Skip to main content

How to verify the Dratabot

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago


Dratabot is the automated system that substantiates security compliance within an organization. It is important to note that the Dratabot does not try to connect to systems that it does not have permission to access, so there is no need to allow or deny access in robots.txt. There may be some systems that it might be helpful or required to explicitly add Dratabot to an allow list. For these cases, the User-Agent string can be used as well as the reverse DNS validation method described below. If there are any questions or concerns, please reach out to your Customer Success Manager.

How Dratabot accesses your site

Most of the assertions performed by Dratabot are made by calling 3rd-party APIs. There are some assertions, however, that make requests to an organizations web site. For example, the Dratabot will connect to to verify that the SSL certificate is valid and using strong ciphers.

Verifying Dratabot

The following is the list of IP addresses that Dratabot is using:



It is recommended to verify authenticity of Dratabot requests by performing a reverse DNS lookup by using the host command and confirm that the domain name is This will ensure that the connecting IP claiming to be Dratabot is official.

User-Agent string

Dratabot (+

Reverse DNS Validation

A request (in your access logs) from Dratabot can be verified by performing a reverse DNS lookup using the host command. The domain name from the host output should be Then do a forward DNS lookup on the domain name from the previous command and confirm that the IP addresses match.


~ host domain name pointer
~ host has address

Powered by

Did this answer your question?