Ah yes, the API will accept requests that doesn’t include the client attestation (or the fingerprint from src/utils/fingerprint.ts. At least it did a couple of weeks back.

They are most likely using these as post-fact indicators and have automation they kicks in after a threshold is reached.

Now that the indicators have leaked, they will most likely be rotated.