CapTipper Report

CapTipper

Analysis Info

PCAP File	Analysis Time	CapTipper Version	Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Malware-Capture-Botnet-110-5//2015-04-23_capture-win9.pcap	04/23/15 13:35:19	0.2 b10	05/06/72 05:11:49

Flow View

Client Details

IP	10.0.2.109
MAC	08:00:27:61:d3:d3
USER-AGENT	Microsoft NCSI

Conversations

www.msftncsi.com (195.113.232.90:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/ncsi.txt

text/plain

ncsi.txt

200 OK

TEXT

14.0 B

05/06/72 05:11:49

solocoufandle.com (37.187.245.14:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/viber.php

text/html

viber.php

200 OK

TEXT

31.0 B

04/04/73 06:38:58

/md.php?command=getip

text/html

md.php

200 OK

TEXT

12.0 B

04/07/73 20:11:27

/md.php?command=ghl&id=1494384558

text/html

md.php

200 OK

TEXT

44.0 B

04/11/73 01:15:18

/md.php?command=dl&id=1494384558

text/html

md.php

200 OK

TEXT

4.0 B

04/14/73 05:16:30

/md.php?command=version&id=1494384558

text/html

md.php

200 OK

TEXT

52.0 B

04/16/73 09:19:00

/md.php?command=getbackconnect

text/html

md.php

200 OK

TEXT

18.0 B

04/21/73 13:10:25

/md.php?command=update2&id=1494384558&ip=46.165.222.212&port=21063

text/html

md.php

200 OK

TEXT

2.0 B

04/25/73 06:01:41

91.185.215.161 (91.185.215.161:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/sp.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW

text/html

sp.php

200 OK

TEXT

1.1 KB

04/27/73 16:39:39

Download
SHA256	d394b910936d216aa2b4a945ba3e7392a349257b262e4c89fc43a374bdbc5748
Referer
Magic	Inconclusive. Probably text (TEXT)
Request	GET /sp.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: 91.185.215.161 Accept: /
Response Header	HTTP/1.1 200 OK Date: Wed, 22 Apr 2015 10:12:51 GMT Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 Content-Length: 1133 Connection: close Content-Type: text/html; charset=UTF-8
Response Peek (128 B)	a:3:{s:13:"secret_string";s:18:"BER5w4evtjszw4MBRW";s:6:"server";a:21:{s:9:"HTTP_HOST";s:14:"91.185.215.161";s:11:"HTTP_ACCEPT";...

ocsp.startssl.com (10.0.2.109:49164)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://ocsp.startssl.com/sub/class2/server/ca

application/ocsp-response

200 OK

BINARY

1.6 KB

02/15/92 00:01:33

MIIGRQoBAKCCBj4wggY6BgkrBgEFBQcwAQEEggYrMIIGJzCB66FwMG4xCzAJBgNVBAYTAklMMTEw LwYDVQQKEyhTdGFydENvbSBMdGQuIChTdGFydCBDb21tZXJjaWFsIExpbWl0ZWQpMSwwKgYDVQQD EyNTdGFydENvbSBDbGFzcyAyIFNlcnZlciBPQ1NQIFNpZ25lchgPMjAxNTA0MjIwODA5MDJaMGYw ZDA8MAkGBSsOAwIaBQAEFLmy1W2wIbNuQvYnJFgGxKmml5rrBBQR2yNF/VTManFvhIoD1773AS8m hgIDAZBxgAAYDzIwMTUwNDIyMDgwOTAyWqARGA8yMDE1MDQyNDA4MDkwMlowDQYJKoZIhvcNAQEF BQADggEBAGBYL2JM4RPBh3A5y53vdxSs8LzyxSED1+3oA5GGxqmf6fOg45WrlylLCbMpgtVeAU3Q vJ4+wtU+M3r6pz+Ns1Aa0sIyrBEdRyqBI9MQm8hD1VcEm/dmeqoKYrnBcfVpDkItgPiKmx/znfJK ZzTrzUHVNlbqMjHthM1wT7iBVuEGTlkTn5EIGngb5GO8NZEaTfUUWYe9Dix9bP/LUrplIzHVMUg5 fuA6gGW2FRTY1HvFsTwBxOk2hiAOpAATb6Jc0kpWUaSGVaAZqcIV4JfEMoEzWY6nz2Os6JhbVypH OTyL9I6Hs2ySO0xTsPctACRO8+TiSGG1UPHsXWD1g6q8m+mgggQhMIIEHTCCBBkwggMBoAMCAQIC AwMBZTANBgkqhkiG9w0BAQUFADCBjDELMAkGA1UEBhMCSUwxFjAUBgNVBAoTDVN0YXJ0Q29tIEx0 ZC4xKzApBgNVBAsTIlNlY3VyZSBEaWdpdGFsIENlcnRpZmljYXRlIFNpZ25pbmcxODA2BgNVBAMT L1N0YXJ0Q29tIENsYXNzIDIgUHJpbWFyeSBJbnRlcm1lZGlhdGUgU2VydmVyIENBMB4XDTE1MDMy MjA3MDA1MVoXDTE1MDUwMjA4NDE1NlowbjELMAkGA1UEBhMCSUwxMTAvBgNVBAoTKFN0YXJ0Q29t IEx0ZC4gKFN0YXJ0IENvbW1lcmNpYWwgTGltaXRlZCkxLDAqBgNVBAMTI1N0YXJ0Q29tIENsYXNz IDIgU2VydmVyIE9DU1AgU2lnbmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0NX1 cJorQTX3+M+1a7Pf4LkSDT3TmZ8ycwEfvH1PPmb3/WBXkjC025r100kZ1q03Q3hpjA0jDnrRZQjr cYw3NtNNpssRsvq0OD4rcIz38dlkYib0pywkJU5NPnpUVw/BiZ62VQt8vjjai2Lp8fqM2TIfvm0u PUinT0jU/2v2F/gxsjfriXEZD+eGBmb7xa17dQvMLjxNHJlAMnLUXMkGqpjpAZLbJUgarj8BTYqw eLEo4AmbI+IoRm9QUnEc8QmghzvbhKOxV2+/UtIwgzAmwCeObQNDFEIxKfJ+UsuEIC6HGeVIrQbO Lg/teCo9ecSw2/pOlYhGdRKwelVqOK7qWQIDAQABo4GgMIGdMAkGA1UdEwQCMAAwCwYDVR0PBAQD AgOoMB4GA1UdJQQXMBUGCCsGAQUFBwMJBgkrBgEFBQcwAQUwHQYDVR0OBBYEFL1M7w73CKzJvTkP 2aDTzs8mSLgZMB8GA1UdIwQYMBaAFBHbI0X9VMxqcW+EigPXvvcBLyaGMCMGA1UdEgQcMBqGGGh0 dHA6Ly93d3cuc3RhcnRzc2wuY29tLzANBgkqhkiG9w0BAQUFAAOCAQEAbUxEZFLrPavHWCENPVUz RqkKZz31R/G5vbXExONkKek/fFwD7P8pyRKywyGaBJdJzQNqh2+3v3JQgaX1rPGsNjEexYO74TL3 i4C/ePNaKzp5ak3n1FDf+5vFHjE6cL07TQokilVOn67Gos/9ljPdji/+Upbb8CXDt9/R1+G9caXc oIFVr+eCB7J/aVijkrPOzEOhH9QofpNeBw1Rwm6qf3yn56baYzra8r4xvEBWlHfR8tpMlEsz6l3j AsONmLlL9w12JtCTQUmUtEtF77lMy0+x3k0nNIx4UxRvQFxZG0h6xRiEz+pxmTjHM+tSe10P/kaA UzwvsRiqE0bmxXRkGQ==

