Phishing Orange

L'actualité & News Informatique!
Donc pas de demande d'aide dans cette partie.
Malekal_morte
Site Admin
Site Admin
Messages : 104490
Inscription : 10 sept. 2005 13:57
Contact :

Re: Phishing Orange

Message par Malekal_morte »

Faut le lien, ça permet de savoir où est hébergé le site etc.
En gros savoir si c'est vraiment Orange.

Tu peux aussi aller directement sur le site d'Orange pour voir si la facturer est là.
Si t'as une facture numérique, ils préviennent par mail.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus

Les tutoriels Windows 10 du moment : Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.

Malekal_morte
Site Admin
Site Admin
Messages : 104490
Inscription : 10 sept. 2005 13:57
Contact :

Re: Phishing Orange

Message par Malekal_morte »

Phishing Orange sur l'adresse tel@alpound.com pour une somme de 105,67 euros
Pièces jointes
Phishing Orange
Phishing Orange
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus

Les tutoriels Windows 10 du moment : Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.

Avatar de l’utilisateur
angelique
Geek à longue barbe
Geek à longue barbe
Messages : 30681
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne gauloise Fée Du Rosé
Contact :

Re: Phishing Orange

Message par angelique »

Pishing Orange
Pièces jointes
capt.png
capt1.png
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
http://angelik.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image

Avatar de l’utilisateur
angelique
Geek à longue barbe
Geek à longue barbe
Messages : 30681
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne gauloise Fée Du Rosé
Contact :

Pishing orange

Message par angelique »

Une tentative d'hameçonnage Orange.fr / phishing Orange plutôt bien foutu, non ?

E-MAIL SPAMMER : [email protected]
IP SPAMMER : 167.114.236.202

hxxp://orange-ligne.com/e399d1fbd7b7adf46366a1100d6df16e95d318f0358bdff838ceb73044616aa874d5de6ca8ab252e/

