Multi-Layer Bot Detection Platform
WebDecoy combines behavioral analysis, honeypot deception, and automated response to catch every bot—from AI scrapers to credential stuffers.
Behavioral Analysis Engine
Go beyond honeypots with real-time behavioral analysis. Bot Scanner detects headless browsers and automation frameworks that evade traditional detection methods.
Headless Detection
Detect Puppeteer, Playwright, Selenium, and Nightmare with 95%+ accuracy using advanced fingerprinting techniques.
TLS Fingerprinting
JA4 TLS fingerprints reveal the true client behind a disguised user agent—and become the actor identity WebDecoy blocks across every IP a bot rotates through.
Behavioral Signals
Mouse entropy, interaction timing, and scroll patterns distinguish real users from automation scripts.
IP Enrichment
Real-time threat intelligence from GreyNoise, AbuseIPDB, and IPQualityScore. Detect datacenter, VPN, and Tor exit nodes.
LLM Referral Tracking
See visitors arriving from ChatGPT, Perplexity, Gemini, Claude, and 7 other AI platforms. Track the fastest-growing acquisition channel your analytics is missing.
// Or use our npm package
npm install @webdecoy/scanner
import { BotScanner } from '@webdecoy/scanner';
BotScanner.init({ accountId: 'acc_xxx' });Core Detection Features
AI Bot Detection
Identify GPTBot, ClaudeBot, Perplexity, and 20+ other AI scrapers. Behavioral analysis and user agent verification catch bots that bypass robots.txt.
Custom Honeypots
Create invisible decoy links specifically designed to attract bots while remaining invisible to real users. Customize paths, content, and triggers.
Zero-Setup Hosting, BYO Domain Optional
Start instantly on the WebDecoy shared domain — no DNS, no setup. Or bring your own domain with a simple CNAME/A record when you want decoys under your own brand.
Instant Response Actions
Push a composite actor signature to your Cloudflare or AWS WAF—challenge first, block on honeypot-grade evidence, every rule auto-expiring. Enforcement runs in the WAF you already own, in milliseconds.
Data Poisoning
Return false or misleading data to bots. Train their models on intentionally bad data to reduce their effectiveness.
Endpoint Decoys
Deploy API honeypots that mimic real endpoints. Detect SQL injection, credential stuffing, and API enumeration attacks with zero false positives.
Geographic Consistency
Analyze timezone, language, and GeoIP data to detect VPNs and proxies. Score visitor consistency and flag location spoofing in real-time.
LLM Referral Tracking
Track visitors arriving from ChatGPT, Perplexity, Gemini, Claude, and 8 more AI platforms. Measure your AI search traffic with zero configuration.
Endpoint Decoys: API Honeypot Protection
Advanced API security that catches attackers before they reach your real infrastructure. Deploy fake endpoints that detect and analyze malicious API traffic in real-time.
Attack Detection
Automatically detect and categorize attack patterns:
- Critical SQL Injection
- Critical Command Injection
- Critical XXE Attacks
- High XSS & Path Traversal
Forensic Capture
Full attack payload analysis:
- Request body capture
- HTTP method tracking
- Authorization header detection
- Content-type analysis
Zero False Positives
Only real attackers trigger detections:
- Endpoints don't exist in your app
- Legitimate users never find them
- Only scanners & attackers trigger
- AbuseIPDB integration
Real-Time Analytics Dashboard
Monitor all bot detection activity in real-time. See which bots visit your site, when they visit, what they access, and take immediate action.
Detection Timeline
View bot activity over time with interactive charts and graphs
Bot Distribution
See which bots are targeting you most frequently
Geographic Analysis
Track bot activity by location and IP address
Enterprise Integrations
Connect WebDecoy to your entire security stack. Block bots at the edge, stream metrics to your SIEM, and automate response across your infrastructure.
CDN & Edge
- Cloudflare WAF
- Akamai
- Fastly
Cloud WAF
- AWS WAF
- Cloudflare Firewall
- Composite signatures + challenges
Observability
- Datadog
- Custom SIEM
- Real-time metrics
Automation
- Vercel Edge
- Custom Webhooks
- REST API
MITRE ATT&CK Mapping
Every WebDecoy detection automatically maps to MITRE ATT&CK tactics and techniques. Your SOC team gets standardized threat intelligence that integrates with existing workflows.
