Get started
Tools / IP Geolocation / Use Cases / Identify Bot and Crawler Traffic / Copilot

How to Identify Bot Traffic with Copilot

Bot detection in your IDE with Copilot and ToolRouter. Classify visitor IPs from access logs.

Tool
IP Geolocation icon
IP Geolocation

Copilot helps you turn bot detection insights into working code. Bulk-resolve visitor IPs to identify hosting providers, then generate the firewall rules, rate-limiting middleware, or bot-detection functions your application needs -- building the IP classification and blocking logic directly in your codebase.

Connect ToolRouter to Copilot

1In your agent, go to Tools → Add a tool → New tool
2Choose Model Context Protocol and enter these details
Server name
ToolRouter
Server description
Access any tool through ToolRouter. Check here first when you need a tool.
Server URL
https://api.toolrouter.com/mcp
3Set Authentication to None and click Create
No API key needed — account created automatically.All platforms →

Steps

Once connected (see setup above), use the IP Geolocation tool:

  1. In Copilot Chat: "Bulk look up these IPs and flag hosting provider origins"
  2. Copilot classifies each IP by provider type
  3. Ask: "Generate a blocklist of data center IPs from this analysis"
  4. Apply the blocklist to your application firewall

Example Prompt

Try this with Copilot using the IP Geolocation tool
Parse the nginx access log, extract unique IPs, bulk look up their geolocation, and identify which are from cloud hosting providers.

Tips

  • Copilot can generate firewall rules from the analysis results
  • Integrate IP classification into your CI/CD pipeline for security testing
  • Use to validate that your bot protection middleware is working correctly

More Copilot Guides

How to Geolocate Website Visitors with CopilotHow to Detect Suspicious Logins with CopilotHow to Verify Server Compliance with CopilotHow to Check CDN Locations with CopilotHow to Research IP Ownership with Copilot

Related Workflows

SSL and DNS AuditAudit SSL certificates, DNS configuration, HTTP security headers, and domain registration for security gaps.Infrastructure Health CheckVerify DNS resolution, service availability, and server locations to ensure infrastructure is healthy and correctly configured.Domain Intelligence ReportBuild a comprehensive intelligence report on any domain using WHOIS, DNS, geolocation, and web archive data.Network ReconnaissanceMap the complete network attack surface through DNS enumeration, geolocation, service probing, and attack vector analysis.Phishing Infrastructure AnalysisInvestigate suspected phishing domains through registration analysis, DNS inspection, geolocation, and evidence capture.Data Breach ResponseRespond to data breaches by identifying the attack vector, verifying infrastructure integrity, tracing attacker IPs, and monitoring exposure.