Our scans rely on checking you for tens of thousands of possible weaknesses - and we do it in as short a space of time as possible (in fact, there's no quick way of checking for tens of thousands of things, it still takes a while).
Because of this, our approach to testing is very obvious to any Intrusion Protection Systems you might have, and makes it easy for them to block us. If they block us though, then we won't be able to detect weaknesses in your systems. However, attackers who are sneaky and only check for single weaknesses across the internet may not be detected, potentially leaving you exposed.
For these reasons, we recommend you whitelist our scanning IPs below in any Intrusion Prevention Systems you have. However, be careful not to give us access straight through the firewall, we don't need to see your internal systems if they aren't normally exposed, we just need to see what's normally accessible from the internet.
Some cloud providers might also ask you for the source IPs from which our scans will be originating. You should also consider if you have any additional DDoS Protection Systems, or Web Application Firewalls or Content Delivery Networks that could be applying IPS/IDS technology, for example some edge routers now include this as standard.
The source IPs for Intruder's vulnerability scanning engines are as follows:
18.104.22.168 (Network scans only)
22.214.171.124 (Network scans only)
126.96.36.199 (Network scans only)
188.8.131.52 (Network scans only)
184.108.40.206 (Essential Plan only)
If you're whitelisting in CloudFlare, please refer to our guide here.