Scanner IP Addresses
Detectify uses specific IP addresses for scanning. Use these addresses to configure allowlists in your WAF, firewall, or hosting provider settings.
Surface Monitoring IPs
Surface Monitoring scans run from the following IP addresses:
EU Region
| IP Address |
|---|
52.17.98.131 |
Application Scanning IPs
Application Scanning and API Security Testing scans run from the following IP addresses:
EU Region
| IP Address |
|---|
52.17.9.21 |
US Region
| IP Address |
|---|
107.20.158.220 |
3.234.180.95 |
34.234.177.119 |
India Region
| IP Address |
|---|
13.126.5.12 |
3.7.157.159 |
3.7.173.162 |
Connector IPs
Cloud provider connectors (used for asset synchronization from AWS, Azure, GCP, and other providers) connect from the following IP addresses:
| IP Address |
|---|
63.32.130.39 |
54.73.182.190 |
52.208.235.127 |
If your cloud provider requires allowlisting for API access, add these IPs to ensure connectors can synchronize your asset inventory.
User Agents
Detectify scanners identify themselves with the following User-Agent strings:
Surface Monitoring
DetectifyApplication Scanning
Mozilla/5.0 (compatible; Detectify)You can use these User-Agent strings for logging and monitoring purposes. Do not use them as the sole mechanism for allowlisting, as User-Agent headers can be spoofed.
Recommendations
- Allowlist all relevant IPs for the products you use. If you use both Surface Monitoring and Application Scanning, allowlist both sets of IPs.
- Include Connector IPs if you use cloud connectors and your cloud provider restricts API access by source IP.
- Check this page periodically for updates. Detectify may add new scanner IPs as infrastructure scales.
- Use IP-based allowlisting rather than User-Agent-based rules for security. User-Agent strings are provided for identification only.
Related
- Allow Through WAF — How to configure WAF allowlists for Detectify
- Hosting Provider Permissions — Providers that may require advance permission for scanning