Download
SHA256	a305997c3b86ef647e8f6b6957ed2f8c400e4405f30a7dd38f896c33e4356b7e
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST http://ocsp.startssl.com/sub/class2/server/ca HTTP/1.1 Host: ocsp.startssl.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection: keep-alive
Response Header	HTTP/1.1 200 OK Server: Apache/2.2.3 (StartCom) Content-Length: 1609 ETag: "2a70950da505c9dc214aa4842b5ad5b7a0e7abe9" Last-Modified: Wed, 22 Apr 2015 08:09:02 +0000 Content-Type: application/ocsp-response Expires: Wed, 22 Apr 2015 10:27:19 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 22 Apr 2015 10:27:19 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 06 45 0A 01 00 A0 82 06 3E 30 82 06 3A 06 0..E......>0..:. 0010 09 2B 06 01 05 05 07 30 01 01 04 82 06 2B 30 82 .+.....0.....+0. 0020 06 27 30 81 EB A1 70 30 6E 31 0B 30 09 06 03 55 .'0...p0n1.0...U 0030 04 06 13 02 49 4C 31 31 30 2F 06 03 55 04 0A 13 ....IL110/..U... 0040 28 53 74 61 72 74 43 6F 6D 20 4C 74 64 2E 20 28 (StartCom Ltd. ( 0050 53 74 61 72 74 20 43 6F 6D 6D 65 72 63 69 61 6C Start Commercial 0060 20 4C 69 6D 69 74 65 64 29 31 2C 30 2A 06 03 55 Limited)1,0*..U 0070 04 03 13 23 53 74 61 72 74 43 6F 6D 20 43 6C 61 ...#StartCom Cla

ocsp.startssl.com (213.155.158.81:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/sub/class2/server/ca

application/ocsp-response

200 OK

BINARY

1.6 KB

02/15/92 10:47:58

Download
SHA256	a305997c3b86ef647e8f6b6957ed2f8c400e4405f30a7dd38f896c33e4356b7e
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST /sub/class2/server/ca HTTP/1.1 Host: ocsp.startssl.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 70 Content-Type: application/ocsp-request Connection:
Response Header	HTTP/1.1 200 OK Server: Apache/2.2.3 (StartCom) Content-Length: 1609 ETag: "2a70950da505c9dc214aa4842b5ad5b7a0e7abe9" Last-Modified: Wed, 22 Apr 2015 08:09:02 +0000 Content-Type: application/ocsp-response Expires: Wed, 22 Apr 2015 10:27:19 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Wed, 22 Apr 2015 10:27:19 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 06 45 0A 01 00 A0 82 06 3E 30 82 06 3A 06 0..E......>0..:. 0010 09 2B 06 01 05 05 07 30 01 01 04 82 06 2B 30 82 .+.....0.....+0. 0020 06 27 30 81 EB A1 70 30 6E 31 0B 30 09 06 03 55 .'0...p0n1.0...U 0030 04 06 13 02 49 4C 31 31 30 2F 06 03 55 04 0A 13 ....IL110/..U... 0040 28 53 74 61 72 74 43 6F 6D 20 4C 74 64 2E 20 28 (StartCom Ltd. ( 0050 53 74 61 72 74 20 43 6F 6D 6D 65 72 63 69 61 6C Start Commercial 0060 20 4C 69 6D 69 74 65 64 29 31 2C 30 2A 06 03 55 Limited)1,0*..U 0070 04 03 13 23 53 74 61 72 74 43 6F 6D 20 43 6C 61 ...#StartCom Cla

nwi.anonymox.net (10.0.2.109:49166)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://nwi.anonymox.net/externalinfo?gw=off

text/anonymox

externalinfo

200 OK

TEXT

15.0 B

03/01/92 00:36:39

nwi.anonymox.net (176.9.204.151:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/externalinfo?gw=off

text/anonymox

externalinfo

200 OK

TEXT

15.0 B

03/01/92 06:22:23

/selfcheck?gw=off

text/anonymox

selfcheck

200 OK

0.0 B

03/04/92 03:31:18

ocsp.digicert.com (213.155.158.81:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://ocsp.digicert.com/

text/html

13.html

400 Bad Request

HTML

193.0 B

04/15/92 06:13:01

Download
SHA256	1c81d5b16b9823fdd48395a8feaa72d322cb847df8bb475372a67980a625f955
Referer
Magic	HyperText Markup Language (HTML)
Request	POST http://ocsp.digicert.com/ HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 83 Content-Type: application/ocsp-request Connection: keep-alive
Response Header	HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 193 Expires: Wed, 22 Apr 2015 10:27:24 GMT Date: Wed, 22 Apr 2015 10:27:24 GMT Connection: close
Response Peek (128 B)	<HTML><HEAD> <TITLE>Invalid URL</TITLE> </HEAD><BODY> <H1>Invalid URL</H1> The requested URL "/", is invalid.<p> Reference&#...

ocsp.digicert.com (93.184.220.29:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

application/ocsp-response

14.html

200 OK

BINARY

471.0 B

04/20/92 16:11:45

Download
SHA256	98ba00d7011e3fced0bd947bd5f5eef413e1ff3f4c79a851e20aa7b45907d78d
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: ocsp.digicert.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 83 Content-Type: application/ocsp-request Connection:
Response Header	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=517481 Content-Type: application/ocsp-response Date: Wed, 22 Apr 2015 10:27:24 GMT Etag: "55373fbb-1d7" Expires: Tue, 28 Apr 2015 22:27:24 GMT Last-Modified: Wed, 22 Apr 2015 06:29:15 GMT Server: ECS (frf/87C2) X-Cache: HIT Content-Length: 471
HEX Peek (128 B)	0000 30 82 01 D3 0A 01 00 A0 82 01 CC 30 82 01 C8 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 01 B9 30 82 .+.....0......0. 0020 01 B5 30 81 9E A2 16 04 14 3D D3 50 A5 D6 A0 AD ..0......=.P.... 0030 EE F3 4A 60 0A 65 D3 21 D4 F8 F8 D6 0F 18 0F 32 ..J`.e.!.......2 0040 30 31 35 30 34 32 32 30 36 31 34 30 30 5A 30 73 0150422061400Z0s 0050 30 71 30 49 30 09 06 05 2B 0E 03 02 1A 05 00 04 0q0I0...+....... 0060 14 49 F4 BD 8A 18 BF 76 06 98 C5 DE 40 2D 68 3B .I.....v....@-h; 0070 71 6A E4 E6 86 04 14 3D D3 50 A5 D6 A0 AD EE F3 qj.....=.P......

ocsp.godaddy.com (10.0.2.109:49172)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://ocsp.godaddy.com/

application/ocsp-response

15.html

200 OK

BINARY

471.0 B

08/14/93 19:36:25

Download
SHA256	b0bffcc6874b73205171c141f7c736fb102fc19dac0ec975369b2bbf224b92bb
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST http://ocsp.godaddy.com/ HTTP/1.1 Host: ocsp.godaddy.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 74 Content-Type: application/ocsp-request Connection: keep-alive
Response Header	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: max-age=517481 Content-Type: application/ocsp-response Date: Wed, 22 Apr 2015 10:27:24 GMT Etag: "55373fbb-1d7" Expires: Tue, 28 Apr 2015 22:27:24 GMT Last-Modified: Wed, 22 Apr 2015 06:29:15 GMT Server: ECS (frf/87C2) X-Cache: HIT Content-Length: 471
HEX Peek (128 B)	0000 30 48 30 46 30 44 30 42 30 40 30 09 06 05 2B 0E 0H0F0D0B0@0...+. 0010 03 02 1A 05 00 04 14 70 29 22 76 53 7F 1A BC 8F .......p)"vS.... 0020 D5 3C 94 84 E9 14 CB 76 2A 05 2A 04 14 FD AC 61 .<.....v.....a 0030 32 93 6C 45 D6 E2 EE 85 5F 9A BA E7 76 99 68 CC 2.lE...._...v.h. 0040 E7 02 07 04 9D D2 6D E5 1B 85 ......m...

nbahd.com (93.184.220.29:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://nbahd.com/

application/ocsp-response

16.html

200 OK

BINARY

5.0 B

07/27/94 01:39:26

Download
SHA256	bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	GET http://nbahd.com/ HTTP/1.1 Host: nbahd.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Pragma: no-cache Cache-Control: no-cache
Response Header	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: no-cache Content-Type: application/ocsp-response Date: Wed, 22 Apr 2015 10:28:36 GMT Etag: "4e35dea6-5" Expires: Tue, 28 Apr 2015 22:28:36 GMT Last-Modified: Sun, 31 Jul 2011 23:00:54 GMT Server: ECS (frf/87E1) X-Cache: HIT Content-Length: 5
HEX Peek (128 B)	0000 30 03 0A 01 06 0....

