We are a group of academic researchers at VU Amsterdam who are interested in understanding the resilience of the web infrastructure in the Internet. To this end, we launch simple HTTP requests to various web servers in the world and determine what software stack the site is running. We then compare that information against CVEs and vulnerability disclosures to understand whether there the server stack is secure. If not, we intend to reach the webmaster or site administrator to alert them of the vulnerabilities in their software stack. The requests that we send are legitimate HTTP requests except we do not pursue the requests and download a large volume of content; in other words, our requests do not induce a significant volume of traffic for any concerned website.
If you wish to remove your server from our scans, please write to server.scans.vusec@gmail.com with the following subject: [HTTP-SCAN] remove request. We will acknowledge all emails within 48 hours.