Code : Tout sélectionner

tcpdump -i eth1 -vv
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
20:30:39.700652 IP (tos 0x0, ttl 64, id 19067, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xf47c), seq 90278731, ack 677545591, win 65535, length 0
20:30:39.701667 IP (tos 0x0, ttl 64, id 10256, offset 0, flags [DF], proto UDP (17), length 72)
    debian.local.42242 > ns0.fdn.org.domain: [bad udp cksum 0xba40 -> 0x4416!] 27837+ PTR? 16.33.186.213.in-addr.arpa. (44)
20:30:39.726986 IP (tos 0x0, ttl 245, id 58156, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50187: Flags [.], cksum 0xcecb (correct), seq 1, ack 1, win 9648, length 0
20:30:39.728670 IP (tos 0x0, ttl 53, id 49010, offset 0, flags [none], proto UDP (17), length 171)
    ns0.fdn.org.domain > debian.local.42242: [udp sum ok] 27837 q: PTR? 16.33.186.213.in-addr.arpa. 1/2/2 16.33.186.213.in-addr.arpa. PTR cluster005.ovh.net. ns: 33.186.213.in-addr.arpa. NS ns.ovh.net., 33.186.213.in-addr.arpa. NS dns.ovh.net. ar: ns.ovh.net. A 213.251.128.136, dns.ovh.net. A 213.186.33.102 (143)
20:30:39.728982 IP (tos 0x0, ttl 64, id 10260, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.41344 > ns0.fdn.org.domain: [bad udp cksum 0xba3e -> 0xdcd5!] 14983+ PTR? 3.0.168.192.in-addr.arpa. (42)
20:30:39.758524 IP (tos 0x0, ttl 53, id 49013, offset 0, flags [none], proto UDP (17), length 147)
    ns0.fdn.org.domain > debian.local.41344: [udp sum ok] 14983 NXDomain q: PTR? 3.0.168.192.in-addr.arpa. 0/1/0 ns: 168.192.in-addr.arpa. SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800 (119)
20:30:39.859293 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 3.0.168.192.in-addr.arpa. (42)
20:30:39.859366 IP (tos 0x0, ttl 255, id 41094, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xa894!] 0 PTR (QM)? 3.0.168.192.in-addr.arpa. (42)
20:30:39.859582 IP (tos 0x0, ttl 255, id 41095, offset 0, flags [DF], proto UDP (17), length 90)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1fe -> 0x24e7!] 0*- [0q] 1/0/0 3.0.168.192.in-addr.arpa. (Cache flush) PTR debian.local. (62)
20:30:39.860416 IP (tos 0x0, ttl 64, id 10271, offset 0, flags [DF], proto UDP (17), length 71)
    debian.local.42951 > ns0.fdn.org.domain: [bad udp cksum 0xba3f -> 0xca50!] 32591+ PTR? 12.169.67.80.in-addr.arpa. (43)
20:30:39.887634 IP (tos 0x0, ttl 53, id 49017, offset 0, flags [none], proto UDP (17), length 217)
    ns0.fdn.org.domain > debian.local.42951: [udp sum ok] 32591* q: PTR? 12.169.67.80.in-addr.arpa. 2/2/3 12.169.67.80.in-addr.arpa. PTR ns0.fdn.org., 12.169.67.80.in-addr.arpa. PTR ns0.fdn.fr. ns: 169.67.80.in-addr.arpa. NS ns0.fdn.fr., 169.67.80.in-addr.arpa. NS guinness.fdn.fr. ar: ns0.fdn.fr. A 80.67.169.12, ns0.fdn.fr. AAAA 2001:910:800::12, guinness.fdn.fr. A 80.67.169.9 (189)
20:30:39.889105 IP (tos 0x0, ttl 64, id 10279, offset 0, flags [DF], proto UDP (17), length 118)
    debian.local.44604 > ns0.fdn.org.domain: [bad udp cksum 0xba6e -> 0x89f4!] 39283+ PTR? b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
20:30:39.915679 IP (tos 0x0, ttl 53, id 49019, offset 0, flags [none], proto UDP (17), length 188)
    ns0.fdn.org.domain > debian.local.44604: [udp sum ok] 39283 NXDomain q: PTR? b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. 0/1/0 ns: ip6.arpa. SOA b.ip6-servers.arpa. hostmaster.icann.org. 2015072119 1800 900 604800 3600 (160)
20:30:39.915871 IP (tos 0x0, ttl 64, id 10282, offset 0, flags [DF], proto UDP (17), length 118)
    debian.local.49533 > ns0.fdn.org.domain: [bad udp cksum 0xba6e -> 0xf74d!] 5977+ PTR? 8.0.0.a.b.c.e.f.f.f.e.2.e.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
20:30:39.942394 IP (tos 0x0, ttl 53, id 49025, offset 0, flags [none], proto UDP (17), length 153)
    ns0.fdn.org.domain > debian.local.49533: [udp sum ok] 5977 NXDomain* q: PTR? 8.0.0.a.b.c.e.f.f.f.e.2.e.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. 0/1/0 ns: 8.e.f.ip6.arpa. SOA 8.e.f.ip6.arpa. . 0 28800 7200 604800 86400 (125)
20:30:39.942741 IP (tos 0x0, ttl 64, id 10286, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.50807 > ns0.fdn.org.domain: [bad udp cksum 0xba3e -> 0x9b1c!] 24399+ PTR? 251.0.0.224.in-addr.arpa. (42)
20:30:39.969689 IP (tos 0x0, ttl 53, id 49026, offset 0, flags [none], proto UDP (17), length 127)
    ns0.fdn.org.domain > debian.local.50807: [udp sum ok] 24399 NXDomain q: PTR? 251.0.0.224.in-addr.arpa. 0/1/0 ns: 224.in-addr.arpa. SOA sns.dns.icann.org. noc.dns.icann.org. 2015060729 7200 3600 604800 3600 (99)
20:30:40.070259 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:30:40.070350 IP (tos 0x0, ttl 255, id 41101, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xb09a!] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:30:41.030668 IP (tos 0x0, ttl 55, id 287, offset 0, flags [DF], proto TCP (6), length 52)
    a23-55-155-27.deploy.static.akamaitechnologies.com.http > debian.local.34633: Flags [F.], cksum 0x390a (correct), seq 2963872418, ack 2506812272, win 486, options [nop,nop,TS val 90280310 ecr 24118], length 0
20:30:41.031615 IP (tos 0x0, ttl 64, id 46198, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.34633 > a23-55-155-27.deploy.static.akamaitechnologies.com.http: Flags [F.], cksum 0x7324 (incorrect -> 0x169e), seq 1, ack 1, win 1275, options [nop,nop,TS val 32140 ecr 90280310], length 0
20:30:41.063673 IP (tos 0x0, ttl 55, id 288, offset 0, flags [DF], proto TCP (6), length 52)
    a23-55-155-27.deploy.static.akamaitechnologies.com.http > debian.local.34633: Flags [.], cksum 0x1993 (correct), seq 1, ack 2, win 486, options [nop,nop,TS val 90280342 ecr 32140], length 0
20:30:41.070902 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:30:41.070978 IP (tos 0x0, ttl 255, id 41140, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xb09a!] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:30:43.073326 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:30:43.073415 IP (tos 0x0, ttl 255, id 41245, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xb09a!] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:30:43.729898 IP (tos 0x0, ttl 64, id 10609, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.60879 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0xf302!] 2020+ A? orange-ligne.com. (34)
20:30:43.729926 IP (tos 0x0, ttl 64, id 10610, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.60879 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0x09f6!] 61653+ AAAA? orange-ligne.com. (34)
20:30:43.731921 IP (tos 0x0, ttl 64, id 26752, offset 0, flags [DF], proto TCP (6), length 60)
    debian.local.33151 > vux.netsolhost.com.http: Flags [S], cksum 0x515f (incorrect -> 0xf318), seq 3758287023, win 14600, options [mss 1460,sackOK,TS val 32815 ecr 0,nop,wscale 4], length 0
20:30:43.732188 IP (tos 0x0, ttl 64, id 10611, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.55478 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0x4bf4!] 50187+ A? orange-ligne.com. (34)
20:30:43.758492 IP (tos 0x0, ttl 53, id 49946, offset 0, flags [none], proto UDP (17), length 190)
    ns0.fdn.org.domain > debian.local.60879: [udp sum ok] 2020 q: A? orange-ligne.com. 1/3/3 orange-ligne.com. A 206.188.193.200 ns: orange-ligne.com. NS b.ns.interland.net., orange-ligne.com. NS a.ns.interland.net., orange-ligne.com. NS c.ns.interland.net. ar: a.ns.interland.net. A 207.204.40.32, b.ns.interland.net. A 207.204.21.32, c.ns.interland.net. A 207.204.21.32 (162)
20:30:43.758683 IP (tos 0x0, ttl 53, id 49947, offset 0, flags [none], proto UDP (17), length 127)
    ns0.fdn.org.domain > debian.local.60879: [udp sum ok] 61653 q: AAAA? orange-ligne.com. 0/1/0 ns: orange-ligne.com. SOA a.ns.interland.net. hostmaster.interland.net. 2015060514 1800 900 864000 2560 (99)
20:30:43.760387 IP (tos 0x0, ttl 53, id 49948, offset 0, flags [none], proto UDP (17), length 190)
