twothumbs.ai

.ai crawl

First seen 2026-04-15 · Last seen 2026-05-07 · ok HTTP/1.1 200 2201 ms crawled 2026-05-10

US · 172.67.69.93 · AS13335 Cloudflare, Inc.

Reputation 94/100 dmarc monitor-only

sector tech type app saas

HTML metadata

Title: TwoThumbs - Text AI With Your Phone Number
Description: Text AI models directly from your phone via SMS. Your personal AI assistant with full web chat parity - remembers you and gets smarter over time.
Language: en
Canonical: https://twothumbs.ai

Open Graph

url: https://twothumbs.ai
title: TwoThumbs - Text AI With Your Phone Number
locale: en_US
site name: TwoThumbs
description: Text AI models directly from your phone via SMS. Your personal AI assistant with full web chat parity - remembers you and gets smarter over time.

Technology

CDN: Cloudflare
CMS: Next.js

Analytics

Google Tag Manager

Fonts

Google Fonts

Third-party hosts loaded (3)

fonts.googleapis.com×3
fonts.gstatic.com×1
www.googletagmanager.com×1

Social

Registration

Registrar

Cloudflare, Inc

Created

2026-01-05

Expires

2028-01-05 595 days left

Updated

2026-01-10

Name servers

desi.ns.cloudflare.com
christian.ns.cloudflare.com

DNS records live

NS

christian.ns.cloudflare.com
desi.ns.cloudflare.com

MX

30 route3.mx.cloudflare.net
46 route2.mx.cloudflare.net
67 route1.mx.cloudflare.net

Email authentication partial

SPF: v=spf1 include:_spf.mx.cloudflare.net ~all
softfail (~all)
DMARC: v=DMARC1; p=none; rua=mailto:567dff4d97c342039d6af624c7845ed2@dmarc-reports.cloudflare.net
policy: none (monitoring only)
DKIM: no key found at common selectors

Certificate (current)

WE1

from 2026-04-03 to 2026-07-02

Expires in 44 days

Full certificate history on crt.sh ↗

HTTP security headers

Header hygiene 70/100 Checked live page: https://twothumbs.ai/

present

content-security-policy
x-frame-options
x-content-type-options
referrer-policy
permissions-policy

findings

missing HSTS
CSP allows unsafe inline scripts/styles
CSP uses wildcard sources

Header values

referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
permissions-policy: camera=(), microphone=(), geolocation=()
x-content-type-options: nosniff
content-security-policy: default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://auth.privy.io https://privy.io https://www.googletagmanager.com https://us-assets.i.posthog.com; object-src 'none'; base-uri 'self'; img-src 'self' data: blob: https:; font-src 'self'; connect-src 'self' https://*.privy.io https://*.rpc.privy.systems https://api.stripe.com https://*.supabase.co wss://*.supabase.co https://www.google-analytics.com https://*.google-analytics.com https://www.googletagmanager.com https://explorer-api.walletconnect.com https://verify.walletconnect.org wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org https://us.i.posthog.com; frame-ancestors 'none'; frame-src 'self' https://auth.privy.io https://privy.io https://verify.walletconnect.com https://verify.walletconnect.org; child-src 'self' https://auth.privy.io https://privy.io https://verify.walletconnect.com https://verify.walletconnect.org; form-action 'self'

Links to (2)

x.com×2
zetachain.com×2

Linked from (1)

zetachain.com×2