Cloudflare has an "I'm under attack" mode which prompts a JavaScript 5-second shield before loading the page. This can be effective for some but are ineffective for some User Agents.
These are some UAs used by attackers that successfully bypassed Cloudflare's 5-second shield.
IE8 on Windows Vista
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)
IE8 on Windows Vista
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)
IE8 on Windows 7
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
64-bit IE on 64-bit Windows 7:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0)
32-bit IE on 64-bit Windows 7:
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0)
Googlebot
Mozilla/5.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html)
Bingbot
Mozilla/5.0 (compatible; bingbot/2.0 http://www.bing.com/bingbot.htm)
Baidu Spider
Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)
Sogou Spider
Sogou web spider/4.0( http://www.sogou.com/docs/help/webmasters.htm#07)
Soso Spider
Sosospider+(+http://help.soso.com/webspider.htm)
360 Spider
Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11; 360Spide
Easou Spider
Mozilla/5.0 (compatible; EasouSpider; www.easou.com/search/spider.html)
Google Transcoder
Chrome Mozilla/5.0 (en-us) AppleWebKit/534.14 (KHTML, like Gecko; Google Wireless Transcoder) Chrome/9.0.597 Safari/534.14
Sina Transcoder
Mozilla 0.0 SINA_WEIBO; Mozilla/5.0 (Windows; U; Windows NT 5.1; MSIE8.0; zh-CN; rv:1.9.1.8) Gecko/20100202 Firef8 (.NET CLR 3.5.30729)
Baidu Transcoder
Firefox 3.6 Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2.8;baidu Transcoder) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)
Source:UA穿盾参数 | 速狐博客