    ns0.fdn.org.domain > debian.local.55478: [udp sum ok] 50187 q: A? orange-ligne.com. 1/3/3 orange-ligne.com. A 206.188.193.200 ns: orange-ligne.com. NS a.ns.interland.net., orange-ligne.com. NS c.ns.interland.net., orange-ligne.com. NS b.ns.interland.net. ar: a.ns.interland.net. A 207.204.40.32, b.ns.interland.net. A 207.204.21.32, c.ns.interland.net. A 207.204.21.32 (162)
20:30:43.868863 IP (tos 0x0, ttl 239, id 52305, offset 0, flags [DF], proto TCP (6), length 64)
    vux.netsolhost.com.http > debian.local.33151: Flags [S.], cksum 0xc5ee (correct), seq 3282533991, ack 3758287024, win 4200, options [mss 1400,nop,wscale 0,nop,nop,TS val 849399876 ecr 32815,sackOK,eol], length 0
20:30:43.868915 IP (tos 0x0, ttl 64, id 26753, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.33151 > vux.netsolhost.com.http: Flags [.], cksum 0x5157 (incorrect -> 0x1231), seq 1, ack 1, win 913, options [nop,nop,TS val 32850 ecr 849399876], length 0
20:30:43.869143 IP (tos 0x0, ttl 64, id 26754, offset 0, flags [DF], proto TCP (6), length 543)
    debian.local.33151 > vux.netsolhost.com.http: Flags [P.], cksum 0x5342 (incorrect -> 0xe8fa), seq 1:492, ack 1, win 913, options [nop,nop,TS val 32850 ecr 849399876], length 491
20:30:44.010060 IP (tos 0x0, ttl 239, id 61672, offset 0, flags [DF], proto TCP (6), length 52)
    vux.netsolhost.com.http > debian.local.33151: Flags [.], cksum 0x00f6 (correct), seq 1, ack 492, win 4691, options [nop,nop,TS val 849400018 ecr 32850], length 0
20:30:44.065408 IP (tos 0x0, ttl 239, id 64694, offset 0, flags [DF], proto TCP (6), length 1049)
    vux.netsolhost.com.http > debian.local.33151: Flags [P.], cksum 0x882a (correct), seq 1:998, ack 492, win 4691, options [nop,nop,TS val 849400071 ecr 32850], length 997
20:30:44.973323 IP (tos 0x0, ttl 64, id 10763, offset 0, flags [DF], proto UDP (17), length 71)
    debian.local.45067 > ns0.fdn.org.domain: [bad udp cksum 0xba3f -> 0xe656!] 22541+ PTR? 27.155.55.23.in-addr.arpa. (43)
20:30:45.000091 IP (tos 0x0, ttl 53, id 50167, offset 0, flags [none], proto UDP (17), length 422)
    ns0.fdn.org.domain > debian.local.45067: [udp sum ok] 22541 q: PTR? 27.155.55.23.in-addr.arpa. 1/8/8 27.155.55.23.in-addr.arpa. PTR a23-55-155-27.deploy.static.akamaitechnologies.com. ns: 55.23.in-addr.arpa. NS ns2.reverse.deploy.akamaitechnologies.com., 55.23.in-addr.arpa. NS ns1.reverse.deploy.akamaitechnologies.com., 55.23.in-addr.arpa. NS ns4.reverse.deploy.akamaitechnologies.com., 55.23.in-addr.arpa. NS ns8.reverse.deploy.akamaitechnologies.com., 55.23.in-addr.arpa. NS ns5.reverse.deploy.akamaitechnologies.com., 55.23.in-addr.arpa. NS ns3.reverse.deploy.akamaitechnologies.com., 55.23.in-addr.arpa. NS ns6.reverse.deploy.akamaitechnologies.com., 55.23.in-addr.arpa. NS ns7.reverse.deploy.akamaitechnologies.com. ar: ns1.reverse.deploy.akamaitechnologies.com. A 96.7.50.32, ns2.reverse.deploy.akamaitechnologies.com. A 2.16.40.32, ns3.reverse.deploy.akamaitechnologies.com. A 23.74.25.32, ns4.reverse.deploy.akamaitechnologies.com. A 95.100.168.32, ns5.reverse.deploy.akamaitechnologies.com. A 95.100.173.32, ns6.reverse.deploy.akamaitechnologies.com. A 23.61.199.32, ns7.reverse.deploy.akamaitechnologies.com. A 184.26.161.32, ns8.reverse.deploy.akamaitechnologies.com. A 2.22.230.32 (394)
20:30:45.001409 IP (tos 0x0, ttl 64, id 10766, offset 0, flags [DF], proto UDP (17), length 74)
    debian.local.38366 > ns0.fdn.org.domain: [bad udp cksum 0xba42 -> 0x5293!] 27131+ PTR? 200.193.188.206.in-addr.arpa. (46)
20:30:45.028657 IP (tos 0x0, ttl 53, id 50173, offset 0, flags [none], proto UDP (17), length 181)
    ns0.fdn.org.domain > debian.local.38366: [udp sum ok] 27131 q: PTR? 200.193.188.206.in-addr.arpa. 1/2/2 200.193.188.206.in-addr.arpa. PTR vux.netsolhost.com. ns: 193.188.206.in-addr.arpa. NS ns1.netsol.com., 193.188.206.in-addr.arpa. NS ns2.netsol.com. ar: ns1.netsol.com. A 64.69.208.141, ns2.netsol.com. A 209.17.114.135 (153)
20:30:47.066587 IP (tos 0x0, ttl 64, id 26756, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.33151 > vux.netsolhost.com.http: Flags [F.], cksum 0x5157 (incorrect -> 0x0801), seq 492, ack 998, win 1038, options [nop,nop,TS val 33649 ecr 849400071], length 0
20:30:47.067523 IP (tos 0x0, ttl 239, id 32253, offset 0, flags [DF], proto TCP (6), length 52)
    vux.netsolhost.com.http > debian.local.33151: Flags [F.], cksum 0xf0ee (correct), seq 998, ack 492, win 4691, options [nop,nop,TS val 849403074 ecr 32899], length 0
20:30:47.067552 IP (tos 0x0, ttl 64, id 26757, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.33151 > vux.netsolhost.com.http: Flags [.], cksum 0x5157 (incorrect -> 0xfc44), seq 493, ack 999, win 1038, options [nop,nop,TS val 33649 ecr 849403074], length 0
20:30:47.202820 IP (tos 0x0, ttl 239, id 46396, offset 0, flags [DF], proto TCP (6), length 52)
    vux.netsolhost.com.http > debian.local.33151: Flags [F.], cksum 0xed77 (correct), seq 998, ack 493, win 4691, options [nop,nop,TS val 849403210 ecr 33649], length 0
20:30:48.660658 IP (tos 0x0, ttl 64, id 53442, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50190 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xbfd7), seq 1738120279, ack 1971033251, win 26136, length 0
20:30:48.687076 IP (tos 0x0, ttl 245, id 27102, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50190: Flags [.], cksum 0x089f (correct), seq 1, ack 1, win 7504, length 0
20:30:48.757375 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has debian.local tell 192.168.0.1, length 46
20:30:48.757399 ARP, Ethernet (len 6), IPv4 (len 4), Reply debian.local is-at 00:0e:2e:cb:a0:08 (oui Unknown), length 28
20:30:48.757616 IP (tos 0x0, ttl 64, id 11579, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.51921 > ns0.fdn.org.domain: [bad udp cksum 0xba3e -> 0x9ca9!] 20836+ PTR? 1.0.168.192.in-addr.arpa. (42)
20:30:48.783920 IP (tos 0x0, ttl 53, id 50318, offset 0, flags [none], proto UDP (17), length 147)
    ns0.fdn.org.domain > debian.local.51921: [udp sum ok] 20836 NXDomain q: PTR? 1.0.168.192.in-addr.arpa. 0/1/0 ns: 168.192.in-addr.arpa. SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800 (119)
20:30:48.884483 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:30:48.884559 IP (tos 0x0, ttl 255, id 42647, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xa896!] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:30:49.885998 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:30:49.886083 IP (tos 0x0, ttl 255, id 42703, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xa896!] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:30:51.886841 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:30:51.886929 IP (tos 0x0, ttl 255, id 43102, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xa896!] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:30:54.836677 IP (tos 0x0, ttl 64, id 19112, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xd72c), seq 1839, ack 71201, win 65535, length 0
20:30:54.863426 IP (tos 0x0, ttl 245, id 58222, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50187: Flags [.], cksum 0xb17b (correct), seq 71201, ack 1840, win 9648, length 0
20:30:58.708654 IP (tos 0x0, ttl 64, id 53443, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50190 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xbfd7), seq 0, ack 1, win 26136, length 0
20:30:58.735017 IP (tos 0x0, ttl 245, id 27103, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50190: Flags [.], cksum 0x089f (correct), seq 1, ack 1, win 7504, length 0
20:31:04.884657 IP (tos 0x0, ttl 64, id 19113, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xd72c), seq 1839, ack 71201, win 65535, length 0
20:31:04.910883 IP (tos 0x0, ttl 245, id 58223, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50187: Flags [.], cksum 0xb17b (correct), seq 71201, ack 1840, win 9648, length 0
