• Using WHOIS

    From Björn Felten@2:203/2 to All on Sun Mar 10 01:38:26 2019
    Thanks to stupid EU regulations, using WHOIS to find out who is the "owner" of a certain domain is no longer possible.

    Maybe someone from outside of EU can do better than I did in the previous message?



    ..

    --- Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.9.1.16) Gecko/20101125
    * Origin: news://eljaco.se (2:203/2)
  • From Ben Ritchey@1:393/68 to Björn Felten on Sat Mar 9 19:21:43 2019
    * An ongoing debate between Bj”rn Felten and All rages on ...

    Thanks to stupid EU regulations, using WHOIS to find out who is the "owner" of a certain domain is no longer possible.
    Maybe someone from outside of EU can do better than I did in the previous message?


    === Cut ===
    Domain Name: fidonet.org
    Registry Domain ID: D2802805-LROR
    Registrar WHOIS Server: WHOIS.ENOM.COM
    Registrar URL: WWW.ENOM.COM
    Updated Date: 2019-02-25T04:52:50.00Z
    Creation Date: 1988-02-25T05:00:00.00Z
    Registrar Registration Expiration Date: 2020-02-26T05:00:00.00Z
    Registrar: ENOM, INC.
    Registrar IANA ID: 48
    Domain Status: clienttransferprohibited https://www.icann.org/epp#clienttransferprohibited
    Registrant Name: Whois Agent
    Registrant Organization: Whois Privacy Protection Service, Inc.
    Registrant Street: PO Box 639
    Registrant Street: C/O fidonet.org
    Registrant City: Kirkland
    Registrant State/Province: WA
    Registrant Postal Code: 98083
    Registrant Country: US
    Registrant Phone: +1.4252740657
    Registrant Phone Ext:
    Registrant Fax: +1.4259744730
    Registrant Email: rykghvvyh@whoisprivacyprotect.com
    Admin Name: Whois Agent
    Admin Organization: Whois Privacy Protection Service, Inc.
    Admin Street: PO Box 639
    Admin Street: C/O fidonet.org
    Admin City: Kirkland
    Admin State/Province: WA
    Admin Postal Code: 98083
    Admin Country: US
    Admin Phone: +1.4252740657
    Admin Phone Ext:
    Admin Fax: +1.4259744730
    Admin Email: rykghvvyh@whoisprivacyprotect.com
    Tech Name: Whois Agent
    Tech Organization: Whois Privacy Protection Service, Inc.
    Tech Street: PO Box 639
    Tech Street: C/O fidonet.org
    Tech City: Kirkland
    Tech State/Province: WA
    Tech Postal Code: 98083
    Tech Country: US
    Tech Phone: +1.4252740657
    Tech Phone Ext:
    Tech Fax: +1.4259744730
    Tech Email: rykghvvyh@whoisprivacyprotect.com
    Name Server: A.AUTH-NS.SONIC.NET
    Name Server: B.AUTH-NS.SONIC.NET
    Name Server: C.AUTH-NS.SONIC.NET
    Name Server: NS.BOFH.IT
    Name Server: NS.FIDONET.ORG.UA
    DNSSEC: UNSIGNED
    Registrar Abuse Contact Email: ABUSE@ENOM.COM
    Registrar Abuse Contact Phone: +1.4259744689
    URL of the ICANN WHOIS Data Problem Reporting System: HTTP://WDPRS.INTERNIC.NET/

    Last update of WHOIS database: 2019-02-25T04:52:50.00Z <<<

    For more information on Whois status codes, please visit https://icann.org/epp


    The data in this whois database is provided to you for information
    purposes only, that is, to assist you in obtaining information about or
    related to a domain name registration record. We make this information available "as is," and do not guarantee its accuracy. By submitting a
    whois query, you agree that you will use this data only for lawful
    purposes and that, under no circumstances will you use this data to: (1)
    enable high volume, automated, electronic processes that stress or load
    this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited,
    commercial advertising or solicitations via direct mail, electronic
    mail, or by telephone. The compilation, repackaging, dissemination or
    other use of this data is expressly prohibited without prior written
    consent from us.

