A deeper dive into mapping web requests via ASN, not by IP address

I went ahead and replaced IP (Internet Protocol) addresses with ASN (Autonomous System Number)s in the log file to find the network that sent the most requests to my blog for the month of February.

Even though Alibaba US has the most unique IPs hitting my blog [1], Microsoft is still the network making the most requests. So let's see how Microsoft presents itself to my web server. Here are the user agents it sends:

The top result comes from a single IP address and probably requires a separate post about it [2], since it's weird and annoying. But the rest—you got Bing, you got OpenAI, you got several Mastodon instances—it seems like most of these are from Microsoft's cloud offering. A mixture of things.

What about Facebook?

Hmm … looks like I have a few readers at Facebook, but other than that, nothing terribly interesting.

Alibaba, on the other hand, is frightening. Out of 25,019 requests, it presented 581 different user agents. From looking at what was requested, I don't think it's 500 Chinese people reading my blog—it's defintely bots crawling my site (and amusingly, there are requests to /robots.txt file, but without a proper user agent to go by, it's hard to block it via that file).

I can think of one conclusion here—if you do filter by ASN, it can help tremendously, but it also comes with possibly blocking legitimate traffic.

[1] /boston/2025/03/21.1

[2] /boston/2025/03/21.4

Discussions about this entry

Lazy Reading for 2025/04/13 – DragonFly BSD Digest

Gemini Mention this post

Contact Sean Conner