Qualys web application scanner
Qualys operates security scanning that assesses web applications and infrastructure for vulnerabilities and misconfigurations. Some Qualys scanning is authorised by the site owner (an internal security assessment); some is part of broader internet measurement. It is a security tool, not a search crawler, and its probes appear in logs as scanning rather than content fetching for ranking.
What this means
Qualys provides security and compliance scanning. A web application scan systematically requests many URLs and parameter variations to look for vulnerabilities such as injection points or exposed configuration. This produces a burst of unusual requests that are easy to mistake for an attack or a crawl.
Much Qualys scanning is initiated by the site owner as part of their own security program. In that case the scan is expected and authorised, even though the request pattern looks aggressive.
How it identifies itself
Qualys scans can carry self-identifying user-agents and originate from Qualys scanner infrastructure that customers can configure. Qualys documents its scanner identification for customers running assessments.
Because tokens and source ranges depend on the deployment and change over time, this entry is marked partially verified. The reliable signal is the scanning behaviour plus, for authorised scans, your own knowledge that you commissioned the assessment.
- Purpose: vulnerability and configuration assessment
- Often authorised by the site owner for their own security
- Distinct from search-engine indexing crawlers
How it appears in analytics and logs
A Qualys probe is a security assessment fetch — checking for vulnerabilities or configuration issues — not a content crawl for search. It is monitoring/scanning traffic, not audience or SEO indexing.
Diagnostic use case
Recognise Qualys security-scan traffic in logs, distinguish authorised assessments you commissioned from unsolicited scanning, and keep both out of search-crawl metrics.
What WebmasterID can help detect
WebmasterID classifies recognised security-scan probes server-side as bot/monitoring traffic, so vulnerability scanning does not blend into human analytics or look like search crawling.
Common mistakes
- Treating an authorised security scan as an attack and blocking your own assessment.
- Counting scanner requests as human page views.
- Confusing vulnerability scanning with search indexing.
Privacy and accuracy notes
Identification uses the request user-agent and scan context only. No visitor identity is involved. WebmasterID records the probe as a bot event, separate from human analytics.
Related pages
- Censys and Shodan scanning crawlers
Censys and Shodan are internet-wide scanning services that map reachable hosts, open ports, and exposed services for security research and asset discovery. They are not search-engine crawlers indexing your content for ranking; they probe infrastructure. Their requests appear in logs as scanning activity from their published scanner identities, and they offer opt-out mechanisms for operators.
- Security scanners vs search crawlers
Security scanners (Censys, Shodan, BinaryEdge, Qualys and similar) probe hosts, ports, and application surface to assess exposure and find vulnerabilities. Search crawlers (Googlebot, Bingbot) fetch and index content to rank it. Confusing the two leads to wrong robots.txt decisions and misread logs: robots.txt governs content crawling, not port scanning, and scan traffic should never be counted as audience.
- BinaryEdge scanning crawler
BinaryEdge is an internet-scanning service that collects data on reachable hosts, open ports, and exposed services for security and threat-intelligence use. Like Censys and Shodan, it probes infrastructure rather than indexing your pages for search ranking. Its scanning appears in logs as automated probes, and the service provides information for operators who want to identify or exclude it.
- Website observability
See scanners and crawlers reaching your endpoints, server-side.
Sources and verification notes
- QualysSecurity and compliance scanning platform; scanner identification documented for customers.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.