NullRabbit Scanning Transparency
We conduct non-invasive security scans of publicly exposed infrastructure. This page explains what we do, why we do it, and how to opt out. If you're here because you noticed our scanning, we may have findings relevant to your infrastructure.
IP Lookup
Enter an IP address to check whether it belongs to our scanning infrastructure.
Who We Are
NullRabbit builds autonomous defence systems for decentralised infrastructure. We protect validators, staking services, and protocol foundations from threats that move faster than humans can respond.
Part of that work involves understanding the threat landscape. We scan publicly exposed infrastructure to identify vulnerabilities that operators may not know about - the same vulnerabilities that attackers are already looking for.
Our research focuses on a fundamental asymmetry: machines attack at machine speed, but defensive responses remain gated by human approval. For novel threats -- zero-days, behavioural anomalies, abuse patterns outside existing playbooks -- current defences are structurally too slow. We're building the governance frameworks and technology to close that gap.
We've published our framework -- earned autonomy -- which defines when and how machines should be authorised to make defensive decisions without human approval. The full paper is available at DOI: 10.5281/zenodo.18406828.
What We Scanned
Our scans are non-invasive. We do not:
- Attempt to exploit vulnerabilities
- Access, modify, or exfiltrate any data
- Perform denial-of-service testing
- Brute-force credentials or authentication
- Scan internal or private networks
- Exceed standard connection rates
We examine only what is already publicly visible: open ports, service banners, TLS configurations, and protocol-level metadata. This is the same information available to anyone on the internet - including the people you don't want finding it.
Why We Do This
"Our scanning has found that a significant proportion of validators across major blockchain networks have critical vulnerabilities their operators don't know about. These represent billions in staking rewards -- and attackers are actively probing the same infrastructure."
We scan because we believe operators deserve to know what's exposed before someone else finds it first. The same ports, services, and configurations we examine are visible to anyone on the internet -- including adversaries with automated tooling and the patience to exploit what they find.
What Happens Next
Our scanning identifies exposures. Our platform defends against them.
NullRabbit Sentinel continuously monitors publicly exposed infrastructure for vulnerabilities, misconfigurations, and emerging threats. When we identify something, we can provide a confidential findings summary to the operator.
For operators who want to go further, NullRabbit Guard provides kernel-level autonomous defence -- blocking threats at microsecond speed using XDP/eBPF, with authority that must be earned through demonstrated competence on your live traffic before any autonomous action is permitted.
Scanner IPs
We publish a full list of every IP address we scan from - past and present - so you can verify whether traffic in your logs originated from NullRabbit.
View Scanner IP Directory →Opt Out
We respect your right to not be scanned. To opt out, email us at [email protected] with the IP addresses or CIDR ranges you'd like excluded. Opt-outs are processed within 24 hours.
Frequently Asked Questions
Contact
For questions about our scanning, to request findings, or to report an issue:
For partnership enquiries or to discuss autonomous infrastructure defence: