E-Bay Fraud!!!
#1
Scooby Regular
Thread Starter
Join Date: May 2002
Location: Liverpool
Posts: 3,229
Likes: 0
Received 0 Likes
on
0 Posts
E-Bay Fraud!!!
Checked my home e-mails today and I received a mail from E-Bay confirming a listing for a Sony PSP + Game for £230 on Buy-It-Now. Buyer strictly stated he would only accept PayPal.
I clicked the link and there it was, up for sale under my E-Bay account, I knew nothing about it. I tried to sign into My Ebay to see what was going on and it wouldn't accept my password.
I managed to get my password reset and end the item but I'm worried about how the hell they have done this. I have reset / massively strengthened my passwords and checked PayPal etc which all seems in order.
Once I signed into my E-Bay I had a message of Change Password Confirmation from yesterday. Originating IP address was 62.172.222.157
I did a WHOIS and it states it is a PO BOX in Amsterdam, see below
Search results for: 62.172.222.157
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 62.0.0.0 - 62.255.255.255
CIDR: 62.0.0.0/8
NetName: RIPE-C3
NetHandle: NET-62-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1997-04-25
Updated: 2005-08-03
# ARIN WHOIS database, last updated 2005-10-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Doesn't tell me a great deal.
I've mailed E-Bay as I now have £88 worth of listing fees which I'm not paying. Has this happened to anyone else??
Hanley
I clicked the link and there it was, up for sale under my E-Bay account, I knew nothing about it. I tried to sign into My Ebay to see what was going on and it wouldn't accept my password.
I managed to get my password reset and end the item but I'm worried about how the hell they have done this. I have reset / massively strengthened my passwords and checked PayPal etc which all seems in order.
Once I signed into my E-Bay I had a message of Change Password Confirmation from yesterday. Originating IP address was 62.172.222.157
I did a WHOIS and it states it is a PO BOX in Amsterdam, see below
Search results for: 62.172.222.157
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 62.0.0.0 - 62.255.255.255
CIDR: 62.0.0.0/8
NetName: RIPE-C3
NetHandle: NET-62-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1997-04-25
Updated: 2005-08-03
# ARIN WHOIS database, last updated 2005-10-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Doesn't tell me a great deal.
I've mailed E-Bay as I now have £88 worth of listing fees which I'm not paying. Has this happened to anyone else??
Hanley
#2
Try below, not sure how you got your results:
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-pr...-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '62.172.222.144 - 62.172.222.159'
inetnum: 62.172.222.144 - 62.172.222.159
netname: ICL
descr: ICL
country: GB
admin-c: PE1673-RIPE
tech-c: PE1673-RIPE
status: ASSIGNED PA "status:" definitions
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE # Filtered
person: Paul Evans
address: ICL
address: Cray House
address: 3 Maidstone Road
address: Sidcup
address: Kent
address: DA14 5HT
phone: +44 20 8309 6633
fax-no: +44 20 8308 6579
nic-hdl: PE1673-RIPE
source: RIPE # Filtered
% Information related to '62.172.0.0/16AS2856'
route: 62.172.0.0/16
descr: BTnet UK Core
origin: AS2856
mnt-by: BTNET-MNT
source: RIPE # Filtered
# Bold: Object type.
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.ripe.net/db/news/abuse-pr...-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '62.172.222.144 - 62.172.222.159'
inetnum: 62.172.222.144 - 62.172.222.159
netname: ICL
descr: ICL
country: GB
admin-c: PE1673-RIPE
tech-c: PE1673-RIPE
status: ASSIGNED PA "status:" definitions
mnt-by: BTNET-MNT
mnt-lower: BTNET-MNT
mnt-routes: BTNET-MNT
source: RIPE # Filtered
person: Paul Evans
address: ICL
address: Cray House
address: 3 Maidstone Road
address: Sidcup
address: Kent
address: DA14 5HT
phone: +44 20 8309 6633
fax-no: +44 20 8308 6579
nic-hdl: PE1673-RIPE
source: RIPE # Filtered
% Information related to '62.172.0.0/16AS2856'
route: 62.172.0.0/16
descr: BTnet UK Core
origin: AS2856
mnt-by: BTNET-MNT
source: RIPE # Filtered
# Bold: Object type.
Originally Posted by Hanley
Checked my home e-mails today and I received a mail from E-Bay confirming a listing for a Sony PSP + Game for £230 on Buy-It-Now. Buyer strictly stated he would only accept PayPal.
I clicked the link and there it was, up for sale under my E-Bay account, I knew nothing about it. I tried to sign into My Ebay to see what was going on and it wouldn't accept my password.
I managed to get my password reset and end the item but I'm worried about how the hell they have done this. I have reset / massively strengthened my passwords and checked PayPal etc which all seems in order.
