Four bots that cost you margin every day.
E-commerce attracts the most sophisticated bot traffic — every page is a potential financial transaction worth scraping or hoarding.
Price scraping
Competitors and aggregators harvest your prices every few minutes. They undercut you on Google Shopping, dynamic pricing tools, and competitor dashboards. We catch the rotation networks behind them.
Inventory hoarding
Sneaker bots, ticketing bots, drop bots hold carts on limited inventory while humans wait. Catch them at the add-to-cart endpoint, not the checkout — before the damage is done.
Credential stuffing
Leaked passwords get tested against your login at 500 RPS from residential proxy networks. Rate limit + cluster detection together catch even slow-drip stuffing campaigns.
Account takeover
Once a credential pair lands, professional scrapers harvest the loyalty points, gift card balance, and saved payment info. Behavioral signals flag the takeover within seconds of login.
Cart, login, price — three surfaces, one stack.
One script tag covers every endpoint. No proxy install, no DNS migration. Works alongside Shopify, BigCommerce, custom stacks.
Protect the cart
Rate-limit add-to-cart per IP + session. Detect cart-hold patterns. Drop sessions with 0 mouse interaction across multiple items.
Protect the login
Fixed-window throttle on POST /login. Step-up auth on suspicious bands. Hard block on hot credential-stuffing IPs (memory across sites).
Protect the price
Catch competitor scrapers via cluster detection. Block rotation networks on /products/* without blocking real comparison shoppers.
A drop bot hitting your hottest SKU.
Twelve add-to-cart attempts in under four seconds, no mouse movement, IP in a Hetzner datacenter, session already linked to a 23-IP cluster. We block at the cart, not the checkout.
- Behavior12 add-to-cart in 4 seconds+0.35
- Clustersession ID part of 23-IP fleet+0.30
- NetworkASN: Hetzner datacenter+0.30
- Signalno mouse events on cart page+0.20
- Bot scoreCapped at 1.0 — blocked1.00
Tools built for the e-commerce stack.
Cart-hold detection
Tracks add-to-cart velocity per session. 5 items in 3 seconds = bot. Real shoppers browse, compare, then add.
Drop-protection mode
Time-boxed strict mode for limited launches. Tighter thresholds, more challenges, hard caps per IP/ASN — only during the window.
Login throttling
5 POST /login per minute per IP, plus cluster-level rate limiting. Stops credential stuffing without locking out real customers.
Checkout bot detection
Bots paste card numbers, never type them. We watch keystroke timing on payment forms. Mismatched typing → step-up auth.
Price-page allow-list
Whitelist real comparison shoppers (Google Shopping, Amazon Pay, PayPal). Block everything else from /products/*.json.
Per-product score policy
High-margin items get tighter score thresholds + faster challenge issuance. Low-margin items run lighter.