nwi.anonymox.net (10.0.2.109:49167)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://nwi.anonymox.net/selfcheck?gw=off

text/anonymox

selfcheck

200 OK

0.0 B

03/03/92 16:20:39

ocsp.godaddy.com (188.121.36.239:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/(2)

application/ocsp-response

(2)

200 OK

BINARY

1.7 KB

01/15/96 22:01:01

MIIGyQoBAKCCBsIwgga+BgkrBgEFBQcwAQEEggavMIIGqzCB/6GBhTCBgjELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHku Y29tLCBJbmMuMTAwLgYDVQQDEydHbyBEYWRkeSBSb290IFZhbGlkYXRpb24gQXV0aG9yaXR5IC0g RzIYDzIwMTUwNDIyMTAwMzIzWjBkMGIwOjAJBgUrDgMCGgUABBQdI2+OBkuXH93foRUj4a7lAr4r GwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQeAABgPMjAxNTA0MjIxMDAzMjNaoBEYDzIwMTUwNDIz MjIwMzIzWjANBgkqhkiG9w0BAQUFAAOCAQEAt4fkHAEwlJ8PRIah1dv7syavNkO+aRv4c8anIroZ vI9/EpQZF6XD3XXFnKzDQzD9kM1LZ7+rwaxwUPBYos63T+mn6nZ7Bj2Tm+S8O+uc9mjaxJp4PjBp QQONJ9olUFSzwT1FnwQirSMDwvsE4oou8oJI1xQB9cIGPhMpgiyacmCATbAJvlDQsrTWPXigmFZ1 DlVRPyeOLPXEI9xEdNTc3uLX0DMvHST+jISHk4gbBwT6NdPah8wC8HEcVV+t8812Fr49nvABSE/b 31DON59O1hyj5gOhuFUO65QePG/yqy28IEYRZTH+Sf8/jBVejNFTDDx5Dfbxb3yql719qTc8F6CC BJEwggSNMIIEiTCCA3GgAwIBAgIJAKocdIKEh51vMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQG EwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29E YWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9y aXR5IC0gRzIwHhcNMTUwMzE2MDcwMDAwWhcNMTYwMzE2MDcwMDAwWjCBgjELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHku Y29tLCBJbmMuMTAwLgYDVQQDEydHbyBEYWRkeSBSb290IFZhbGlkYXRpb24gQXV0aG9yaXR5IC0g RzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHeG8owvMPhFFR6mBM8n6D88wmpxCB YbBG1D3604sEzGQ9Dh0X4o4iprDUBfbbP+fxlVwCHradq87MiJy7YgREmBPYt2w970hTEk7ZA8yi ve9BEvU77JDsrEMpCs/AKO/uVIzs8ZDW86sPWEEtTtmBveZrMSCDk+/7BWFnw/LaLDSoTHvuSaQN aEVLYtfUS4el+8fBwiHpKOvjhTeV8tDycM5PuBHJWJ3CXwLA9pXVz86cOK9C4A9rWzSThMjzjLkF AOeI8mW0mBgvCn+q517MU+SkN0G1YvpvQgwYXB6ZhNQJuzIlD3xjEaqAQcurHJpGa8xUvYgyNMEw QqavgHCFAgMBAAGjgf4wgfswDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0lBBYw FAYIKwYBBQUHAwEGCCsGAQUFBwMJMB0GA1UdDgQWBBQJT+sKnPW/EhjnZhqT0mWblXKVnDAPBgkr BgEFBQcwAQUEAgUAMEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vcmVw b3NpdG9yeS9nZHJvb3QtZzIuY3JsMEoGA1UdIARDMEEwPwYLYIZIAYb9bQEHFwEwMDAuBggrBgEF BQcCARYiaHR0cDovL2NybC5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOC AQEAYlclRMYyAVjYwVVbMGTLr4OY/Ziv5J6efI5CYUcJWcg/sXUQGMlchKH9TYORNrY9augoO1ZP E0wcD/sMidrzbLbttzx6D59eH35I3q7J0lOJs/P8EunTLaY+mCqAVo0zvjLk4SRy3eiGDCQy549x xDjvcDe56FVtydBwe80GXuVGraYm2GvmTUN7pPv35uNimnyWBL3KcGfhJYT6H+Xzy+EvvfbtA8UT lpemTtOCOLHj1M62FfzbudAUNqsMfnElLUz9qtiZYF4bthDKMNZOYt5WF3MJqY8cpShm/G7Tq+FM FVs36irtfwMS8zXTkngYcswGFO5wTQI+69+vHpGIVw==

Download
SHA256	3992c05b2ab04a33d2f352bc6b9e4720e4d92b79eeb66d4c70f66ffc1e9ba363
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: ocsp.godaddy.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 68 Content-Type: application/ocsp-request Connection:
Response Header	HTTP/1.1 200 OK Date: Wed, 22 Apr 2015 10:29:22 GMT Server: Apache Content-Transfer-Encoding: Binary Cache-Control: max-age=121638, public, no-transform, must-revalidate Last-Modified: Wed, 22 Apr 2015 10:03:23 GMT Expires: Thu, 23 Apr 2015 22:03:23 GMT ETag: "d779454ddabd15add571c77d799d2dcfd5b8edf5" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA" Content-Length: 1741 Connection: close Content-Type: application/ocsp-response
HEX Peek (128 B)	0000 30 82 06 C9 0A 01 00 A0 82 06 C2 30 82 06 BE 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 06 AF 30 82 .+.....0......0. 0020 06 AB 30 81 FF A1 81 85 30 81 82 31 0B 30 09 06 ..0.....0..1.0.. 0030 03 55 04 06 13 02 55 53 31 10 30 0E 06 03 55 04 .U....US1.0...U. 0040 08 13 07 41 72 69 7A 6F 6E 61 31 13 30 11 06 03 ...Arizona1.0... 0050 55 04 07 13 0A 53 63 6F 74 74 73 64 61 6C 65 31 U....Scottsdale1 0060 1A 30 18 06 03 55 04 0A 13 11 47 6F 44 61 64 64 .0...U....GoDadd 0070 79 2E 63 6F 6D 2C 20 49 6E 63 2E 31 30 30 2E 06 y.com, Inc.100..

/(3)

application/ocsp-response

(3)

