I'm curious if you're just tracking browser user agent, fingerprinting or some other method? For instance would someone using a tool to spider your site, would it be classed as an attack?