One funny thing I've discovered as a result of certificate transparency logs is that the second your host gets given an SSL cert, you are immediately blasted with ai crawlers.
I put a project online - it was online for a month, and the second I added an SSL cert it went from 0 traffic to 1000 requests/min.
It's a silly metric. There could be only one master bot that pings every known endpoint multiple times a second, and that would probably surpass all human activity, too. It doesn't really tell us much about intention or the ability to masquerade as humans.
Where I would start to worry is if there's evidence that bot access patterns are starting to become harder to distinguish from human access patterns, which would suggest that they are, in fact, mimicking or masquerading as humans. I don't care how many search bots are indexing web content, but I do worry about how many social bots are attempting to manipulate or mislead people.
Thales Bad Bot Report categorizes the traffic between "good" and "bad" bots.
I would add that AI dramatically blurs the line between legitimate and malicious, and the intent generally speaking.
In regards to social bots, there's a 2024 study of over 1 million accounts on X and over 60% were found likely to be bots. Curiously, when Musk took over Twitter, the "Blue Checkmark" became something that can be bought for several bucks a month (with crypto, even), without any sort of verification.
>but I do worry about how many social bots are attempting to manipulate or mislead people.
You should browse reddit sometime. The easy ones to spot just autocreate accounts using the autoname at signup, which is of the formfactor [word1][word2]/d{4}
Regex nazis please spare me, I am doing my bestest
This feels like a vibe-coded dashboard that someone made just because they could and with AI it is much cheaper/quicker to create. But they didn't actually put too much thought into how it would/could actually be used. This doesn't really provide much value over "well that's kind of interesting to know". There aren't really actionable points that one can take from looking at these charts.
Some of my opinion above is formed from my own experience making similar charts just because I wonder what something would look like graphed out :)
I was tracking this as part of an older job and this has been the case for some years now - started around the Covid time with all the scalping bots etc and has just been building up.
This sorta mirrors the early-mid 2010's when people[1] were worried about how much of the internet was streaming traffic.
Automated systems that don’t sleep and are often programmed to aggressively scrape and are limited only by compute capacity outstripped humanity? I am not surprised by this at all.
Any thoughts on why ~30% of HTTP request are in US? I know we had first mover advantage for awhile but I'd expect this to have been diluted by larger populations by now. It doesn't appear to be AI/bot driven either.
Funny how I get captcha looped with my adblocking in firefox but you can just get through easily with a few puppeteer plugins controlling headless chrome.
If they were truly this accurate at identifying sources of bot traffic, you'd think they'd be better at blocking them without inconveniencing the rest of us.
One funny thing I've discovered as a result of certificate transparency logs is that the second your host gets given an SSL cert, you are immediately blasted with ai crawlers.
I put a project online - it was online for a month, and the second I added an SSL cert it went from 0 traffic to 1000 requests/min.
It's a silly metric. There could be only one master bot that pings every known endpoint multiple times a second, and that would probably surpass all human activity, too. It doesn't really tell us much about intention or the ability to masquerade as humans.
Where I would start to worry is if there's evidence that bot access patterns are starting to become harder to distinguish from human access patterns, which would suggest that they are, in fact, mimicking or masquerading as humans. I don't care how many search bots are indexing web content, but I do worry about how many social bots are attempting to manipulate or mislead people.
Looking at the verified bots section, all the top bots are web crawlers, which have been around for decades, to your point.
Thales Bad Bot Report categorizes the traffic between "good" and "bad" bots.
I would add that AI dramatically blurs the line between legitimate and malicious, and the intent generally speaking.
In regards to social bots, there's a 2024 study of over 1 million accounts on X and over 60% were found likely to be bots. Curiously, when Musk took over Twitter, the "Blue Checkmark" became something that can be bought for several bucks a month (with crypto, even), without any sort of verification.
>but I do worry about how many social bots are attempting to manipulate or mislead people.
You should browse reddit sometime. The easy ones to spot just autocreate accounts using the autoname at signup, which is of the formfactor [word1][word2]/d{4}
Regex nazis please spare me, I am doing my bestest
“First time”
The graph seems like it only goes back to April 27 and on that day it was 57% bot…
Maybe "first time on a weekday"? Asit seems it's been above 60% every weekend since they started monitoring it.
I think it’s meant as “for the first time in history..”. Not today in particular, but as a milestone.
Bot traffic
Lol, what is happening?According to the Thales Bad Bot Report, in 2025 >53% of traffic came from bots. 2024 was 50 - 50, and in 2013, it was measured at 43%.
AI-driven* bot activity has increased more than tenfold however in the past 12 months so I'm confident this will grow to a very solid majority.
> and in 2013, it was measured at 43%.
Do you mean 2013 or 2023?
I mean, just for a reference point, 2013. 2013 was the first year they did the report.
This feels like a vibe-coded dashboard that someone made just because they could and with AI it is much cheaper/quicker to create. But they didn't actually put too much thought into how it would/could actually be used. This doesn't really provide much value over "well that's kind of interesting to know". There aren't really actionable points that one can take from looking at these charts.
Some of my opinion above is formed from my own experience making similar charts just because I wonder what something would look like graphed out :)
For the first time? No way. People were saying this 5, 10, 15+ years ago.
I was tracking this as part of an older job and this has been the case for some years now - started around the Covid time with all the scalping bots etc and has just been building up.
This sorta mirrors the early-mid 2010's when people[1] were worried about how much of the internet was streaming traffic.
[1] Mostly ISP's annoyed at not being able to monetize it and folks trying to sell monetization solutions to them - https://www.sandvine.com/hubfs/Sandvine_Redesign_2019/Downlo...
Automated systems that don’t sleep and are often programmed to aggressively scrape and are limited only by compute capacity outstripped humanity? I am not surprised by this at all.
We're the "retail users" of the Web.
Dead internet theory
what comes after death? more like dead -> dead -> dead internet
It's been mostly dead all morning.
Any thoughts on why ~30% of HTTP request are in US? I know we had first mover advantage for awhile but I'd expect this to have been diluted by larger populations by now. It doesn't appear to be AI/bot driven either.
Is it not just a case of most of their clients being US based?
my first guess would be a decent chunk of things bot operators want to scrape are in the US. might as well have your bot nearer to the source.
On the Traffic page it is showing Bots more than Human,
but on the Bot page it's the opposite: 65.9% Human vs 34.1% Bot
https://radar.cloudflare.com/bots?dateRange=7d
?
Would love to see it go further back and some meaningful metric of how much is web scrapers vs bots.
Not shocking if CF is now trying really hard to keep me out of the internet
CF posts metrics which reinforces their business... shocking
It's not Cloudflare's title, the submitted invented it.
Sorry for the confusion, I was pointing out that the submitter submitted something silly and not that CF is boosting its business.
Given how many rounds of captchas I have to fight through, I'm not sure if these numbers are accurate.
Funny how I get captcha looped with my adblocking in firefox but you can just get through easily with a few puppeteer plugins controlling headless chrome.
You have to fight, for some bots it might not be a real fight anymore...
Trivial to bypass though, the big players just haven't gone that far yet.
Captchas are part of the traffic. ;)
Given how most of the internet is on mobile, I wonder how much that would skew this.
Only for HTML content. Total traffic would have been surprising.
If they were truly this accurate at identifying sources of bot traffic, you'd think they'd be better at blocking them without inconveniencing the rest of us.
Can bot traffic cause ad revenue to go up by any chance? Or false clicks that cost advertisers?
I'm looking forward to the fraud lawsuites for ad companies
OP: please add [2012] to the title
Dead internet theory gaining more credibility with every passing day.