mobile-no-touch

A red-team configuration exercising the mobile no touch technique.

botverdict
1.00score
24/185checks fired

Convicting tells 14

br.apple_ua_nonwebkitA UA claiming Apple WebKit (Safari / any iOS browser) exposes a Blink-only structural API
br.automation_globalsAutomation-framework global or webdriver DOM attribute present
br.error_engine_vs_uaJS-engine error-message format contradicts the UA engine
br.mobile_no_touchPhone/tablet UA reports no touch capability (maxTouchPoints 0)
br.navplatform_vs_uanavigator.platform implies an OS that contradicts the UA platform
br.safari_ua_no_webkit_apiA UA claiming Safari lacks window.GestureEvent — a WebKit-only surface, so it is not WebKit
br.ua_platform_vs_ch_platformnavigator/UA platform contradicts Sec-CH-UA-Platform
br.webdriver_presentnavigator.webdriver is true
net.ch_ua_mobile_vs_uaSec-CH-UA-Mobile form factor contradicts the UA's mobile-ness
net.ch_ua_vs_ua_browserHTTP Sec-CH-UA brand contradicts the JS UA browser
net.h2_vs_ua_browserHTTP/2 (Akamai) fingerprint contradicts User-Agent browser
net.tcp_os_vs_uaTCP/IP-stack OS kernel contradicts the OS the User-Agent claims
net.tls_ext_order_static_within_sessionChromium-JA4 session repeated one TLS extension order (no per-connection permutation)
net.tls_vs_ua_browserJA4 browser family contradicts User-Agent browser

← all evaders  ·  the detection matrix