[0des]

someone demonstrated a while back how based on user agent you could serve innocuous code for a browser checking the code first, and then a different malicious payload for curl.

thanks to dementiapatien below for the link https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-b...