200 OK

BINARY

1.7 KB

01/22/96 07:22:51

MIIG9goBAKCCBu8wggbrBgkrBgEFBQcwAQEEggbcMIIG2DCB+aF6MHgxCzAJBgNVBAYTAlVTMRAw DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRUwEwYDVQQKEwxHb0RhZGR5IElu Yy4xKzApBgNVBAMTIkdvIERhZGR5IFZhbGlkYXRpb24gQXV0aG9yaXR5IC0gRzIYDzIwMTUwNDIy MTAwMjUxWjBqMGgwQDAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMw ojPX+2yz8LQsgM4CBweJO43e+bmAABgPMjAxNTA0MjIxMDAyNTFaoBEYDzIwMTUwNDIzMjIwMjUx WjANBgkqhkiG9w0BAQUFAAOCAQEAB9MAYRiVXTp5MkrzrRpBaCIVYMZBZiRGgB5eTzems52kiQsb 351Br7M1xvXFLdPDus2oNJB1u/sPsFUa+K4+t24pHEb56PToSudJ5zw+qkmFJG8Fh1ax1T/pcym7 nPmorr99fxvnm79IdhYrcmgjpyNV6LQwlCPrQqeSpiyA7hP/3tEMex5tjVL1SAX+V9raw9OkU39e 1iD5ESNqKfY7UwneqnUGLtGpw6OCat7F8HP/2EVb9zvgXO6KKKRGn7xt0MbcSHbt6fmTRD7vWSQh dvn01vQXRcAK7fuq/kaTMfVXDDUKKGr9Z9T49cNgqybPb3Stfh1luLqDXRdIIg+qC6CCBMQwggTA MIIEvDCCA6SgAwIBAgIILKh68Ehs0B4wDQYJKoZIhvcNAQELBQAwgbQxCzAJBgNVBAYTAlVTMRAw DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNv bSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMTMw MQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwHhcNMTUw MzE2MDcwMDAwWhcNMTYwMzE2MDcwMDAwWjB4MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9u YTETMBEGA1UEBxMKU2NvdHRzZGFsZTEVMBMGA1UEChMMR29EYWRkeSBJbmMuMSswKQYDVQQDEyJH byBEYWRkeSBWYWxpZGF0aW9uIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAx3hvKMLzD4RRUepgTPJ+g/PMJqcQgWGwRtQ9+tOLBMxkPQ4dF+KOIqaw1AX22z/n 8ZVcAh62navOzIicu2IERJgT2LdsPe9IUxJO2QPMor3vQRL1O+yQ7KxDKQrPwCjv7lSM7PGQ1vOr D1hBLU7Zgb3mazEgg5Pv+wVhZ8Py2iw0qEx77kmkDWhFS2LX1EuHpfvHwcIh6Sjr44U3lfLQ8nDO T7gRyVidwl8CwPaV1c/OnDivQuAPa1s0k4TI84y5BQDniPJltJgYLwp/qudezFPkpDdBtWL6b0IM GFwemYTUCbsyJQ98YxGqgEHLqxyaRmvMVL2IMjTBMEKmr4BwhQIDAQABo4IBCzCCAQcwDAYDVR0T AQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMJMB0G A1UdDgQWBBQJT+sKnPW/EhjnZhqT0mWblXKVnDAPBgkrBgEFBQcwAQUEAgUAMEwGA1UdHwRFMEMw QaA/oD2GO2h0dHA6Ly9jcmwuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9tYXN0ZXJnb2RhZGR5Mmlz c3VpbmcuY3JsMEoGA1UdIARDMEEwPwYLYIZIAYb9bQEHFwEwMDAuBggrBgEFBQcCARYiaHR0cDov L2NybC5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAihPTACIlsiem uG4z/JsuMQfMSeS9R6NuUliFeab+v62TQ2TuOkv62FmbG8BJknBB93Bew2SF3eztjz04LpN5syQX rOzx7/jySgurJCfIfcl2z8uJZokmYrvdxNb+iH8Ab3FbO+k9Z/0M65sh3ApwXHfaZ9SmfZLKfO2X bf9aWQnsxgAz8sx5JcLuIF9OJ10NGw5WFnIAcDHq8P2E0/YTv/Mw4KZh7TkH7Pt9uChLkx8MCzus aKzKge9UGWOfrbvcsWxTY78TwW+VTOMIvuLI7o4Leln7xFL/BAQ2OiIP31NbvC0H12D4NE3NOOjb MY8sK6wyG1S2D6ViPpe9foExJQ==

Download
SHA256	4400b365f13222cba6bd968016e2dd90ae5dcf2ce4de43575aa5ded4a398f015
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: ocsp.godaddy.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 74 Content-Type: application/ocsp-request Connection:
Response Header	HTTP/1.1 200 OK Date: Wed, 22 Apr 2015 10:29:23 GMT Server: Apache Content-Transfer-Encoding: Binary Cache-Control: max-age=121607, public, no-transform, must-revalidate Last-Modified: Wed, 22 Apr 2015 10:02:51 GMT Expires: Thu, 23 Apr 2015 22:02:51 GMT ETag: "cdba3159099a46f9a1c4b7bc6625d981042deefa" P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA" Content-Length: 1786 Connection: close Content-Type: application/ocsp-response
HEX Peek (128 B)	0000 30 82 06 F6 0A 01 00 A0 82 06 EF 30 82 06 EB 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 06 DC 30 82 .+.....0......0. 0020 06 D8 30 81 F9 A1 7A 30 78 31 0B 30 09 06 03 55 ..0...z0x1.0...U 0030 04 06 13 02 55 53 31 10 30 0E 06 03 55 04 08 13 ....US1.0...U... 0040 07 41 72 69 7A 6F 6E 61 31 13 30 11 06 03 55 04 .Arizona1.0...U. 0050 07 13 0A 53 63 6F 74 74 73 64 61 6C 65 31 15 30 ...Scottsdale1.0 0060 13 06 03 55 04 0A 13 0C 47 6F 44 61 64 64 79 20 ...U....GoDaddy 0070 49 6E 63 2E 31 2B 30 29 06 03 55 04 03 13 22 47 Inc.1+0)..U..."G

clients1.google.com (173.194.116.192:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/ocsp

application/ocsp-response

ocsp

200 OK

BINARY

463.0 B

03/02/96 10:24:27

Download
SHA256	bfde5c4732407165101a748aa4d7ec512d4ebea7ba9cd06648fac096ad92a790
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST /ocsp HTTP/1.1 Host: clients1.google.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 75 Content-Type: application/ocsp-request Connection:
Response Header	HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Wed, 22 Apr 2015 10:29:27 GMT Expires: Sun, 26 Apr 2015 10:29:27 GMT Cache-Control: public, max-age=345600 Server: ocsp_responder Content-Length: 463 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Alternate-Protocol: 80:quic,p=1
HEX Peek (128 B)	0000 30 82 01 CB 0A 01 00 A0 82 01 C4 30 82 01 C0 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 01 B1 30 82 .+.....0......0. 0020 01 AD 30 81 96 A2 16 04 14 4A DD 06 16 1B BC F6 ..0......J...... 0030 68 B5 76 F5 81 B6 BB 62 1A BA 5A 81 2F 18 0F 32 h.v....b..Z./..2 0040 30 31 35 30 34 32 32 30 31 30 31 32 39 5A 30 6B 0150422010129Z0k 0050 30 69 30 41 30 09 06 05 2B 0E 03 02 1A 05 00 04 0i0A0...+....... 0060 14 F2 E0 6A F9 85 8A 1D 8D 70 9B 49 19 23 7A A9 ...j.....p.I.#z. 0070 B5 1A 28 7E 64 04 14 4A DD 06 16 1B BC F6 68 B5 ..(~d..J......h.

clients1.google.com (10.0.2.109:49217)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://clients1.google.com/ocsp

application/ocsp-response

ocsp

200 OK

BINARY

463.0 B

02/19/96 10:00:53

Download
SHA256	bfde5c4732407165101a748aa4d7ec512d4ebea7ba9cd06648fac096ad92a790
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST http://clients1.google.com/ocsp HTTP/1.1 Host: clients1.google.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 75 Content-Type: application/ocsp-request Connection: keep-alive
Response Header	HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Wed, 22 Apr 2015 10:29:27 GMT Expires: Sun, 26 Apr 2015 10:29:27 GMT Cache-Control: public, max-age=345600 Server: ocsp_responder Content-Length: 463 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Alternate-Protocol: 80:quic,p=1
HEX Peek (128 B)	0000 30 82 01 CB 0A 01 00 A0 82 01 C4 30 82 01 C0 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 01 B1 30 82 .+.....0......0. 0020 01 AD 30 81 96 A2 16 04 14 4A DD 06 16 1B BC F6 ..0......J...... 0030 68 B5 76 F5 81 B6 BB 62 1A BA 5A 81 2F 18 0F 32 h.v....b..Z./..2 0040 30 31 35 30 34 32 32 30 31 30 31 32 39 5A 30 6B 0150422010129Z0k 0050 30 69 30 41 30 09 06 05 2B 0E 03 02 1A 05 00 04 0i0A0...+....... 0060 14 F2 E0 6A F9 85 8A 1D 8D 70 9B 49 19 23 7A A9 ...j.....p.I.#z. 0070 B5 1A 28 7E 64 04 14 4A DD 06 16 1B BC F6 68 B5 ..(~d..J......h.

zoosk.com (70.42.170.77:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/(4)

text/html

(4)

