Hex Values in the User Agent
I've recently came across an executable that makes a GET request and in the UserAgent string are hexadecimal values. Has anyone ever seen this before? So instead of seeing "Mozilla ...." the User Agent is this UserAgent: \xe6\xb8... Anonymous

I did a quick retro-hunt in my logs for the last 30 days and found one IP that scanned a website with the following UA's:

712 Posts
ISC Handler
This could potentially be a user connecting to a non-TLS site using TLS. Johannes

4600 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!