Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Hex Values in the User Agent - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Hex Values in the User Agent
I've recently came across an executable that makes a GET request and in the UserAgent string are hexadecimal values. Has anyone ever seen this before? So instead of seeing "Mozilla ...." the User Agent is this UserAgent: \xe6\xb8... Anonymous

I did a quick retro-hunt in my logs for the last 30 days and found one IP that scanned a website with the following UA's:

687 Posts
ISC Handler
This could potentially be a user connecting to a non-TLS site using TLS. Johannes

4478 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!