20:31:08.756659 IP (tos 0x0, ttl 64, id 53444, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50190 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xbfd7), seq 0, ack 1, win 26136, length 0
20:31:08.782973 IP (tos 0x0, ttl 245, id 27104, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50190: Flags [.], cksum 0x089f (correct), seq 1, ack 1, win 7504, length 0
20:31:13.764650 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.1 tell debian.local, length 28
20:31:13.764888 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.0.1 is-at 00:0f:b5:7a:28:78 (oui Unknown), length 46
20:31:14.932656 IP (tos 0x0, ttl 64, id 19114, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xd72c), seq 1839, ack 71201, win 65535, length 0
20:31:14.959460 IP (tos 0x0, ttl 245, id 58224, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50187: Flags [.], cksum 0xb17b (correct), seq 71201, ack 1840, win 9648, length 0
20:31:18.804666 IP (tos 0x0, ttl 64, id 53445, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50190 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xbfd7), seq 0, ack 1, win 26136, length 0
20:31:18.831157 IP (tos 0x0, ttl 245, id 27105, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50190: Flags [.], cksum 0x089f (correct), seq 1, ack 1, win 7504, length 0
20:31:20.479400 IP (tos 0x0, ttl 245, id 27106, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50190: Flags [F.], cksum 0x089e (correct), seq 1, ack 1, win 7504, length 0
20:31:20.479633 IP (tos 0x0, ttl 64, id 53446, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50190 > cluster005.ovh.net.http: Flags [F.], cksum 0xb790 (incorrect -> 0xbfd4), seq 1, ack 2, win 26136, length 0
20:31:20.505903 IP (tos 0x0, ttl 245, id 27107, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50190: Flags [.], cksum 0x089d (correct), seq 2, ack 2, win 7504, length 0
20:31:24.980656 IP (tos 0x0, ttl 64, id 19115, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xd72c), seq 1839, ack 71201, win 65535, length 0
20:31:25.007284 IP (tos 0x0, ttl 245, id 58225, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50187: Flags [.], cksum 0xb17b (correct), seq 71201, ack 1840, win 9648, length 0
20:31:25.183436 IP (tos 0x0, ttl 64, id 18829, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.39187 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0xb80e!] 38804+ A? orange-ligne.com. (34)
20:31:25.183465 IP (tos 0x0, ttl 64, id 18830, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.39187 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0xcd31!] 33366+ AAAA? orange-ligne.com. (34)
20:31:25.184040 IP (tos 0x0, ttl 64, id 57167, offset 0, flags [DF], proto TCP (6), length 60)
    debian.local.33152 > vux.netsolhost.com.http: Flags [S], cksum 0x515f (incorrect -> 0x2414), seq 4149573605, win 14600, options [mss 1460,sackOK,TS val 43178 ecr 0,nop,wscale 4], length 0
20:31:25.210572 IP (tos 0x0, ttl 53, id 54200, offset 0, flags [none], proto UDP (17), length 190)
    ns0.fdn.org.domain > debian.local.39187: [udp sum ok] 38804 q: A? orange-ligne.com. 1/3/3 orange-ligne.com. A 206.188.193.200 ns: orange-ligne.com. NS c.ns.interland.net., orange-ligne.com. NS a.ns.interland.net., orange-ligne.com. NS b.ns.interland.net. ar: a.ns.interland.net. A 207.204.40.32, b.ns.interland.net. A 207.204.21.32, c.ns.interland.net. A 207.204.21.32 (162)
20:31:25.210830 IP (tos 0x0, ttl 53, id 54201, offset 0, flags [none], proto UDP (17), length 127)
    ns0.fdn.org.domain > debian.local.39187: [udp sum ok] 33366 q: AAAA? orange-ligne.com. 0/1/0 ns: orange-ligne.com. SOA a.ns.interland.net. hostmaster.interland.net. 2015060514 1800 900 864000 2560 (99)
20:31:25.322224 IP (tos 0x0, ttl 240, id 46638, offset 0, flags [DF], proto TCP (6), length 64)
    vux.netsolhost.com.http > debian.local.33152: Flags [S.], cksum 0x4b86 (correct), seq 2076692419, ack 4149573606, win 4200, options [mss 1400,nop,wscale 0,nop,nop,TS val 849441323 ecr 43178,sackOK,eol], length 0
20:31:25.322278 IP (tos 0x0, ttl 64, id 57168, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.33152 > vux.netsolhost.com.http: Flags [.], cksum 0x5157 (incorrect -> 0x97c8), seq 1, ack 1, win 913, options [nop,nop,TS val 43213 ecr 849441323], length 0
20:31:25.322612 IP (tos 0x0, ttl 64, id 57169, offset 0, flags [DF], proto TCP (6), length 543)
    debian.local.33152 > vux.netsolhost.com.http: Flags [P.], cksum 0x5342 (incorrect -> 0x6e92), seq 1:492, ack 1, win 913, options [nop,nop,TS val 43213 ecr 849441323], length 491
20:31:25.463872 IP (tos 0x0, ttl 240, id 61941, offset 0, flags [DF], proto TCP (6), length 52)
    vux.netsolhost.com.http > debian.local.33152: Flags [.], cksum 0x868d (correct), seq 1, ack 492, win 4691, options [nop,nop,TS val 849441465 ecr 43213], length 0
20:31:25.469640 IP (tos 0x0, ttl 240, id 62392, offset 0, flags [DF], proto TCP (6), length 1049)
    vux.netsolhost.com.http > debian.local.33152: Flags [P.], cksum 0x0ef0 (correct), seq 1:998, ack 492, win 4691, options [nop,nop,TS val 849441470 ecr 43213], length 997
20:31:25.469669 IP (tos 0x0, ttl 64, id 57170, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.33152 > vux.netsolhost.com.http: Flags [.], cksum 0x5157 (incorrect -> 0x90c3), seq 492, ack 998, win 1038, options [nop,nop,TS val 43250 ecr 849441470], length 0
20:31:25.688486 IP (tos 0x0, ttl 64, id 18932, offset 0, flags [DF], proto UDP (17), length 60)
    debian.local.35465 > ns0.fdn.org.domain: [bad udp cksum 0xba34 -> 0x8843!] 47459+ A? zazaou2015.com. (32)
20:31:25.688515 IP (tos 0x0, ttl 64, id 18933, offset 0, flags [DF], proto UDP (17), length 60)
    debian.local.35465 > ns0.fdn.org.domain: [bad udp cksum 0xba34 -> 0xc881!] 30986+ AAAA? zazaou2015.com. (32)
20:31:25.688994 IP (tos 0x0, ttl 64, id 18934, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.38690 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0x9e3b!] 21780+ A? img-a.woopic.com. (34)
20:31:25.689012 IP (tos 0x0, ttl 64, id 18935, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.38690 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0x450a!] 44586+ AAAA? img-a.woopic.com. (34)
20:31:25.707637 IP (tos 0x0, ttl 64, id 19116, offset 0, flags [DF], proto TCP (6), length 498)
    debian.local.50187 > cluster005.ovh.net.http: Flags [P.], cksum 0xb95a (incorrect -> 0x7e29), seq 1840:2298, ack 71201, win 65535, length 458
20:31:25.714778 IP (tos 0x0, ttl 53, id 54243, offset 0, flags [none], proto UDP (17), length 159)
    ns0.fdn.org.domain > debian.local.35465: [udp sum ok] 47459 q: A? zazaou2015.com. 1/2/2 zazaou2015.com. A 213.186.33.16 ns: zazaou2015.com. NS dns200.anycast.me., zazaou2015.com. NS ns200.anycast.me. ar: ns200.anycast.me. A 46.105.207.200, dns200.anycast.me. A 46.105.206.200 (131)
20:31:25.716676 IP (tos 0x0, ttl 53, id 54244, offset 0, flags [none], proto UDP (17), length 125)
    ns0.fdn.org.domain > debian.local.35465: [udp sum ok] 30986 q: AAAA? zazaou2015.com. 0/1/0 ns: zazaou2015.com. SOA dns200.anycast.me. tech.ovh.net. 2015080302 86400 3600 3600000 300 (97)
20:31:25.717187 IP (tos 0x0, ttl 53, id 54245, offset 0, flags [none], proto UDP (17), length 475)
    ns0.fdn.org.domain > debian.local.38690: [udp sum ok] 21780 q: A? img-a.woopic.com. 2/6/12 img-a.woopic.com. CNAME img.woopic.com., img.woopic.com. A 80.12.255.81 ns: woopic.com. NS ns6.fti.net., woopic.com. NS ns5.fti.net., woopic.com. NS ns4.fti.net., woopic.com. NS ns3.fti.net., woopic.com. NS ns2.fti.net., woopic.com. NS ns1.fti.net. ar: ns1.fti.net. A 193.252.149.49, ns1.fti.net. AAAA 2a01:c9c0:a2:87::49, ns2.fti.net. A 193.252.149.50, ns2.fti.net. AAAA 2a01:c9c0:a2:87::50, ns3.fti.net. A 193.252.121.105, ns3.fti.net. AAAA 2a01:c9c0:b2:110::105, ns4.fti.net. A 193.252.121.107, ns4.fti.net. AAAA 2a01:c9c0:b2:110::107, ns5.fti.net. A 81.52.142.107, ns5.fti.net. AAAA 2a01:c9c0:c2:224::107, ns6.fti.net. A 81.52.142.103, ns6.fti.net. AAAA 2a01:c9c0:c2:224::103 (447)
