What is Webscout?

We hear this question often, and for good reason. We've never been good at communicating our capabilities publicly.

The status as an "if you know, you know" company has certainly had its advantages. Most importantly, it’s allowed us to stay focused on hunting and gathering network intelligence for the organizations that took a chance on us early. The downside is that many of the organizations that could benefit from our services have no idea what we do.

To address this, we dedicate this end-of-year article to demonstrate some of our core capabilities. The article follows a typical workflow we observe: enrich a set of IPs, identify the key pivot point, and then analyze them in our JA4+ fingerprinted netflow.

An IP Address Enrichment Engine

Webscout started out as a one-stop shop for the most essential IP enrichments for cyberdefence and intelligence: VPN attribution, geolocation, behavioral insights, device classification, etc. This remains one of the most common use cases for Webscout, and the video below shows an example of how this can be done.

The art of detection lies in recognizing what’s vital from what’s incidental. Our first goal was to make this process as fast and easy as possible, and we can confidently say that we’ve achieved that.

A Global Threat Intelligence Platform

Once the vital IP addresses have been identified, the next step is to understand their context and risk in greater depth. The best way to do this is to see how they behave across the internet.

Webscout processes petabytes of high-signal network traffic and makes it searchable, allowing users to contextualize the real-world behavior and risk profile of any IP our sensors have observed.

A Place to Track Sophisticated Adversaries

Once you’ve identified key commonalities in traffic patterns and network fingerprints, you can track them through our platform.

On VirusTotal, you write YARA rules for samples. On Webscout, you craft Lucene queries that run across our global telemetry. This enables use cases such as adversary tracking, mapping their victims, and monitoring for breaches.

A Partner. Not Just a Vendor

If you find a blind spot in our collection, or if more tailored visibility is needed, you can request it through Webscout.

We’re always expanding our visibility, and with guidance from our partners, we ensure our collection is positioned where it matters most.

A Provider of Raw Data for Custom Integrations

For complete control and flexibility, we make our intelligence available through high-speed APIs and bulk dataset downloads.

Whether you are enriching a handful of IPs in MISP or ingesting billions of logs into your SIEM, we've made sure to fit into your workflow.

An Investigation Platform for Air-gapped and High-Side Environments

With our government background, we understand that certain queries cannot leave the building.

For select partners, we provide a containerized, standalone deployment of Webscout that enables zero-footprint operations.

A Cheaper, European Alternative

Webscout is designed, built, and operated independently in Denmark. That independence allows us to keep our prices low. We prioritize close collaboration over unicorn ambitions.

Our primary competitors are big U.S. companies. In netflow collection, we compete with Team Cymru; in sensor and honeypot intelligence, with GreyNoise; and in VPN/proxy detection, with the great team at Spur. And while we don't match their coverage, we unify the most valuable capabilities from each.

Most people know Denmark for our culinary scene, hygge, or Viking heritage, but we are also home to some of the world’s best cybersecurity researchers. Kalmarunionen, for example, is currently ranked as the number one hacking team in the world. We draw from this uniquely strong talent pool, and for our clients, that means we can gain visibility where few others can.

A Trust Community Member

We're contributing to some of the world’s most exclusive threat-intelligence communities. In this industry, everyone sees only a small part of the elephant; sharing perspectives is the only way to get the full picture.

Sharing intelligence, however, comes with costs and risks. That's why we don’t work with anyone. We have had to turn down clients who don’t meet our criteria or whom our existing partners can’t vouch for. Saying no to revenue isn’t a popular move on the business-development side, but trust matters more to us than growth.

What Does the Future Hold?

Webscout has grown from a bootstrapped startup working out of a student-run café in Copenhagen into a trusted vendor whose intelligence helps leading cybersecurity teams counter some of the most sophisticated threats.

Going forward, we will sharpen our focus on what we do best: hunting and gathering network intelligence.

2025 Hall of Fame - our MVPs

Finally, a heartfelt thank you goes out to everyone who helped make 2025 an unforgettable year for Webscout. A special thanks to the people below (ordered alphabetically).

• Jane, for your patience and persistence.
• Kenneth Kinion, for having our back and for building another amazing intelligence solution, Validin. Check it out!
• Martin Kofoed Høding, for being the first in Denmark to take a chance with us.
• Michael Matonis, for inviting us to demo Webscout at the inaugural State of Statecraft conference. Thank you for your letter - we'll do our best!
• Nick Attfield, for our many inspiring conversations and your unwavering optimism in Webscout! You are both an outstanding engineer and analyst. PP is lucky to have you!
• Nik 👻, for your invaluable technical feedback. We owe you, big time.
• Pasquale Stirparo, for inviting us to participate in Pivotcon as a Tech Sponsor (and for trauma-bonding with us over startup-life at various conferences throughout the year). We encourage everyone to checkout his malware intelligence platform at RationalEdge.
• Everyone in the CSIRT *** group - we cannot wait to work with you.
• And of course to all of those who now use Webscout to keep evil at bay.

If you want to learn more about Webscout or our team, please reach out to us at info@webscout.io. Thank you for reading.