TwinWaveScanner
What is TwinWaveScanner?
About
TwinWaveScanner (Splunk Attack Analyzer) uses headless Chrome browsers to analyze URLs for malicious content, performing automated threat analysis with comprehensive DOM, HAR, and attack chain execution to detect security threats. You can see how often TwinWaveScanner visits your website by setting up Dark Visitors Agent Analytics.
Expected Behavior
Security scanners do not follow a predictable schedule when visiting websites. Their scans can be one-time, occasional, or recurring depending on the purpose of the scanner and the organization's security practices. The frequency and depth of their scans can vary based on factors like the visibility of the site on the public internet, past scan results, and inclusion in external threat intelligence feeds.
Type
Detail
| Operated By | Splunk |
| Last Updated | 15 hours ago |
Insights
Top Website Robots.txts
Country of Origin
Global Traffic
The percentage of all internet traffic coming from Security Scanners
Robots.txt
Should I Block TwinWaveScanner?
Probably not. Security scanners can be beneficial, especially if they're configured to report issues back to you.
How Do I Block TwinWaveScanner?
You can block TwinWaveScanner or limit its access by setting user agent token rules in your website's robots.txt. Set up Dark Visitors Agent Analytics to check whether it's actually following them.
# In your robots.txt ...
User-agent: TwinWaveScanner # https://darkvisitors.com/agents/twinwavescanner
Disallow: /
⚠️ Manual Robots.txt Editing Is Not Scalable
New agents are created every day. We recommend setting up Dark Visitors Automatic Robots.txt if you want to block all agents of this type.