CONTINUOUS INTERNET TELEMETRY24H DRIFT702 material changesacross 630 domains · -934 vs yesterdayDNS DRIFT8 domains changed DNS providertop destination commonmx.com · -9 vs yesterdayEMAIL DRIFT4 domains switched email providertop destination privateemail.com · -4 vs yesterdayNOW41,018 curated domains not answering+26,595 vs yesterdayERRORS8,524 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED2,335 throttled or blocked our scanner429 rate-limit / 403 bot-block24H DRIFT702 material changesacross 630 domains · -934 vs yesterdayDNS DRIFT8 domains changed DNS providertop destination commonmx.com · -9 vs yesterdayEMAIL DRIFT4 domains switched email providertop destination privateemail.com · -4 vs yesterdayNOW41,018 curated domains not answering+26,595 vs yesterdayERRORS8,524 responded with an errorlast probe · 5xx / 404 / TLSTHROTTLED2,335 throttled or blocked our scanner429 rate-limit / 403 bot-block

ur.com

Observed 2026-07-14T23:38:57.453Z (2d ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onCloudflare
Email bySalesforce
Registered withGoDaddy.com, LLC
Also usesDocuSignGoogle Search Console
10 subdomains · tranco_40k
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat ur.com actually stands on - every host below is a signed observation
ur.com
A / AAAA
63.241.166.16
Cloudflareserves the site
NS
dmtu.mt.ns.els-gms.att.netdbru.br.ns.els-gms.att.net
att.netanswers its DNS
MX
mx1.hc3869-10.iphmx.commx2.hc3869-10.iphmx.com
Salesforcereceives its email

HTTPS probe

redirect Redirecting (3xx) 301 → https://www.ur.com/
HTTP status301
Servercloudflare
TLS protocolHTTP/2
TLS issuernot observed
Behind Cloudflareyes
Response time320 ms
DNS resolutionNOERROR
Redirect chain
https://www.ur.com/

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

A 1

  • 63.241.166.16

MX 2

  • 20mx1.hc3869-10.iphmx.com
  • 20mx2.hc3869-10.iphmx.com

TXT 15

  • adobe-idp-site-verification=a6530eaa20bbd00a66ba9f6a994f6c84a3f33272a78c68ac917ad4ea68567cfe
  • openai-domain-verification=dv-5XcGpKzsR7fNPAwlaEXyeFXD
  • docusign=f84cd298-54ae-44fb-92d9-17cc597b7766
  • docusign=0fb10708-9abd-4815-b22c-0eb0d2e05513
  • abuseipdb-verification=ZubOu8aR
  • MS=D772C28058A2996F82D4B002AD2D160131697785
  • v=spf1 a:esa.hc3869-10.iphmx.com include:spf2.sedgwick.com ip4:18.222.48.42 ip4:184.94.241.137 ip4:208.90.58.189 include:_spf.salesforce.com include:_spf.sidetrade.net -all
  • cisco-ci-domain-verification=53987cdd87e16f5dd271513bb8a4b87a4637a122b55d5a2f8885cefabca4bd6f
  • have-i-been-pwned-verification=f61c784c03c3689f583772b021a60e96
  • google-site-verification=7na88SAzNKk1GRPx1SvjL2163_oZPiNqFnTCutD_agE

NS 2

  • dmtu.mt.ns.els-gms.att.net
  • dbru.br.ns.els-gms.att.net

SOA 1

  • dbru.br.ns.els-gms.att.net rm-hostmaster.ems.att.com

TLS Certificates (0)

None.

Subdomains (10)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for ur.com. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for ur.com <a href="https://domaindrift.io/t/ur.com"> <img src="https://domaindrift.io/badge/ur.com.svg" width="300" height="64" alt="DomainDrift signed observations for ur.com"> </a>

Ed25519 Receipt

Receipt ID
72023bcd-2003-4b3b-907c-de2db4a2a613
Output Hash
907e036f0ec37bc3356945dc7374a213de4989568cf95dc563f32c02b3f9e3d2
Signature
ed25519:68060354d3e4245a6020def231631c966d9ac140ffd4937bca34d529772ad89438c6ff0b9ee5bc4fae23132906856dd2091223fcccd230672b0b26282064b70a
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser