Multi-Layer Bot Detection Platform

WebDecoy combines behavioral analysis, honeypot deception, and automated response to catch every bot—from AI scrapers to credential stuffers.

Bot Scanner

Behavioral Analysis Engine

Go beyond honeypots with real-time behavioral analysis. Bot Scanner detects headless browsers and automation frameworks that evade traditional detection methods.

Headless Detection

Detect Puppeteer, Playwright, Selenium, and Nightmare with 95%+ accuracy using advanced fingerprinting techniques.

TLS Fingerprinting

JA4 TLS fingerprints reveal the true client behind a disguised user agent—and become the actor identity WebDecoy blocks across every IP a bot rotates through.

Behavioral Signals

Mouse entropy, interaction timing, and scroll patterns distinguish real users from automation scripts.

IP Enrichment

Real-time threat intelligence from GreyNoise, AbuseIPDB, and IPQualityScore. Detect datacenter, VPN, and Tor exit nodes.

New Feature

LLM Referral Tracking

See visitors arriving from ChatGPT, Perplexity, Gemini, Claude, and 7 other AI platforms. Track the fastest-growing acquisition channel your analytics is missing.

11 AI Platforms Referral Dashboard Traffic Trends Zero Config
Bot Scanner SDK Installation



// Or use our npm package
npm install @webdecoy/scanner

import { BotScanner } from '@webdecoy/scanner';
BotScanner.init({ accountId: 'acc_xxx' });

Core Detection Features

AI Bot Detection

Identify GPTBot, ClaudeBot, Perplexity, and 20+ other AI scrapers. Behavioral analysis and user agent verification catch bots that bypass robots.txt.

Custom Honeypots

Create invisible decoy links specifically designed to attract bots while remaining invisible to real users. Customize paths, content, and triggers.

Zero-Setup Hosting, BYO Domain Optional

Start instantly on the WebDecoy shared domain — no DNS, no setup. Or bring your own domain with a simple CNAME/A record when you want decoys under your own brand.

Instant Response Actions

Push a composite actor signature to your Cloudflare or AWS WAF—challenge first, block on honeypot-grade evidence, every rule auto-expiring. Enforcement runs in the WAF you already own, in milliseconds.

Data Poisoning

Return false or misleading data to bots. Train their models on intentionally bad data to reduce their effectiveness.

Endpoint Decoys

Deploy API honeypots that mimic real endpoints. Detect SQL injection, credential stuffing, and API enumeration attacks with zero false positives.

Geographic Consistency

Analyze timezone, language, and GeoIP data to detect VPNs and proxies. Score visitor consistency and flag location spoofing in real-time.

LLM Referral Tracking

Track visitors arriving from ChatGPT, Perplexity, Gemini, Claude, and 8 more AI platforms. Measure your AI search traffic with zero configuration.

Endpoint Decoys: API Honeypot Protection

Advanced API security that catches attackers before they reach your real infrastructure. Deploy fake endpoints that detect and analyze malicious API traffic in real-time.

Attack Detection

Automatically detect and categorize attack patterns:

  • Critical SQL Injection
  • Critical Command Injection
  • Critical XXE Attacks
  • High XSS & Path Traversal

Forensic Capture

Full attack payload analysis:

  • Request body capture
  • HTTP method tracking
  • Authorization header detection
  • Content-type analysis

Zero False Positives

Only real attackers trigger detections:

  • Endpoints don't exist in your app
  • Legitimate users never find them
  • Only scanners & attackers trigger
  • AbuseIPDB integration

Real-Time Analytics Dashboard

Monitor all bot detection activity in real-time. See which bots visit your site, when they visit, what they access, and take immediate action.

Detection Timeline

View bot activity over time with interactive charts and graphs

Bot Distribution

See which bots are targeting you most frequently

Geographic Analysis

Track bot activity by location and IP address

Enterprise Integrations

Connect WebDecoy to your entire security stack. Block bots at the edge, stream metrics to your SIEM, and automate response across your infrastructure.

CDN & Edge

  • Cloudflare WAF
  • Akamai
  • Fastly

Cloud WAF

  • AWS WAF
  • Cloudflare Firewall
  • Composite signatures + challenges

Observability

  • Datadog
  • Custom SIEM
  • Real-time metrics

Automation

  • Vercel Edge
  • Custom Webhooks
  • REST API
SOC Integration

MITRE ATT&CK Mapping

Every WebDecoy detection automatically maps to MITRE ATT&CK tactics and techniques. Your SOC team gets standardized threat intelligence that integrates with existing workflows.

