Landing page:   Sample of posting credentials:   2017-04-17 21:57:05.598674 IP 192.168.1.100.41236 > 89.46.73.231.80: Flags [P.], seq 1:535, ack 1, win 229, options [nop,nop,TS val 1037028158 ecr 1270481385], length 534: HTTP: POST /CapitaLonE/SignIn/page/booting.php HTTP/1.1 E..J;.@.@……dY.I….P.5..u}>P….g^….. =..>K…POST /CapitaLonE/SignIn/page/booting.php HTTP/1.1 Host: 89.46.73.231 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://89.46.73.231/CapitaLonE/SignIn/page/ Cookie: PHPSESSID=aepqe8mcrenvcnj1utpej09oi2 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 31 userId=johnny5&userPass=johnny5 2017-04-17 21:57:05.722090 IP 89.46.73.231.80 > 192.168.1.100.41236: Flags [.], ack 535, win 243, options [nop,nop,TS val 1270481511 ecr 1037028158], length 0 E..4<7@.5..kY.I….d.P..u}>P.5…………. K..g=..> 2017-04-17 21:57:06.135295 IP 89.46.73.231.80 > 192.168.1.100.41236: Flags [P.], seq 1:273, ack […]