Skip to main content
DNS Tool
Engineer's DNS Intelligence Report
Generated 18 Feb 2026, 16:46 UTC
Duration 1.7s
Version v26.20.48
Integrity 215de2fa1229e2cbc7ed246d0ce28f55e99bfe1e4bfe563f863a1358829a62da277de32fa19d953e917d678e80dfab94b537d51d91781b2c19cc177c3957b2d1
Subject Domain
spitalhorezu.ro

Engineer's DNS Intelligence Report

spitalhorezu.ro
18 Feb 2026, 16:46 UTC · 1.7s ·v26.20.48 · SHA-3-512: 215d✱✱✱✱ Verify
Executive Methodology
Recon Mode Snapshot Re-analyze New Domain
Footprint N/A

Non-existent / Undelegated Domain

Domain is not delegated or has no DNS records. This may be an unused subdomain or unregistered domain.

What This Means

  • No authoritative DNS data is available for this domain
  • Security posture cannot be evaluated without DNS records
  • The domain may never have been registered, or has expired
  • If this is your domain, check your registrar to confirm it's active
Try Another Domain
Intelligence Sources

This analysis used 4 DNS resolvers (consensus), reverse DNS (PTR), Team Cymru (ASN attribution), IANA RDAP (registrar), crt.sh (CT logs), and SMTP probing (transport). All using open-standard protocols.

Full List
Verify Report Integrity SHA-3-512 Has this report been altered since generation? Verify below

This cryptographic hash seals the analysis data, domain, timestamp, and tool version into a tamper-evident fingerprint. Any modification to the report data will produce a different hash. This is distinct from the posture hash (used for drift detection) — the integrity hash uniquely identifies this specific report instance.

215de2fa1229e2cbc7ed246d0ce28f55e99bfe1e4bfe563f863a1358829a62da277de32fa19d953e917d678e80dfab94b537d51d91781b2c19cc177c3957b2d1
Evaluations reference 12 RFCs. Methods are reproducible using the verification commands provided. Results reflect DNS state at 18 Feb 2026, 16:46 UTC.
Download Raw Intelligence Download Checksum (.sha3)

Download the intelligence dump and verify its integrity, like you would a Kali ISO or any critical artifact. The SHA-3-512 checksum covers every byte of the download — deterministic serialization ensures identical hashes across downloads.

After downloading, verify with any of these commands:

Tip: cd ~/Downloads first (or wherever you saved the files).

OpenSSL + Sidecar (macOS, Linux, WSL) 
cat dns-intelligence-spitalhorezu.ro.json.sha3 && echo '---' && openssl dgst -sha3-512 dns-intelligence-spitalhorezu.ro.json
Python 3 (cross-platform) 
python3 -c "import hashlib; print(hashlib.sha3_512(open('dns-intelligence-spitalhorezu.ro.json','rb').read()).hexdigest())"
sha3sum (coreutils 9+) 
sha3sum -a 512 dns-intelligence-spitalhorezu.ro.json
Compare the output against the .sha3 file or the checksum API at /api/analysis/2233/checksum. Hash algorithm: SHA-3-512 (Keccak, NIST FIPS 202).

Every finding in this report is backed by DNS queries you can run yourself. These vetted one-liners reproduce the exact checks used to build this report for spitalhorezu.ro. Our analysis adds multi-resolver consensus, RFC-based evaluation, and cross-referencing — but the underlying data is always independently verifiable. We are intelligence analysts, not gatekeepers.

DNS Records

Query A records (IPv4) RFC 1035 
dig +noall +answer spitalhorezu.ro A
Query AAAA records (IPv6) RFC 1035 
dig +noall +answer spitalhorezu.ro AAAA
Query MX records (mail servers) RFC 1035 
dig +noall +answer spitalhorezu.ro MX
Query NS records (nameservers) RFC 1035 
dig +noall +answer spitalhorezu.ro NS
Query TXT records RFC 1035 
dig +noall +answer spitalhorezu.ro TXT