    We reserve the right to modify these terms at any time. By submitting
    this query, you agree to abide by these terms.
    Version 6.3 4/3/2002
    === Cut ===


    .- Keep the faith, --------------------------------------------------.
    | |
    | Ben aka cMech Web: http|ftp|binkp|telnet|ssh://cmech.dynip.com |
    | |
    | vvvvvv Email: fido4cmechSPAM(at)lusfiberBLOCK.net |
    | { O O } Home page: http://cmech.dynip.com/homepage/ |
    | __m___oo___m__ |
    `--| | | |-- -------------------------------------------------'

    ... An amusing concept no doubt but the dish itself will brutalize your soul. --- GoldED+/W32-MSVC v1.1.5-g20180902 +Mystic 1.12 pa43/W32 2019/02/17 17:02:07
    * Origin: FIDONet - The Positronium Repository (1:393/68)
  • From Björn Felten@2:203/2 to Ben Ritchey on Sun Mar 10 04:41:28 2019
    Registrant Name: Whois Agent
    Registrant Organization: Whois Privacy Protection Service, Inc.
    Registrant Street: PO Box 639
    Registrant Street: C/O fidonet.org
    Registrant City: Kirkland
    Registrant State/Province: WA
    Registrant Postal Code: 98083
    Registrant Country: US
    Registrant Phone: +1.4252740657
    Registrant Phone Ext:
    Registrant Fax: +1.4259744730
    Registrant Email: rykghvvyh@whoisprivacyprotect.com

    Thanks a million, Ben. A lot more info than we get from within castle EU. But still a wee bit anonymous?

    Who is this registrar, that needs to be privacy protected like this? Surely somebody must know?

    The plot thickens...



    ..

    --- Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.9.1.16) Gecko/20101125
    * Origin: news://eljaco.se (2:203/2)
  • From Björn Felten@2:203/2 to Ben Ritchey on Sun Mar 10 04:48:10 2019
    Domain Status: clienttransferprohibited

    This status code tells your domain's registry to reject requests to transfer the domain from your current registrar to another.

    This status indicates that it is not possible to transfer the domain name registration, which will help prevent unauthorized transfers resulting from hijacking and/or fraud. If you do want to transfer your domain, you must first contact your registrar and request that they remove this status code.

    So, we are fucked until the person that has hijacked our domain gives up trying to make money from it?




    ..

    --- Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.9.1.16) Gecko/20101125
    * Origin: news://eljaco.se (2:203/2)
  • From Wilfred van Velzen@2:280/464 to Bj”rn Felten on Sun Mar 10 12:45:54 2019
    Hi Bj”rn,

    On 2019-03-10 04:48:10, you wrote to Ben Ritchey:

    So, we are fucked until the person that has hijacked our domain gives
    up trying to make money from it?

    I think you're drawing the wrong conclusion and not looking far enough:

    # dig www.fidonet.org

    ; <<>> DiG 9.9.9-P1 <<>> www.fidonet.org
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26322
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;www.fidonet.org. IN A

    ;; ANSWER SECTION:
    www.fidonet.org. 86400 IN CNAME fidonet.fidonet.org. fidonet.fidonet.org. 86400 IN A 85.94.204.146

    ;; Query time: 477 msec
    ;; SERVER: 194.109.6.66#53(194.109.6.66)
    ;; WHEN: Sun Mar 10 12:43:51 CET 2019
    ;; MSG SIZE rcvd: 82


    # whois 85.94.204.146
    % This is the RIPE Database query service.
    % The objects are in RPSL format.
    %
    % The RIPE Database is subject to Terms and Conditions.
    % See http://www.ripe.net/db/support/db-terms-conditions.pdf

    % Note: this output has been filtered.
    % To receive output for a database update, use the "-B" flag.

