Our scanner
Effective July 6, 2026
If you're a site operator and you see traffic from complyeah, this page is for you. complyeah runs an external, read-only penetration-testing scanner, and it only ever tests domains whose owner has verified control of them with us and authorized the scan. This page tells you how to recognize our traffic and how to allowlist it so scans aren't blocked by your WAF or firewall.
How to identify our traffic
Our scanner is attributable - every request self-identifies.
- User-Agent -
complyeah-scanner/1.0 (+https://complyeah.com/scanner) - Source IP address - all scan traffic originates from:
34.185.162.119
Allowlisting
To let our scans run without being rate-limited or blocked, add the source IP address above to your firewall, WAF, or CDN allowlist. This only affects scans of domains you have verified and authorized with complyeah - we never scan anything outside that scope.
What the scanner does - and doesn't do
- Read-only. It performs only
GET/HEADrequests and TLS handshakes. It never creates, modifies, or deletes data, submits forms, or attempts to log in. - In-scope only. It tests only the exact domain (and its subdomains) whose ownership was DNS- or HTTP-verified and for which an authorization record exists. Off-domain links and third-party hosts are recorded but never requested.
- Polite. Requests are rate-limited and time-bounded, and the crawler honors
robots.txt. - Attributable. Traffic comes from the fixed IP above with the self-identifying User-Agent, so you can always trace it back to us.
Seeing unexpected traffic?
If you believe you're seeing scan traffic from complyeah against a domain you own that you did not authorize, contact us at support@complyeah.com and we will investigate and stop it. We take unauthorized scanning seriously - verified ownership and a signed authorization are required before any scan can run.