ScannerPublic Alpha

Connor

Internet telemetry index. Continuous DNS, TLS, WHOIS, and HTTPS scanning.

Who it's for

Security researchers, due-diligence teams, and infrastructure analysts who need verifiable internet telemetry.

Get started

Search a domain and download a signed evidence bundle you can verify offline.

Visit

DNS signal intelligence monitoring thousands of domains in continuous scan cycles. Tech stack fingerprinting from public DNS, TLS, WHOIS, and HTTPS records. Service detection across the commercial web.

Every scan cycle produces Ed25519-signed provenance receipts. The data is not just collected. It is attested at the moment of collection. Downstream consumers can verify what was scanned, when, and by whom, without trusting the scanner.

Paired with RunsWith for infrastructure fingerprinting across 80+ provider categories. Together they form the scanner tier of DRM3 intelligence.

Capabilities

16,000+ domain catalog under continuous scan

DNS, TLS, WHOIS, HTTPS fingerprinting

Ed25519 provenance on every scan cycle

80+ infrastructure provider categories (via RunsWith)

Real-time change detection

Scanning Methodology

Connor is not a web crawler. It is a DNS and infrastructure metadata scanner in the same category as Censys, Shodan, and SecurityTrails. Connor does not crawl websites, index page content, follow links, or traverse URL paths.

Connor collects publicly available infrastructure metadata: DNS records, TLS certificate data, domain registration information, and the HTTP response status from a single lightweight probe to a domain's root. Every observation is Ed25519-signed at the moment of collection, producing a tamper-evident provenance receipt.

HTTP requests to target domains

HEAD /Single liveness probe recording HTTP status and response headers. Falls back to GET only if the server returns 405 Method Not Allowed.

GET /robots.txtCollected as a data point for AI crawler policy analysis. Connor reads this file to report which AI user-agents a domain blocks. This is observational — Connor records the contents but does not use robots.txt as a crawl gate, because Connor does not crawl.

Connor does not

Crawl, index, or store page content

Follow links or traverse site paths

Access any URL path beyond / and /robots.txt

Send POST, PUT, or any state-modifying request

Use authentication, cookies, or sessions

Store or reproduce page content from target domains

External metadata APIs

These requests go to third-party public APIs, not to the target domain.

Certificate transparencyPublic CT log queries via crt.sh and CertSpotter

RDAP serversPublic domain registration metadata

dns.googleDNSSEC validation via DNS-over-HTTPS

ipinfo.ioASN and geolocation for IP addresses found in DNS records

Identification

User-AgentConnor-DNS-Intelligence/0.5 (+https://connor.dns.drm3.network)

ProtocolHTTPS only. Maximum 3 redirect hops. 3–5 second timeouts per request.

−

Opt-out

Domain operators can request exclusion from Connor scanning by emailing inquiries@drm3.io with the domain name. Opt-out requests are processed within 7 business days.

Don't see your domain?

Submit your domain for inclusion in the Connor scanning catalog. We review every submission and follow up within 7 business days.

Live Provenance

github.comprovenance receipts from a live scan

Every scan produces Ed25519-signed receipts across five observation planes. Each receipt is independently verifiable — no trust in the scanner required.

Every observation is Ed25519-signed

Verify them offline. Nothing leaves your machine.

Verify github.com

Provenance by Plane5/5 scanned

DRM3 Provenance Receipt — DNS & TLS

Public Key

connor-fast-v0.1.0

Status

Locally Signed

Observed

6/3/2026, 8:02:39 AM

Observations

74 total

Receipt ID

cd96deef-d4a7-4aea-b864-96aadcaaafc2

Output Hash (SHA-256)

95629854bd483d6fb10cdf182b5ea78222f4053815433e01992edd25864bd188

Derivation Path

connor/fast

Verify This Observation Signer Registry

Live from the Connor scanning network

See all products