CapTipper Report

CapTipper

Analysis Info

PCAP File	Analysis Time	CapTipper Version	Traffic Time
/opt/Malware-Project/BigDataset/Scenarios/CTU-Normal-7//2013-12-17_capture1.pcap	06/27/16 19:21:00	0.2 b10	12/17/13 21:22:19

Flow View

Client Details

IP	81.95.182.31
MAC	38:72:c0:5e:6b:22
USER-AGENT	Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36

Conversations

evsecure-ocsp.verisign.com (199.7.54.72:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

application/ocsp-response

0.html

200 Ok

BINARY

1.9 KB

12/17/13 21:22:19

MIIHYwoBAKCCB1wwggdYBgkrBgEFBQcwAQEEggdJMIIHRTCCAR+gAwIBAKGBkTCBjjELMAkGA1UE BhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBU cnVzdCBOZXR3b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBDbGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVz cG9uZGVyIENlcnRpZmljYXRlIDIYDzIwMTMxMjE0MjExMTA1WjBzMHEwSTAJBgUrDgMCGgUABBS5 6bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFt3WcYXhOFexyfAMpUp KGuAABgPMjAxMzEyMTQyMTExMDVaoBEYDzIwMTMxMjIxMjExMTA1WjANBgkqhkiG9w0BAQUFAAOC AQEACdiKbYEvpyoMSkgKVmz2gSzW9emiAiRGdLS233y5T4gl6jLbafAUqf4rYmiiUzQveUAyVI9Q Uh0P8F1ElquQYFMbMKsaGS1aUy8IT53ZyHfHLhGB3IhxzfXfs3D62iE5YYKnqSlPdvmlFggG7e3d Lq+wr7UpnkSY4JtZK12PHDTyOpCcl1J5wz8mTyGD69hIiUBid9MttPkwmaEnPG1ngh0U5WClaXJ0 igd29xjzg8zfQBJxq4Sz2bDcefUhFuve/DNlKjkkrUbUz4R6k2ZlJ5cc+1ko1EisGhOKuwkEVPJF wn0xmYuFF0V+9MXUeOlid/sFqJofQgAceixeJRYcy6CCBQowggUGMIIFAjCCA+qgAwIBAgIQVbz6 M5W575UyCIv4LhPn2DANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl cmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEo YykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQD EzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 IC0gRzUwHhcNMTMxMTEyMDAwMDAwWhcNMTQxMjEyMjM1OTU5WjCBjjELMAkGA1UEBhMCVVMxHTAb BgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3 b3JrMT8wPQYDVQQDEzZTeW1hbnRlYyBDbGFzcyAzIFBDQSAtIEc1IE9DU1AgUmVzcG9uZGVyIENl cnRpZmljYXRlIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8MpHPlCMTNTIyr0vB EAaC0kft4qIup13fjZzy9pJ/kd01qdykzgMXMa9tVxjO376da5Dj7d96evk1/pPJuZ50c/RvExZ2 kuu6wKFRdE7iVxd6T+bzFfp0kZX2DkK6g9o6FYvtpI+XFEdWZI8nPfSc7dABsYLl+heHNtpMZwOe L8me1akYsGDQLiDeVZKKViu+6BU297yDj57IWcbf8Jpl9inNnggTbwzTtQnHXxhiHr6rhtExDPmS 5uSjW/s8+GoVaFQzBYpmAIH15aaQdko+HIumUQw3kvGDvVUAf4pXM72IHBRpIQwNo2h1HkpLBOsb YLlM8QHXU6uIQPh+TpirAgMBAAGjggEcMIIBGDAMBgNVHRMBAf8EAjAAMGwGA1UdIARlMGMwYQYL YIZIAYb4RQEHFwMwUjAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9jcHMwKAYI KwYBBQUHAgIwHBoaaHR0cDovL3d3dy5zeW1hdXRoLmNvbS9ycGEwEwYDVR0lBAwwCgYIKwYBBQUH AwkwDgYDVR0PAQH/BAQDAgeAMA8GCSsGAQUFBzABBQQCBQAwJAYDVR0RBB0wG6QZMBcxFTATBgNV BAMTDDIwNDgtVEdWLTQ2MTAdBgNVHQ4EFgQUmfh4BwrZBKMYl9fWcmHQfzLxvP8wHwYDVR0jBBgw FoAUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwDQYJKoZIhvcNAQEFBQADggEBADdsOEPBZXi549fg4W5T CRNbI30fzOtWnnbiD7VaMEwWme96aLCviSmmEBC0b/FRO/qfbHkcoCySHXwa/qqsUkkO16y23l3B J9ohXGpi+rFVnBcX675PKmV/C4BPc3/88XcrszDfFX1QMiCQwDdGVE5QdjiyY8asxdubDuLo479X j4+G6hiWHBL3LtJI1Z06PM7ndzOlkYBt8K/Vk0r3qyhbJqHlPLziW2002pPOvYNV+7SkgSPu4h4S OFTsUarRKjBZMxx8j2vANSnEKo4KNVWV1G2APbnFcvpCFbFM4Y4p1BqySUHCRF/TqFiTLZbZMmH8 iKJ0Fhr3hDwtJ/UnCA0=

