Reading the access log of apache of one of our server I've found that some ips connecting to it receive a "408 Timeout" response instead of "403 Unauthorized".
This is one line of the access log:
[Remote IP] - - [12/Jul/2019:12:00:00 +0000] "-" 408 3272 "-" "-"
It seems that the request has some sort of body (3kB) but there is no method GET/POST specified. I already tried to connect to the server via telnet to port 443 to simulate the connection, but that sort of connection is not being logged, so I do not know what type of connection is nor the meaning of "-" in the header field.
Some details about the server:
I am pretty sure the client has not the right ssl certificate nor is inside our network.
I don't know if it is something malicious or just a strange port-scan happening, so what it could be?