20:31:25.717715 IP (tos 0x0, ttl 53, id 54246, offset 0, flags [none], proto UDP (17), length 153)
    ns0.fdn.org.domain > debian.local.38690: [udp sum ok] 44586 q: AAAA? img-a.woopic.com. 1/1/0 img-a.woopic.com. CNAME img.woopic.com. ns: woopic.com. SOA ns1.fti.net. hostmaster.orangeportails.net. 2015073100 1800 900 1814400 1800 (125)
20:31:25.738322 IP (tos 0x0, ttl 245, id 58226, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50187: Flags [.], cksum 0xafb1 (correct), seq 71201, ack 2298, win 9648, length 0
20:31:25.875953 IP (tos 0x2,ECT(0), ttl 245, id 58227, offset 0, flags [none], proto TCP (6), length 507)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x8f51 (correct), seq 71201:71668, ack 2298, win 9648, length 467
20:31:25.875999 IP (tos 0x0, ttl 64, id 19117, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xd38e), seq 2298, ack 71668, win 65535, length 0
20:31:25.876097 IP (tos 0x2,ECT(0), ttl 245, id 58228, offset 0, flags [none], proto TCP (6), length 55)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x38aa (correct), seq 71668:71683, ack 2298, win 9648, length 15
20:31:25.876107 IP (tos 0x0, ttl 64, id 19118, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xd37f), seq 2298, ack 71683, win 65535, length 0
20:31:25.877389 IP (tos 0x2,ECT(0), ttl 245, id 58229, offset 0, flags [none], proto TCP (6), length 45)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x69a8 (correct), seq 71683:71688, ack 2298, win 9648, length 5
20:31:25.877428 IP (tos 0x0, ttl 64, id 19119, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xd37a), seq 2298, ack 71688, win 65535, length 0
20:31:25.945277 IP (tos 0x0, ttl 64, id 19120, offset 0, flags [DF], proto TCP (6), length 531)
    debian.local.50187 > cluster005.ovh.net.http: Flags [P.], cksum 0xb97b (incorrect -> 0xf343), seq 2298:2789, ack 71688, win 65535, length 491
20:31:25.976469 IP (tos 0x0, ttl 245, id 58230, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50187: Flags [.], cksum 0xabdf (correct), seq 71688, ack 2789, win 9648, length 0
20:31:25.982980 IP (tos 0x2,ECT(0), ttl 245, id 58231, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x5c49 (correct), seq 71688:73140, ack 2789, win 9648, length 1452
20:31:25.983026 IP (tos 0x0, ttl 64, id 19121, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xcbe3), seq 2789, ack 73140, win 65535, length 0
20:31:25.983058 IP (tos 0x2,ECT(0), ttl 245, id 58232, offset 0, flags [none], proto TCP (6), length 123)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0xbee9 (correct), seq 73140:73223, ack 2789, win 9648, length 83
20:31:25.983067 IP (tos 0x0, ttl 64, id 19122, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xcb90), seq 2789, ack 73223, win 65535, length 0
20:31:25.983455 IP (tos 0x2,ECT(0), ttl 245, id 58233, offset 0, flags [none], proto TCP (6), length 133)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0xc039 (correct), seq 73223:73316, ack 2789, win 9648, length 93
20:31:25.983470 IP (tos 0x0, ttl 64, id 19123, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xcb33), seq 2789, ack 73316, win 65535, length 0
20:31:25.984749 IP (tos 0x2,ECT(0), ttl 245, id 58234, offset 0, flags [none], proto TCP (6), length 340)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x23e9 (correct), seq 73316:73616, ack 2789, win 9648, length 300
20:31:25.984762 IP (tos 0x0, ttl 64, id 19124, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xca07), seq 2789, ack 73616, win 65535, length 0
20:31:26.128972 IP (tos 0x0, ttl 64, id 19125, offset 0, flags [DF], proto TCP (6), length 488)
    debian.local.50187 > cluster005.ovh.net.http: Flags [P.], cksum 0xb950 (incorrect -> 0x19b1), seq 2789:3237, ack 73616, win 65535, length 448
20:31:26.160183 IP (tos 0x0, ttl 245, id 58235, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50187: Flags [.], cksum 0xa297 (correct), seq 73616, ack 3237, win 9648, length 0
20:31:26.164499 IP (tos 0x2,ECT(0), ttl 245, id 58236, offset 0, flags [none], proto TCP (6), length 483)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x062e (correct), seq 73616:74059, ack 3237, win 9648, length 443
20:31:26.164546 IP (tos 0x0, ttl 64, id 19126, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xc68c), seq 3237, ack 74059, win 65535, length 0
20:31:26.166061 IP (tos 0x2,ECT(0), ttl 245, id 58237, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x1846 (correct), seq 74059:75511, ack 3237, win 9648, length 1452
...
20:31:26.279136 IP (tos 0x0, ttl 64, id 19147, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0x070c), seq 3237, ack 123083, win 65535, length 0
20:31:26.280662 IP (tos 0x2,ECT(0), ttl 245, id 58273, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0xd991 (correct), seq 123083:124535, ack 3237, win 9648, length 1452
20:31:26.282322 IP (tos 0x2,ECT(0), ttl 245, id 58274, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x3577 (correct), seq 124535:125987, ack 3237, win 9648, length 1452
20:31:26.282366 IP (tos 0x0, ttl 64, id 19148, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xfbb3), seq 3237, ack 125987, win 65535, length 0
20:31:26.283826 IP (tos 0x2,ECT(0), ttl 245, id 58275, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x665e (correct), seq 125987:127439, ack 3237, win 9648, length 1452
20:31:26.285526 IP (tos 0x2,ECT(0), ttl 245, id 58276, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x0539 (correct), seq 127439:128891, ack 3237, win 9648, length 1452
20:31:26.285582 IP (tos 0x0, ttl 64, id 19149, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xf05b), seq 3237, ack 128891, win 65535, length 0
20:31:26.287023 IP (tos 0x2,ECT(0), ttl 245, id 58277, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x6861 (correct), seq 128891:130343, ack 3237, win 9648, length 1452
20:31:26.288511 IP (tos 0x2,ECT(0), ttl 245, id 58278, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x9770 (correct), seq 130343:131795, ack 3237, win 9648, length 1452
20:31:26.288561 IP (tos 0x0, ttl 64, id 19150, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xe503), seq 3237, ack 131795, win 65535, length 0
20:31:26.290231 IP (tos 0x2,ECT(0), ttl 245, id 58279, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0xa364 (correct), seq 131795:133247, ack 3237, win 9648, length 1452
20:31:26.291707 IP (tos 0x2,ECT(0), ttl 245, id 58280, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x6a97 (correct), seq 133247:134699, ack 3237, win 9648, length 1452
20:31:26.291759 IP (tos 0x0, ttl 64, id 19151, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xd9ab), seq 3237, ack 134699, win 65535, length 0
20:31:26.293677 IP (tos 0x2,ECT(0), ttl 245, id 58281, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x42a4 (correct), seq 134699:136151, ack 3237, win 9648, length 1452
20:31:26.295234 IP (tos 0x2,ECT(0), ttl 245, id 58282, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x4b3a (correct), seq 136151:137603, ack 3237, win 9648, length 1452
20:31:26.295264 IP (tos 0x0, ttl 64, id 19152, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xce53), seq 3237, ack 137603, win 65535, length 0
20:31:26.296877 IP (tos 0x2,ECT(0), ttl 245, id 58283, offset 0, flags [none], proto TCP (6), length 1492)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0xd40c (correct), seq 137603:139055, ack 3237, win 9648, length 1452
20:31:26.298083 IP (tos 0x2,ECT(0), ttl 245, id 58284, offset 0, flags [none], proto TCP (6), length 1283)
    cluster005.ovh.net.http > debian.local.50187: Flags [P.], cksum 0x8279 (correct), seq 139055:140298, ack 3237, win 9648, length 1243
20:31:26.298121 IP (tos 0x0, ttl 64, id 19153, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50187 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xc3cc), seq 3237, ack 140298, win 65535, length 0

