Yeah, most faked UAs are obviously used to get past filters that site owners have installed, or to be covert and blend in with the browsers in those inefficient site stats reports like Google Analytics. Most don't identify version numbers.

Seemingly, the botrunners don't consider their footprints are looked at by anyone who knows what they're doing. In fact, a lot of the internet operates that way :)

I suspect these folks were banking on our amusement at their cleverness to give them a pass in appreciation of all their efforts.

NOT!

I like the UAs that attempt to appear benign, all while probing for vulnerabilities: link checkers, bookmakers, validators, etc.

The marketing data scrapers are usually more honest about their intentions.

Here's another entertaining one, noticed only because it happened to be the very last item on that day's logs:

178.137.95.abc - - [30/Jul/2018:02:23:44 -0700] "GET /rats/ HTTP/1.1" 403 3034 "https://sheer--gibberish--here/" "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)"

I know Russian* browsers tend to be a bit elderly compared to RIPE and ARIN ranges ... but let's not overdo it.


* 178.137 turns out to be Ukraine, but same difference.