Multi-Layer Bot Detection Platform

WebDecoy combines behavioral analysis, honeypot deception, and automated response to catch every bot—from AI scrapers to credential stuffers.

Bot Scanner

Behavioral Analysis Engine

Go beyond honeypots with real-time behavioral analysis. Bot Scanner detects headless browsers and automation frameworks that evade traditional detection methods.

Headless Detection

Detect Puppeteer, Playwright, Selenium, and Nightmare with 95%+ accuracy using advanced fingerprinting techniques.

TLS Fingerprinting

JA3/JA4 TLS fingerprints identify spoofed browsers and reveal the true client identity behind disguised user agents.

Behavioral Signals

Mouse entropy, interaction timing, and scroll patterns distinguish real users from automation scripts.

IP Enrichment

Real-time threat intelligence from GreyNoise, AbuseIPDB, and IPQualityScore. Detect datacenter, VPN, and Tor exit nodes.

New Feature

Geographic Consistency Detection

Catch VPNs and proxies by analyzing mismatches between browser timezone, language settings, and GeoIP location. Score visitor consistency from 0-100 and flag likely VPN users automatically.

Timezone Mismatch Language Analysis VPN Detection 50+ Country Mappings
Bot Scanner SDK Installation



// Or use our npm package
npm install @webdecoy/scanner

import { BotScanner } from '@webdecoy/scanner';
BotScanner.init({ accountId: 'acc_xxx' });

Core Detection Features

AI Bot Detection

Identify GPTBot, ClaudeBot, Perplexity, and 20+ other AI scrapers. Behavioral analysis and user agent verification catch bots that bypass robots.txt.

Custom Honeypots

Create invisible decoy links specifically designed to attract bots while remaining invisible to real users. Customize paths, content, and triggers.

Bring Your Own Domain

Deploy honeypots on your domain using flexible DNS configuration (CNAME or A records). Complete control - bots can't distinguish decoys from real content.

Instant Response Actions

Block detected bots at the edge via Cloudflare, AWS WAF, or custom integrations. Trigger response actions in milliseconds.

Data Poisoning

Return false or misleading data to bots. Train their models on intentionally bad data to reduce their effectiveness.

Endpoint Decoys

Deploy API honeypots that mimic real endpoints. Detect SQL injection, credential stuffing, and API enumeration attacks with zero false positives.

Geographic Consistency

Analyze timezone, language, and GeoIP data to detect VPNs and proxies. Score visitor consistency and flag location spoofing in real-time.

Endpoint Decoys: API Honeypot Protection

Advanced API security that catches attackers before they reach your real infrastructure. Deploy fake endpoints that detect and analyze malicious API traffic in real-time.

Attack Detection

Automatically detect and categorize attack patterns:

  • Critical SQL Injection
  • Critical Command Injection
  • Critical XXE Attacks
  • High XSS & Path Traversal

Forensic Capture

Full attack payload analysis:

  • Request body capture
  • HTTP method tracking
  • Authorization header detection
  • Content-type analysis

Zero False Positives

Only real attackers trigger detections:

  • Endpoints don't exist in your app
  • Legitimate users never find them
  • Only scanners & attackers trigger
  • AbuseIPDB integration
Learn More About Endpoint Decoys

Real-Time Analytics Dashboard

Monitor all bot detection activity in real-time. See which bots visit your site, when they visit, what they access, and take immediate action.

Detection Timeline

View bot activity over time with interactive charts and graphs

Bot Distribution

See which bots are targeting you most frequently

Geographic Analysis

Track bot activity by location and IP address

Enterprise Integrations

Connect WebDecoy to your entire security stack. Block bots at the edge, stream metrics to your SIEM, and automate response across your infrastructure.