    % Information related to '85.94.204.144 - 85.94.204.159'

    % Abuse contact for '85.94.204.144 - 85.94.204.159' is 'abuse@seeweb.it'

    inetnum: 85.94.204.144 - 85.94.204.159
    netname: BOFH-IT
    descr: bofh.it network services
    country: IT
    admin-c: MDI-RIPE
    tech-c: MDI-RIPE
    status: ASSIGNED PA
    mnt-by: SEEWEB-MNT
    mnt-irt: IRT-MDI
    created: 2010-05-14T20:20:58Z
    last-modified: 2010-05-14T20:20:58Z
    source: RIPE

    person: Marco d'Itri
    address: c/o ITGate.Net
    address: Corso Svizzera 185
    address: I-10149 Turin
    phone: +39 011 2301000
    fax-no: +39 011 2309384
    nic-hdl: MDI-RIPE
    remarks: PGP: PGPKEY-8DC968B0
    mnt-by: MDI-MNT
    created: 2002-07-04T12:31:31Z
    last-modified: 2014-01-24T15:21:24Z
    source: RIPE # Filtered

    % Information related to '85.94.192.0/19AS12637'

    route: 85.94.192.0/19
    descr: Seeweb s.r.l.
    origin: AS12637
    mnt-by: SEEWEB-MNT
    created: 2012-08-12T23:58:04Z
    last-modified: 2012-08-12T23:58:04Z
    source: RIPE

    % This query was served by the RIPE Database Query Service version 1.93.2 (BLAARKOP)


    So it's still pointing to a website under control by Marco d'Itri, who I think has had it under his control for the last decade or longer. Ward knows...

    Bye, Wilfred.

    --- FMail-lnx64 2.1.0.18-B20170815
    * Origin: FMail development HQ (2:280/464)
  • From Ward Dossche@2:292/854 to All on Sun Mar 10 13:21:16 2019
    So it's still pointing to a website under control by Marco d'Itri, who I think has had it under his control for the last decade or longer. Ward knows...

    Indeed ...

    There's no new information here ...

    There's no need for the flaming either ...

    \%/@rd

    --- D'Bridge 3.99 SR41
    * Origin: Home of the ORG (2:292/854)
  • From Björn Felten@2:203/2 to Ward Dossche on Sun Mar 10 15:12:01 2019
    There's no new information here ...

    Well, in the meantime I've been contacted by the person, that out of his own
    pocket has paid for the domain for almost a decade now -- struggling with a partially defunct, Italian only, site and no cooperation from Marco. Kudos to said person!

    The domain is in good hands, and if we all are patient, I'm confident that, with the assistance of Joacim, we soon will have an updated, working domain once again.



    ..

    --- Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.9.1.16) Gecko/20101125
    * Origin: news://eljaco.se (2:203/2)
  • From mark lewis@1:3634/12.73 to Björn Felten on Sun Mar 10 11:45:36 2019

    On 2019 Mar 10 01:38:26, you wrote to All:

    Thanks to stupid EU regulations, using WHOIS to find out who is the
    "owner"
    of a certain domain is no longer possible.

    Maybe someone from outside of EU can do better than I did in the previous message?

    $ whois fidonet.org
    Domain Name: FIDONET.ORG
    Registry Domain ID: D2802805-LROR
    Registrar WHOIS Server: whois.enom.com
    Registrar URL: http://www.enom.com
    Updated Date: 2019-02-25T12:52:52Z
    Creation Date: 1988-02-25T05:00:00Z
    Registry Expiry Date: 2020-02-26T05:00:00Z
    Registrar Registration Expiration Date:
    Registrar: eNom, Inc.
    Registrar IANA ID: 48
    Registrar Abuse Contact Email: abuse@enom.com
    Registrar Abuse Contact Phone: +1.4252982646
    Reseller:
    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
    Registrant Organization: Whois Privacy Protection Service, Inc.
    Registrant State/Province: WA
    Registrant Country: US
    Name Server: NS.BOFH.IT
    Name Server: NS.FIDONET.ORG.UA
    Name Server: A.AUTH-NS.SONIC.NET
    Name Server: B.AUTH-NS.SONIC.NET
    Name Server: C.AUTH-NS.SONIC.NET
    DNSSEC: unsigned

    it looks like a standard entry with protected fields...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... Butterflies are self-propelled flowers.
    ---
    * Origin: (1:3634/12.73)
  • From mark lewis@1:3634/12.73 to Björn Felten on Sun Mar 10 11:47:02 2019

