CONTINUOUS INTERNET TELEMETRY24H DRIFT3,130 material changesacross 2,811 domains · -268 vs yesterdayDNS DRIFT22 domains changed DNS providertop destination cloudflare.com · -5 vs yesterdayEMAIL DRIFT3 domains switched email providertop destination h-email.net · -3 vs yesterdayCERT DRIFT8 domains switched issuing CA24h · +1 vs yesterdayNOW3,318 curated domains not answering-6,400 vs yesterdayERRORS10,954 responded with an errorlast probe · 5xx / 404 / 429 / 40324H DRIFT3,130 material changesacross 2,811 domains · -268 vs yesterdayDNS DRIFT22 domains changed DNS providertop destination cloudflare.com · -5 vs yesterdayEMAIL DRIFT3 domains switched email providertop destination h-email.net · -3 vs yesterdayCERT DRIFT8 domains switched issuing CA24h · +1 vs yesterdayNOW3,318 curated domains not answering-6,400 vs yesterdayERRORS10,954 responded with an errorlast probe · 5xx / 404 / 429 / 403

threatstack.com

Observed 2026-07-12T17:43:57.098Z (21h ago). Every field below was attested with an Ed25519 signature at scan time.

Not responding
Runs onCloudflare
Email bySendGrid
Also usesAtlassianStripeGoogle Search Console
3 subdomains · cybersecurity_expanded
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat threatstack.com actually stands on - every host below is a signed observation
threatstack.com
NS
ns1.threatstack.comns2.threatstack.com
threatstack.comanswers its DNS

HTTPS probe

server_error Server error (5xx) 530 Server Error
HTTP status530
Servercloudflare
TLS protocolHTTP/2
TLS issuernot observed
Behind Cloudflareyes
Response time18 ms
DNS resolutionNOERROR

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

TXT 12

  • status-page-domain-verification=qz7yw0y7t4m5
  • MS=ms35659989
  • v=spf1 a mx include:sendgrid.net include:_spf.salesforce.com include:spf.protection.outlook.com exists:%{i}.spf.hc5801-97.iphmx.com -all
  • atlassian-domain-verification=oGYceQflAU6eEpAqU6gwhiLxwtxdxkkTLV0z9JsJ4no5LBTZ8vDd+7xsWUiDdVjq
  • apple-domain-verification=fYbazN2EPgpdBpWU
  • adobe-sign-verification=488278ca9e30856cbdf73f12671d8ebf
  • 06xdd88ld2792wyqntjhjq9ywrq6n10z
  • C8B6560EEA
  • stripe-verification=b37f6138a077780689c6f246cbfd042e9e07c2f9f2210c8ad70775aef2f8c976
  • google-site-verification=J8k2gKWdJBAz3JC5owtPl6bl2wA54MSJKCJMMBJxkic

NS 2

  • ns1.threatstack.com
  • ns2.threatstack.com

SOA 1

  • ns1.threatstack.com dns.cloudflare.com

CAA 16

  • issue amazonaws.com
  • issue amazon.com
  • issue entrust.net
  • issuewild comodoca.com
  • issuewild pki.goog; cansignhttpexchanges=yes
  • issue letsencrypt.org
  • issue ssl.com
  • issue amazontrust.com
  • issue pki.goog; cansignhttpexchanges=yes
  • issue digicert.com; cansignhttpexchanges=yes

TLS Certificates (0)

None.

Subdomains (3)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for threatstack.com. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for threatstack.com <a href="https://domaindrift.io/t/threatstack.com"> <img src="https://domaindrift.io/badge/threatstack.com.svg" width="300" height="64" alt="DomainDrift signed observations for threatstack.com"> </a>

Ed25519 Receipt

Receipt ID
360a2448-d875-4c71-864d-e209f84f5f5d
Output Hash
78fe7ef19cf5c203016d93a48d0ed2eba582eab7828253014d7eb61902595aca
Signature
ed25519:d51c5191f9c77a1c5eacad0b51484260d23a8b426ff9c1ab9eff4b601fa4db5c3b9c03216ef3d4ee6718dcecabed52e3ee39b1e8bfb02b2b3bfa9f4fcd33f909
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser