DNS & HTTP Analysis for Twitter.com

Details
Category: Tool Processing Reports

Processing Domain twitter.com on 28/03/2019 06:47:10 pm


Processing DNS Records

Basic Checks

Here we check the basic functioning and security of your DNS

  • Zone Queries 6 Record Types and 24 Records Found
  • Zone Transfer Failed
  • Zone Dump
    • TXT
      • _dmarc.twitter.com. TTL 300 "v=DMARC1; p=reject; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; fo=1"
      • twitter.com. TTL 293 "adobe-idp-site-verification=a2ff8fc40c434d1d6f02f68b0b1a683e400572ab8c1f2c180c71c3d985b9270a"
      • twitter.com. TTL 293 "google-site-verification=h6dJIv0HXjLOkGAotLAWEzvoi9SxqP4vjpx98vrCvvQ"
      • twitter.com. TTL 293 "traction-guest=6882b04e-4188-4ff9-8bb4-bff5a3d358e6"
      • twitter.com. TTL 293 "v=spf1 ip4:199.16.156.0/22 ip4:199.59.148.0/22 ip4:8.25.194.0/23 ip4:8.25.196.0/23 ip4:204.92.114.203 ip4:204.92.114.204/31 ip4:54.156.255.69 include:_spf.google.com include:_thirdparty.twitter.com -all"
    • NS
      • twitter.com. TTL 13999 a.r06.twtrdns.net.
      • twitter.com. TTL 13999 b.r06.twtrdns.net.
      • twitter.com. TTL 13999 c.r06.twtrdns.net.
      • twitter.com. TTL 13999 d.r06.twtrdns.net.
      • twitter.com. TTL 13999 d01-01.ns.twtrdns.net.
      • twitter.com. TTL 13999 d01-02.ns.twtrdns.net.
      • twitter.com. TTL 13999 ns1.p34.dynect.net.
      • twitter.com. TTL 13999 ns2.p34.dynect.net.
      • twitter.com. TTL 13999 ns3.p34.dynect.net.
      • twitter.com. TTL 13999 ns4.p34.dynect.net.
    • SOA
      • twitter.com. TTL 293 ns1.p26.dynect.net. zone-admin.dyndns.com. 2007142385 3600 600 604800 60
    • A
      • twitter.com. TTL 30 104.244.42.1
      • twitter.com. TTL 30 104.244.42.129
    • MX
      • twitter.com. TTL 600 10 aspmx.l.google.com.
      • twitter.com. TTL 600 20 alt1.aspmx.l.google.com.
      • twitter.com. TTL 600 20 alt2.aspmx.l.google.com.
      • twitter.com. TTL 600 30 aspmx2.googlemail.com.
      • twitter.com. TTL 600 30 aspmx3.googlemail.com.
    • CNAME
      • www.twitter.com. TTL 600 twitter.com.

Nameservers

Here we check the setup of your nameservers

  • a.r06.twtrdns.net 205.251.192.179 Match
  • b.r06.twtrdns.net 205.251.196.198 Match
  • c.r06.twtrdns.net 205.251.194.151 Match
  • d.r06.twtrdns.net 205.251.199.195 Match
  • d01-01.ns.twtrdns.net 208.78.70.34 Match
  • d01-02.ns.twtrdns.net 204.13.250.34 Match
  • ns1.p34.dynect.net 208.78.70.34 Match
  • ns2.p34.dynect.net 204.13.250.34 Match
  • ns3.p34.dynect.net 208.78.71.34 Match
  • ns4.p34.dynect.net 204.13.251.34 Match

Processing TXT Records

DMARC Record:

The DMARC Record defines how MTA's should response when parsing DKIM and SPF records

  • v=dmarc1 ( The Version of this record)
  • p=reject ( The Policy to implement on FAIL)
  • rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. ( Reporting URI of aggregate reports)
  • ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it. ( Reporting URI for forensic reports)
  • fo=1 ( Dictates what type of authentication/alignment vulnerabilities are reported)

Adobe Enterprise products and services Verification Record:

Some Adobe Products allow enterprise user accounts to be linked to a domain name and this record provides verification of ownership

  • adobe-idp-site-verification=a2ff8fc40c434d1d6f02f68b0b1a683e400572ab8c1f2c180c71c3d985b9270a

Google Domain Verification Record:

This record is used by Google to validate domain ownership when setting up Google Analytics etc

  • google-site-verification=h6djiv0hxjlokgaotlawezvoi9sxqp4vjpx98vrcvvq

Unknown Record:

This Record can be safely ignored

  • traction-guest=6882b04e-4188-4ff9-8bb4-bff5a3d358e6

SPF Record:

The SPF Record defines which IP addresses are permitted to send email on this domain's behalf

  • v=spf1 ( The SPF Format Version Number)
  • ip4:199.16.156.0/22 ( The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:199.59.148.0/22 ( The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:8.25.194.0/23 ( The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:8.25.196.0/23 ( The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:204.92.114.203 ( The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:204.92.114.204/31 ( The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • ip4:54.156.255.69 ( The IPv4 Address of a permitted sender - make sure this scopes your outgoing mail server)
  • include:_spf.google.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
  • include:_thirdparty.twitter.com ( The SPF Record listed here should be used - whilst convenient places additional load on DNS and should be avoided)
  • -all ( Permit ONLY the hosts listed)