Once I signed into my E-Bay I had a message of Change Password Confirmation from yesterday. Originating IP address was 62.172.222.157
I did a WHOIS and it states it is a PO BOX in Amsterdam, see below
Search results for: 62.172.222.157
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 62.0.0.0 - 62.255.255.255
CIDR: 62.0.0.0/8
NetName: RIPE-C3
NetHandle: NET-62-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1997-04-25
Updated: 2005-08-03
# ARIN WHOIS database, last updated 2005-10-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Doesn't tell me a great deal.
I've mailed E-Bay as I now have £88 worth of listing fees which I'm not paying. Has this happened to anyone else??
Hanley
I clicked the link and there it was, up for sale under my E-Bay account, I knew nothing about it. I tried to sign into My Ebay to see what was going on and it wouldn't accept my password.
I managed to get my password reset and end the item but I'm worried about how the hell they have done this. I have reset / massively strengthened my passwords and checked PayPal etc which all seems in order.
Once I signed into my E-Bay I had a message of Change Password Confirmation from yesterday. Originating IP address was 62.172.222.157
I did a WHOIS and it states it is a PO BOX in Amsterdam, see below
Search results for: 62.172.222.157
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 62.0.0.0 - 62.255.255.255
CIDR: 62.0.0.0/8
NetName: RIPE-C3
NetHandle: NET-62-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1997-04-25
Updated: 2005-08-03
# ARIN WHOIS database, last updated 2005-10-13 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Doesn't tell me a great deal.
I've mailed E-Bay as I now have £88 worth of listing fees which I'm not paying. Has this happened to anyone else??
Hanley
#3
Scooby Regular
Join Date: Nov 2001
Location: sheffield
Posts: 4,093
Likes: 0
Received 0 Likes
on
0 Posts
if that is the guy, ring him up pretending to be the police,
give him his own details like if you know alot about him.
might not do much, but at least give him the ****s.
or send him dead rats in the post.
give him his own details like if you know alot about him.
might not do much, but at least give him the ****s.
or send him dead rats in the post.
#6
Scooby Regular
Join Date: Sep 2003
Location: Scoobynet
Posts: 5,387
Likes: 0
Received 0 Likes
on
0 Posts
Similar thing happened to my Dad's ebay account a couple of years back. Someone listed a load of stuff which he hadnt. After contacting Ebay they sorted it all out.
Also I very much doubt thats the guys name and address - unless hes got a fixed IP I cant see how you could find out someones details from their IP.
Also I very much doubt thats the guys name and address - unless hes got a fixed IP I cant see how you could find out someones details from their IP.
#7
Scooby Regular
iTrader: (3)
Join Date: Aug 2004
Location: Muppetising life
Posts: 15,449
Likes: 0
Received 0 Likes
on
0 Posts
I just did a search on my own IP address using the tools listed above. The names, addresses and telephone numbesr ALL relate to my ISP.
None of the information held there relates directly to me in any way.
None of the information held there relates directly to me in any way.
Trending Topics
#8
Scooby Regular
Join Date: Apr 2004
Location: Cardiff
Posts: 1,928
Likes: 0
Received 0 Likes
on
0 Posts
the isp should keep a log of who was assigned what ip address even if they are dynamic addresses, wheather or not they would give you that information is another matter. I remember reading about someone sending the president a death threat and police and isp traced the source to a british school. This is a different thing though, and it would depend on how Meticulous the ISP is at keeping logs and to what lengths they gone to to disguise themselves
Last edited by mike1210; 18 October 2005 at 08:51 AM.
#9
Hanley, you have done an IP address lookup on a US database (ARIN) and they have confirmed the whole address range 62.0.0.0/8 (thats 2^24 addresses, so around 16.7 million) is registered to RIPE. RIPE is the European IP numbering authority. So any address beginning with 62 is registered to them -- yours is, mine is, etc. You need to do a lookup on the RIPE database to find out who the address is actually registered to. Which luckily scoob_dood has done for you. Although the address appears to be in the BTnet core (AS2856), which is odd to say the least.
#10
Dunno much about techy stuff, but i'd do a full virus check, ad-aware check & make sure your firewall is up to date & isn't allowing any key-stroke recording software you may have inadvertantly downloaded to access the internet. CCleaner is also worht downloading & running.
Hope this helps.
Hope this helps.
#11
We've just had a fraud case go on, that originated from E-Bay, was to do with mobile phones using our credit card. Anyway cut a long story short, even though the police had all the needed details to investigate and catch the guy who was involved their main concern was that we get our money back.
Once they'd given us a crime number that was it, case closed. And why weren't they interested in prosecution ??? There exact words "too much paperwork" !!!
So what am I trying to say ?? Don't expect to get too much help from the police, they'll give you the crime number and thats that.
Once they'd given us a crime number that was it, case closed. And why weren't they interested in prosecution ??? There exact words "too much paperwork" !!!
So what am I trying to say ?? Don't expect to get too much help from the police, they'll give you the crime number and thats that.
Thread
Thread Starter
Forum
Replies
Last Post
andrewdelvard
Non Scooby Related
15
16 September 2003 10:10 AM
scoobysnacks
ScoobyNet General
2
13 March 2001 09:51 AM