IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / ICQ/Yahoo Spoofer
Post #37,857
by cable4096
5/7/02 7:28:29 PM
Reply
New ICQ/Yahoo Spoofer
Someone has been spoofing my Cable4096 account again. I got the headers of the following email:


From cable4096@yahoo.com Tue May 7 12:19:26 2002
X-Apparently-To: cable4096@yahoo.com via web11601; 07 May 2002 12:08:24 -0700 (PDT)
Return-Path: (password@icq.com)
Received: from 195.175.130.56 (HELO localhost.com) (195.175.130.56) by mta401.mail.yahoo.com with SMTP; 07 May 2002 12:07:56 -0700 (PDT)
From: cable4096@yahoo.com | Block Address | Add to Address Book
Reply-to: password@icq.com
To: cable4096@yahoo.com
Date: Tue, 7 May 2002 22:19:26 +0300
Subject: Your ICQ Password
X-Mailer: MailXSender 1.02
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-3"
Content-Transfer-Encoding: base64
Content-Length: 6267


It then has a fake Yahoo Form that said my password is expired. I assume if I enter my password into this form that someone will steal it?

The IP traces to TTNET.NET.TR which I assume is Turkey?

Any ideas? I tried abuse@ttnet.net.tr but it bounced.
Post #37,908
by boxley
5/8/02 9:53:35 AM
Reply
New try the whois databases to find the owner of the segment
TAM ARIS QUAM ARMIPOTENS
Post #38,002
by orion
Picture of orion
5/8/02 10:51:01 PM
Reply
New The owner of the IP is
inetnum: 195.175.130.0 - 195.175.130.255
netname: TURKSAN
descr: Turksan Turizm A.S
country: TR
admin-c: AK2622-RIPE
tech-c: AK2622-RIPE
status: ASSIGNED PA
mnt-by: RIPE-NCC-NONE-MNT
changed: dnsadmin@turnet.net.tr 19981207
source: RIPE

route: 195.175.0.0/16
descr: TTnetTurkTelekom
origin: AS9121
mnt-by: AS9121-MNT
changed: ipg@telekom.gov.tr 20010529
changed: ipg@telekom.gov.tr 20020328
source: RIPE

person: Altan Karaca
address: Gazeteciler Sitesi Hikaye Sk.
address: No:3 Esentepe
address: Istanbul TURKEY
phone: +90 212 216 7118
nic-hdl: AK2622-RIPE
changed: dnsadmin@turnet.net.tr 19981207
source: RIPE

It is either this person, or someone who used their IP as a gateway/proxy.
I am free now, to choose my own destiny.
Post #38,063
by boxley
5/9/02 10:31:38 AM
Reply
New Not that person
He is the contact person for the class C licenses owned by the Tourism Company. You have the address and phone number, write a post card and let him know hackers are usin his class C.
thanx,
bill
TAM ARIS QUAM ARMIPOTENS
     ICQ/Yahoo Spoofer - (cable4096) - (3) - May 7, 2002, 07:28:29 PM EDT
         try the whois databases to find the owner of the segment -NT - (boxley) - (2) - May 8, 2002, 09:53:35 AM EDT
             The owner of the IP is - (orion) - (1) - May 8, 2002, 10:51:01 PM EDT
                 Not that person - (boxley) - May 9, 2002, 10:31:38 AM EDT

Reillusionment... what a concept.
35 ms