Thank you for your reply.
They show up at my website’s internal “online visitors” screen.
Unfortunately the full IP is not displayed only something like 2a01, 2a06, etc.
I thought of this but it’s too general to be able to create a rule right now (www.site.com/en*)
Yes, I have got Bot Fight Mode on. But if this is being done using Selenium or Marionette where you can program the browser then technically speaking, I don’t think Cloudflare would detect it unless I start challenging everyone.
Is there a section in Cloudflare where I can see the IPs of all the requests being made? This way, if I see the IP in Cloudflare, I can simply just block it manually and that will stop it for the time being. Yes, they can get rotating IPs but at this point Cloudflare is more likely to spot it. I couldn’t find a location in the dashboard where I can see the IPs of all the requests, only the IPs blocked but since this one is no being blocked, I can’t find it.