Download
SHA256	0c527bdb1977b6c5caf0451d5409d23ff8b2cee9ef2b86af8c3d7cdf7d891d9d
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: evsecure-ocsp.verisign.com Connection: keep-alive Content-Length: 115 Content-Type: application/ocsp-request User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Accept-Encoding: gzip,deflate,sdch
Response Header	HTTP/1.0 200 Ok last-modified: Sat, 14 Dec 2013 21:11:05 GMT expires: Sat, 21 Dec 2013 21:11:05 GMT content-type: application/ocsp-response content-transfer-encoding: binary content-length: 1895 cache-control: max-age=344926, public, no-transform, must-revalidate date: Tue, 17 Dec 2013 21:22:19 GMT connection: close
HEX Peek (128 B)	0000 30 82 07 63 0A 01 00 A0 82 07 5C 30 82 07 58 06 0..c......\0..X. 0010 09 2B 06 01 05 05 07 30 01 01 04 82 07 49 30 82 .+.....0.....I0. 0020 07 45 30 82 01 1F A0 03 02 01 00 A1 81 91 30 81 .E0...........0. 0030 8E 31 0B 30 09 06 03 55 04 06 13 02 55 53 31 1D .1.0...U....US1. 0040 30 1B 06 03 55 04 0A 13 14 53 79 6D 61 6E 74 65 0...U....Symante 0050 63 20 43 6F 72 70 6F 72 61 74 69 6F 6E 31 1F 30 c Corporation1.0 0060 1D 06 03 55 04 0B 13 16 53 79 6D 61 6E 74 65 63 ...U....Symantec 0070 20 54 72 75 73 74 20 4E 65 74 77 6F 72 6B 31 3F Trust Network1?

www.google-analytics.com (173.194.112.5:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/__utm.gif?utmwv=5.4.6&utms=1&utmn=1732102551&utmhn=kdadialhpiikehpdeejjeiikopddkjem&utme=8(Chrome%20Version%20Code*Settings%20Flags*5!Installed)9(1.0.3.8*110*5!201354)11(1*1*5!1)&utmcs=ISO-8859-1&utmsr=1920x1200&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=11.2%20r202&utmhid=502488295&utmr=-&utmp=%2Fgmail-thread&utmht=1387315344479&utmac=UA-28645084-1&utmcc=__utma%3D11472750.1388718526.1367702150.1387274522.1387274522.986%3B%2B__utmz%3D11472750.1367702150.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=6QCAAAAAAAAAAAAAAAAAAAg~

image/gif

__utm.gif

200 OK

GIF

35.0 B

12/17/13 21:22:24

Download
SHA256	8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Referer
Magic	GIF file (GIF)
Request	GET /__utm.gif?utmwv=5.4.6&utms=1&utmn=1732102551&utmhn=kdadialhpiikehpdeejjeiikopddkjem&utme=8(Chrome%20Version%20CodeSettings%20Flags5!Installed)9(1.0.3.81105!201354)11(115!1)&utmcs=ISO-8859-1&utmsr=1920x1200&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=11.2%20r202&utmhid=502488295&utmr=-&utmp=%2Fgmail-thread&utmht=1387315344479&utmac=UA-28645084-1&utmcc=__utma%3D11472750.1388718526.1367702150.1387274522.1387274522.986%3B%2B__utmz%3D11472750.1367702150.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=6QCAAAAAAAAAAAAAAAAAAAg~ HTTP/1.1 Host: www.google-analytics.com Connection: keep-alive Accept: image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,es;q=0.6
Response Header	HTTP/1.1 200 OK Pragma: no-cache Expires: Wed, 19 Apr 2000 11:43:00 GMT Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT X-Content-Type-Options: nosniff Content-Type: image/gif Date: Fri, 13 Dec 2013 20:06:45 GMT Server: Golfe2 Content-Length: 35 Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate Age: 350139 Alternate-Protocol: 80:quic
Response Peek (128 B)	GIF89a��,D;