Processing MX (Mail Exchanger) Records

These Records determine the servers (mail servers) responsible for handling your incomming email. Each service is given a priority and they will be used in that order. If all the priorities are the same then they will be used in a round-robin fashion


  • Priority 10 handled by host aspmx.l.google.com. [66.102.1.26] Valid
    • Email Handled By Google Corporation
    • Port 25 (smtp) : Open
  • Priority 20 handled by host alt1.aspmx.l.google.com. [74.125.205.26] Valid
    • Email Handled By Google Corporation
    • Port 25 (smtp) : Open
  • Priority 20 handled by host alt2.aspmx.l.google.com. [74.125.68.26] Valid
    • Email Handled By Google Corporation
    • Port 25 (smtp) : Open
  • Priority 30 handled by host aspmx2.googlemail.com. [74.125.205.27] Valid
    • Email Handled Third Party
    • Port 25 (smtp) : Open
  • Priority 30 handled by host aspmx3.googlemail.com. [74.125.68.26] Valid
    • Email Handled Third Party
    • Port 25 (smtp) : Open

Processing CNAME (Alias) Records

These records are aliases making one hostname relate to another. These are often used to match hosts back to clusters or internal referencs that may change.


  • www.twitter.com. twitter.com.

Processing A (IPv4 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain. The www record is the most common one and will be used to identify your website address


  • Host: twitter.com. = IP: [104.244.42.1] Valid Reachable (14.606ms)
  • Host: twitter.com. = IP: [104.244.42.129] Valid Reachable (14.505ms)

Processing AAAA (IPv6 Address) Records

These records define the IP Addresse(s) of the servers responsible for hosting your webiste and other resouces on your domain


    Processing Domain Public Records

      Domain Name WHOIS Information - twitter.com

      • Domain Name TWITTER.COM
      • Registry Domain ID 18195971_DOMAIN_COM-VRSN
      • Registrar WHOIS Server whois.corporatedomains.com
      • Registrar URL: http://www.cscglobal.com/global/web/csc/digital-brand-services.html
      • Updated Date: 2018-12-07T19:32:35Z
      • Creation Date: 2000-01-21T16:28:17Z
      • Registry Expiry Date: 2020-01-21T16:28:17Z
      • Registrar CSC Corporate Domains, Inc.
      • Registrar IANA ID 299
      • Registrar Abuse Contact Email This email address is being protected from spambots. You need JavaScript enabled to view it.
      • Registrar Abuse Contact Phone 8887802723
      • Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
      • Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
      • Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
      • Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
      • Name Server A.R06.TWTRDNS.NET
      • Name Server B.R06.TWTRDNS.NET
      • Name Server C.R06.TWTRDNS.NET
      • Name Server D.R06.TWTRDNS.NET
      • Name Server D01-01.NS.TWTRDNS.NET
      • Name Server D01-02.NS.TWTRDNS.NET
      • Name Server NS3.P34.DYNECT.NET
      • Name Server NS4.P34.DYNECT.NET
      • DNSSEC unsigned
      • URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

      Website Hosting WHOIS Information - 104.244.42.1

      • NetRange 104.244.40.0 - 104.244.47.255
      • CIDR 104.244.40.0/21
      • NetName TWITTER-NETWORK
      • NetHandle NET-104-244-40-0-1
      • Parent NET104 (NET-104-0-0-0-0)
      • NetType Direct Assignment
      • OriginAS AS13414
      • Organization Twitter Inc. (TWITT)
      • RegDate 2014-12-08
      • Updated 2014-12-08
      • Ref: https://rdap.arin.net/registry/ip/104.244.40.0
      • OrgName Twitter Inc.
      • OrgId TWITT
      • Address 1355 Market Street
      • Address Suite 900
      • City San Francisco
      • StateProv CA
      • PostalCode 94103
      • Country US
      • RegDate 2010-03-08
      • Updated 2019-03-13
      • Ref: https://rdap.arin.net/registry/entity/TWITT
      • OrgAbuseHandle TNA33-ARIN
      • OrgAbuseName Twitter Network Abuse
      • OrgAbusePhone +1-415-222-9670
      • OrgAbuseEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
      • OrgAbuseRef: https://rdap.arin.net/registry/entity/TNA33-ARIN
      • OrgTechHandle SOUTH69-ARIN
      • OrgTechName Southern, Timothy
      • OrgTechPhone +1-415-222-9670
      • OrgTechEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
      • OrgTechRef: https://rdap.arin.net/registry/entity/SOUTH69-ARIN
      • OrgTechHandle NETWO3685-ARIN
      • OrgTechName Network Operations
      • OrgTechPhone +1-415-222-9670
      • OrgTechEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
      • OrgTechRef: https://rdap.arin.net/registry/entity/NETWO3685-ARIN
      • OrgNOCHandle NETWO3685-ARIN
      • OrgNOCName Network Operations
      • OrgNOCPhone +1-415-222-9670
      • OrgNOCEmail This email address is being protected from spambots. You need JavaScript enabled to view it.
      • OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO3685-ARIN

