Baraban.com - legal threats against a blocklist. baraban.com, russiantimes.com, [66.250.52.0 - 66.250.52.255]: Access denied! === Legal threats from Baraban.com === Path: uni-berlin.de!fu-berlin.de!logbridge.uoregon.edu!newsfeed.stanford.edu !postnews1.google.com!not-for-mail From: affiliates@baraban.com (Baraban) Newsgroups: news.admin.net-abuse.email Subject: S2142, IP 66.250.52.70 Date: 8 Jan 2003 02:31:53 -0800 Organization: http://groups.google.com/ Lines: 9 Message-ID: NNTP-Posting-Host: 24.130.17.8 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1042021913 25248 127.0.0.1 (8 Jan 2003 10:31:53 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 8 Jan 2003 10:31:53 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1894676 Our server, is not a SPAM source and is not listed in your evidence file. There are nearby servers that are apparently hosted by our ISP that are SPAMMING, but this has nothing to do with us. Apparently your software is not smart enough to figure this out and is thereby creating more problems than it can potentially solve. Unfortunately there are those who use it and they are not able to receive email from me. Please stop listing us - this is very detrimental to our legitimate business. We are considering a class action law suit, should this problem persist. === My reply === Path: uni-berlin.de!cust-62-219-88-66.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: S2142, IP 66.250.52.70 Date: 8 Jan 2003 18:15:09 GMT Organization: Private person Lines: 36 Sender: Alexander Sheremet Message-ID: References: NNTP-Posting-Host: cust-62-219-88-66.cust.bezeqint.net (62.219.88.66) X-Trace: fu-berlin.de 1042049709 16556950 62.219.88.66 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1894896 On 8 Jan 2003 02:31:53 -0800 Baraban wrote in message : > Our server, is not a SPAM source and is not listed in your evidence > file. And SPEWS is not a list of SPAM(tm), nor spam sources. > There are nearby servers that are apparently hosted by our ISP > that are SPAMMING, but this has nothing to do with us. Apparently your > software is not smart enough to figure this out and is thereby > creating more problems than it can potentially solve. Appearently you are not smart enough to figure out that if a listing has nothing to do with you, then it probably *Has Nothing To Do With You*. Why you think that the whole Internet rotates around your servers? Ever thought that it's not you but your ISP who is increasingly listed? > Unfortunately > there are those who use it and they are not able to receive email from > me. Please stop listing us - this is very detrimental to our > legitimate business. We are considering a class action law suit, > should this problem persist. Cartooney noted. Your whole network is going into my access denied tables now for threating lawsuits to access other people's private property, whom you have no contractual or whatever else obligations (no considerations). Have fun with your law suit. Please, take some pics of it and share with us (TINU). Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === Baraban's replies === Path: uni-berlin.de!fu-berlin.de!logbridge.uoregon.edu!newsfeed.stanford.edu !postnews1.google.com!not-for-mail From: affiliates@baraban.com (Baraban) Newsgroups: news.admin.net-abuse.email Subject: Re: S2142, IP 66.250.52.70 Date: 8 Jan 2003 11:48:23 -0800 Organization: http://groups.google.com/ Lines: 75 Message-ID: References: NNTP-Posting-Host: 24.130.17.8 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1042055303 5504 127.0.0.1 (8 Jan 2003 19:48:23 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 8 Jan 2003 19:48:23 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1894983 Sam, This is ridiculous! It is January now. There is only one incident of SPAM that was reported and it was over two months ago in November. That customer was terminated the same day by my ISP, which has hundreds of thousands of cutomers. I just talked to my ISP and they are claiming that you have a conflict of interest and that is why you keep them black listed - they are a low cost hosting alternative to the network you run! I run a legitimate business and you are hurting it. Level 2 or not, I have one in 5 of my personal emails bouncing due to SPEWS... Mail.Com was the latest last night - you tell them that they are dim for doing it - I think you are the responsible party. If I don't sue you, somebody else will. Clean up your act NOW, please!!! Thanks, Jake -----Original Message----- From: Sam [mailto:sam@email-scan.com] Sent: Wednesday, January 08, 