/__utm.gif?utmwv=5.4.6&utms=2&utmn=1996345486&utmhn=kdadialhpiikehpdeejjeiikopddkjem&utmt=event&utme=5(Gmail*Suggested*1)8(Chrome%20Version%20Code*Settings%20Flags*5!Installed)9(1.0.3.8*110*5!201354)11(1*1*5!1)&utmcs=ISO-8859-1&utmsr=1920x1200&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=11.2%20r202&utmhid=502488295&utmr=-&utmp=%2Fjs%2Fchrome%2Fbackground.html&utmht=1387315344508&utmac=UA-28645084-1&utmcc=__utma%3D11472750.1388718526.1367702150.1387274522.1387274522.986%3B%2B__utmz%3D11472750.1367702150.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=6QCAAAAAAAAAAAAAAAAAAAg~

image/gif

__utm.gif

200 OK

GIF

35.0 B

12/17/13 21:22:24

Download
SHA256	8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Referer
Magic	GIF file (GIF)
Request	GET /__utm.gif?utmwv=5.4.6&utms=2&utmn=1996345486&utmhn=kdadialhpiikehpdeejjeiikopddkjem&utmt=event&utme=5(GmailSuggested1)8(Chrome%20Version%20CodeSettings%20Flags5!Installed)9(1.0.3.81105!201354)11(115!1)&utmcs=ISO-8859-1&utmsr=1920x1200&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=11.2%20r202&utmhid=502488295&utmr=-&utmp=%2Fjs%2Fchrome%2Fbackground.html&utmht=1387315344508&utmac=UA-28645084-1&utmcc=__utma%3D11472750.1388718526.1367702150.1387274522.1387274522.986%3B%2B__utmz%3D11472750.1367702150.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=6QCAAAAAAAAAAAAAAAAAAAg~ HTTP/1.1 Host: www.google-analytics.com Connection: keep-alive Accept: image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,es;q=0.6
Response Header	HTTP/1.1 200 OK Pragma: no-cache Expires: Wed, 19 Apr 2000 11:43:00 GMT Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT X-Content-Type-Options: nosniff Content-Type: image/gif Date: Fri, 13 Dec 2013 20:06:45 GMT Server: Golfe2 Content-Length: 35 Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate Age: 350139 Alternate-Protocol: 80:quic
Response Peek (128 B)	GIF89a��,D;

/__utm.gif?utmwv=5.4.6&utms=3&utmn=1209884687&utmhn=kdadialhpiikehpdeejjeiikopddkjem&utme=8(Chrome%20Version%20Code*Settings%20Flags*5!Installed)9(1.0.3.8*110*5!201354)11(1*1*5!1)&utmcs=ISO-8859-1&utmsr=1920x1200&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=11.2%20r202&utmhid=502488295&utmr=-&utmp=%2Fgmail-thread&utmht=1387315398289&utmac=UA-28645084-1&utmcc=__utma%3D11472750.1388718526.1367702150.1387274522.1387274522.986%3B%2B__utmz%3D11472750.1367702150.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=6QCAAAAAAAAAAAAAAAAAAAg~

image/gif

__utm.gif

200 OK

GIF

35.0 B

12/17/13 21:23:18

Download
SHA256	8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Referer
Magic	GIF file (GIF)
Request	GET /__utm.gif?utmwv=5.4.6&utms=3&utmn=1209884687&utmhn=kdadialhpiikehpdeejjeiikopddkjem&utme=8(Chrome%20Version%20CodeSettings%20Flags5!Installed)9(1.0.3.81105!201354)11(115!1)&utmcs=ISO-8859-1&utmsr=1920x1200&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=11.2%20r202&utmhid=502488295&utmr=-&utmp=%2Fgmail-thread&utmht=1387315398289&utmac=UA-28645084-1&utmcc=__utma%3D11472750.1388718526.1367702150.1387274522.1387274522.986%3B%2B__utmz%3D11472750.1367702150.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=6QCAAAAAAAAAAAAAAAAAAAg~ HTTP/1.1 Host: www.google-analytics.com Connection: keep-alive Accept: image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,es;q=0.6
Response Header	HTTP/1.1 200 OK Pragma: no-cache Expires: Wed, 19 Apr 2000 11:43:00 GMT Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT X-Content-Type-Options: nosniff Content-Type: image/gif Date: Fri, 13 Dec 2013 20:06:45 GMT Server: Golfe2 Content-Length: 35 Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate Age: 350193 Alternate-Protocol: 80:quic
Response Peek (128 B)	GIF89a��,D;

