Published Link on Twitter: Immediate Accesses from Unkowns

I made the following observation: Just after publishing a link on Twitter, there are several accesses from different IPv4 addresses on that URL. Since I published a link to one of my own servers, I saw these connections on the firewall as well as on the server itself. They all called the http website and stayed for 2-3 seconds on that page.

I would have expected a few search engine bots, but most of the reverse lookup resolutions led to unknown or meaningless names. Maybe someone out there made the same observation with more details on that? Who is accessing the links? Automated bots from Twitter itself? Search engines? Malware bots searching for new victims? ;) And over which function do these hosts know, that someone has published a new link?

I published the following tweet at 13.03.2014, 21:26 o’clock:

Only a few seconds after that, the following connections were made to my server. (The screenshot shows the client log from the Virtual Radar Server):

Twitter Link - VRS Client Log Screenshot


With the following quick-and-dirty script, I looked up the reverse records one more time:


And here are the results. Looks like a few dynamic IPs. Some don’t even have a PTR record. Only seems to be a search engine. Maybe the one is a bot, too?

I have not done any further analysis of those IPs (http access, Nmap, Google), because I was not interested that much in them. However, since I googled this behaviour a bit and found nothing about it, I at least wanted to post this investigation.

So, the final question is: Over which function do these hosts know, that I published a new link on Twitter? Since I have not that many followers, the URL must be automatically forwarded to some of these hosts by Twitter. Or it has something to do with the Twitter API? Is there a possibility to get informed over an interface via Twitter for every single new link inside a tweet? I don’t know…

Featured image: “Twitter” by Esther Vargas is licensed under CC BY-SA 2.0.

Leave a Reply

Your email address will not be published. Required fields are marked *