Replies: 1 comment
-
|
Hey @syne0, thanks for the suggestion! I’ve added both of those older UAs to the list under the Compliance category. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hey! Found your list of sus UA's when researching phishing kits. Thought I'd share two more with you if you wanted to throw them into your list.
The first is this one - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36. which is detailed https://www.obsidiansecurity.com/blog/emerging-identity-threats-the-muddy-waters-of-residential-proxies/ as a UA associated with some phishing kits. I work at Obsidian and can confirm we see this UA still to this day.
The second is this one - Mozilla/5.0 (Windows NT 10.0; Win64; x64; WebView/3.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.22621 which I've seen recently tied to another newer phishing kit.
Thanks for the list & your repo!
Beta Was this translation helpful? Give feedback.
All reactions