/__utm.gif?utmwv=5.4.6&utms=4&utmn=610681332&utmhn=kdadialhpiikehpdeejjeiikopddkjem&utmt=event&utme=5(Gmail*Suggested*1)8(Chrome%20Version%20Code*Settings%20Flags*5!Installed)9(1.0.3.8*110*5!201354)11(1*1*5!1)&utmcs=ISO-8859-1&utmsr=1920x1200&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=11.2%20r202&utmhid=502488295&utmr=-&utmp=%2Fjs%2Fchrome%2Fbackground.html&utmht=1387315398419&utmac=UA-28645084-1&utmcc=__utma%3D11472750.1388718526.1367702150.1387274522.1387274522.986%3B%2B__utmz%3D11472750.1367702150.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=6QCAAAAAAAAAAAAAAAAAAAg~

image/gif

__utm.gif

200 OK

GIF

35.0 B

12/17/13 21:23:18

Download
SHA256	8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Referer
Magic	GIF file (GIF)
Request	GET /__utm.gif?utmwv=5.4.6&utms=4&utmn=610681332&utmhn=kdadialhpiikehpdeejjeiikopddkjem&utmt=event&utme=5(GmailSuggested1)8(Chrome%20Version%20CodeSettings%20Flags5!Installed)9(1.0.3.81105!201354)11(115!1)&utmcs=ISO-8859-1&utmsr=1920x1200&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=11.2%20r202&utmhid=502488295&utmr=-&utmp=%2Fjs%2Fchrome%2Fbackground.html&utmht=1387315398419&utmac=UA-28645084-1&utmcc=__utma%3D11472750.1388718526.1367702150.1387274522.1387274522.986%3B%2B__utmz%3D11472750.1367702150.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmu=6QCAAAAAAAAAAAAAAAAAAAg~ HTTP/1.1 Host: www.google-analytics.com Connection: keep-alive Accept: image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,es;q=0.6
Response Header	HTTP/1.1 200 OK Pragma: no-cache Expires: Wed, 19 Apr 2000 11:43:00 GMT Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT X-Content-Type-Options: nosniff Content-Type: image/gif Date: Fri, 13 Dec 2013 20:06:45 GMT Server: Golfe2 Content-Length: 35 Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate Age: 350193 Alternate-Protocol: 80:quic
Response Peek (128 B)	GIF89a��,D;

humblebundle.us7.list-manage1.com (205.201.132.35:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/track/click?u=a42731fd3353ff4c76f7f11bb&id=db9ac28d1d&e=129ccf436d

text/html

click

302 Found

26.0 B

12/17/13 21:22:57

Download
SHA256	90a29bd6ea2c966349a1b8f5ed8b7f60930b6f5c2edc5391322953a7bfa07533
Referer
Magic	GZIP archive file (GZ)
Request	GET /track/click?u=a42731fd3353ff4c76f7f11bb&id=db9ac28d1d&e=129ccf436d HTTP/1.1 Host: humblebundle.us7.list-manage1.com Connection: keep-alive Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,es;q=0.6
Response Header	HTTP/1.1 302 Found Server: nginx Date: Tue, 17 Dec 2013 21:22:57 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 26 Connection: keep-alive X-UA-Compatible: IE=edge,chrome=1 Set-Cookie: _AVESTA_ENVIRONMENT=prod; path=/ Location: https://www.humblebundle.com?utm_source=Humble+Bundle+Newsletter&utm_campaign=cb3c3125d7-pcandroid8&utm_medium=email&utm_term=0_990b1b6399-cb3c3125d7-98471129 Content-Encoding: gzip Vary: Accept-Encoding
Response Peek (128 B)	��

ocsp.comodoca.com (178.255.83.1:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/(2)

application/ocsp-response

(2)

