What is Detectify?

An automated web scanner used by Detectify’s SaaS platform to map assets, crawl applications, and probe for vulnerabilities (e.g., OWASP Top 10), misconfigurations, subdomain takeovers, and exposed services. It identifies as Detectify and operates from Detectify-owned IP ranges.
 
Legitimate use cases:
– External Attack Surface Management and asset discovery
– Continuous web app/API vulnerability scanning in CI/CD
– Post-deploy regression/security checks
– Compliance evidence and third-party risk assessment
– Bug bounty finding validation and mapping shadow IT
 
Known misuse/abuse patterns (non-exhaustive):
– Reconnaissance: adversaries emulate/spoof Detectify UA/IP reputation to blend in or bypass WAF rules
– Opportunistic crawling to map endpoints and parameter spaces before exploitation
– Content scraping/intelligence gathering on exposed dashboards or misconfigured storage
– Signal laundering: using “legitimate” scanner patterns to mask pre-attack activity
 
Note
– Block/allow via IP verification with Detectify’s published ranges and require auth/rate limits to reduce risk.

Why is Detectify crawling my site?

– Someone (your security team, vendor, pentester, or bug-bounty researcher) scheduled a scan against your domain.
– Your assets were auto-discovered (DNS/WHOIS/subdomains) and added to a scan scope.
 
Potential negative impacts
– Load/API cost spikes from aggressive requests.
– SIEM/WAF/log noise and alert fatigue; increased ingest costs.
– Triggered rate limits, captchas, or account lockouts affecting real users.
– State-changing actions (form submits, emails/SMS, cart/orders) if test safety isn’t enforced.
– Skewed analytics and monitoring baselines.
– Exposure of weak auth/authorization flows under forced browsing.
– Possible policy/compliance issues if scanning wasn’t authorized.

Threat research insights on Detectify

All data in this section are produced by DataDome's Galileo Threat Research team from our proprietary detection network and reviewed by human analysts.

Verified Bot A verified bot has high identification strength
Verified
Robots.txt Compliance Whether this bot respects robots.txt directives
Not respected
Identification Strength How confidently DataDome can identify this bot
High

Traffic origins

Top 15 countries by bot traffic

IE IE 100.0%

Most used autonomous system (AS)

Top 5 by traffic share

Amazon.com, Inc.
100.0%
Traffic Occupancy
<0.1%

On average, occupy <0.1% of the traffic from bots in the directory

Authorization Rate
0%

Businesses decide to authorize this bot 0% of the time

How to block Detectify?

1) Block by User-Agent
– Deny requests that advertise Detectify or have empty UAs.
– Nginx example:
if ($http_user_agent ~* (detectify|^$)) { return 403; }
 
2) IP/ASN blocking
– Maintain Detectify scanner IP ranges and drop at firewall or web server.
– iptables example:
iptables -A INPUT -s <CIDR> -j DROP
– Keep ranges updated; consider allowlisting only known networks.
 
3) Reverse DNS with forward-confirmed rDNS (FCrDNS)
– For each client IP, perform PTR lookup; if hostname matches Detectify patterns, resolve it back to the same IP to confirm, then block (return 403).
– Implement via middleware/proxy hooks to avoid DNS spoofing.
 
4) Rate limiting and behavioral rules
– Throttle high request rates, concurrent connections, and bursts; block on suspicious patterns (e.g., many 404s, rapid path enumeration).
– Nginx example:
limit_req zone=bot burst=10;
if ($limit_req_status != "") { return 403; }

DataDome

See which bots and AI agents bypass your defenses

Create your account to start analyzing and mitigating malicious bots and AI-drive threats in real-time