16 requests from 12 unique IP addresses - why is Grok attacking your website?
What actually happens when you paste a URL into a chatbot?
Jerome Segura at DataDome Inc. investigated how xAI’s Grok fetches a url:
- Distributed "Swarm" Architecture: A single user prompt triggered 16 requests from 12 unique residential and mobile carrier IPs to evade IP-based blocking.
- User-Agent Spoofing: The requests rotated through multiple browser signatures, including iPhone OS 18, Chrome, and occasionally a generic
Go-http-client/1.1header. - Aggressive Parallel Bursting: The traffic pattern resembled a DDoS attack, hitting the server with seven near-simultaneous requests per second.
Interestingly, Gemini and ChatGPT didn’t show this "bad bot" pattern.
My take: Why does Grok use such an aggressive fetching strategy? It is likely just an effort to reliably deliver on user expectations, hedging against anti-scraping protections.
Website owners need to accept a new reality: optimizing for bot accessibility is becoming important, unless scraping is absolutely lethal to your business model. In that case, you have another, and, probably, bigger problem.