2003 5:11 AM To: Baraban Subject: Re: S2142, IP 66.250.52.70 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In article , affiliates@baraban.com (Baraban) writes: > Our server, is not a SPAM source and is not listed in your evidence > file. SPEWS is not a list of spam sources. > There are nearby servers that are apparently hosted by our ISP > that are SPAMMING, but this has nothing to do with us. SPEWS lists entire ISPs that refuse to shut down their spamming customers. If your ISP is refusing to shut down those spamming parasites, your entire ISP will be blacklisted by SPEWS until this is no longer the case. > Apparently your > software is not smart enough to figure this out and is thereby > creating more problems than it can potentially solve. No problems here. SPEWS appears to be working properly. > Unfortunately > there are those who use it and they are not able to receive email from > me. And this is someone else's, and not yours, problem because...? > Please stop listing us - this is very detrimental to our You are not listed. Your ISP is. If you have any questions, you'll have to go and bitch to them. When a rogue, spam-tolerant network refuses to shut down their spamming scumbags, the entire network gets blacklisted until they get their shit together. > legitimate business. We are considering a class action law suit, > should this problem persist. Take your "class action law suit", and stick it up your habeas corpus, until your magna carta becomes swollen. Have a nice day. === Another one === Path: uni-berlin.de!fu-berlin.de!RRZ.Uni-Koeln.DE!news.netcologne.de !newsfeed.news2me.com!canoe.uoregon.edu!logbridge.uoregon.edu !newsfeed.stanford.edu!postnews1.google.com!not-for-mail From: affiliates@baraban.com (Baraban) Newsgroups: news.admin.net-abuse.email Subject: Re: S2142, IP 66.250.52.70 Date: 8 Jan 2003 16:00:20 -0800 Organization: http://groups.google.com/ Lines: 28 Message-ID: References: NNTP-Posting-Host: 24.130.17.8 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1042070421 26200 127.0.0.1 (9 Jan 2003 00:00:21 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 9 Jan 2003 00:00:21 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1895186 Obviously this newsgroup is a spawning ground for people who are so involved with their computers, that they are not able to communicate with "normal" people. It is too bad that SPEWS is used by any legitimate companies, because it is now obvious to me that the people running and advocating the service are not legitimate themselves, as is proved once agian by the following communication from Sam. Apparently Sam had nothing to say that was constructive, nor could he answer my very specific questions, so he decided to try a personal attack on me instead. I wonder what makes him think that internet is reserved for computer nerds like himself? BTW, I never threatened to sew Sam personally - I have no idea who he even is, but he is apparently acting on behalf of SPEWS. ------------------------------------------------------------------------ You've just revealed (unwillingly) that you're too stupid to be allowed Internet access. Take my word for it: suing me will have absolutely no effect whatsoever (one way or another) on anyone's SPEWS listing. Please log off the Internet, and do not come back until you've figured out what a "public Usenet newsgroup" is. And stop top-posting, like a freakin' clueless newbie. Gawd, sometimes I wonder how some people remember to breathe, every couple of seconds... === SPEWS evidence file (8-Jan-2003, 20:25 GMT+0200) === === http://spews.org/html/S2142.html === Netagomi Systems |-------------------- 2, 66.250.52.0/24, Netagomi Systems / calpop.com (cogentco.com) 2, 66.250.114.0/24, Netagomi Systems / calpop.com (cogentco.com) 2, 66.250.115.0/24, Netagomi Systems / calpop.com (cogentco.com) ---------------------| Spam proxy attack. Also hosted "newengineroom.com" spam house. ================================================================== From a Usenet post: 04 Nov 2002 "Our proxy server has been under continuous attack from 66.250.52.188 and 66.250.52.190 since Thursday PM." ================================================================== From a Usenet post: 04 Nov 2002 FYI, on Oct 31 at 15:40 GMT, somebody at IP address 66.250.114.252 tried to connect to these ports on my workstation: 80, 1080, 3128, 5980, 6588, 7021, 8000, 8080, 8861, 8888, 9274. I note that this and the beginning of the abuse of Jim Howes's server happened near the same time. According to Cogentco's rwhois server, 66.250.52.0/24 and 