CONTINUOUS INTERNET TELEMETRY24H DRIFT1,037 material changesacross 915 domains · +583 vs yesterdayDNS DRIFT25 domains changed DNS providertop destination parity.domains · +21 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination pphosted.com · +4 vs yesterdayNOW197 curated domains not answering-2,018 vs yesterdayERRORS1,402 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED5,504 throttled or blocked our scanner429 rate-limit / 403 bot-block24H DRIFT1,037 material changesacross 915 domains · +583 vs yesterdayDNS DRIFT25 domains changed DNS providertop destination parity.domains · +21 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination pphosted.com · +4 vs yesterdayNOW197 curated domains not answering-2,018 vs yesterdayERRORS1,402 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED5,504 throttled or blocked our scanner429 rate-limit / 403 bot-block

romwe.com

Observed 2026-07-17T12:37:16.131950391+00:00 (3h ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onAmazon
Email byZendesk
Secured byDigiCert
Registered withAlibaba Cloud Computing (Beijing) Co., Ltd.
Also usesGoogle Search Console
push_legacy
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat romwe.com actually stands on - every host below is a signed observation
romwe.com
A / AAAA
52.39.90.5652.39.206.44
Amazonserves the site
NS
ns-1229.awsdns-25.orgns-1843.awsdns-38.co.ukns-328.awsdns-41.comns-839.awsdns-40.net
awsdns-25.org + awsdns-38.co.uk + moreanswers its DNS
MX
mx.sheincorp.cnmx-shein-com.icoremail.net
Zendeskreceives its email
TLS
*.romwe.com
DigiCertissued its certificate

DNS Records

A 2

  • 52.39.90.56
  • 52.39.206.44

MX 2

  • 10mx.sheincorp.cn
  • 5mx-shein-com.icoremail.net

TXT 5

  • google-site-verification=mNgCWUAtZTdwsKe4CRkfwHXCrdu3qdvebQt085FjQ-Y
  • mandrill_verify.6u6EubE_tBKIjwbXja-k1g
  • v=spf1 include:mail.zendesk.com include:safe-spf01.romwe.com include:spf-cm.icoremail.net ~all
  • v=DMARC1; p=quarantine; rua=mailto:dmarc_agg@dmarc.everest.email,mailto:dmarc_report@romwe.com; ruf=mailto:dmarc_fr@dmarc.everest.email,mailto:dmarc@romwe.com; adkim=s; aspf=r; rf=afrf; pct=100; fo=1
  • v=BIMI1;l=https://bimi.entrust.net/romwe.com/logo.svg;a=https://bimi.entrust.net/romwe.com/certchain.pem

NS 4

  • ns-1229.awsdns-25.org
  • ns-1843.awsdns-38.co.uk
  • ns-328.awsdns-41.com
  • ns-839.awsdns-40.net

SOA 1

  • ns-328.awsdns-41.com awsdns-hostmaster.amazon.com

TLS Certificates (3)

Common NameIssuerExpires
*.romwe.com C=US, O=DigiCert, Inc., CN=DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1 Sat, 24 Oct 2026 23:59:59 +0000
DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1 C=US, O=DigiCert Inc, 2.5.4.11=www.digicert.com, CN=DigiCert Global Root G2 Tue, 14 Dec 2032 23:59:59 +0000
DigiCert Global Root G2 C=US, O=DigiCert Inc, 2.5.4.11=www.digicert.com, CN=DigiCert Global Root CA Sun, 09 Nov 2031 23:59:59 +0000

Subdomains (0)

None observed.

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for romwe.com. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for romwe.com <a href="https://domaindrift.io/t/romwe.com"> <img src="https://domaindrift.io/badge/romwe.com.svg" width="300" height="64" alt="DomainDrift signed observations for romwe.com"> </a>

Ed25519 Receipt

Receipt ID
17926c8b-e752-41e9-91eb-2fe3290e0c3b
Output Hash
6976aacc03df5236a77e82efa185abdb7ad5fb0ef5651b59d10f85d09b8eff6e
Signature
ed25519:be0401c1ebd447c862a425d032921952ab2c9dd6b88e6a2221f055c19bc3de8ae14dc7af90bd32d930d230ccb7ac474469f61a7d41a35108d0530336a9cfda08
Public Key
ed25519:178c3bd0f57d9d64b83cc4630753381e1a465005a2bbba3d032371f24af0bfd8
Parent
(genesis)
Plane
fast
Verify this in your browser