Email Authentication

Check SPF record RFC 7208 
dig +short spitalhorezu.ro TXT | grep -i spf
Check DMARC policy RFC 7489 
dig +short _dmarc.spitalhorezu.ro TXT
Check DKIM key for selector 'default' RFC 6376 
dig +short default._domainkey.spitalhorezu.ro TXT
Check DKIM key for selector 'google' RFC 6376 
dig +short google._domainkey.spitalhorezu.ro TXT
Check DKIM key for selector 'selector1' RFC 6376 
dig +short selector1._domainkey.spitalhorezu.ro TXT
Check DKIM key for selector 'selector2' RFC 6376 
dig +short selector2._domainkey.spitalhorezu.ro TXT

Domain Security

Check DNSSEC DNSKEY records RFC 4035 
dig +dnssec +noall +answer spitalhorezu.ro DNSKEY
Check DNSSEC DS records RFC 4035 
dig +noall +answer spitalhorezu.ro DS
Validate DNSSEC chain (requires DNSSEC-validating resolver) RFC 4035 
dig +dnssec +cd spitalhorezu.ro A @1.1.1.1

Transport Security

Check TLSA record (replace MX_HOST with actual MX) RFC 7672 
dig +noall +answer _25._tcp.MX_HOST TLSA
Check MTA-STS DNS record RFC 8461 
dig +short _mta-sts.spitalhorezu.ro TXT
Fetch MTA-STS policy file RFC 8461 
curl -sL https://mta-sts.spitalhorezu.ro/.well-known/mta-sts.txt
Check TLS-RPT record RFC 8460 
dig +short _smtp._tls.spitalhorezu.ro TXT

Brand & Trust

Check BIMI record BIMI Draft 
dig +short default._bimi.spitalhorezu.ro TXT
Check CAA records (certificate authority authorization) RFC 8659 
dig +noall +answer spitalhorezu.ro CAA

DNS Records

Check HTTPS/SVCB records RFC 9460 
dig +noall +answer spitalhorezu.ro HTTPS

Domain Security

Check CDS/CDNSKEY automation records RFC 7344 
dig +noall +answer spitalhorezu.ro CDS

Infrastructure Intelligence

RDAP domain registration lookup RFC 9083 
curl -sL 'https://rdap.org/domain/spitalhorezu.ro' | python3 -m json.tool | head -50
Search Certificate Transparency logs RFC 6962 
curl -s 'https://crt.sh/?q=%25.spitalhorezu.ro&output=json' | python3 -c "import json,sys; [print(e['name_value']) for e in json.load(sys.stdin)]" | sort -u | head -20
Check security.txt RFC 9116 
curl -sL https://spitalhorezu.ro/.well-known/security.txt | head -20

AI Surface

Check for llms.txt 
curl -sI https://spitalhorezu.ro/llms.txt | head -5
Check robots.txt for AI crawler rules 
curl -s https://spitalhorezu.ro/robots.txt | grep -i -E 'GPTBot|ChatGPT|Claude|Anthropic|Google-Extended|CCBot|PerplexityBot'
Commands use dig, openssl, and curl — standard tools available on macOS, Linux, and WSL. Results may vary slightly due to DNS propagation timing and resolver caching.
Intelligence Confidence Audit Engine Verified · 9/9 Evaluated
How confident are these results? Each protocol is independently verified against RFC standards. No self-awarded badges.
SPF
Verified 4901 runs
DKIM
Verified 4719 runs
DMARC
Verified 4884 runs
DANE/TLSA
Verified 4703 runs
DNSSEC
Verified 4882 runs
BIMI
Verified 4718 runs
MTA-STS
Verified 4721 runs
TLS-RPT
Verified 4723 runs
CAA
Verified 4715 runs
Maturity: Development Verified Consistent Gold Gold Master

Appendix: Verification Commands

The core DNS queries behind this report can be independently verified using these standard terminal commands (dig, openssl, curl). DNS Tool adds multi-resolver consensus, RFC-based evaluation, and cross-referencing on top of the raw data shown here.