301 Moved Permanently

0.0 B

12/28/95 18:59:20

sd.symcd.com (23.50.107.27:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/(5)

application/ocsp-response

(5)

200 OK

BINARY

1.7 KB

05/20/98 16:13:58

MIIGvgoBAKCCBrcwggazBgkrBgEFBQcwAQEEggakMIIGoDCBnqIWBBRcgY6OwF8oCU35aC8myHEm jlQYKRgPMjAxNTA0MjEyMjE1MDhaMHMwcTBJMAkGBSsOAwIaBQAEFAyBKTh0spYpEH7YNWJSZART DeCDBBQNRFwWU0TBgn4dIKsl9AFj2L55pQIQHm9iO/URyFo5k21U4pMrpYAAGA8yMDE1MDQyMTIy MTUwOFqgERgPMjAxNTA0MjgyMjE1MDhaMA0GCSqGSIb3DQEBBQUAA4IBAQBgdEmGl0BGZef883rV 4Y3wkfjxV+1WCUtt7AeZavKq4qT27HozmJYt97un1VLh4bwbTsSeZilo5fcMa5hr7XhXaehworD5 YT6ZhDPQTsL1aeZmqPTEoVgh782LgdX90MY80rDxV9ziRiZatd7DIsOJejWhY+fsRHVobvgLUHWG 1z3+UkW+Zm1q4byCHPRuLRsgEz6Fln3YMy9dACmIcDPczHQKO6eqVXer4twhFM4la9W0lVLUmNMF PeRwDFtv23MnrtlGMkwL14nQzbxwlscw8nnPlRkw/7RSVoORGNnoSJ4ZU5ytixsDQNRsi9IbaoNy 0MjZtcwS0HriKleg3/pUoIIE5zCCBOMwggTfMIIDx6ADAgECAhB27xB8qEgVY72xlw3eMucXMA0G CSqGSIb3DQEBBQUAMIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAd BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBo dHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFz cyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xNTAyMjUwMDAwMDBaFw0xNTA1MjYyMzU5NTla MIGHMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT aWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAMTNVZlcmlTaWduIENsYXNzIDMgU2VjdXJlIFNlcnZl ciBDQSAtIEczIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 5MuN3OYaW6DHdsh5lrCm/sxwtsikW7aPHZy68fH4VOwjahPlZMRH068cS5ZC1U2KiLDTxgp1lvd3 hzGJfP8DwJWlIFbXLy7/ajIhBqWpYKCKgCbg9ID/vtVHmYDkXKYqqD4T/dIlXNJ1vcGmgnDfG6NS 32Ddz4M6JpDH2/G9FH691Gq/HxnLqSJavBoJ2TUAwdPTNNDyer+Z+O7p496sXr5PVuRedTU8XUmU JNS5FZyam/WqcB2DdMYdl29SjBmMRF+xbzwZCRddZ/j1q7s4G39liNZyD4WWyLZzG0kQyGEH+Eom t4YPrPOYn6VMkqRDS1+xfvVunF+uTJQ/IVDMhQIDAQABo4IBFTCCAREwCQYDVR0TBAIwADCBrAYD VR0gBIGkMIGhMIGeBgtghkgBhvhFAQcXAzCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy aXNpZ24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlT aWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24w EwYDVR0lBAwwCgYIKwYBBQUHAwkwCwYDVR0PBAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0R BBswGaQXMBUxEzARBgNVBAMTClRHVi1CLTMxODEwDQYJKoZIhvcNAQEFBQADggEBAKTi2nfMH+sW FApuBkD95BsZDRwKLM1uoZR0PxNBhGgnRRrImY50ASIewfJwBWzUJd1xmOcvHEGYZ628Mtsj6Cjv u9j/Mi82CgQ1gWQDgBywQNWXod659ObOPtFLm8VqsDkEg3o9nN5qolm+UBcG5KKVjbXZNs2QvRmm AKU1Sc7y/9fS4y23ZVzXX0xgON0+sP+Hl7w0OpBu9QrQMYJ/2pl28eZWCC7raH2qoWjN6Rb92SSs yaIV6j7yJgNOhi9OhvdJFvUgW/WE5KGcrt/HavvTvT4dbNveeSayGn419nNd1vwceGLwLsCPZNig /LB/vrMk2g87sMD3rl82eXJCwO8=

Download
SHA256	2152e9b6b0a787cd752f605f968f5782ebd1942ca802502efb34432317bb079f
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: sd.symcd.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 83 Content-Type: application/ocsp-request Connection:
Response Header	HTTP/1.1 200 OK Server: nginx/1.4.7 Content-Type: application/ocsp-response Content-Length: 1730 content-transfer-encoding: binary Cache-Control: max-age=560710, public, no-transform, must-revalidate Last-Modified: Tue, 21 Apr 2015 22:15:08 GMT Expires: Tue, 28 Apr 2015 22:15:08 GMT Date: Wed, 22 Apr 2015 10:30:36 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 06 BE 0A 01 00 A0 82 06 B7 30 82 06 B3 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 06 A4 30 82 .+.....0......0. 0020 06 A0 30 81 9E A2 16 04 14 5C 81 8E 8E C0 5F 28 ..0......\...._( 0030 09 4D F9 68 2F 26 C8 71 26 8E 54 18 29 18 0F 32 .M.h/&.q&.T.)..2 0040 30 31 35 30 34 32 31 32 32 31 35 30 38 5A 30 73 0150421221508Z0s 0050 30 71 30 49 30 09 06 05 2B 0E 03 02 1A 05 00 04 0q0I0...+....... 0060 14 0C 81 29 38 74 B2 96 29 10 7E D8 35 62 52 64 ...)8t..).~.5bRd 0070 04 53 0D E0 83 04 14 0D 44 5C 16 53 44 C1 82 7E .S......D\.SD..~

/(7)

application/ocsp-response

(7)

200 OK

BINARY

1.7 KB

06/14/98 17:19:57

MIIGvgoBAKCCBrcwggazBgkrBgEFBQcwAQEEggakMIIGoDCBnqIWBBRcgY6OwF8oCU35aC8myHEm jlQYKRgPMjAxNTA0MTkwNTEwMTdaMHMwcTBJMAkGBSsOAwIaBQAEFAyBKTh0spYpEH7YNWJSZART DeCDBBQNRFwWU0TBgn4dIKsl9AFj2L55pQIQAgvBP6YjZimWEBnJXWy074AAGA8yMDE1MDQxOTA1 MTAxN1qgERgPMjAxNTA0MjYwNTEwMTdaMA0GCSqGSIb3DQEBBQUAA4IBAQCrTwCn3YUr4/w1QdPF d/admZTj2zi1arKEHkBNj5DATL1/+dymGVtNt/LCanqX9W+qPSyJGMNR9LsshFKXaKIm+j5UF93E NX4I3tRpTrs4nBAVLkFPgRDh+cioyi1zMC9RlVOSRuenBD71a2snneivtgdxEpw4B2tRdij7alz2 ilkaCBPfEFWVHGvnoXvm0pfgeWI6wvKPcuzcOfvHRiIvFVuVU30QJlLjbtO2BY3ZluqnFnjPCnlF 0caICWaHdeTR1z/qudRLhGWnDrIHp4CHXrHA/IIl5MH6EzvZ7Tb+5caBWwaiHhFoWRO9M4osNtLc TpWMCJFOMKH02f3dYgiwoIIE5zCCBOMwggTfMIIDx6ADAgECAhB27xB8qEgVY72xlw3eMucXMA0G CSqGSIb3DQEBBQUAMIG1MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAd BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxOzA5BgNVBAsTMlRlcm1zIG9mIHVzZSBhdCBo dHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhIChjKTEwMS8wLQYDVQQDEyZWZXJpU2lnbiBDbGFz cyAzIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHMzAeFw0xNTAyMjUwMDAwMDBaFw0xNTA1MjYyMzU5NTla MIGHMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlT aWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAMTNVZlcmlTaWduIENsYXNzIDMgU2VjdXJlIFNlcnZl ciBDQSAtIEczIE9DU1AgUmVzcG9uZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA 5MuN3OYaW6DHdsh5lrCm/sxwtsikW7aPHZy68fH4VOwjahPlZMRH068cS5ZC1U2KiLDTxgp1lvd3 hzGJfP8DwJWlIFbXLy7/ajIhBqWpYKCKgCbg9ID/vtVHmYDkXKYqqD4T/dIlXNJ1vcGmgnDfG6NS 32Ddz4M6JpDH2/G9FH691Gq/HxnLqSJavBoJ2TUAwdPTNNDyer+Z+O7p496sXr5PVuRedTU8XUmU JNS5FZyam/WqcB2DdMYdl29SjBmMRF+xbzwZCRddZ/j1q7s4G39liNZyD4WWyLZzG0kQyGEH+Eom t4YPrPOYn6VMkqRDS1+xfvVunF+uTJQ/IVDMhQIDAQABo4IBFTCCAREwCQYDVR0TBAIwADCBrAYD VR0gBIGkMIGhMIGeBgtghkgBhvhFAQcXAzCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy aXNpZ24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlT aWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24w EwYDVR0lBAwwCgYIKwYBBQUHAwkwCwYDVR0PBAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwIgYDVR0R BBswGaQXMBUxEzARBgNVBAMTClRHVi1CLTMxODEwDQYJKoZIhvcNAQEFBQADggEBAKTi2nfMH+sW FApuBkD95BsZDRwKLM1uoZR0PxNBhGgnRRrImY50ASIewfJwBWzUJd1xmOcvHEGYZ628Mtsj6Cjv u9j/Mi82CgQ1gWQDgBywQNWXod659ObOPtFLm8VqsDkEg3o9nN5qolm+UBcG5KKVjbXZNs2QvRmm AKU1Sc7y/9fS4y23ZVzXX0xgON0+sP+Hl7w0OpBu9QrQMYJ/2pl28eZWCC7raH2qoWjN6Rb92SSs yaIV6j7yJgNOhi9OhvdJFvUgW/WE5KGcrt/HavvTvT4dbNveeSayGn419nNd1vwceGLwLsCPZNig /LB/vrMk2g87sMD3rl82eXJCwO8=

