EdgeWatch is a platform that helps information accredited security practitioners discover, monitor, and analyze devices that are accessible from the Internet. We regularly probe every public IP address and popular domain names, curate and enrich the resulting data, and make it intelligible through an restricted search engine and API.
Enterprises use EdgeWatch to track their supply chain accross the globe and understand their network attack surfaces. Security researchers use it to discover new threats and assess their global impact.
For more information please visit https://edgewatch.com/platform/threat-intelligence.
One way that EdgeWatch finds publicly-reachable devices is by using Internet-wide scanning. We make a small number of harmless connection attempts to every IPv4 and IPv6 address worldwide everyday. When we discover that a computer or device is configured to accept connections, we follow up by completing protocol handshakes to learn more about the running services.
We never attempt to bypass any technical barriers, exploit security problems, or otherwise access non-public-facing services, and we follow community best practices to reduce any burden on remote networks. The only data we receive is information that is publicly visible to anyone who connects to a particular address and port.
EdgeWatch scans the Internet from the subnets listed on this page, which you can allowlist or blocklist if you wish.
We sometimes make follow-up connections from other machines at dynamic IP addresses, but blocking the addresses below is sufficient to prevent your device from appearing in our IPv4 dataset.
EdgeWatch data is sometimes used by researchers and network administrators to detect security problems and alert the operators of vulnerable systems. If you block our scans, you might not receive these important security notifications.
EdgeWatch scans help the scientific community accurately study the Internet. The data EdgeWatch gathers is sometimes used to detect security problems and to inform operators of vulnerable systems so that they can be fixed. If you opt out of data collection, you might not receive these important security notifications.
If you wish to be excluded from our maps, please email us at abuse@edgewatch.com with IP addresses or IP ranges to be added to our blacklist.
You can also configure your firewall to drop traffic from the subnets we use for scanning:
Additionally, our HTTP-based scans use a specific user agent, which can be used to filter requests from our scanners:
Mozilla/5.0 (compatible; EdgeWatch/1.1; +https://about.edgewatch.com/)
Configuring your services to drop connections from EdgeWatch subnets will prevent our scanners from indexing your services. Historical data is not removed from EdgeWatch data sets as part of this change. Host services are typically pruned from EdgeWatch Search within 24-48 hours of their last observation timestamp, while Virtual Host services can remain in the data set for up to 30 days.
If you have questions about EdgeWatch Scanning and Data Collection, please get in touch at https://edgewatch.com/support or drop us an email at support@edgewatch.com .
