Hi Guys,
I have noticed this happening today...
2018-09-21 18:59:34 DEBUG: [90489698: 5055 < 127.0.0.1] HEX: 504f5354202f20485454502f312e310d0a557365722d4167656e743a204d6f7a696c6c612f352e30202857696e646f7773204e5420362e313b20574f5736343b2054726964656e742f372e303b2072763a31312e3029206c696b65204765636b6f0d0a43616368652d436f6e74726f6c3a206e6f2d63616368650d0a436f6e74656e742d547970653a206170706c69636174696f6e2f782d7777772d666f726d2d75726c656e636f6465640d0a5669613a20687474702f312e312069702d3137322d33312d32352d33300d0a582d466f727761726465642d466f723a203137332e3137302e3131362e3135360d0a582d466f727761726465642d50726f746f3a20687474700d0a582d466f727761726465642d486f73743a2035322e35362e3136382e3139360d0a582d466f727761726465642d5365727665723a203137322e33312e32352e33300d0a486f73743a206c6f63616c686f73743a353035350d0a5472616e736665722d456e636f64696e673a206368756e6b65640d0a0d0a3141340d0a532f415078747162624e4830644347484a6d2b7139526d612f534f2b544953746e46706737656c6d334342583859697779382f367a514447635049673633704158724342534a4b7a56445a4f505456765432487a37372f57753252766a6837734166666655684c344c4c5a4d38327358674d4b6346576930625973756d63655151444f423161325573696e316c476379686f39654c684a734d36333836536274764e346176685377533539664b6c5a396d4c515a594443557178504f75385a2f362b2b4c776e385856734f617655506134662b647454305065784350656556477938412b6f3678617a55495a68474d3250694b725a2f6b357256733153596657542f614834575150573769784433573137695063395661742f45314b4e795a474c7834704a554651717649454e526e66486d54397a69746a414a744758382b4a4573505a664d43625a4351494e6159562f66372b474f36422f63696b774f4c74765378306b7652656531504330795653717a77726f4e6d625461356a544a36684a596d7a49364e38315667532b2f4150414534546a5848425a65586332624b5372574f570d0a300d0a0d0a
The HEX is random characters and i cant make any sense of it.
The is nothing else on the server using port 5055 and it is closed on the inbound security group (AWS Hosted)
Has anyone seen this before and is able to shed some light?
Thanks,
Ed.
Edit....
The Data from the HEX is.
POST / HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Via: http/1.1 ip-172-31-25-30
X-Forwarded-For: 173.170.116.156
X-Forwarded-Proto: http
X-Forwarded-Host: 52.56.xxx.xxx
X-Forwarded-Server: 172.31.25.30
Host: localhost:5055
Transfer-Encoding: chunked
1A4
S/APxtqbbNH0dCGHJm+q9Rma/SO+TIStnFpg7elm3CBX8Yiwy8/6zQDGcPIg63pAXrCBSJKzVDZOPTVvT2Hz77/Wu2Rvjh7sAfffUhL4LLZM82sXgMKcFWi0bYsumceQQDOB1a2Usin1lGcyho9eLhJsM6386SbtvN4avhSwS59fKlZ9mLQZYDCUqxPOu8Z/6++Lwn8XVsOavUPa4f+dtT0PexCPeeVGy8A+o6xazUIZhGM2PiKrZ/k5rVs1SYfWT/aH4WQPW7ixD3W17iPc9Vat/E1KNyZGLx4pJUFQqvIENRnfHmT9zitjAJtGX8+JEsPZfMCbZCQINaYV/f7+GO6B/cikwOLtvSx0kvRee1PC0yVSqzwroNmbTa5jTJ6hJYmzI6N81VgS+/APAE4TjXHBZeXc2bKSrWOW
0
Looks like it's a proxied request from somewhere.
Hi Guys,
I have noticed this happening today...
The HEX is random characters and i cant make any sense of it.
The is nothing else on the server using port 5055 and it is closed on the inbound security group (AWS Hosted)
Has anyone seen this before and is able to shed some light?
Thanks,
Ed.