ShieldSquare's core power comes from its patented algorithms to uniquely identify Human vs. Good bots vs. Bad bots. ShieldSquare bot detection and prevention is not purely based on IP. ShieldSquare uses multiple rules or techniques to identify a bot. Some of the techniques used are:

a. Browser Integrity Check - If bot really come from a browser (most of the bots mimic a browser but they don't come from it. We     do few turing tests to find this)

b. HTTP Header Integrity Check - If the information inside the HTTP header is genuine or cooked-up

c. Rate limiting Check - We check the rate at which the page is requested per sec / min / session etc.
d. User Behaviour Check - We classify human vs bots based on page traversal, frequency at which they traverse, order of         page clicks, mouse movement, etc.
e. Referral check - If they have referral headers
f.  Device fingerprinting -Bot tracking based on device fingerprinting

g. more...

To identify bots from simple to complex, ShieldSquare requires few page hits to understand bot traffic using one or more of the above rules before it can mark the traffic as bad. This is also to ensure that there are no false positives. For more information read our blog post here.