CDN & Edge

  • Cloudflare WAF
  • Akamai
  • Fastly

Cloud WAF

  • AWS WAF
  • Cloudflare Firewall
  • Auto IP blocking

Observability

  • Datadog
  • Custom SIEM
  • Real-time metrics

Automation

  • Vercel Edge
  • Custom Webhooks
  • REST API
View All Integrations
SOC Integration

MITRE ATT&CK Mapping

Every WebDecoy detection automatically maps to MITRE ATT&CK tactics and techniques. Your SOC team gets standardized threat intelligence that integrates with existing workflows.

  • Reconnaissance (TA0043) - Web crawling, AI bot detection
  • Credential Access (TA0006) - Brute force, credential stuffing
  • Execution (TA0002) - SQL injection, command injection
  • Discovery (TA0007) - Path traversal, API enumeration
Learn About ATT&CK Mapping
Webhook Payload
{
  "detection_type": "sql_injection",
  "severity": "critical",
  "mitre_attack": {
    "tactics": ["TA0002", "TA0006"],
    "techniques": ["T1203", "T1110.004"],
    "technique_names": [
      "Exploitation for Client Execution",
      "Credential Stuffing"
    ]
  },
  "source_ip": "185.x.x.x",
  "threat_score": 94
}

Enterprise Features

Team Management

Invite team members with role-based access. Granular permissions for viewing data, managing settings, and billing.

IP Blocklist Management

Automatically build and maintain IP blocklists of detected bots. Export for use in firewalls and CDNs.

Audit Logs

Complete audit trail of all actions. Track who made changes, when, and why for compliance and security.

Scheduled Reports

Automated weekly or monthly reports sent to your team. Customizable metrics and insights.

SSO Integration

Single Sign-On support. SAML 2.0 and OAuth 2.0 for enterprise authentication.

Advanced Security

GDPR compliant. No PII storage. End-to-end encryption for sensitive data.

Response Actions

Automated Threat Response

Every detection triggers automated response actions. Block at the edge, alert your team, and feed your SIEM—all in milliseconds.

Edge Blocking

Automatically add detected IPs to Cloudflare WAF, AWS WAF, or Akamai blocklists. Block bots before they reach your origin.

Response time: <1 second

Webhook Alerts

Send HMAC-signed detection events to Slack, PagerDuty, or any custom endpoint. Trigger your security playbooks automatically.

Supports retry with exponential backoff

SIEM Integration

Stream events to Splunk, Elastic, Datadog, or CrowdStrike. Every detection includes MITRE ATT&CK technique IDs.

Syslog, CEF, and native formats

Data Poisoning

Serve fake or misleading content to detected bots. Pollute AI training datasets with intentionally bad data.

Configurable per bot type

Smart Redirects

Redirect bots to custom pages, tarpit endpoints, or competitor sites. Control exactly where unwanted traffic goes.

Custom redirect rules per detection type

SDK & API

Full REST API and JavaScript SDK for custom integrations. Build automated workflows that match your security policies.

npm: @webdecoy/scanner

Supported AI Bots

We detect a wide range of AI scrapers and bots. Our detection engine combines behavioral analysis with user agent verification to catch bots that bypass robots.txt.

  • GPTBot (OpenAI)
  • ClaudeBot (Anthropic)
  • Perplexity
  • GoogleBot (Research)
  • Bingbot
  • Applebot
  • Metabot
  • And 15+ others

Always Growing

Our detection engine combines behavioral analysis with continuous updates. New bot patterns, threat intelligence, and response actions added weekly.

Bot Scanner GA: Nov 2024

Behavioral analysis engine with headless browser detection, TLS fingerprinting, and real-time threat scoring.

SDK Release: Nov 15, 2024

JavaScript SDK (@webdecoy/scanner) for embedded detection and custom response automation.

Response Actions: Nov 1, 2024

Automated Cloudflare, AWS WAF, and SIEM integrations with sub-second response time.

Questions about our bot detection capabilities?

Our team can help you understand how WebDecoy fits your specific security needs.

Talk to an Expert

Ready to Protect Your Content?

Start with our free plan and upgrade as you grow. No credit card required.

Get Started Free Opens in a new tab