    Processing Website

      Website Headers for www.twitter.com

      We will obtain the headers from your website and parse them for validity


      • Web Server Header is Missing
      • Request Response HTTP/1.1 301 Moved Permanently Moved Permanently
      • SSL is available and enabled
        • Certificate Name /C=US/ST=California/L=San Francisco/O=Twitter, Inc./OU=tsa_f Point of Presence/CN=twitter.com
          • Certificate Issued To
          • Country US
          • City California
          • Locality San Francisco
          • Organisation Twitter, Inc.
          • Certificate Scope twitter.com
          Certificate Issuer
          • Country US
          • Organisation DigiCert Inc
          • Certificate Scope DigiCert SHA2 High Assurance Server CA
          Certificate Validity
          • Valid From 181031000000Z
          • Valid To 191105120000Z
          Certificate Ciphers
          • SN RSA-SHA256
          • LN sha256WithRSAEncryption
          Certificate Extensions
          • Alternative Hostnames DNS:twitter.com, DNS:www.twitter.com
          • Key Usage TLS Web Server Authentication, TLS Web Client Authentication
      • There was a redirect to https://www.twitter.com/
      • There was a SECOND redirect https://twitter.com/
      • Valid methods for a specified resource (Allow) Missing
      • Control options for the current connection (Connection) Missing
      • Specifies Technology in use (X-Powered-By) Missing

        • Security Related

        • modifies the algorithm used to populate the Referer header (Referrer-Policy) Missing
        • stops pages when they detect XSS (X-XSS-Protection) Missing
        • Allow and Deny the use of browser features (Feature-Policy) Missing
        • Platform for Privacy Preferences (P3P) Missing

        Cross Origin Resource Sharing

        • (Access-Control-Allow-Origin) Missing
        • (Access-Control-Allow-Credentials) Missing
        • (Access-Control-Expose-Headers) Missing
        • (Access-Control-Max-Age) Missing
        • (Access-Control-Allow-Methods) Missing
        • (Access-Control-Allow-Headers) Missing

        Content Headers

        • The natural language or languages of the intended audience (Content-Language) Missing
        • The form of encoding used (Transfer-Encoding) Missing
        • The length of the response body (Content-Length) Missing
        • The Media type of the body of the request (Content-Type) Missing
        • The date and time of generation (Date) Missing
        • An opportunity to raise a File Download dialogue box (Content-Disposition) Missing
        • The type of encoding used on the data (Content-Encoding) Missing
        • An alternate location for the returned data (Content-Location) Missing
        • Where in a full body message this partial message belongs (Content-Range) Missing
        • An identifier for a specific version of a resource (ETag) Missing
        • how to match future request headers (Vary) Missing

        Caching Control

        • Tells caches whether they may cache this object (Cache-Control) Missing
        • Gives the date/time after which the response is considered stale (Expires) Missing
        • The last modified date for the requested object (Last-Modified) Missing
        • Implementation-specific fields for caching (Pragma) Missing
        • From an Intermediate cache (X-Cache-Action) Missing
        • Intermediate Cache Hits count (X-Cache-Hits) Missing
        • Intermediate Cache Age (X-Cache-Age) Missing
        • Informs the client of proxies through which the response was sent (Via) Missing
        • The Age this page has been cached in a proxy (Age) Missing

        Strict Transport Security (HSTS) Policy

        • A HSTS Policy for the client with scope (Strict-Transport-Security) Missing

        Cookies and Fragments

        • Cookie Data (Set-Cookie) Missing

        Robots.txt

        • You have a robots.txt file and it appears to be valid
          User-agent: *
Disallow: /

    Processing Website Profile Data

      Website Render for www.twitter.com

      Technology Profile twitter.com

      We will check for fingerprints of common website technologies


        • Name : Ruby on Rails
        • Confidence : medium
        • Version :

      Meta Profile https://www.twitter.com/

      We will check the entire body for metadata


      • robots : NOODP
      • description : From breaking news to the latest in entertainment, sports and politics, get the full story with all the live commentary.
      • msapplication-tileimage : //abs.twimg.com/favicons/win8-tile-144.png
      • msapplication-tilecolor : #00aced
      • swift-page-name : front
      • swift-page-section : front

      Feature Profile https://www.twitter.com/

      We will check for common HTML, Javascript and CSS Features


      • DocType html (222857)
      • Document Validated No
      • Tawk.to No
      • FontAwesome No
      • Google Web Fonts No
      • T3 Framework No
      • Google Structured Data No
      • Google Analytics No
      • Mamoto Analytics No
      • JQuery No

    Processing Completed

      The process is now completed and the results are shown above. Please take a moment to consider each test and its response. DNS, SMTP and HTTP are not simple protocols and it is way beyond the scope of this tool to suggest improvements, but you are welcome to request assistance via our Forum.