You should take extra care when signing messages which appear to be HEX-encoded like this one: bb4cdb9cbd36b01bd1cbaebf2de08d9173bc095c
as they may expose you to security threats. The biggest problem with this is WalletConnect, since most wallet applications will display WalletConnect signature requests as HEX-encoded regardless of the message itself. On this situation, the only thing you can validate is the message length, as it must be exactly 90 characters if it is coming from WalletNow (0x followed by 88 characters).