scan.nextcloud.com - you can ask to check your security… in the past it was used to scan through setups to see what versions were installed (without request from the operator).
Interesting, seems useful but also a great recon tool for attackers. Is there ratelimits on this to prevent abuse? Seems a bit odd that my private instance was scanned (its on a vhost and wouldn’t appear on the direct IP address).
As far as I understood, the function which uses the “Nextcloud Server Crawler” agent string is part of the Nextcloud core and being used to request information. See e.g.