Scout Internet Scanner

Internet-wide scanning for threat intelligence and security research

Operated by CyberConvoy

About Scout

Scout is an internet-wide scanning platform operated by CyberConvoy. We continuously scan the public IPv4 and IPv6 address space to map internet-facing services and support defensive security research.

Scout conducts scans solely to gather information. We never attempt to log into services, access databases, exploit vulnerabilities, brute-force credentials, or gain authenticated entry to any system. We collect only information that is already publicly exposed to any device connecting to the internet.

How Scanning Works

1

Host Discovery

We send a single SYN packet to each target IP on specific ports. This identifies which hosts have the port open. No connection is established at this stage.

2

Service Fingerprinting

For hosts that responded, we perform a standard protocol handshake to collect the service banner, HTTP response headers, and TLS certificate — the same information any web browser would receive.

3

Analysis

Collected metadata is analyzed to detect malicious infrastructure, track threat actors, and support defensive security operations.

Scanner Identification

All of our scanners identify themselves with the following HTTP User-Agent:

Mozilla/5.0 (compatible; CyberConvoyScout/1.0; +https://scout.cyberconvoy.co)

Our scanner IPs have reverse DNS configured pointing back to cyberconvoy.co and are operated from dedicated infrastructure — never residential connections. We publish a machine-readable scanning declaration at .well-known/probing.txt in compliance with RFC 9511.

Data Collected

We collect only publicly-exposed service metadata — information that any device on the internet can obtain by connecting to a public IP address. We do not attempt to access private or authenticated content.

Service Banners

The initial response string returned by a service upon connection.

HTTP Response Headers

Standard headers including server software, content-type, and security headers.

TLS Certificates

Certificate chain, issuer, subject, validity period, and Subject Alternative Names.

Protocol Metadata

TLS version, cipher suite, and protocol-specific handshake details.

We do not collect: passwords, personal data, email content, file contents, database records, or any information behind authentication.

Opt Out of Data Collection

We respect your right to not be scanned. There are several ways to exclude your infrastructure from Scout scans.

Option 1: Self-Service Opt-Out

Submit a single IP address or small CIDR range (up to /24 for IPv4, /48 for IPv6) along with your email address. We will send a verification link — once confirmed, your range will be permanently excluded from all future scans.

Option 2: Email Us

For larger network ranges, bulk exclusion requests, or abuse reports, email [email protected] with the IP address(es) or CIDR range(s) you want excluded and we will process your request.

Option 3: Block Our Scanner IPs

For immediate effect, you can configure your firewall to drop traffic from our scanning infrastructure. This stops scans right away without waiting for the opt-out process.

IPv4 Ranges

45.63.4.69 144.202.92.17 192.248.150.180

Blocking our IPs prevents future scans but does not remove previously collected data. Services typically stop appearing in our results within 24–48 hours after blocking takes effect.

Option 4: Filter by User-Agent

Our HTTP-based scans identify themselves with the following User-Agent string. You can configure your web server or WAF to block requests matching this identifier:

Mozilla/5.0 (compatible; CyberConvoyScout/1.0; +https://scout.cyberconvoy.co)

User-Agent filtering only applies to HTTP/HTTPS scans. Host discovery and non-HTTP banner grabs do not include a User-Agent header.

Automatic Exclusions

The following address ranges are automatically excluded from all scans:

Frequently Asked Questions

Is this legal?

Yes. Internet-wide scanning of publicly reachable services is a well-established practice used by security researchers and organizations worldwide. We collect only publicly available information and do not access private systems, bypass authentication, or exploit vulnerabilities.

Why is my IP being scanned?

Scout scans the entire public IP space. If your IP address is publicly routable, it will be included in our scans unless you have opted out. This is similar to how search engines crawl publicly accessible websites.

Will scanning damage my systems?

No. Our scans are extremely lightweight. The discovery phase sends a single SYN packet per port — less traffic than loading a single web page. The fingerprinting phase performs standard protocol handshakes identical to normal client connections.

How do I report abuse?

Contact us at [email protected]. We take all reports seriously and will respond promptly.