  • Reconnaissance (TA0043) - Web crawling, AI bot detection
  • Credential Access (TA0006) - Brute force, credential stuffing
  • Execution (TA0002) - SQL injection, command injection
  • Discovery (TA0007) - Path traversal, API enumeration
Learn About ATT&CK Mapping
Webhook Payload
{
  "detection_type": "sql_injection",
  "severity": "critical",
  "mitre_attack": {
    "tactics": ["TA0002", "TA0006"],
    "techniques": ["T1203", "T1110.004"],
    "technique_names": [
      "Exploitation for Client Execution",
      "Credential Stuffing"
    ]
  },
  "source_ip": "185.x.x.x",
  "threat_score": 94
}

Enterprise Features

Team Management

Invite team members with role-based access. Granular permissions for viewing data, managing settings, and billing.

Actor & JA4 Blocklist Management

Enforce actors as composite signatures—fingerprint plus network plus path, never a bare JA4. Every rule auto-expires and is reversible; push straight to your Cloudflare or AWS WAF so enforcement follows the adversary, not the users who share its fingerprint.

Audit Logs

Complete audit trail of all actions. Track who made changes, when, and why for compliance and security.

Scheduled Reports

Automated weekly or monthly reports sent to your team. Customizable metrics and insights.

SSO Integration

Single Sign-On support. SAML 2.0 and OAuth 2.0 for enterprise authentication.

Advanced Security

GDPR compliant. No PII storage. End-to-end encryption for sensitive data.

Response Actions

Automated Threat Response

Every detection triggers automated response actions. Block the actor at the edge by JA4, alert your team, and feed your SIEM—all in milliseconds.

Edge Blocking

Push a composite actor signature to Cloudflare or AWS WAF—challenge first, block last, auto-expiring. Stops the actor across its rotating IPs before it reaches your origin, without touching users who share a fingerprint.

Response time: <1 second

Webhook Alerts

Send HMAC-signed detection events to Slack, PagerDuty, or any custom endpoint. Trigger your security playbooks automatically.

Supports retry with exponential backoff

SIEM Integration

Stream events to Splunk, Elastic, Datadog, or CrowdStrike. Every detection includes MITRE ATT&CK technique IDs.

Syslog, CEF, and native formats

Data Poisoning

Serve fake or misleading content to detected bots. Pollute AI training datasets with intentionally bad data.

Configurable per bot type

Smart Redirects

Redirect bots to custom pages, tarpit endpoints, or competitor sites. Control exactly where unwanted traffic goes.

Custom redirect rules per detection type

SDK & API

Full REST API and JavaScript SDK for custom integrations. Build automated workflows that match your security policies.

npm: @webdecoy/scanner

Supported AI Bots

We detect a wide range of AI scrapers and bots. Our detection engine combines behavioral analysis with user agent verification to catch bots that bypass robots.txt.

  • GPTBot (OpenAI)
  • ClaudeBot (Anthropic)
  • Perplexity
  • GoogleBot (Research)
  • Bingbot
  • Applebot
  • Metabot
  • And 15+ others

Always Growing

Our detection engine combines behavioral analysis with continuous updates. New bot patterns, threat intelligence, and response actions added weekly.

Actor Identity & JA4 WAF Blocking: Jul 2026

Bots are now tracked as persistent actors across rotating IPs. A confirmed rotating actor is blocked by its JA4 fingerprint via automatic AWS WAF and Cloudflare rules—every IP at once.

LLM Referral Tracking: Feb 2026

Track visitors from ChatGPT, Perplexity, Gemini, Claude, and 7 more AI platforms. AI search analytics dashboard.

Bot Scanner GA: Nov 2024

Behavioral analysis engine with headless browser detection, TLS fingerprinting, and real-time threat scoring.

SDK Release: Nov 15, 2024

JavaScript SDK (@webdecoy/scanner) for embedded detection and custom response automation.

Questions about our bot detection capabilities?

Our team can help you understand how WebDecoy fits your specific security needs.

Talk to an Expert

Ready to Protect Your Content?

Start with our free plan and upgrade as you grow.

14 day free trial · No credit card required

Start 14-Day Free Trial Opens in a new tab