CONTINUOUS INTERNET TELEMETRY24H DRIFT2,175 material changesacross 1,976 domains · -376 vs yesterdayDNS DRIFT11 domains changed DNS providertop destination afternic.com · -5 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination google.com · +1 vs yesterdayCERT DRIFT1 domains switched issuing CA24h · -4 vs yesterdayNOW3,404 curated domains not answeringlast probe, steadyERRORS10,895 responded with an errorlast probe · 5xx / 404 / 429 / 40324H DRIFT2,175 material changesacross 1,976 domains · -376 vs yesterdayDNS DRIFT11 domains changed DNS providertop destination afternic.com · -5 vs yesterdayEMAIL DRIFT6 domains switched email providertop destination google.com · +1 vs yesterdayCERT DRIFT1 domains switched issuing CA24h · -4 vs yesterdayNOW3,404 curated domains not answeringlast probe, steadyERRORS10,895 responded with an errorlast probe · 5xx / 404 / 429 / 403

vr.fi

Observed 2026-07-14T13:13:42.385Z (1h ago). Every field below was attested with an Ed25519 signature at scan time.

Up right now
Runs onCloudflare
Email byMicrosoft 365
Also usesGoogle Search ConsoleMiro1PasswordAtlassian
11 subdomains · tranco_40k
Every line above is a signed observation. Check the math at the bottom of the page.
INFRASTRUCTURE MAPwhat vr.fi actually stands on - every host below is a signed observation
vr.fi
A / AAAA
99.83.220.22475.2.107.119
Cloudflareserves the site
NS
dns4.p08.nsone.netdns1.p08.nsone.netdns3.p08.nsone.netdns2.p08.nsone.net
nsone.netanswers its DNS
MX
mailservice-vr-fi.mail.protection.outlook.com
Microsoft 365receives its email

HTTPS probe

redirect Redirecting (3xx) 301 → https://www.vr.fi:443/
HTTP status301
Servercloudflare
TLS protocolHTTP/2
TLS issuernot observed
Behind Cloudflareyes
Response time569 ms
DNS resolutionNOERROR
Redirect chain
https://www.vr.fi:443/

Every field above is part of the same signed observation as the records below. Blank means not observed, never "none".

DNS Records

A 2

  • 99.83.220.224
  • 75.2.107.119

MX 1

  • 10mailservice-vr-fi.mail.protection.outlook.com

TXT 24

  • c533ee4e7f4049e390ec5db3ad06f0a6
  • google-site-verification=mZQYMRKPJN1qG2FP2LV6WlBA12tU4kdFVQhuUn_tF9E
  • google-site-verification=noZuZlUYIDYbw90xciZzzo5hOtik_sLAfEmYJIzs9dk
  • ibmid= 9a1f72f5-5772-4af0-a0db-5408771123b4
  • google-site-verification=--TpAZFUxiPugnswwEmFsjH6x_tbygWq-8UKLkhU8Mg
  • teamviewer-sso-verification=65799004277449d18944ae5a9d690e0b
  • d365mktkey=FntfhnMw9uOtxUxGHpyWxw5nYCUy4vBtTyYcrL7ouBIx
  • 38iCYX5REGc_e32N2Yknsfo
  • v=spf1 include:spf1.vr.fi include:spf2.vr.fi ~all
  • lgSn7+6gr2TbKta584SMrMk/nCz51355qS07U9rL6hkSAj0JSQx5VfEGsP7oQuUidandF3sGNzPQuN+4tyM0Bg==

NS 4

  • dns4.p08.nsone.net
  • dns1.p08.nsone.net
  • dns3.p08.nsone.net
  • dns2.p08.nsone.net

SOA 1

  • dns1.p08.nsone.net hostmaster.nsone.net

TLS Certificates (0)

None.

Subdomains (11)

The proof

Signed at scan time. Check the math yourself. Every line above is part of one signed observation. Re-hash it and check the Ed25519 signature in your own browser; nothing leaves your machine.

Verify this receipt

Put the receipt on your own site. A live badge showing what DomainDrift observes and signs for vr.fi. It updates itself. It attests a signed observation - not that the site is safe.

DomainDrift signed-observation badge for vr.fi <a href="https://domaindrift.io/t/vr.fi"> <img src="https://domaindrift.io/badge/vr.fi.svg" width="300" height="64" alt="DomainDrift signed observations for vr.fi"> </a>

Ed25519 Receipt

Receipt ID
391c14f6-900a-48ed-8d7e-fc29e5e21ecf
Output Hash
1cb0c4405d0fceb14fbe1b39f95fb4af3fef331c51c8120c3a12d7b83cc606d9
Signature
ed25519:e5256065a667fe0238c74f2f1dca398bf79a6d1c661411a1d3825717ec584d2e21e66044d9ee328dda08c94432aba872a1698ec9e9894d1b3e556f797f2a9601
Public Key
ed25519:d610d74ef18f683e5beb859d241d5e67dff0c122e8928b06bec1c2476f4ba27b
Parent
(genesis)
Plane
fast
Verify this in your browser