Does Tinfoil Security sign its requests in any way? How can I filter them?
We try to make it very easy for you to filter emails, logs, and support requests for items created by our scanner. In particular, every form filled out by our scanner will have the word tinfoil in the values submitted. You should be able to filter on tinfoil for any emails or support tickets created.
For logs, every single one of our requests is created with user-agent: "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_10_3; en-us) AppleWebKit/600.6.3 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/600.6.3 Powered by Spider-Pig by tinfoilsecurity.com authorized by <EMAIL>", where <EMAIL> is the email address associated with the account that started the scan. This should allow you to easier filter any logs for requests created by our scanner.
Note that portions of this may be subject to change; particularly any version numbers if they are updated, but it will always contain "by tinfoilsecurity.com authorized by <EMAIL>".
Requests from our scanner appear to originate from a single endpoint: scanner.tinfoilsecurity.com. The IP address for this endpoint is static and always set to 220.127.116.11.
The scanner endpoint may resolve to an AWS-internal IP address if performing a scan that stays within AWS's datacenters. The most accurate AWS-internal IP address can be always found by manually resolving scanner.tinfoilsecurity.com from within AWS, but please note that the AWS-internal IP is not guaranteed to stay constant within AWS and should be refreshed often.
If you'd like to whitelist our security group to access your website, you can use the following information to do so:
AWS Account Id: 053417869307
Security Group Id: sg-1c090974
As always, if you have any questions or issues at all, please feel free to contact us in our Support Chat or via any of the methods listed on our Contact Page and we'll be more than happy to assist.