Oddbean new post about | logout
 Some example. I haven't tried to decode it. Cyberchef to the rescue!

147.182.162.162 - - [17/Nov/2024:19:52:30 +0000] "HELP" 400 150 "-" "-"
147.182.162.162 - - [17/Nov/2024:19:52:30 +0000] "\x1B\x84\xD5\xB0]\xF4\xC4\x93\xC50\xC2X\x8C\xDA\xB1\xD7\xAC\xAFn\x1D\xE1\x1E\x1A3*\x85\xB7\x1D'\xB1\xC9k\xBF\xF0\xBC" 400 150 "-" "-"
147.182.162.162 - - [17/Nov/2024:19:52:30 +0000] "batman" 400 150 "-" "-"

147.182.162.162 = prod-boron-nyc1-32.do.binaryedge.ninja 
 Some of it might be disguised, regex? I see a * and a ' in there. It doesn't decode to anything readable as far as I can tell.  
 right ! it does look like it has some structure to it, and isn't completely random, but as assembly it's complete nonsense

$ rasm2 -a x86 -b 64 -d  '1b84d5b05df4c493c530c2588cdab1d7acaf6e1de11e1a332a85b71db1c96bbff0bc'
sbb eax, dword [rbp + rdx*8 - 0x3b0ba250]
xchg ebx, eax
vcmpps xmm11, xmm9, xmmword [rax - 0x74], 0xda
mov cl, 0xd7
lodsb al, byte [rsi]
...

$ rasm2 -a arm -b 64 -d  '1b84d5b05df4c493c530c2588cdab1d7acaf6e1de11e1a332a85b71db1c96bbff0bc'
adrp x27, 0xffffffffab081000
extr x29, x2, x4, 0x3d
ldr x5, 0xfffffffffff84620
invalid
 
 googling for that IP shows it is in some blacklists, you're at least not the only target 🙂  
 I appreciate the help :)