Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Hex Values in the User Agent - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Hex Values in the User Agent
I've recently came across an executable that makes a GET request and in the UserAgent string are hexadecimal values. Has anyone ever seen this before? So instead of seeing "Mozilla ...." the User Agent is this UserAgent: \xe6\xb8... Anonymous

I did a quick retro-hunt in my logs for the last 30 days and found one IP that scanned a website with the following UA's:
\xbf'\xbf\
\xf0''\xf0\
Xme

417 Posts
ISC Handler
This could potentially be a user connecting to a non-TLS site using TLS. Johannes

3373 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!