Book and Sword felix qui potuit rerum cognoscere causas
Website Admin
Written by

Website Admin

I have been coding websites since the 1990s and administering them since 2013. I am struggling to interpret HTTPS traffic today.

August 2025

Found the 20 IP addresses which used the most bandwidth on 26 August 2025.

IP address 209.59.190.160 sends tens of thousands of hits per day to a CSS stylesheet and a few to a cron job. My best guess is that this comes from my hosting service.

209.59.190.160 - - [26/Aug/2025:08:14:51 -0400] "GET /wp-content/themes/ekiline/assets/css/style-atf.css HTTP/1.1" 200 329 "-" "WordPress/6.8.2; https://www.bookandsword.com"

Fourteen different IP addresses in the 34.174.*.* range send about a thousand hits to different pages spaced a second or less apart. This range is registered to Google. There is no user agent for a bot but they are clearly scraping the site.

34.174.22.107 - - [26/Aug/2025:18:44:01 -0400] "GET /2020/04/30/cross-post-steel-symposium/ HTTP/1.1" 200 113396 "https://whatsapp.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"

34.174.136.1 - - [26/Aug/2025:13:17:28 -0400] "GET /tag/book-history/ HTTP/1.1" 200 83563 "https://vk.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"

34.174.226.27 - - [26/Aug/2025:09:39:10 -0400] "GET /2015/08/15/some-thoughts-on-john-lynns-battle/ HTTP/1.1" 200 149911 "https://mint.intuit.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"

34.174.227.36 - - [26/Aug/2025:12:18:45 -0400] "GET /tag/horrid-revelations/ HTTP/1.1" 200 83635 "https://google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"

IP address 40.69.217.78 tries to probe many protected files and gets response 401. It is registered to Microsoft.

40.69.217.78 - - [26/Aug/2025:14:35:01 -0400] "GET /admin/index.php HTTP/1.1" 401 36 "-" "-"

Of the remaining four IP addresses, one seems like a human, one is OpenAI GPTbot, and two are Mastodon.

~

On 28 August, was scraped for 1 GB of bandwidth by IP address 85.25.185.20. The UserAgent is a vague “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; rv:132.0) Gecko/20100101 Firefox/132.0”

paypal logo
patreon logo