Download
SHA256	5b2cd5f6df67ad6b79dfc9adbe441da6fa83d872e8b749fa75818c8585f72ee9
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: sd.symcd.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 83 Content-Type: application/ocsp-request Connection:
Response Header	HTTP/1.1 200 OK Server: nginx/1.4.7 Content-Type: application/ocsp-response Content-Length: 1730 content-transfer-encoding: binary Cache-Control: max-age=326561, public, no-transform, must-revalidate Last-Modified: Sun, 19 Apr 2015 05:10:17 GMT Expires: Sun, 26 Apr 2015 05:10:17 GMT Date: Wed, 22 Apr 2015 10:30:39 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 06 BE 0A 01 00 A0 82 06 B7 30 82 06 B3 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 06 A4 30 82 .+.....0......0. 0020 06 A0 30 81 9E A2 16 04 14 5C 81 8E 8E C0 5F 28 ..0......\...._( 0030 09 4D F9 68 2F 26 C8 71 26 8E 54 18 29 18 0F 32 .M.h/&.q&.T.)..2 0040 30 31 35 30 34 31 39 30 35 31 30 31 37 5A 30 73 0150419051017Z0s 0050 30 71 30 49 30 09 06 05 2B 0E 03 02 1A 05 00 04 0q0I0...+....... 0060 14 0C 81 29 38 74 B2 96 29 10 7E D8 35 62 52 64 ...)8t..).~.5bRd 0070 04 53 0D E0 83 04 14 0D 44 5C 16 53 44 C1 82 7E .S......D\.SD..~

sd.symcd.com (10.0.2.109:49260)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://sd.symcd.com/

application/ocsp-response

24.html

200 OK

BINARY

1.7 KB

05/19/98 23:43:39

Download
SHA256	2152e9b6b0a787cd752f605f968f5782ebd1942ca802502efb34432317bb079f
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST http://sd.symcd.com/ HTTP/1.1 Host: sd.symcd.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 83 Content-Type: application/ocsp-request Connection: keep-alive
Response Header	HTTP/1.1 200 OK Server: nginx/1.4.7 Content-Type: application/ocsp-response Content-Length: 1730 content-transfer-encoding: binary Cache-Control: max-age=560710, public, no-transform, must-revalidate Last-Modified: Tue, 21 Apr 2015 22:15:08 GMT Expires: Tue, 28 Apr 2015 22:15:08 GMT Date: Wed, 22 Apr 2015 10:30:36 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 06 BE 0A 01 00 A0 82 06 B7 30 82 06 B3 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 06 A4 30 82 .+.....0......0. 0020 06 A0 30 81 9E A2 16 04 14 5C 81 8E 8E C0 5F 28 ..0......\...._( 0030 09 4D F9 68 2F 26 C8 71 26 8E 54 18 29 18 0F 32 .M.h/&.q&.T.)..2 0040 30 31 35 30 34 32 31 32 32 31 35 30 38 5A 30 73 0150421221508Z0s 0050 30 71 30 49 30 09 06 05 2B 0E 03 02 1A 05 00 04 0q0I0...+....... 0060 14 0C 81 29 38 74 B2 96 29 10 7E D8 35 62 52 64 ...)8t..).~.5bRd 0070 04 53 0D E0 83 04 14 0D 44 5C 16 53 44 C1 82 7E .S......D\.SD..~

gtssl2-ocsp.geotrust.com (23.50.107.27:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/(6)

application/ocsp-response

(6)

200 OK

BINARY

1.4 KB

06/07/98 07:28:44

Download
SHA256	f4dbd55a5650dc511d81d694262faad2cb6f0338f64a8d5570e9c51131398f90
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: gtssl2-ocsp.geotrust.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 83 Content-Type: application/ocsp-request Connection:
Response Header	HTTP/1.1 200 OK Server: nginx/1.4.7 Content-Type: application/ocsp-response Content-Length: 1456 content-transfer-encoding: binary Cache-Control: max-age=603466, public, no-transform, must-revalidate Last-Modified: Wed, 22 Apr 2015 10:04:44 GMT Expires: Wed, 29 Apr 2015 10:04:44 GMT Date: Wed, 22 Apr 2015 10:30:38 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 05 AC 0A 01 00 A0 82 05 A5 30 82 05 A1 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 05 92 30 82 .+.....0......0. 0020 05 8E 30 81 9E A2 16 04 14 1D 9D 16 93 20 A7 FE ..0.......... .. 0030 69 87 EA E9 17 7E 78 92 55 BC F8 55 43 18 0F 32 i....~x.U..UC..2 0040 30 31 35 30 34 32 32 31 30 30 34 34 34 5A 30 73 0150422100444Z0s 0050 30 71 30 49 30 09 06 05 2B 0E 03 02 1A 05 00 04 0q0I0...+....... 0060 14 12 04 0D 13 2D E4 F9 1E B9 3C BF BD DB 71 4D .....-....<...qM 0070 E8 01 9B B1 F4 04 14 11 4A D0 73 39 D5 5B 69 08 ........J.s9.[i.

gtssl2-ocsp.geotrust.com (10.0.2.109:49260)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://gtssl2-ocsp.geotrust.com/

application/ocsp-response

26.html

200 OK

BINARY

1.4 KB

06/06/98 13:47:26

Download
SHA256	f4dbd55a5650dc511d81d694262faad2cb6f0338f64a8d5570e9c51131398f90
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST http://gtssl2-ocsp.geotrust.com/ HTTP/1.1 Host: gtssl2-ocsp.geotrust.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 83 Content-Type: application/ocsp-request Connection: keep-alive
Response Header	HTTP/1.1 200 OK Server: nginx/1.4.7 Content-Type: application/ocsp-response Content-Length: 1456 content-transfer-encoding: binary Cache-Control: max-age=603466, public, no-transform, must-revalidate Last-Modified: Wed, 22 Apr 2015 10:04:44 GMT Expires: Wed, 29 Apr 2015 10:04:44 GMT Date: Wed, 22 Apr 2015 10:30:38 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 05 AC 0A 01 00 A0 82 05 A5 30 82 05 A1 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 05 92 30 82 .+.....0......0. 0020 05 8E 30 81 9E A2 16 04 14 1D 9D 16 93 20 A7 FE ..0.......... .. 0030 69 87 EA E9 17 7E 78 92 55 BC F8 55 43 18 0F 32 i....~x.U..UC..2 0040 30 31 35 30 34 32 32 31 30 30 34 34 34 5A 30 73 0150422100444Z0s 0050 30 71 30 49 30 09 06 05 2B 0E 03 02 1A 05 00 04 0q0I0...+....... 0060 14 12 04 0D 13 2D E4 F9 1E B9 3C BF BD DB 71 4D .....-....<...qM 0070 E8 01 9B B1 F4 04 14 11 4A D0 73 39 D5 5B 69 08 ........J.s9.[i.