200 OK

BINARY

471.0 B

12/17/13 21:22:58

Download
SHA256	0810fb2e0d662275c14bc1a374d78cdd6dbddc7fd71145e866a84bdaf49a555e
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: ocsp.comodoca.com Connection: keep-alive Content-Length: 115 Content-Type: application/ocsp-request User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Accept-Encoding: gzip,deflate,sdch
Response Header	HTTP/1.1 200 OK Date: Tue, 17 Dec 2013 21:22:58 GMT Server: Apache Last-Modified: Tue, 17 Dec 2013 07:01:05 GMT Expires: Sat, 21 Dec 2013 07:01:05 GMT ETag: 84ECCA6F534A614EFA8A49120D35D34030EDBE81 Cache-Control: max-age=293286,public,no-transform,must-revalidate X-OCSP-Reponder-ID: h6edcaocsp3 Content-Length: 471 Connection: close Content-Type: application/ocsp-response
HEX Peek (128 B)	0000 30 82 01 D3 0A 01 00 A0 82 01 CC 30 82 01 C8 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 01 B9 30 82 .+.....0......0. 0020 01 B5 30 81 9E A2 16 04 14 0B 58 E5 8B C6 4C 15 ..0.......X...L. 0030 37 A4 40 A9 30 A9 21 BE 47 36 5A 56 FF 18 0F 32 7.@.0.!.G6ZV...2 0040 30 31 33 31 32 31 37 30 37 30 31 30 35 5A 30 73 0131217070105Z0s 0050 30 71 30 49 30 09 06 05 2B 0E 03 02 1A 05 00 04 0q0I0...+....... 0060 14 EC BE 64 0B ED 89 6B A5 72 1B 55 66 67 CA 53 ...d...k.r.Ufg.S 0070 56 48 F5 EC 13 04 14 0B 58 E5 8B C6 4C 15 37 A4 VH......X...L.7.

/(3)

application/ocsp-response

(3)

200 OK

BINARY

472.0 B

12/17/13 21:22:58

Download
SHA256	e5a30e45773edb144640403b74d1d5e1f505a672231af17128ad1d2f8489d0f4
Referer
Magic	Inconclusive. Probably binary (BINARY)
Request	POST / HTTP/1.1 Host: ocsp.comodoca.com Connection: keep-alive Content-Length: 116 Content-Type: application/ocsp-request User-Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Accept-Encoding: gzip,deflate,sdch
Response Header	HTTP/1.1 200 OK Date: Tue, 17 Dec 2013 21:22:58 GMT Server: Apache Last-Modified: Tue, 17 Dec 2013 18:32:23 GMT Expires: Sat, 21 Dec 2013 18:32:23 GMT ETag: 43B4E521B3C0BB78570C84CE0E91A3F34CDA8EC9 Cache-Control: max-age=334764,public,no-transform,must-revalidate X-OCSP-Reponder-ID: h6edcaocsp3 Content-Length: 472 Connection: close Content-Type: application/ocsp-response
HEX Peek (128 B)	0000 30 82 01 D4 0A 01 00 A0 82 01 CD 30 82 01 C9 06 0..........0.... 0010 09 2B 06 01 05 05 07 30 01 01 04 82 01 BA 30 82 .+.....0......0. 0020 01 B6 30 81 9F A2 16 04 14 88 44 51 FF 50 2A 69 ..0.......DQ.Pi 0030 5E 2D 88 F4 21 BA D9 0C F2 CE CB EA 7C 18 0F 32 ^-..!.......\|..2 0040 30 31 33 31 32 31 37 31 38 33 32 32 33 5A 30 74 0131217183223Z0t 0050 30 72 30 4A 30 09 06 05 2B 0E 03 02 1A 05 00 04 0r0J0...+....... 0060 14 48 B6 0D 38 23 8D F8 45 6E 4E E5 84 3E A3 94 .H..8#..EnN..>.. 0070 11 18 02 97 9F 04 14 88 44 51 FF 50 2A 69 5E 2D ........DQ.Pi^-

afternoon-earth-1266.herokuapp.com (23.23.214.121:80)

URI

RESPONSE TYPE

FILENAME

RESPONSE CODE

MAGIC

SIZE

TIME

/raw_email_analytics

text/html

raw_email_analytics

200 OK

TEXT

2.0 B

12/17/13 21:23:18