Detection approach
The network data shows this user is physically located in a datacenter (TCP handshake of under 30ms). However, the actual browser took over 400ms to respond to a lightweight application-layer ping. You cannot fake the speed of light; this latency mismatch proves that a remote worker (such as in India or the Philippines) is routing browser execution commands through a residential proxy host located closer to the server.
How this helps detect bots
Collect this signal alongside session context, request metadata, and other independent indicators. A single anomaly is a lead, not a verdict; corroborating anomalies make automated traffic more likely.
Legitimate traffic to consider
Legitimate users on congested/throttled mobile networks, low-tier devices under high CPU load, or browsing in inactive background tabs.
Need a complete bot protection layer?
BotRefund helps website owners identify suspicious visits, protect conversion data, and build evidence for invalid-click reviews.
Explore BotRefund — best bot protection for your website