ocsp.trustwave.com (23.63.29.25:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/(8)

application/ocsp-response

(8)

200 OK

BINARY

1.8 KB

11/02/98 03:49:24

MIIHQAoBAKCCBzkwggc1BgkrBgEFBQcwAQEEggcmMIIHIjCCAQqhfzB9MSYwJAYDVQQDDB1UcnVz dHdhdmUgT1ZDQSBPQ1NQIFJlc3BvbmRlcjEhMB8GA1UECgwYVHJ1c3R3YXZlIEhvbGRpbmdzLCBJ bmMuMRAwDgYDVQQHDAdDaGljYWdvMREwDwYDVQQIDAhJbGxpbm9pczELMAkGA1UEBhMCVVMYDzIw MTUwNDIyMTAyOTM5WjB2MHQwTDAJBgUrDgMCGgUABBREu0R7X9EhfEQPk4dB85gXE3Ik/AQUXdmW mkDHJ8ssm6LszxmryK/MhkgCEwZL/ncDyn/5xb3LNWGhVRouXRGAABgPMjAxNTA0MjIwOTI5Mzla oBEYDzIwMTUwNDI2MTAyOTM5WjANBgkqhkiG9w0BAQUFAAOCAQEAWZY/w0JCDRVdl66uJSEYPYAF P+PpulnZ05OPwQUH0VzqGW6QCsbz2fnJkrJi1i7r4QFhTwnsKHOMgbu0dLeIzj57SGmfgKN27xxC xZOtQeU892V8np899GJj3858eG9wJhyhufFWL7kD6LeeYjAS7xbPTs7Vr0he+vl6omtvl5NotUnz wHFkWsQFIG2XZbr7wvo5dX2sEmTXmX4xRS8pPuAXO1zjT3KveQn4MbU2W14KsKJAiBdJoXbIG4vt 8Ld+qaKwLRpRSbDfpP1i/0OuwdkA+5Lhqt+FkrfFmGilAyIqyHqCI/kZnxv8ij6nFDFkjN4tzr6a 1R0he4xDtpUoRKCCBPwwggT4MIIE9DCCA9ygAwIBAgITBkkcENBzFkH49MO8KddUAoNwTTANBgkq hkiG9w0BAQUFADCBrjELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdD aGljYWdvMSEwHwYDVQQKExhUcnVzdHdhdmUgSG9sZGluZ3MsIEluYy4xNjA0BgNVBAMTLVRydXN0 d2F2ZSBPcmdhbml6YXRpb24gVmFsaWRhdGlvbiBDQSwgTGV2ZWwgMjEfMB0GCSqGSIb3DQEJARYQ Y2FAdHJ1c3R3YXZlLmNvbTAeFw0xNDA2MDIxMjAzMDNaFw0xNTA2MDIxODAzMDNaMH0xJjAkBgNV BAMMHVRydXN0d2F2ZSBPVkNBIE9DU1AgUmVzcG9uZGVyMSEwHwYDVQQKDBhUcnVzdHdhdmUgSG9s ZGluZ3MsIEluYy4xEDAOBgNVBAcMB0NoaWNhZ28xETAPBgNVBAgMCElsbGlub2lzMQswCQYDVQQG EwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+o8YfHW34PyndAXvU26UntGx1s RVYq5qf5lLcScDf9+QWcITQNivIal8DycQ8NJDCyj7uwkRgB5g64AoNbhO9gJwtFuAq3HVS6gBKO JdetVzSoy4dwGesP4NkmcGx9K3phL3sKJXy/y7Cz9pIMLcROw3/gUffu555uyUMUUWYo+6YNZcJr maGWslm5u6ip5VwXdebja1Mj12nQcgsD/arzKbhsGDknc7E3+bYF2ngGewn1dhxwp49ehieOLAgY iM1BJlvAXD66d06qmhUrHncqtT+Da5lipISe4+m6PsSmuJGPK+3dH+twdAmCmgg3yk/hwOrBeuVc zq4HkCYxStsCAwEAAaOCATkwggE1MAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgWgMBMGA1UdJQQM MAoGCCsGAQUFBwMJMB0GA1UdDgQWBBTfSAtNRkvdSfq7xYGT3/zrJyiOXDAfBgNVHSMEGDAWgBRd 2ZaaQMcnyyybouzPGavIr8yGSDBDBgNVHSAEPDA6MDgGCisGAQQBge0YAwAwKjAoBggrBgEFBQcC ARYcaHR0cHM6Ly9zc2wudHJ1c3R3YXZlLmNvbS9DQTA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8v Y3JsLnRydXN0d2F2ZS5jb20vT1ZDQV9MMi5jcmwwNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAB hhpodHRwOi8vb2NzcC50cnVzdHdhdmUuY29tLzAPBgkrBgEFBQcwAQUEAgUAMA0GCSqGSIb3DQEB BQUAA4IBAQBXl1bNQam5ndUC48cdwitTt8lUG3cEALjkMNRzxf4IBbkFPD74Ei2ZoV83kQ2zHWFV sfz/sYsYBPNzww3aoFvTwWBqp08MMcWhvEVLPs9+IrfciWDkPIzYEsgRHf2iDQ+S32IhlpZsZ0cK UynviUyBibFB05efyCsYyj23rixRnF7V/1C9oM1zg8Cae0wVvd1RJBQ3cGgpKxtahNK6Vqkzz0FA jKFVQu7Fducth8EbwUeO8/6h1y+qW7UUihd1H1+iwMEa1CSkEudIcvU2kWSg8Lrhtoly7wC06JBH ciuAIef4QIIYEKCwlOW4Oca+0yyTs74rjtYMicYW1WD2ADFN

Download
SHA256	6ec6af13d3669abd8722eb08ac88e6f50fc1e58480dd071b378c27e302dd8dd8
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: ocsp.trustwave.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 86 Content-Type: application/ocsp-request Connection:
Response Header	HTTP/1.1 200 OK Server: nginx/1.0.15 Content-Type: application/ocsp-response Content-Length: 1860 Date: Wed, 22 Apr 2015 10:30:51 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 07 40 0A 01 00 A0 82 07 39 30 82 07 35 06 0..@......90..5. 0010 09 2B 06 01 05 05 07 30 01 01 04 82 07 26 30 82 .+.....0.....&0. 0020 07 22 30 82 01 0A A1 7F 30 7D 31 26 30 24 06 03 ."0.....0}1&0$.. 0030 55 04 03 0C 1D 54 72 75 73 74 77 61 76 65 20 4F U....Trustwave O 0040 56 43 41 20 4F 43 53 50 20 52 65 73 70 6F 6E 64 VCA OCSP Respond 0050 65 72 31 21 30 1F 06 03 55 04 0A 0C 18 54 72 75 er1!0...U....Tru 0060 73 74 77 61 76 65 20 48 6F 6C 64 69 6E 67 73 2C stwave Holdings, 0070 20 49 6E 63 2E 31 10 30 0E 06 03 55 04 07 0C 07 Inc.1.0...U....

