What is ISSCyberRiskCrawler?
ISSCyberRiskCrawler is a security scanning bot operated by ISS, a governance and risk analytics company. It scans publicly accessible internet infrastructure to gather technical signals used to calculate the ISS Cyber Risk Score, a metric used in cyber insurance, vendor management, and investment risk management. Agent Analytics can track when it visits your website.
Category
Expected Behavior
ISSCyberRiskCrawler's pattern depends on who pointed it at you. Continuous monitoring services check daily or even hourly, while a one time assessment sweeps once and disappears. Expect requests aimed at login pages, admin paths, APIs, and configuration files, because exposed ones are what scanners exist to find.
Overview
| Operated By | ISS |
| Expected To Follow Robots.txt | Yes |
| Insights Last Updated | July 6, 2026 |
Robots.txt Blocked Percentage
Country of Origin
Robots.txt Blocking Trend
As of July 6, 2026, 3% of top websites block ISSCyberRiskCrawler in their robots.txt files.
Overall Security Scanner Traffic
As of July 6, 2026, 0.0% of all web traffic came from security scanners.
Top Visited Website Categories
This data reflects agent visits measured across thousands of websites using Agent Analytics, combined with daily scans of the world's top 1000 websites and their robots.txt files.
ISSCyberRiskCrawler's User Agent
| User Agent | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36 ISSCyberRiskCrawler/4.1.1.dev1+g5e9309d |
Access other known user agents and IP addresses using the Enterprise API.
How To Block ISSCyberRiskCrawler
Add this rule to your robots.txt file to block ISSCyberRiskCrawler from accessing your entire website. You can customize which pages are blocked by swapping out / for a different path.
User-agent: ISSCyberRiskCrawler # https://knownagents.com/agents/isscyberriskcrawler
Disallow: /
Frequently Asked Questions
Should I Block ISSCyberRiskCrawler?
Not unless you already run your own scanning and want cleaner logs. ISSCyberRiskCrawler checks websites for exposed vulnerabilities, and some scanning services report what they find to site owners for free. For comparison, 3% of the top websites we track already have robots.txt rules for ISSCyberRiskCrawler.
Does ISSCyberRiskCrawler Respect Robots.txt?
Yes. ISSCyberRiskCrawler is expected to honor robots.txt rules, so a disallow rule is the right first move. Automatic Robots.txt adds and maintains that rule for you, and Agent Analytics confirms ISSCyberRiskCrawler actually honors it.
Does ISSCyberRiskCrawler Access Private Content?
It probes for private content deliberately. Login pages, admin panels, and API endpoints are exactly what ISSCyberRiskCrawler tests, because exposed ones are what it exists to find. Probing is not the same as getting in, but expect requests to sensitive paths in your logs.
Why Is ISSCyberRiskCrawler Visiting My Website?
ISSCyberRiskCrawler is scanning your site for vulnerabilities, either as part of a sweep across the whole internet or because someone requested an assessment of your domain. Recurring visits usually mean a monitoring service has you on its list.
How Can I Tell if ISSCyberRiskCrawler Is Visiting My Website?
Agent Analytics tracks ISSCyberRiskCrawler visits in real time alongside every other known AI agent, crawler, and scraper. You can also check your server logs for requests whose user agent string contains "ISSCyberRiskCrawler". Look for probes of login, admin, and API paths. Keep in mind that ISSCyberRiskCrawler doesn't publish a verification method, so any client can claim its user agent string and a log match is a hint rather than proof.