    On 2019 Mar 10 04:41:28, you wrote to Ben Ritchey:

    Who is this registrar, that needs to be privacy protected like this? Surely somebody must know?

    that's not the registrar, ENOM... that's the registrant whose information is being protected...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... Floppy Disk = Lower back trouble.
    ---
    * Origin: (1:3634/12.73)
  • From mark lewis@1:3634/12.73 to Björn Felten on Sun Mar 10 11:48:26 2019

    On 2019 Mar 10 04:48:10, you wrote to Ben Ritchey:

    So, we are fucked until the person that has hijacked our domain gives
    up trying to make money from it?

    fidonet.net is the one now owned by the domain squatter... fidonet.org is not hijacked, TTBOMK...

    )\/(ark

    Always Mount a Scratch Monkey
    Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
    ... On the keyboard of life, always keep one finger on the escape key.
    ---
    * Origin: (1:3634/12.73)
  • From Ward Dossche@2:292/854 to mark lewis on Sun Mar 10 18:16:06 2019

    mark,

    fidonet.net is the one now owned by the domain squatter... fidonet.org is not hijacked, TTBOMK...

    100% correct.

    \%/@rd

    --- D'Bridge 3.99 SR41
    * Origin: Home of the ORG (2:292/854)
  • From Benny Pedersen@2:230/0 to Bj÷rn Felten on Sat Apr 13 03:30:30 2019
    Hello Björn!

    10 Mar 2019 01:38, Björn Felten wrote to All:

    Thanks to stupid EU regulations, using WHOIS to find out who is the "owner" of a certain domain is no longer possible.

    Maybe someone from outside of EU can do better than I did in the
    previous message?

    and UK is still in EU :)

    spammers can still find my whois role account to send promotions on new domain refreshment to there pocket

    i dont care with it after loosing for around 4000 dkk on bitcoins stock exchanges


    Regards Benny

    ... there can only be one way of life, and it works :)

    --- Msged/LNX 6.1.2 (Linux/4.19.27-gentoo-r1 (x86_64))
    * Origin: I will always keep a PC running CPM 3.0 (2:230/0)
  • From Benny Pedersen@2:230/0 to Bj÷rn Felten on Sat Apr 13 03:34:50 2019
    Hello Björn!

    10 Mar 2019 04:48, Björn Felten wrote to Ben Ritchey:

    domain, you must first contact your registrar and request that they remove this status code.

    bad advise !

    if registra did that owner could loose domain, registra changes is not needed to get the homepage or service location changed

    its often enough to change nameservers

    proper way to change registra is with EPP code


    Regards Benny

    ... there can only be one way of life, and it works :)

    --- Msged/LNX 6.1.2 (Linux/4.19.27-gentoo-r1 (x86_64))
    * Origin: I will always keep a PC running CPM 3.0 (2:230/0)
  • From Benny Pedersen@2:230/0 to Wilfred van Velzen on Sat Apr 13 03:37:58 2019
    Hello Wilfred!

    10 Mar 2019 12:45, Wilfred van Velzen wrote to Björn Felten:

    So it's still pointing to a website under control by Marco d'Itri,
    who I think has had it under his control for the last decade or
    longer. Ward knows...

    ward have always being on vacation :)


    Regards Benny

    ... there can only be one way of life, and it works :)

    --- Msged/LNX 6.1.2 (Linux/4.19.27-gentoo-r1 (x86_64))
    * Origin: I will always keep a PC running CPM 3.0 (2:230/0)
  • From Benny Pedersen@2:230/0 to Ward Dossche on Sat Apr 13 03:39:26 2019
    Hello Ward!

    10 Mar 2019 13:21, Ward Dossche wrote to All:

    There's no need for the flaming either ...

    who asked about it ? :)


    Regards Benny

    ... there can only be one way of life, and it works :)

    --- Msged/LNX 6.1.2 (Linux/4.19.27-gentoo-r1 (x86_64))
    * Origin: I will always keep a PC running CPM 3.0 (2:230/0)