I'm not sure why the request was malformed but it turns out, our test user 36 was unable to login due a password problem. The application didn't allow anonymous access.
Because of this, the 'bad request' error was added anonymously to the domino http log.
Somehow the jsonRPCservice respond to an anonymous request. Maybe that is a bug but I'm not sure.