This detection rule focuses on identifying suspicious user agent strings present in proxy logs that may indicate potential command-and-control (C2) activity or other malicious behavior. The rule establishes multiple selection criteria to detect specific user agent formats that are known to be associated with suspicious activities. It captures user agents that start with common malformed prefixes or contain characters and strings typical of automated scripts or known malicious agents. Additionally, the rule includes exclusions for known legitimate user agent strings to minimize false positives. It is classified as a high-level detection and aims to enhance security monitoring by identifying unusual web traffic patterns through user agent analysis.