Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Hex Values in the User Agent SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Hex Values in the User Agent
I've recently came across an executable that makes a GET request and in the UserAgent string are hexadecimal values. Has anyone ever seen this before? So instead of seeing "Mozilla ...." the User Agent is this UserAgent: \xe6\xb8... Anonymous

I did a quick retro-hunt in my logs for the last 30 days and found one IP that scanned a website with the following UA's:
\xbf'\xbf\
\xf0''\xf0\
Xme

491 Posts
ISC Handler
This could potentially be a user connecting to a non-TLS site using TLS. Johannes

3692 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!