User-Agent strings are messy, spoofable, and technically "on their way out"
with Client Hints — but in practice, almost every bot, scraper, and piece of
malware still sends one, and most of them get it wrong in predictable ways.
I built UAIntel to catch those mistakes and score
any UA string 0–100 for risk. Here's how it's structured.
Layer 1: Rule Engine
The first pass is pure pattern matching, no external data needed:
- Impossible OS/browser combos — e.g. a UA claiming to be Safari on Windows, which doesn't exist in the real world
- Version inconsistencies — internal tokens that don't match each other (e.g. a Chrome version number that doesn't line up with its WebKit build)
- Automation signatures — Selenium, Puppeteer, HeadlessChrome, and similar framework fingerprints
- Raw HTTP libraries — curl, python-requests, Go-http-client — not browsers at all, but common in scraping traffic
This layer is fast (no lookups) and catches the most obvious cases.
Layer 2: Threat-Intel Database Lookups
The second layer cross-references the UA against bundled threat feeds:
- Nginx/Apache bad-bot blocklists
- SecLists' UA database
- mthcht's malware UA intelligence
- Matomo's device detector bot list
These feeds refresh weekly via a Cloudflare Workers cron trigger, so the
in-memory dataset stays current without a manual redeploy.
Layer 3: Community Voting
Some UAs are ambiguous even after the first two layers — this is where
community reports come in. Anyone can flag a UA as malicious, bot, or
benign, and that feedback factors into the score for future lookups of
the same string. It's a small signal on its own, but compounds over time
as more people use the tool.
What's Next
I'm actively looking for edge cases it gets wrong — false positives on
legitimate automation, or malware/scrapers it's not catching yet. If you
work with logs, WAFs, or bot mitigation and have interesting UA strings
lying around, I'd genuinely appreciate you running them through it:
👉 uaintel.tech — free, no signup.
Happy to answer questions in the comments.
Top comments (0)