- Reconnaissance (TA0043) - Web crawling, AI bot detection
- Credential Access (TA0006) - Brute force, credential stuffing
- Execution (TA0002) - SQL injection, command injection
- Discovery (TA0007) - Path traversal, API enumeration
{
"detection_type": "sql_injection",
"severity": "critical",
"mitre_attack": {
"tactics": ["TA0002", "TA0006"],
"techniques": ["T1203", "T1110.004"],
"technique_names": [
"Exploitation for Client Execution",
"Credential Stuffing"
]
},
"source_ip": "185.x.x.x",
"threat_score": 94
}Enterprise Features
Team Management
Invite team members with role-based access. Granular permissions for viewing data, managing settings, and billing.
Actor & JA4 Blocklist Management
Enforce actors as composite signatures—fingerprint plus network plus path, never a bare JA4. Every rule auto-expires and is reversible; push straight to your Cloudflare or AWS WAF so enforcement follows the adversary, not the users who share its fingerprint.
Audit Logs
Complete audit trail of all actions. Track who made changes, when, and why for compliance and security.
Scheduled Reports
Automated weekly or monthly reports sent to your team. Customizable metrics and insights.
SSO Integration
Single Sign-On support. SAML 2.0 and OAuth 2.0 for enterprise authentication.
Advanced Security
GDPR compliant. No PII storage. End-to-end encryption for sensitive data.
Automated Threat Response
Every detection triggers automated response actions. Block the actor at the edge by JA4, alert your team, and feed your SIEM—all in milliseconds.
Edge Blocking
Push a composite actor signature to Cloudflare or AWS WAF—challenge first, block last, auto-expiring. Stops the actor across its rotating IPs before it reaches your origin, without touching users who share a fingerprint.
Response time: <1 second
Webhook Alerts
Send HMAC-signed detection events to Slack, PagerDuty, or any custom endpoint. Trigger your security playbooks automatically.
Supports retry with exponential backoff
SIEM Integration
Stream events to Splunk, Elastic, Datadog, or CrowdStrike. Every detection includes MITRE ATT&CK technique IDs.
Syslog, CEF, and native formats
Data Poisoning
Serve fake or misleading content to detected bots. Pollute AI training datasets with intentionally bad data.
Configurable per bot type
Smart Redirects
Redirect bots to custom pages, tarpit endpoints, or competitor sites. Control exactly where unwanted traffic goes.
Custom redirect rules per detection type
SDK & API
Full REST API and JavaScript SDK for custom integrations. Build automated workflows that match your security policies.
npm: @webdecoy/scanner
Supported AI Bots
We detect a wide range of AI scrapers and bots. Our detection engine combines behavioral analysis with user agent verification to catch bots that bypass robots.txt.
- GPTBot (OpenAI)
- ClaudeBot (Anthropic)
- Perplexity
- GoogleBot (Research)
- Bingbot
- Applebot
- Metabot
- And 15+ others
Always Growing
Our detection engine combines behavioral analysis with continuous updates. New bot patterns, threat intelligence, and response actions added weekly.
Actor Identity & JA4 WAF Blocking: Jul 2026
Bots are now tracked as persistent actors across rotating IPs. A confirmed rotating actor is blocked by its JA4 fingerprint via automatic AWS WAF and Cloudflare rules—every IP at once.
LLM Referral Tracking: Feb 2026
Track visitors from ChatGPT, Perplexity, Gemini, Claude, and 7 more AI platforms. AI search analytics dashboard.
Bot Scanner GA: Nov 2024
Behavioral analysis engine with headless browser detection, TLS fingerprinting, and real-time threat scoring.
SDK Release: Nov 15, 2024
JavaScript SDK (@webdecoy/scanner) for embedded detection and custom response automation.
Questions about our bot detection capabilities?
Our team can help you understand how WebDecoy fits your specific security needs.
Talk to an ExpertReady to Protect Your Content?
Start with our free plan and upgrade as you grow.
14 day free trial · No credit card required
Start 14-Day Free Trial Opens in a new tab