Full list of Intruder's scanning IPs
If you haven't updated your scan region in the portal (we explain how to do that below), then for:
Existing customers (pre-May 2023) 👉 default regions are London and Frankfurt
New customers (post-May 2023) 👉 we run a geo-IP check on the first person to login and set the scan region based on that, though the first user is given the option to amend this during onboarding.
If you need it, below is a list of all our scanner IPs, organised by region (for Essential users, you just need to allow one range::
Asia Pacific (Tokyo)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
Asia Pacific (Mumbai)
South America (São Paulo)
Updating your scan region
The above IPs can also be found in the portal: Settings > Scans > Scan location. To view them just select the region, but to ensure that the scans originate from there, you must hit
Save scan region.
Where should I add these IPs?
You should add the appropriate IPs to any WAF, IPS or IDS you have enabled.
Some cloud providers might also ask you for the source IPs from which our scans will be originating. You should also consider if you have any additional DDoS Protection Systems, or Web Application Firewalls or Content Delivery Networks that could be applying IPS/IDS technology, for example some edge routers now include this as standard.
Should I add your IPs to my perimeter firewall?
We recommend you add our scanning IPs to the allowlist in any IPS, IDS or WAFs you have enabled; but do not to give us access straight through the perimeter firewall – we don't need to see your internal systems if they aren't normally exposed – we just need to see what's normally accessible from the internet.
What if I have assets in more than one region?
We'd recommend selecting the region where most of your targets are hosted. Don't worry though, it's not an exact science; so long as you allow the IPs for the scan region selected, you should be fine.
What is the purpose of an allowlist?
Our scans rely on checking you for tens of thousands of possible weaknesses - and we do it in as short a space of time as possible (that said, there's no quick way of checking for tens of thousands of things, it still takes a while).
Because of this, our approach to testing is very obvious to any Intrusion Protection Systems and it's highly likely that if our scanner encounters one, we'll be blocked.
The problem with this, is that if we're blocked, we're unable to detect any weaknesses, which could leave you exposed to sneaky attackers who fly under IPS radars by only checking for single weaknesses at a time.
Can scan regions help with geo-fencing?
Yes! All you need to do is select a compatible scan region,
hit save and add the required IPs to your allowlist. No longer will our Infrastructure scanners be blocked from reaching your targets.
As above, it's worth noting that our authenticated web application scans originate from a UK-based *
18.104.22.168/24 range. If you are running API and/or authenticated web app scans, you will need to ensure that UK-based traffic from this specific IP range, will be able to reach your target.