[email protected]:/home/angel# tcpdump -i eth1 -vv
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
20:38:56.203127 IP (tos 0x0, ttl 64, id 4499, offset 0, flags [DF], proto UDP (17), length 57)
    debian.local.36675 > ns0.fdn.org.domain: [bad udp cksum 0xba31 -> 0xecf7!] 1467+ A? oranvee.com. (29)
20:38:56.203157 IP (tos 0x0, ttl 64, id 4500, offset 0, flags [DF], proto UDP (17), length 57)
    debian.local.36675 > ns0.fdn.org.domain: [bad udp cksum 0xba31 -> 0x2750!] 45154+ AAAA? oranvee.com. (29)
20:38:56.203909 IP (tos 0x0, ttl 64, id 4501, offset 0, flags [DF], proto UDP (17), length 71)
    debian.local.47495 > ns0.fdn.org.domain: [bad udp cksum 0xba3f -> 0xe36c!] 21619+ PTR? 12.169.67.80.in-addr.arpa. (43)
20:38:56.225002 IP (tos 0x0, ttl 64, id 4505, offset 0, flags [DF], proto UDP (17), length 57)
    debian.local.40752 > ns0.fdn.org.domain: [bad udp cksum 0xba31 -> 0x0abc!] 55305+ A? oranvee.com. (29)
20:38:56.230887 IP (tos 0x0, ttl 53, id 36307, offset 0, flags [none], proto UDP (17), length 185)
    ns0.fdn.org.domain > debian.local.36675: [udp sum ok] 1467 q: A? oranvee.com. 1/3/3 oranvee.com. A 206.188.192.217 ns: oranvee.com. NS a.ns.interland.net., oranvee.com. NS c.ns.interland.net., oranvee.com. NS b.ns.interland.net. ar: a.ns.interland.net. A 207.204.40.32, b.ns.interland.net. A 207.204.21.32, c.ns.interland.net. A 207.204.21.32 (157)
20:38:56.231077 IP (tos 0x0, ttl 53, id 36308, offset 0, flags [none], proto UDP (17), length 122)
    ns0.fdn.org.domain > debian.local.36675: [udp sum ok] 45154 q: AAAA? oranvee.com. 0/1/0 ns: oranvee.com. SOA a.ns.interland.net. hostmaster.interland.net. 2015081314 1800 900 864000 2560 (94)
20:38:56.231848 IP (tos 0x0, ttl 53, id 36309, offset 0, flags [none], proto UDP (17), length 217)
    ns0.fdn.org.domain > debian.local.47495: [udp sum ok] 21619* q: PTR? 12.169.67.80.in-addr.arpa. 2/2/3 12.169.67.80.in-addr.arpa. PTR ns0.fdn.org., 12.169.67.80.in-addr.arpa. PTR ns0.fdn.fr. ns: 169.67.80.in-addr.arpa. NS guinness.fdn.fr., 169.67.80.in-addr.arpa. NS ns0.fdn.fr. ar: ns0.fdn.fr. A 80.67.169.12, ns0.fdn.fr. AAAA 2001:910:800::12, guinness.fdn.fr. A 80.67.169.9 (189)
20:38:56.232126 IP (tos 0x0, ttl 64, id 4506, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.36894 > ns0.fdn.org.domain: [bad udp cksum 0xba3e -> 0x87ef!] 41167+ PTR? 3.0.168.192.in-addr.arpa. (42)
20:38:56.251856 IP (tos 0x0, ttl 53, id 36314, offset 0, flags [none], proto UDP (17), length 185)
    ns0.fdn.org.domain > debian.local.40752: [udp sum ok] 55305 q: A? oranvee.com. 1/3/3 oranvee.com. A 206.188.192.217 ns: oranvee.com. NS a.ns.interland.net., oranvee.com. NS b.ns.interland.net., oranvee.com. NS c.ns.interland.net. ar: a.ns.interland.net. A 207.204.40.32, b.ns.interland.net. A 207.204.21.32, c.ns.interland.net. A 207.204.21.32 (157)
20:38:56.252232 IP (tos 0x0, ttl 64, id 9847, offset 0, flags [DF], proto TCP (6), length 60)
    debian.local.40768 > vux.netsolhost.com.http: Flags [S], cksum 0x5070 (incorrect -> 0x4916), seq 763971422, win 14600, options [mss 1460,sackOK,TS val 155945 ecr 0,nop,wscale 4], length 0
20:38:56.261211 IP (tos 0x0, ttl 53, id 36316, offset 0, flags [none], proto UDP (17), length 147)
    ns0.fdn.org.domain > debian.local.36894: [udp sum ok] 41167 NXDomain q: PTR? 3.0.168.192.in-addr.arpa. 0/1/0 ns: 168.192.in-addr.arpa. SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800 (119)
20:38:56.362083 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 3.0.168.192.in-addr.arpa. (42)
20:38:56.362179 IP (tos 0x0, ttl 255, id 780, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xa894!] 0 PTR (QM)? 3.0.168.192.in-addr.arpa. (42)
20:38:56.362405 IP (tos 0x0, ttl 255, id 781, offset 0, flags [DF], proto UDP (17), length 90)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1fe -> 0x24e7!] 0*- [0q] 1/0/0 3.0.168.192.in-addr.arpa. (Cache flush) PTR debian.local. (62)
20:38:56.363282 IP (tos 0x0, ttl 64, id 4512, offset 0, flags [DF], proto UDP (17), length 74)
    debian.local.59442 > ns0.fdn.org.domain: [bad udp cksum 0xba42 -> 0x1e14!] 19232+ PTR? 217.192.188.206.in-addr.arpa. (46)
20:38:56.372244 IP (tos 0x0, ttl 240, id 43791, offset 0, flags [DF], proto TCP (6), length 64)
    vux.netsolhost.com.http > debian.local.40768: Flags [S.], cksum 0x3f84 (correct), seq 3879580532, ack 763971423, win 4200, options [mss 1400,nop,wscale 0,nop,nop,TS val 849892353 ecr 155945,sackOK,eol], length 0
20:38:56.372320 IP (tos 0x0, ttl 64, id 9848, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.40768 > vux.netsolhost.com.http: Flags [.], cksum 0x5068 (incorrect -> 0x8bcb), seq 1, ack 1, win 913, options [nop,nop,TS val 155975 ecr 849892353], length 0
20:38:56.390533 IP (tos 0x0, ttl 53, id 36339, offset 0, flags [none], proto UDP (17), length 181)
    ns0.fdn.org.domain > debian.local.59442: [udp sum ok] 19232 q: PTR? 217.192.188.206.in-addr.arpa. 1/2/2 217.192.188.206.in-addr.arpa. PTR vux.netsolhost.com. ns: 192.188.206.in-addr.arpa. NS ns2.netsol.com., 192.188.206.in-addr.arpa. NS ns1.netsol.com. ar: ns1.netsol.com. A 64.69.208.141, ns2.netsol.com. A 209.17.114.135 (153)
20:38:56.390953 IP (tos 0x0, ttl 64, id 4519, offset 0, flags [DF], proto UDP (17), length 118)
    debian.local.51576 > ns0.fdn.org.domain: [bad udp cksum 0xba6e -> 0xa42f!] 25596+ PTR? b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. (90)
20:38:56.417899 IP (tos 0x0, ttl 53, id 36345, offset 0, flags [none], proto UDP (17), length 188)
    ns0.fdn.org.domain > debian.local.51576: [udp sum ok] 25596 NXDomain q: PTR? b.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa. 0/1/0 ns: ip6.arpa. SOA b.ip6-servers.arpa. hostmaster.icann.org. 2015072119 1800 900 604800 3600 (160)
20:38:56.418226 IP (tos 0x0, ttl 64, id 4520, offset 0, flags [DF], proto UDP (17), length 118)
    debian.local.37793 > ns0.fdn.org.domain: [bad udp cksum 0xba6e -> 0x3173!] 2832+ PTR? 8.0.0.a.b.c.e.f.f.f.e.2.e.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
20:38:56.446278 IP (tos 0x0, ttl 53, id 36346, offset 0, flags [none], proto UDP (17), length 153)
    ns0.fdn.org.domain > debian.local.37793: [udp sum ok] 2832 NXDomain* q: PTR? 8.0.0.a.b.c.e.f.f.f.e.2.e.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. 0/1/0 ns: 8.e.f.ip6.arpa. SOA 8.e.f.ip6.arpa. . 0 28800 7200 604800 86400 (125)
20:38:56.446658 IP (tos 0x0, ttl 64, id 4523, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.37430 > ns0.fdn.org.domain: [bad udp cksum 0xba3e -> 0xa272!] 35898+ PTR? 251.0.0.224.in-addr.arpa. (42)
20:38:56.473352 IP (tos 0x0, ttl 53, id 36347, offset 0, flags [none], proto UDP (17), length 127)
    ns0.fdn.org.domain > debian.local.37430: [udp sum ok] 35898 NXDomain q: PTR? 251.0.0.224.in-addr.arpa. 0/1/0 ns: 224.in-addr.arpa. SOA sns.dns.icann.org. noc.dns.icann.org. 2015060729 7200 3600 604800 3600 (99)
20:38:56.574019 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:38:56.574123 IP (tos 0x0, ttl 255, id 787, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xb09a!] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:38:57.574783 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:38:57.574871 IP (tos 0x0, ttl 255, id 944, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xb09a!] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:38:58.796407 IP (tos 0x0, ttl 64, id 4781, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.40150 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0xe416!] 26569+ A? orange-ligne.com. (34)
20:38:58.796433 IP (tos 0x0, ttl 64, id 4782, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.40150 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0x11e4!] 14817+ AAAA? orange-ligne.com. (34)
20:38:58.822250 IP (tos 0x0, ttl 53, id 36744, offset 0, flags [none], proto UDP (17), length 190)
    ns0.fdn.org.domain > debian.local.40150: [udp sum ok] 26569 q: A? orange-ligne.com. 1/3/3 orange-ligne.com. A 206.188.193.200 ns: orange-ligne.com. NS c.ns.interland.net., orange-ligne.com. NS b.ns.interland.net., orange-ligne.com. NS a.ns.interland.net. ar: a.ns.interland.net. A 207.204.40.32, b.ns.interland.net. A 207.204.21.32, c.ns.interland.net. A 207.204.21.32 (162)
20:38:58.824145 IP (tos 0x0, ttl 53, id 36745, offset 0, flags [none], proto UDP (17), length 127)
    ns0.fdn.org.domain > debian.local.40150: [udp sum ok] 14817 q: AAAA? orange-ligne.com. 0/1/0 ns: orange-ligne.com. SOA a.ns.interland.net. hostmaster.interland.net. 2015060514 1800 900 864000 2560 (99)
20:38:59.577305 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:38:59.577395 IP (tos 0x0, ttl 255, id 1022, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xb09a!] 0 PTR (QM)? 251.0.0.224.in-addr.arpa. (42)
20:39:01.227026 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has debian.local tell 192.168.0.1, length 46
20:39:01.227050 ARP, Ethernet (len 6), IPv4 (len 4), Reply debian.local is-at 00:0e:2e:cb:a0:08 (oui Unknown), length 28
20:39:01.372625 IP (tos 0x0, ttl 64, id 9849, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.40768 > vux.netsolhost.com.http: Flags [F.], cksum 0x5068 (incorrect -> 0x86e8), seq 1, ack 1, win 913, options [nop,nop,TS val 157225 ecr 849892353], length 0
20:39:01.476592 IP (tos 0x0, ttl 64, id 5151, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.37276 > ns0.fdn.org.domain: [bad udp cksum 0xba3e -> 0x11d9!] 5482+ PTR? 1.0.168.192.in-addr.arpa. (42)
20:39:01.491899 IP (tos 0x0, ttl 240, id 5786, offset 0, flags [DF], proto TCP (6), length 52)
    vux.netsolhost.com.http > debian.local.40768: Flags [.], cksum 0x6611 (correct), seq 1, ack 2, win 4200, options [nop,nop,TS val 849897473 ecr 157225], length 0
20:39:01.492219 IP (tos 0x0, ttl 240, id 5787, offset 0, flags [DF], proto TCP (6), length 52)
    vux.netsolhost.com.http > debian.local.40768: Flags [F.], cksum 0x6610 (correct), seq 1, ack 2, win 4200, options [nop,nop,TS val 849897473 ecr 157225], length 0
20:39:01.492240 IP (tos 0x0, ttl 64, id 31404, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.40768 > vux.netsolhost.com.http: Flags [.], cksum 0x72c9 (correct), seq 2, ack 2, win 913, options [nop,nop,TS val 157255 ecr 849897473], length 0
20:39:01.505200 IP (tos 0x0, ttl 53, id 36774, offset 0, flags [none], proto UDP (17), length 147)
    ns0.fdn.org.domain > debian.local.37276: [udp sum ok] 5482 NXDomain q: PTR? 1.0.168.192.in-addr.arpa. 0/1/0 ns: 168.192.in-addr.arpa. SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800 (119)
20:39:01.607313 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:39:01.607415 IP (tos 0x0, ttl 255, id 1243, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xa896!] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:39:02.608911 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:39:02.608999 IP (tos 0x0, ttl 255, id 1302, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xa896!] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:39:03.146809 IP (tos 0x0, ttl 64, id 47695, offset 0, flags [DF], proto TCP (6), length 60)
    debian.local.33201 > vux.netsolhost.com.http: Flags [S], cksum 0x515f (incorrect -> 0xfd53), seq 4175617450, win 14600, options [mss 1460,sackOK,TS val 157669 ecr 0,nop,wscale 4], length 0
20:39:03.283766 IP (tos 0x0, ttl 240, id 47479, offset 0, flags [DF], proto TCP (6), length 64)
    vux.netsolhost.com.http > debian.local.33201: Flags [S.], cksum 0xd1ea (correct), seq 2451967844, ack 4175617451, win 4200, options [mss 1400,nop,wscale 0,nop,nop,TS val 849899264 ecr 157669,sackOK,eol], length 0
20:39:03.283818 IP (tos 0x0, ttl 64, id 47696, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.33201 > vux.netsolhost.com.http: Flags [.], cksum 0x5157 (incorrect -> 0x1e2e), seq 1, ack 1, win 913, options [nop,nop,TS val 157703 ecr 849899264], length 0
20:39:04.610537 IP6 (hlim 255, next-header UDP (17) payload length: 50) fe80::20e:2eff:fecb:a008.mdns > ff02::fb.mdns: [udp sum ok] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:39:04.610643 IP (tos 0x0, ttl 255, id 1733, offset 0, flags [DF], proto UDP (17), length 70)
    debian.local.mdns > 224.0.0.251.mdns: [bad udp cksum 0xa1ea -> 0xa896!] 0 PTR (QM)? 1.0.168.192.in-addr.arpa. (42)
20:39:06.509295 IP (tos 0x0, ttl 64, id 5311, offset 0, flags [DF], proto UDP (17), length 74)
    debian.local.58787 > ns0.fdn.org.domain: [bad udp cksum 0xba42 -> 0x331e!] 14763+ PTR? 200.193.188.206.in-addr.arpa. (46)
20:39:06.536113 IP (tos 0x0, ttl 53, id 37505, offset 0, flags [none], proto UDP (17), length 181)
    ns0.fdn.org.domain > debian.local.58787: [udp sum ok] 14763 q: PTR? 200.193.188.206.in-addr.arpa. 1/2/2 200.193.188.206.in-addr.arpa. PTR vux.netsolhost.com. ns: 193.188.206.in-addr.arpa. NS ns1.netsol.com., 193.188.206.in-addr.arpa. NS ns2.netsol.com. ar: ns1.netsol.com. A 64.69.208.141, ns2.netsol.com. A 209.17.114.135 (153)
20:39:08.284331 IP (tos 0x0, ttl 64, id 47697, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.33201 > vux.netsolhost.com.http: Flags [F.], cksum 0x5157 (incorrect -> 0x194b), seq 1, ack 1, win 913, options [nop,nop,TS val 158953 ecr 849899264], length 0
20:39:08.421285 IP (tos 0x0, ttl 240, id 48906, offset 0, flags [DF], proto TCP (6), length 52)
    vux.netsolhost.com.http > debian.local.33201: Flags [.], cksum 0xf862 (correct), seq 1, ack 2, win 4200, options [nop,nop,TS val 849904401 ecr 158953], length 0
20:39:08.421483 IP (tos 0x0, ttl 240, id 48907, offset 0, flags [DF], proto TCP (6), length 52)
    vux.netsolhost.com.http > debian.local.33201: Flags [F.], cksum 0xf861 (correct), seq 1, ack 2, win 4200, options [nop,nop,TS val 849904401 ecr 158953], length 0
20:39:08.421507 IP (tos 0x0, ttl 64, id 18487, offset 0, flags [DF], proto TCP (6), length 52)
    debian.local.33201 > vux.netsolhost.com.http: Flags [.], cksum 0x0516 (correct), seq 2, ack 2, win 913, options [nop,nop,TS val 158988 ecr 849904401], length 0

