The remote client was running software on OS X that performed an insecure software update over HTTP.
Binary data 4967.prm