I’ve been hosting a small URL shortener for just over a year now. It’s one of those deceptively simple projects — a few routes, a small database, not much to it. But even something this minimal can teach you a lot if you pay attention.
I use PostHog to log incoming requests, mostly to see how people use the service and catch edge cases early. But over time, a pattern emerged: every single day, I’d see bursts of traffic hitting random, suspicious-looking paths. Things like /admin.php, /sendgrid.env, or just plain /env. Clearly not human behavior — and clearly not looking for shortened links.
Digging into it further, I noticed many of the requests came in tight bursts, often from headless clients like Python scripts, Go-based tools, or something like l9synscan. Most of them were probing for vulnerabilities. Nothing ever got through — the server’s locked down — but it sparked my curiosity. Where exactly was this traffic coming from?
That led me to something called ASN — Autonomous System Number. In short, an ASN is a unique identifier assigned to a group of IPs that are managed under the same network. Think of it as an umbrella for IP ranges controlled by a single provider or organization. With the right tools, you can look up an IP address and find out which CIDR block it belongs to and what ASN owns that block.
I started experimenting with ipinfo.io, which gives you this data via API. But the builder in me immediately wanted to know: where does this data actually come from?
Turns out, the raw data is published and updated every 30 minutes via bgp.tools. That was enough of a reason for me to spin up a quick side project — a lightweight API that pulls the ASN-to-CIDR mappings and lets you query them. Given any IP, it tells you what ASN it’s part of.
Naturally, I deployed it right next to my URL shortener. Now, when requests come in, I can run a quick lookup and decide how to handle the traffic — for example, automatically block requests from hosting providers like Azure, DigitalOcean, or GCP, which are frequently the source of automated scans and attack attempts.
You can check out the GitHub repo here: github.com/hirebarend/asnguard
And if you want to try it out, here’s a sample query you can run against your own IP: 👉 https://asnguard.lnkbrd.com/api/self
It’s a small project, but a fun one — and a good reminder that even basic tools on the internet are exposed to a constant hum of unwanted traffic. Once you know where it’s coming from, you can get a little smarter about how to deal with it.