hxxp://oranvee.com/2ff2e34/4f2e30dda1ef913/

hxxp://zazaou2015.com/14/connexion1/14b799925164e4c4324f346e60ac8bba/

Code : Tout sélectionner

20:41:38.362231 IP (tos 0x0, ttl 64, id 40432, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50259 > cluster005.ovh.net.http: Flags [F.], cksum 0xb790 (incorrect -> 0xcd11), seq 1, ack 1, win 14600, length 0
20:41:38.389170 IP (tos 0x0, ttl 245, id 51694, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50259: Flags [F.], cksum 0xef68 (correct), seq 1, ack 2, win 5808, length 0
20:41:38.389228 IP (tos 0x0, ttl 64, id 40433, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50259 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xcd10), seq 2, ack 2, win 14600, length 0
20:41:41.120181 IP (tos 0x0, ttl 64, id 60009, offset 0, flags [DF], proto TCP (6), length 60)
    debian.local.50260 > cluster005.ovh.net.http: Flags [S], cksum 0xb7a4 (incorrect -> 0xbf51), seq 3911051331, win 14600, options [mss 1460,sackOK,TS val 197162 ecr 0,nop,wscale 4], length 0
20:41:41.147203 IP (tos 0x0, ttl 118, id 60009, offset 0, flags [DF], proto TCP (6), length 48)
    cluster005.ovh.net.http > debian.local.50260: Flags [S.], cksum 0x9f24 (correct), seq 4254031829, ack 3911051332, win 14600, options [mss 1460,nop,nop,sackOK], length 0
20:41:41.147260 IP (tos 0x0, ttl 64, id 60010, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50260 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0xcbe8), seq 1, ack 1, win 14600, length 0
20:41:45.826782 IP (tos 0x0, ttl 64, id 21265, offset 0, flags [DF], proto UDP (17), length 60)
    debian.local.52353 > ns0.fdn.org.domain: [bad udp cksum 0xba34 -> 0x4455!] 47961+ A? zazaou2015.com. (32)
20:41:45.826811 IP (tos 0x0, ttl 64, id 21266, offset 0, flags [DF], proto UDP (17), length 60)
    debian.local.52353 > ns0.fdn.org.domain: [bad udp cksum 0xba34 -> 0x18d1!] 59074+ AAAA? zazaou2015.com. (32)
20:41:45.853976 IP (tos 0x0, ttl 53, id 61158, offset 0, flags [none], proto UDP (17), length 159)
    ns0.fdn.org.domain > debian.local.52353: [udp sum ok] 47961 q: A? zazaou2015.com. 1/2/2 zazaou2015.com. A 213.186.33.16 ns: zazaou2015.com. NS ns200.anycast.me., zazaou2015.com. NS dns200.anycast.me. ar: ns200.anycast.me. A 46.105.207.200, dns200.anycast.me. A 46.105.206.200 (131)
20:41:45.869961 IP (tos 0x0, ttl 53, id 61160, offset 0, flags [none], proto UDP (17), length 125)
    ns0.fdn.org.domain > debian.local.52353: [udp sum ok] 59074 q: AAAA? zazaou2015.com. 0/1/0 ns: zazaou2015.com. SOA dns200.anycast.me. tech.ovh.net. 2015080302 86400 3600 3600000 300 (97)
20:41:45.902789 IP (tos 0x0, ttl 64, id 60011, offset 0, flags [DF], proto TCP (6), length 498)
    debian.local.50260 > cluster005.ovh.net.http: Flags [P.], cksum 0xb95a (incorrect -> 0x72e6), seq 1:459, ack 1, win 14600, length 458
20:41:45.928901 IP (tos 0x0, ttl 64, id 60012, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50260 > cluster005.ovh.net.http: Flags [F.], cksum 0xb790 (incorrect -> 0xca1d), seq 459, ack 1, win 14600, length 0
20:41:45.933268 IP (tos 0x0, ttl 245, id 64528, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50260: Flags [.], cksum 0xea06 (correct), seq 1, ack 459, win 6432, length 0
20:41:45.967526 IP (tos 0x0, ttl 64, id 21267, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.60540 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0x6c48!] 36849+ A? orange-ligne.com. (34)
20:41:45.967556 IP (tos 0x0, ttl 64, id 21268, offset 0, flags [DF], proto UDP (17), length 62)
    debian.local.60540 > ns0.fdn.org.domain: [bad udp cksum 0xba36 -> 0x2303!] 55579+ AAAA? orange-ligne.com. (34)
20:41:45.993431 IP (tos 0x0, ttl 245, id 64529, offset 0, flags [none], proto TCP (6), length 40)
    cluster005.ovh.net.http > debian.local.50260: Flags [.], cksum 0xea05 (correct), seq 1, ack 460, win 6432, length 0
20:41:45.993860 IP (tos 0x0, ttl 53, id 61173, offset 0, flags [none], proto UDP (17), length 190)
    ns0.fdn.org.domain > debian.local.60540: [udp sum ok] 36849 q: A? orange-ligne.com. 1/3/3 orange-ligne.com. A 206.188.193.200 ns: orange-ligne.com. NS b.ns.interland.net., orange-ligne.com. NS a.ns.interland.net., orange-ligne.com. NS c.ns.interland.net. ar: a.ns.interland.net. A 207.204.40.32, b.ns.interland.net. A 207.204.21.32, c.ns.interland.net. A 207.204.21.32 (162)
20:41:45.995448 IP (tos 0x0, ttl 53, id 61174, offset 0, flags [none], proto UDP (17), length 127)
    ns0.fdn.org.domain > debian.local.60540: [udp sum ok] 55579 q: AAAA? orange-ligne.com. 0/1/0 ns: orange-ligne.com. SOA a.ns.interland.net. hostmaster.interland.net. 2015060514 1800 900 864000 2560 (99)
20:41:46.330721 IP (tos 0x0, ttl 64, id 37008, offset 0, flags [DF], proto TCP (6), length 60)
    debian.local.50261 > cluster005.ovh.net.http: Flags [S], cksum 0xb7a4 (incorrect -> 0xaa26), seq 1235458001, win 14600, options [mss 1460,sackOK,TS val 198465 ecr 0,nop,wscale 4], length 0
20:41:46.331246 IP (tos 0x0, ttl 64, id 61943, offset 0, flags [DF], proto TCP (6), length 60)
    debian.local.50262 > cluster005.ovh.net.http: Flags [S], cksum 0xb7a4 (incorrect -> 0xa3fe), seq 4041537206, win 14600, options [mss 1460,sackOK,TS val 198465 ecr 0,nop,wscale 4], length 0
20:41:46.357673 IP (tos 0x0, ttl 118, id 37008, offset 0, flags [DF], proto TCP (6), length 48)
    cluster005.ovh.net.http > debian.local.50261: Flags [S.], cksum 0x27d2 (correct), seq 1819433009, ack 1235458002, win 14600, options [mss 1460,nop,nop,sackOK], length 0
20:41:46.357730 IP (tos 0x0, ttl 64, id 37009, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50261 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0x5496), seq 1, ack 1, win 14600, length 0
20:41:46.357996 IP (tos 0x0, ttl 118, id 61943, offset 0, flags [DF], proto TCP (6), length 48)
    cluster005.ovh.net.http > debian.local.50262: Flags [S.], cksum 0x234f (correct), seq 2956726978, ack 4041537207, win 14600, options [mss 1460,nop,nop,sackOK], length 0
20:41:46.358011 IP (tos 0x0, ttl 64, id 61944, offset 0, flags [DF], proto TCP (6), length 40)
    debian.local.50262 > cluster005.ovh.net.http: Flags [.], cksum 0xb790 (incorrect -> 0x5013), seq 1, ack 1, win 14600, length 0
...
Le virement mensuel... bah non, rectifier par prélèvement mensuel sepa...
Pièces jointes
Phishing Orange 167.114.236.202
Phishing Orange 167.114.236.202
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
http://angelik.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image

ѠOOT
Geek à longue barbe
Geek à longue barbe
Messages : 1043
Inscription : 28 déc. 2011 19:39

Re: Pishing orange

Message par ѠOOT »

Bonjour,

Merci du signalement. Ajoutés à Signal Spam / Phishing Initiative / PhishTank.
http://www.phishtank.com/phish_detail.p ... id=3396225
http://www.phishtank.com/phish_detail.p ... id=3396232
http://www.phishtank.com/phish_detail.p ... id=3396244
http://www.phishtank.com/phish_detail.p ... id=3398628

DOMAIN NAME: ORANGE-LIGNE.COM ( 206.188.193.200 )
REGISTRY DOMAIN ID: 1935969841_DOMAIN_COM-VRSN
REGISTRAR WHOIS SERVER: WHOIS.REGISTER.COM
REGISTRANT NAME: PERFECT PRIVACY, LLC
CREATION DATE: 2015-06-05T22:29:47Z

