com · -1 vs yesterdayCERT DRIFT8 domains switched issuing CA24h · +1 vs yesterdayNOW3,306 curated domains not answering-6,412 vs yesterdayERRORS10,963 responded with an errorlast probe · 5xx / 404 / 429 / 40324H DRIFT3,255 material changesacross 2,841 domains · -143 vs yesterdayDNS DRIFT21 domains changed DNS providertop destination digicertdns.com + digicertdns.net · -6 vs yesterdayEMAIL DRIFT5 domains switched email providertop destination 365cool.com · -1 vs yesterdayCERT DRIFT8 domains switched issuing CA24h · +1 vs yesterdayNOW3,306 curated domains not answering-6,412 vs yesterdayERRORS10,963 responded with an errorlast probe · 5xx / 404 / 429 / 403

hide.me

Observed 2026-07-12T11:59:37.345Z (20h ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onCloudflare
Email byAmazon SES
Also usesFacebook/MetaGoogle Search Console
11 subdomains · tranco_40k
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat hide.me actually stands on - every host below is a signed observation
hide.me
A / AAAA
165.227.5.53
Cloudflareserves the site
NS
ns1.hide.mens3.hide.mens0.hide.mens2.hide.me+1 more
hide.meanswers its DNS
MX
mail.onemail.me
Amazon SESreceives its email

HTTPS probe

redirect Redirecting (3xx) 302 → /en/
HTTP status302
Servercloudflare
TLS protocolHTTP/2
TLS issuernot observed
Behind Cloudflareyes
Response time202 ms
DNS resolutionNOERROR
Redirect chain
/en/

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

A 1

  • 165.227.5.53

MX 1

  • 5mail.onemail.me

TXT 11

  • yandex-verification: 74d90618b62a55e0
  • v=spf1 include:amazonses.com include:support.zendesk.com include:mailgun.org ip4:46.166.151.132 ip6:2a00:1768:2001:7d:0:0:0:84 ~all
  • _0t1cgegndgv2phsz39m8ukdu8gi7dec
  • facebook-domain-verification=emfg2skz1lhstuu9hxe40xttv0ku4u
  • google-site-verification=lvXQzUs_VS32sakfsk18afxAr5GtaoAqXUIl32F4onY
  • ahrefs-site-verification_b417611967a753480a57a86562e4a9449f578c1e492250b2c98e5a0f4c187915
  • google-site-verification=_inzsgen0wp7q9uA_E7csgRWOij122Wp6Qpf1dGvBy0
  • google-site-verification=jlFCAzeB_dKpW9OLbf0L_90G28AJaCh0TRPW-mHtfik
  • google-site-verification=TqAYX_wCieP24rylHii5aG8vd81GnwL_TnevDg4v31g
  • v=DMARC1; p=quarantine;

NS 5

  • ns1.hide.me
  • ns3.hide.me
  • ns0.hide.me
  • ns2.hide.me
  • ns4.hide.me

SOA 1

  • ns0.hide.me support.hide.me

CAA 4

  • issuewild digicert.com
  • issue letsencrypt.org
  • iodef mailto:security@hide.me
  • issue digicert.com

TLS Certificates (0)

None.

Subdomains (11)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for hide.me. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for hide.me <a href="https://domaindrift.io/t/hide.me"> <img src="https://domaindrift.io/badge/hide.me.svg" width="300" height="64" alt="DomainDrift signed observations for hide.me"> </a>

Ed25519 Receipt

Receipt ID
4c702c21-a365-4805-be7e-37c0dc9b6ae5
Output Hash
31584d5ca462d1593055e798124640c58836134d1943ce62c2becbca1a718bbf
Signature
ed25519:b471ddfda6b50bfaa18bf01a6f6cbb4223cd6d42facaec0219a647c3a1304d8fe2a2cec6f1b24d5147be96de6603fc999055fa3638f9f17897dd805bd239e908
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser