Everything else, condensed
Policy, identity, data handling, and disclosure details are still here, just compressed into quick-linked cards.
Scanning policy
Observational-only posture, explicit throttles, and no authenticated access patterns in the public workflow.
Scanner identity
Published IP ranges, ASNs, reverse-DNS patterns, and user-agent strings for operator verification.
View scanner identity → DataData policy
Public search is limited to operator-reviewed findings, with retention and opt-out timing published.
Responsible disclosure
Security, abuse, and opt-out contacts plus security.txt
for fast coordination.
Observational-only public posture
The public-facing scanner is intended to measure exposed services and metadata without creating, updating, deleting, or authenticating into target systems.
- No login attempts, brute-force behavior, or authenticated entry paths.
- No create, update, delete, or other state-changing interactions.
- Measurement is constrained by explicit throttles and host-level backoff.
- Owners can claim assets, request opt-out, or file abuse reports below.
Published scanner markers
Operators and providers can validate public-facing behavior using the artifacts published here.
Scanner IP ranges
ASNs
Reverse DNS patterns
User-agent examples
Public scope and retention
Only operator-reviewed public disclosures belong in this surface. Raw internal evidence, reviewer notes, worker state, and orchestration data remain private.
Public search scope
Contact and trust surface
Use the published contacts for remediation, abuse escalation, and owner
verification. The machine-readable trust surface is also exposed through
security.txt.
Machine-readable path: /.well-known/security.txt
Open a panel only when you need it
Claim ownership, request opt-out, or file an abuse report without wading through a wall of forms.