DNS Records

Query A records (IPv4) (RFC 1035) 
dig +noall +answer spitalhorezu.ro A
Query AAAA records (IPv6) (RFC 1035) 
dig +noall +answer spitalhorezu.ro AAAA
Query MX records (mail servers) (RFC 1035) 
dig +noall +answer spitalhorezu.ro MX
Query NS records (nameservers) (RFC 1035) 
dig +noall +answer spitalhorezu.ro NS
Query TXT records (RFC 1035) 
dig +noall +answer spitalhorezu.ro TXT

Email Authentication

Check SPF record (RFC 7208) 
dig +short spitalhorezu.ro TXT | grep -i spf
Check DMARC policy (RFC 7489) 
dig +short _dmarc.spitalhorezu.ro TXT
Check DKIM key for selector 'default' (RFC 6376) 
dig +short default._domainkey.spitalhorezu.ro TXT
Check DKIM key for selector 'google' (RFC 6376) 
dig +short google._domainkey.spitalhorezu.ro TXT
Check DKIM key for selector 'selector1' (RFC 6376) 
dig +short selector1._domainkey.spitalhorezu.ro TXT
Check DKIM key for selector 'selector2' (RFC 6376) 
dig +short selector2._domainkey.spitalhorezu.ro TXT

Domain Security

Check DNSSEC DNSKEY records (RFC 4035) 
dig +dnssec +noall +answer spitalhorezu.ro DNSKEY
Check DNSSEC DS records (RFC 4035) 
dig +noall +answer spitalhorezu.ro DS
Validate DNSSEC chain (requires DNSSEC-validating resolver) (RFC 4035) 
dig +dnssec +cd spitalhorezu.ro A @1.1.1.1

Transport Security

Check TLSA record (replace MX_HOST with actual MX) (RFC 7672) 
dig +noall +answer _25._tcp.MX_HOST TLSA
Check MTA-STS DNS record (RFC 8461) 
dig +short _mta-sts.spitalhorezu.ro TXT
Fetch MTA-STS policy file (RFC 8461) 
curl -sL https://mta-sts.spitalhorezu.ro/.well-known/mta-sts.txt
Check TLS-RPT record (RFC 8460) 
dig +short _smtp._tls.spitalhorezu.ro TXT

Brand & Trust

Check BIMI record (BIMI Draft) 
dig +short default._bimi.spitalhorezu.ro TXT
Check CAA records (certificate authority authorization) (RFC 8659) 
dig +noall +answer spitalhorezu.ro CAA

DNS Records

Check HTTPS/SVCB records (RFC 9460) 
dig +noall +answer spitalhorezu.ro HTTPS

Domain Security

Check CDS/CDNSKEY automation records (RFC 7344) 
dig +noall +answer spitalhorezu.ro CDS

Infrastructure Intelligence

RDAP domain registration lookup (RFC 9083) 
curl -sL 'https://rdap.org/domain/spitalhorezu.ro' | python3 -m json.tool | head -50
Search Certificate Transparency logs (RFC 6962) 
curl -s 'https://crt.sh/?q=%25.spitalhorezu.ro&output=json' | python3 -c "import json,sys; [print(e['name_value']) for e in json.load(sys.stdin)]" | sort -u | head -20
Check security.txt (RFC 9116) 
curl -sL https://spitalhorezu.ro/.well-known/security.txt | head -20

AI Surface

Check for llms.txt 
curl -sI https://spitalhorezu.ro/llms.txt | head -5
Check robots.txt for AI crawler rules 
curl -s https://spitalhorezu.ro/robots.txt | grep -i -E 'GPTBot|ChatGPT|Claude|Anthropic|Google-Extended|CCBot|PerplexityBot'
Running Multi-Source Intelligence Audit

spitalhorezu.ro

0s
DNS records — Cloudflare, Google, Quad9, OpenDNS, DNS4EU
Email auth — SPF, DMARC, DKIM selectors
DNSSEC chain of trust & DANE/TLSA
Certificate Transparency & subdomain discovery
SMTP transport & STARTTLS verification
MTA-STS, TLS-RPT, BIMI, CAA
Registrar & infrastructure analysis
Intelligence Classification & Interpretation

Every result includes terminal commands you can run to independently verify the underlying data. No proprietary magic.