DOMAIN NAME: ZAZAOU2015.COM ( 213.186.33.16 ) ⚜neutralisé⚜
REGISTRY DOMAIN ID: 1950805531_DOMAIN_COM-VRSN
REGISTRAR WHOIS SERVER: WHOIS.OVH.COM
Registrant Name: HDAY AZIZ
CREATION DATE: 2015-08-03T11:13:11.0Z

DOMAIN NAME: ORANVEE.COM ( 206.188.192.217 )
REGISTRY DOMAIN ID: 1952923373_DOMAIN_COM-VRSN
REGISTRAR WHOIS SERVER: WHOIS.REGISTER.COM
REGISTRANT NAME: PERFECT PRIVACY, LLC
CREATION DATE: 2015-08-13T21:58:00Z

DOMAIN NAME: HAKIMON.COM ( 213.186.33.16 ) ⚜neutralisé⚜
REGISTRY DOMAIN ID: 1953148541_DOMAIN_COM-VRSN
REGISTRAR WHOIS SERVER: WHOIS.OVH.COM
Registrant Name: JEAN LOUIS VIVAS
CREATION DATE: 2015-08-15T00:20:11.0Z


Vous souhaitez lutter contre les pourriels ? Alors agissez !
‮Vous aimez la sécurité informatique ? Dopez vos neurones, achetez MISCMAG !
...nuf rof tsuJ

Avatar de l’utilisateur
angelique
Geek à longue barbe
Geek à longue barbe
Messages : 30681
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne gauloise Fée Du Rosé
Contact :

Re: Pishing orange

Message par angelique »

Good PDT_018

Sans être paranoïaque, ça fait des années que je suis chez Orange et je n'ai jamais ce genre de phishing. Et comme par hasard suite à une prise de bec avec je sais pas qui de la plateforme 3900 à cause d'un déménagement et suite à des problèmes avec ma nouvelle ligne... Pouf! Je reçois ce genre de phishing le lendemain, lol.

Certes, ça doit être un pur hasard .....
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
http://angelik.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image

Malekal_morte
Site Admin
Site Admin
Messages : 104490
Inscription : 10 sept. 2005 13:57
Contact :

Re: Phishing Orange

Message par Malekal_morte »

Autre cas de Phishing Orange remonté par angélique.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus

Les tutoriels Windows 10 du moment : Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.

Malekal_morte
Site Admin
Site Admin
Messages : 104490
Inscription : 10 sept. 2005 13:57
Contact :

Re: Phishing Orange

Message par Malekal_morte »

Un nouveau Phishing Orange, un peu plus élaboré.
Ici le but est de faire croire que vous êtes abonnés à un service internet+ qui prélève tous les mois pour vous faire désinscrire.

Le mail contient un PDF :
Phishing Orange
Phishing Orange
Envoyé par agedeve.com et notamment par les serveurs :
X-ME-Helo: smtp-sh2.infomaniak.ch
X-ME-IP: 128.65.195.6
X-ME-Entity: ofr
Received: from smtp4.infomaniak.ch (smtp4.infomaniak.ch [84.16.68.92])
by smtp-sh.infomaniak.ch (8.14.5/8.14.5) with ESMTP id tAU5C3xg004777
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL);
Mon, 30 Nov 2015 06:12:03 +0100
Received: from webmail.infomaniak.ch (dmu115.infomaniak.ch [93.88.241.245])
(authenticated bits=0)
by smtp4.infomaniak.ch (8.14.5/8.14.5) with ESMTP id tAU5Bwxv028802
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
Mon, 30 Nov 2015 06:11:58 +0100
On retrouve le même serveur MX :
dig +short -t mx agedeve.com
5 mta-gw.infomaniak.ch.
Cela laisse penser que le compte mail a été utilisé.
Il est donc fort possible que le mail n'atterrisse pas en Spam/Phishing.

Le contenu du PDF, pas trop de faute :
Phishing Orange
Phishing Orange
qui conduit à une page qui demande des informations de connexions sur un domaine en Inde :
Phishing Orange
Phishing Orange
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus

Les tutoriels Windows 10 du moment : Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.

lilidurhone
Informaticien
Informaticien
Messages : 333
Inscription : 13 oct. 2011 07:42

Re: Phishing Orange

Message par lilidurhone »

Bonjour

En date d'hier
Orange <[email protected]> jan 20 à 2h21 PM

Mettre à jour vos informations de paiement

Nous avons été incapables de facturer votre compte avec des informations de paiement en cours. Pour veiller à ce que le service ne sera pas interrompu, s'il vous plaît mettre à jour vos informations de paiement.
Pour mettre à jour vos informations de paiement, cliquez sur: Identifiez-vous pour les Clients Orange alors vous serez invité à mettre à jour votre méthode de paiement.
Le lien redirige vers : hxxp://swagstar.dk/or/index.htm ( hors-service )
Image

Avatar de l’utilisateur
angelique
Geek à longue barbe
Geek à longue barbe
Messages : 30681
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne gauloise Fée Du Rosé
Contact :

Re: Pishing orange

Message par angelique »

Pishing sur une boite mail Orange dont je surveille actuellement

Code : Tout sélectionner

 Return-Path: <[email protected]>

Received: from mwinf5d42 (mwinf5c42.me-wanadoo.net [10.223.111.92])
by mwinb2505 with LMTPA;
Wed, 15 Jun 2016 18:56:29 +0200

X-Sieve: CMU Sieve 2.3

Received: from wwinf1z26 ([10.223.68.100])
by mwinf5d42 with ME
id 74wU1t00M29o7YS034wU4D; Wed, 15 Jun 2016 18:56:29 +0200

X-ME-User-Auth: [email protected]

X-bcc:**********@wanadoo.fr

X-me-spamcause: (0)(0000)gggruggvucftvghtrhhoucdtuddrfeekledrkeeigddutdehucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuoffgpdggtffipffkpdfqfgfvnecuu
egrihhlohhuthemucegtddtnecunecujfgurhepfffhrhfvkffugggtihesmhdttggstddtjeenucfhrhhomhepnhgvfihslhgvthhtvghrshcuoehthhhivghrrhihrdh
juhhvihhnsehorhgrnhhgvgdrfhhrqeenucffohhmrghinhepghifvdhrsgdrtghomhenucfkphepuddtrddvvdefrdeikedruddttddpkeelrddvfeekrddukeeirdduf
eejnecurfgrrhgrmhephhgvlhhopeiffihinhhfudiivdeipdhinhgvthepuddtrddvvdefrdeikedruddttddpmhgrihhlfhhrohhmpehthhhivghrrhihrdhjuhhvihh
nsehorhgrnhhgvgdrfhhrpdhrtghpthhtohephhgvlhhlihhoseifrghnrgguohhordhfrh

X-me-spamlevel: not-spam

X-ME-bounce-domain: wanadoo.fr

X-ME-Helo: wwinf1z26

X-ME-Auth: dGhpZXJyeS5qdXZpbkBvcmFuZ2UuZnI=

X-ME-Date: Wed, 15 Jun 2016 18:56:29 +0200

X-ME-IP: 89.238.186.137

X-ME-Entity: ofr

Date: Wed, 15 Jun 2016 18:56:28 +0200 (CEST)

From: newsletters <[email protected]>

Reply-To: newsletters <[email protected]>

To: "[email protected]" <[email protected]>

Message-ID: <[email protected]>

Subject: =?UTF-8?Q?=CE=99nfos_:_A_nos_=CE=B1bonn=C3=A9(e)s_orange_!?=

MIME-Version: 1.0

Content-Type: multipart/mixed;
boundary="----=_Part_77954_147954012.1466009788698"

X-Country-Code:

X-Cache-ID:

Message-Context: email-message

X-WUM-SignatureAdded:

X-Message-Size:

X-SAVECOPY: true

X-National-Code:

X-Cache-Entry:

X-Wum-ChannelType:

X-Originating-IP: 89.238.186.137

X-Wum-Nature: EMAIL-NATURE

X-WUM-FROM: |~|

X-WUM-TO: |~|

X-WUM-CCI: |~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~||~|

X-WUM-REPLYTO: |~|

Newsletters Juin 2016                                             
amene à hxxp://parametredelamessagerieorangweb.esy.es/


Image
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
http://angelik.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image

Avatar de l’utilisateur
angelique
Geek à longue barbe
Geek à longue barbe
Messages : 30681
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne gauloise Fée Du Rosé
Contact :

Re: Phishing Orange

Message par angelique »

Pishing Orange

Code : Tout sélectionner

curl -v http://chummedoll.temp.swtest.ru/32c12acc9a2efc3fa896bb3ebcd47ee7/index.php?XxlEKGJQ41665273=pOMPZo36YIs | more
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 77.222.61.114...
* Connected to chummedoll.temp.swtest.ru (77.222.61.114) port 80 (#0)
> GET /32c12acc9a2efc3fa896bb3ebcd47ee7/index.php?XxlEKGJQ41665273=pOMPZo36YIs HTTP/1.1
> Host: chummedoll.temp.swtest.ru
> User-Agent: curl/7.47.0
> Accept: */*
Pièces jointes
pishO.png
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
http://angelik.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Ne soyez pas Rat!Je fais parti des millions de pauvres en France
Image

Répondre

Revenir à « Actualité & News Informatique »