ocsp.trustwave.com (10.0.2.109:49298)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://ocsp.trustwave.com/

application/ocsp-response

29.html

200 OK

BINARY

1.8 KB

11/01/98 17:04:42

Download
SHA256	6ec6af13d3669abd8722eb08ac88e6f50fc1e58480dd071b378c27e302dd8dd8
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST http://ocsp.trustwave.com/ HTTP/1.1 Host: ocsp.trustwave.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:37.0) Gecko/20100101 Firefox/37.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Length: 86 Content-Type: application/ocsp-request Connection: keep-alive
Response Header	HTTP/1.1 200 OK Server: nginx/1.0.15 Content-Type: application/ocsp-response Content-Length: 1860 Date: Wed, 22 Apr 2015 10:30:51 GMT Connection: keep-alive
HEX Peek (128 B)	0000 30 82 07 40 0A 01 00 A0 82 07 39 30 82 07 35 06 0..@......90..5. 0010 09 2B 06 01 05 05 07 30 01 01 04 82 07 26 30 82 .+.....0.....&0. 0020 07 22 30 82 01 0A A1 7F 30 7D 31 26 30 24 06 03 ."0.....0}1&0$.. 0030 55 04 03 0C 1D 54 72 75 73 74 77 61 76 65 20 4F U....Trustwave O 0040 56 43 41 20 4F 43 53 50 20 52 65 73 70 6F 6E 64 VCA OCSP Respond 0050 65 72 31 21 30 1F 06 03 55 04 0A 0C 18 54 72 75 er1!0...U....Tru 0060 73 74 77 61 76 65 20 48 6F 6C 64 69 6E 67 73 2C stwave Holdings, 0070 20 49 6E 63 2E 31 10 30 0E 06 03 55 04 07 0C 07 Inc.1.0...U....

zoosk.com (10.0.2.109:49204)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

http://zoosk.com/

text/html

30.html

301 Moved Permanently

0.0 B

12/26/95 02:53:51

80.78.242.47 (80.78.242.47:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW

text/html

pointer.php

500 Internal Server Error

0.0 B

05/27/06 14:32:40

217.23.10.139 (10.0.2.109:49335)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW(2)

text/html

pointer.php

404 Not Found

HTML

393.0 B

06/09/06 12:50:04

Download
SHA256	bf206cebb4f622c825cfebdc497a07339094bd20cfeab4189d32bd0b6e5164b7
Referer
Magic	HyperText Markup Language (HTML)
Request	GET /pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: 217.23.10.139 Accept: /
Response Header	HTTP/1.1 404 Not Found Date: Wed, 22 Apr 2015 10:34:46 GMT Server: Apache/2 Content-Length: 393 Content-Type: text/html; charset=iso-8859-1
Response Peek (128 B)	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p...

217.23.10.139 (217.23.10.139:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW(3)

text/html

pointer.php

404 Not Found

HTML

393.0 B

06/09/06 12:54:13

Download
SHA256	bf206cebb4f622c825cfebdc497a07339094bd20cfeab4189d32bd0b6e5164b7
Referer
Magic	HyperText Markup Language (HTML)
Request	GET /pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: 217.23.10.139 Accept: /
Response Header	HTTP/1.1 404 Not Found Date: Wed, 22 Apr 2015 10:34:46 GMT Server: Apache/2 Content-Length: 393 Content-Type: text/html; charset=iso-8859-1
Response Peek (128 B)	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p...

/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW(4)

text/html

pointer.php

404 Not Found

HTML

393.0 B

10/17/13 08:51:49

Download
SHA256	bf206cebb4f622c825cfebdc497a07339094bd20cfeab4189d32bd0b6e5164b7
Referer
Magic	HyperText Markup Language (HTML)
Request	GET /pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: 217.23.10.139 Accept: /
Response Header	HTTP/1.1 404 Not Found Date: Wed, 22 Apr 2015 11:31:14 GMT Server: Apache/2 Content-Length: 393 Content-Type: text/html; charset=iso-8859-1
Response Peek (128 B)	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p...

/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW(6)

text/html

pointer.php

404 Not Found

HTML

393.0 B

04/29/16 02:24:46

Download
SHA256	bf206cebb4f622c825cfebdc497a07339094bd20cfeab4189d32bd0b6e5164b7
Referer
Magic	HyperText Markup Language (HTML)
Request	GET /pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: 217.23.10.139 Accept: /
Response Header	HTTP/1.1 404 Not Found Date: Wed, 22 Apr 2015 12:25:09 GMT Server: Apache/2 Content-Length: 393 Content-Type: text/html; charset=iso-8859-1
Response Peek (128 B)	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p...

/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW(9)

text/html

pointer.php

404 Not Found

HTML

393.0 B

10/02/37 12:48:16

Download
SHA256	bf206cebb4f622c825cfebdc497a07339094bd20cfeab4189d32bd0b6e5164b7
Referer
Magic	HyperText Markup Language (HTML)
Request	GET /pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: 217.23.10.139 Accept: /
Response Header	HTTP/1.1 404 Not Found Date: Wed, 22 Apr 2015 16:11:57 GMT Server: Apache/2 Content-Length: 393 Content-Type: text/html; charset=iso-8859-1
Response Peek (128 B)	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p...

humbert.ru (37.187.78.159:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/proxy/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW

text/html

pointer.php

200 OK

TEXT

1.2 KB

06/13/06 17:28:41

Download
SHA256	c7a41017bbd36e112793dedda599fb401a3e5a380250384134085efc4f4148e3
Referer
Magic	Inconclusive. Probably text (TEXT)
Request	GET /proxy/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: humbert.ru Accept: /
Response Header	HTTP/1.1 200 OK Date: Wed, 22 Apr 2015 10:34:51 GMT Server: Apache/2.2.25 (CentOS) X-Powered-By: PHP/5.5.23 Content-Length: 1249 Connection: close Content-Type: text/html; charset=CP1251
Response Peek (128 B)	a:3:{s:13:"secret_string";s:18:"BER5w4evtjszw4MBRW";s:6:"server";a:22:{s:9:"HTTP_HOST";s:10:"humbert.ru";s:11:"HTTP_ACCEPT";s:3:...

217.23.10.139 (10.0.2.109:49350)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW(5)

text/html

pointer.php

404 Not Found

HTML

393.0 B

10/17/13 08:47:31

Download
SHA256	bf206cebb4f622c825cfebdc497a07339094bd20cfeab4189d32bd0b6e5164b7
Referer
Magic	HyperText Markup Language (HTML)
Request	GET /pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: 217.23.10.139 Accept: /
Response Header	HTTP/1.1 404 Not Found Date: Wed, 22 Apr 2015 11:31:14 GMT Server: Apache/2 Content-Length: 393 Content-Type: text/html; charset=iso-8859-1
Response Peek (128 B)	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p...

217.23.10.139 (10.0.2.109:49365)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW(7)

text/html

pointer.php

404 Not Found

HTML

393.0 B

04/29/16 02:21:41

Download
SHA256	bf206cebb4f622c825cfebdc497a07339094bd20cfeab4189d32bd0b6e5164b7
Referer
Magic	HyperText Markup Language (HTML)
Request	GET /pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: 217.23.10.139 Accept: /
Response Header	HTTP/1.1 404 Not Found Date: Wed, 22 Apr 2015 12:25:09 GMT Server: Apache/2 Content-Length: 393 Content-Type: text/html; charset=iso-8859-1
Response Peek (128 B)	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p...

217.23.10.139 (10.0.2.109:49414)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW(8)

text/html

pointer.php

404 Not Found

HTML

393.0 B

10/02/37 12:47:57

Download
SHA256	bf206cebb4f622c825cfebdc497a07339094bd20cfeab4189d32bd0b6e5164b7
Referer
Magic	HyperText Markup Language (HTML)
Request	GET /pointer.php?proxy=46.165.222.212%3A21063&secret=BER5w4evtjszw4MBRW HTTP/1.1 Host: 217.23.10.139 Accept: /
Response Header	HTTP/1.1 404 Not Found Date: Wed, 22 Apr 2015 16:11:57 GMT Server: Apache/2 Content-Length: 393 Content-Type: text/html; charset=iso-8859-1
Response Peek (128 B)	<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p...