Hanley

Checked my home e-mails today and I received a mail from E-Bay confirming a listing for a Sony PSP + Game for £230 on Buy-It-Now. Buyer strictly stated he would only accept PayPal.

I clicked the link and there it was, up for sale under my E-Bay account, I knew nothing about it. I tried to sign into My Ebay to see what was going on and it wouldn't accept my password.

I managed to get my password reset and end the item but I'm worried about how the hell they have done this. I have reset / massively strengthened my passwords and checked PayPal etc which all seems in order.

Once I signed into my E-Bay I had a message of Change Password Confirmation from yesterday. Originating IP address was 62.172.222.157

I did a WHOIS and it states it is a PO BOX in Amsterdam, see below


Search results for: 62.172.222.157


OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 62.0.0.0 - 62.255.255.255
CIDR: 62.0.0.0/8
NetName: RIPE-C3
NetHandle: NET-62-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1997-04-25
Updated: 2005-08-03

# ARIN WHOIS database, last updated 2005-10-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


Doesn't tell me a great deal.

I've mailed E-Bay as I now have £88 worth of listing fees which I'm not paying. Has this happened to anyone else??

Hanley

scoob_dood

Try below, not sure how you got your results:

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-pr...-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag

% Information related to '62.172.222.144 - 62.172.222.159'

inetnum: 62.172.222.144 - 62.172.222.159
netname: ICL
descr: ICL
country: GB
admin-c: PE1673-RIPE
tech-c: PE1673-RIPE
status: ASSIGNED PA "status:" definitions
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE # Filtered

person: Paul Evans
address: ICL
address: Cray House
address: 3 Maidstone Road
address: Sidcup
address: Kent
address: DA14 5HT
phone: +44 20 8309 6633
fax-no: +44 20 8308 6579
nic-hdl: PE1673-RIPE
source: RIPE # Filtered

% Information related to '62.172.0.0/16AS2856'

route: 62.172.0.0/16
descr: BTnet UK Core
origin: AS2856
mnt-by: BTNET-MNT
source: RIPE # Filtered

# Bold: Object type.

wwp8

if that is the guy, ring him up pretending to be the police,

give him his own details like if you know alot about him.

might not do much, but at least give him the ****s.



or send him dead rats in the post.

Hanley

Never heard of the guy

I will pass his details onto E-Bay and hopefully they will investigate

easyrider

Pass the details to the Police-If that is the person-theres a very high chance that they are conning £1000's from unsuspecting ebayers,if it isnt,then theres no probs.

Petem95

Similar thing happened to my Dad's ebay account a couple of years back. Someone listed a load of stuff which he hadnt. After contacting Ebay they sorted it all out.

Also I very much doubt thats the guys name and address - unless hes got a fixed IP I cant see how you could find out someones details from their IP.

Luminous

iTrader: (3)

I just did a search on my own IP address using the tools listed above. The names, addresses and telephone numbesr ALL relate to my ISP.

None of the information held there relates directly to me in any way.

mike1210

the isp should keep a log of who was assigned what ip address even if they are dynamic addresses, wheather or not they would give you that information is another matter. I remember reading about someone sending the president a death threat and police and isp traced the source to a british school. This is a different thing though, and it would depend on how Meticulous the ISP is at keeping logs and to what lengths they gone to to disguise themselves

carl

Hanley, you have done an IP address lookup on a US database (ARIN) and they have confirmed the whole address range 62.0.0.0/8 (thats 2^24 addresses, so around 16.7 million) is registered to RIPE. RIPE is the European IP numbering authority. So any address beginning with 62 is registered to them -- yours is, mine is, etc. You need to do a lookup on the RIPE database to find out who the address is actually registered to. Which luckily scoob_dood has done for you. Although the address appears to be in the BTnet core (AS2856), which is odd to say the least.

oobster

Dunno much about techy stuff, but i'd do a full virus check, ad-aware check & make sure your firewall is up to date & isn't allowing any key-stroke recording software you may have inadvertantly downloaded to access the internet. CCleaner is also worht downloading & running.

Hope this helps.

scooby595

We've just had a fraud case go on, that originated from E-Bay, was to do with mobile phones using our credit card. Anyway cut a long story short, even though the police had all the needed details to investigate and catch the guy who was involved their main concern was that we get our money back.

Once they'd given us a crime number that was it, case closed. And why weren't they interested in prosecution ??? There exact words "too much paperwork" !!!

So what am I trying to say ?? Don't expect to get too much help from the police, they'll give you the crime number and thats that.

NotoriousREV

Almost certainly spoofed