Kind of a snarky response. Obviously this has been seen in the wild. If you created an intrusion detection system to look for suspicious requests, I think one occurring over and over and at a regular interval would clearly be seen as malicious and not a genuine user.
Can you provide an actual example? I see it come up a lot in these conversations, but I'm really skeptical that anyone actually does this analysis. It seems like rate analysis (either requests or bandwidth) would achieve the same result in a far simpler manner, so I suspect that is what actually happens.