Jun 8
Can you tell me which of these useragents in the following tweets is an ai bot/scraper?
1
1
123
Apr 17
Another fun fact is Anubis by default blindly allows non-mozilla useragents through
It's actually faster to curl a site than it is to wait for Anubis to complete
1
1
22
538
Apr 14
Graph_Fold_By_Property() lets you combine common property values into clustered nodes, surfacing patterns of behavior buried in raw logs or the properties on your nodes. Here we are surfacing clusters of UserAgents on authentication nodes.
1
4
166
While this will reduce much needed noise it does not knock out the real threats.
The most formidable actors are accounts you see everyday that "spoof" their locations using proxies, useragents, & even buy pre existing accounts prior to renaming like inevitablewest and ohour1
1
2
48
Mar 20
how does their private API break? is it just major updates or something? useragents? etc?
one thing I did on IG if applicable is use websockets, then splice the first line of the encoded message and change text after it, this got me passed their special signing or whatever and you can use JS to overwrite the native WebSocket JS object with your custom one to tap in and hijack the calls.
might be applicable if they use it
2
2
151
17 Nov 2025
Dear Sir, when you urge the public to "remain vigilant", you have to throw them some IoCs to look out for. You know, certain IPs, hashes, UserAgents, possible C2 activity etc. One way to achieve this, is having full Network visibility of GoK's critical infrastructure at packet level. This way you can reconstruct how the attack happened & identify actionable IoCs that you can share with Kenyans. Otherwise, as it is, how will IT security teams in charge of Critical Infrastructure improve their defense to avert 'PCP@Kenya' in their systems?
6
4,092
13 Nov 2025
Me imagino que no hace mucho mas que meter UserAgents falopas no? Por ahora no me tocó nada con captcha, le meti un UA generico y va joya, si alguno falla lo pruebo
2
3
3,089
28 Oct 2025
when i chek the connections i always love to see the useragents... (truly not my node, just a friendly other knotser i connected to, i even have a v30 spamer connected)
2
7
589
8 Sep 2025
das konzept eines captchas was nur useragents blocked die "Mozilla 5.0" am anfang haben so hirntot hahaha rr das laesst ALLES durch AUSSER nen user.
3
37
1,308
24 Aug 2025
Wow...its almost like you're starting to get at the heart of why doing retarded things like filtering transactions and degrading block propagation, use deceptive useragents to waste peers bandwidth, & any antagonistic behaviors have consequences for network health as a whole...
1
5
126
14 May 2025
💯. I’m stabbing at this still with the useragents thing in my low for time list, so I have largely put it into my own workflows to try out.
I’ve done much more of trying to fully use HTTP headers (content negotiation!) with XML. Headers is ending up pretty awkward though.
i think that as AI advances, the self-describing, dynamic APIs of hypermedia might become more valuable than data APIs
2
268
28 Apr 2025
This is the shit i live for. Reminds me of tuning your webserver to always return HTTP 500 ok when it detects certain useragents (yello bug bounty dorks)
"When we detect unauthorized crawling, rather than blocking the request, we will link to a series of AI-generated pages that are convincing enough to entice a crawler to traverse them. . . . No real human would go four links deep into a maze of AI-generated nonsense. Any visitor that does is very likely to be a bot, so this gives us a brand-new tool to identify and fingerprint bad bots, which we add to our list of known bad actors."
1
5
997
9 Apr 2025
@TheAhmadOsman think we need to ship the useragents thing.
9 Apr 2025
Google dropped their A2A specification for enabling agent communication. It's basically WSDL for agents. It's a blend of OpenAPI concepts with Agent concepts. What it could potentially enable is a world where you can put your agent on a server and talk to it over http in a fairly standard way. While MCP focuses more on giving agents tools they need to run, A2A focuses more on how do you invoke a remote agent.
Some notes on the spec:
- Provides a standard file to drop in your web server for "discovery" (./well-known/agent.json)
- Provides a spec for defining"agent cards" (name, skills, capabilities, examples). Kind of mixed feelings there. This is mostly fluff, but moves toward an agent registry.
- Provides a spec for spawning / cancelling / watching / being notified about task runs from agents.
- Does not have anything in the spec for tool usage, so still need something like MCP for tool discovery.
- Reuses OpenAPI auth concepts
- Runs on top of http/json-rpc/sse
- Spawning a task with an agent takes a message that is like a single item in an llm completion message list.
Lots of thoughts, but going to let it gel for a bit.
1
1
4
406
25 Mar 2025
Still under the weather, but starting to look breezy, but Claude is INSISTING on the dumb UseragentS thing. I'm damn near ready to put a git hook in to fix it.
1
5
269
24 Mar 2025
I am reposting my old post as a reminder to regularly check which UserAgents are logging into your tenant. In more recent instances, we have noticed that TAs are using tools with the following as part of their toolkit:
'node-fetch/1.0 ( github.com/bitinn/node-fetch)'
'GuzzleHttp/7'
12 Nov 2024
Analyzed a phishing case in M365: attacker bypassed MFA using axios HTTP client, leaving a telltale "axios/1.7.7" in sign-in logs. Lesson: regularly check sign-in logs for unusual user-agents to spot suspicious activity.
1
19
87
11,349
24 Mar 2025
Sorry all - I’ve been going between bed and vomming, my threads has stuff I need from people! I largely am just editing before putting up useragents dot gg as the site for folks to join in. After that, end to end POC.
1
3
134
23 Mar 2025
working with @sloppenheimer on this
GitHub Repo: github[DOT]com/agenthooks
Discord Server: discord[DOT]gg/Yr2NhXEn
liberachat: #useragents
22 Mar 2025
been telling friends this for weeks, gonna say it again: mcp isn’t the final destination
2
1
5
837
23 Mar 2025
Also, in retrospect, Discord is the worst possible place for this.
liberachat: #useragents - for lack of a better name, worked in my head head when I just said "well, what if the agent just declares it's user agent?"
I'll be there the rest of the day, finishing up.
2
3
861