this post was submitted on 24 Apr 2024
3 points (100.0% liked)
Security Operations
570 readers
1 users here now
A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So a form of request smuggling? If that's a string of hex values, I'm not seeing how they would decode to anything useful.
The log translated binary data received to hex escape codes so that your log is not dangerous when you cat it. This could be misconfigured port or some sort of scan (e.g. Someone is trying to https to your http port and it wants to negotiate a SSL/TLS session). The IP listed is a OVH server and appears to be running IIS on http.