66.250.114.0/24 are both assigned to the same customer. From a Usenet post: 05 Nov 2002 The IP's were 66.250.52.188, .189, and .190. Since these were NR'd by cogent, the attacks have moved to 66.250.114.42, .43, .44, .45 and .165. We've NR'd the whole of 66.250, but we're still logging connection attempts mainly out of curiosity to see how long it takes these idiots to give up. ================================================================== %rwhois V-1.5:0010b0:00 rwhois.cogentco.com ID:NET-42FA720018 Network-Name:NET-42FA720018 IP-Network:66.250.114.0/24 Org-Name:Netagomi Systems Street-Address:238 W. 5th St #223 City:San Bernardino State:CA Postal-Code:92401 Country-Code:US Tech-Contact:ZC108-ARIN Updated:2002-06-28 17:05:30 Updated-By:ddiller ---------------------------- %rwhois V-1.5:0010b0:00 rwhois.cogentco.com ID:NET-42FA730018 Network-Name:NET-42FA730018 IP-Network:66.250.115.0/24 Org-Name:Netagomi Systems Street-Address:238 W. 5th St #223 City:San Bernardino State:CA Postal-Code:92401 Country-Code:US Tech-Contact:ZC108-ARIN Updated:2002-06-28 17:04:48 Updated-By:ddiller ---------------------------- %rwhois V-1.5:0010b0:00 rwhois.cogentco.com ID:NET-42FA340018 Network-Name:NET-42FA340018 IP-Network:66.250.52.0/24 Org-Name:Netagomi Systems Street-Address:238 W. 5th St #223 City:San Bernardino State:CA Postal-Code:92401 Country-Code:US Tech-Contact:ZC108-ARIN Updated:2002-04-29 14:48:27 Updated-By:ddiller ================================================================== Usenet post: >www.sogclub.com : 1 spam >www.eroema.com : 3 spams >www.ddukking.com : 3 spams >www.kpleasure.com : 3 spams ================================================================== Related to: ------------ Host name: instantbulkemail.com IP address: 216.89.24.254 Alias: lin1.infinology.com Whois: 216.89.24.254 AirlinesReservations.com (NETBLK-SAVV-SV9506-21) 8th Floor Suite 807 Los Angeles, California 90010, US Netname: SAVV-SV9506-21 Netblock: 216.89.24.0 - 216.89.25.255 Maintainer: ARLR Coordinator: Hoover, Richard (RH1217-ARIN) support@calpop.com 213-351-1355 Record last updated on 27-Nov-2001. AirlinesReservations.com (NETBLK-SAVV-SV9506-6) SAVV-SV9506-6 64.242.32.144 - 64.242.32.151 AirlinesReservations.com (NETBLK-SAVV-SV9506-22) SAVV-SV9506-22 66.100.110.0 - 66.100.110.255 AirlinesReservations.com (NETBLK-SAVV-SV9506-20) SAVV-SV9506-20 209.223.112.0 - 209.223.113.255 AirlinesReservations.com (NETBLK-SAVV-SV9506-21) SAVV-SV9506-21 216.89.24.0 - 216.89.25.255 AirlinesReservations.com (NETBLK-SAVV-SV9506-23) SAVV-SV9506-23 64.242.34.0 - 64.242.38.255 AirlinesReservations.com (NETBLK-SAVV-SV9506-25) SAVV-SV9506-25 209.223.115.0 - 209.223.119.255 ============================= AIRLINESRESERVATIONS.com (AIRLINESRESERVATIONS2-DOM) 740 la playa #414 san francisco, CA 94121, US Domain Name: AIRLINESRESERVATIONS.COM Administrative Contact, Billing Contact: domain, admin (SV758) webmaster@PUREPORN.COM v entertainment 740 La Playa App 414 San Francisco, CA 94121, US 000-000-0000 000-000-0000 Record last updated on 09-Mar-2001. Record created on 01-Mar-1999. Record expires on 01-Mar-2003. Domain servers in listed order: NS1.HE.NET 216.218.130.2 NS2.HE.NET 216.218.131.2 NS3.HE.NET 216.218.132.2 ----------------------------------------- viper holdings 8028 geary blvd san francisco, CA 94121 US 415 876 1187 Domain Name: AIRLINESRESERVATIONS.COM Administrative Contact: manager, domain gene@sfo.com 8028 geary blvd san francisco, CA 94121 US 415 876 1187 Record last updated 10-11-2002 06:01:46 AM Record expires on 03-01-2004 Record created on 03-01-1999 Domain servers in listed order: NS1.HE.NET 216.218.130.2 NS2.HE.NET 216.218.131.2 NS3.HE.NET 216.218.132.2 ================================================================== === WHOIS and IP data === $ host baraban.com baraban.com has address 66.250.52.70 $ host russiantimes.com russiantimes.com has address 66.250.52.72 $ whois 66.250.52.70@whois.arin.net [whois.arin.net] OrgName: Cogent Communications OrgID: COGC NetRange: 66.250.0.0 - 66.250.255.255 CIDR: 66.250.0.0/16 NetName: COGENT-NB-0001 NetHandle: NET-66-250-0-0-1 Parent: NET-66-0-0-0-0 NetType: Direct Allocation NameServer: AUTH1.DNS.COGENTCO.COM NameServer: AUTH2.DNS.COGENTCO.COM Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE ******************************************** Reassignment information for this block is available at rwhois.cogentco.com port 4321 ******************************************** RegDate: 2002-03-20 Updated: 2002-03-20 TechHandle: ZC108-ARIN TechName: Cogent Communications TechPhone: +1-877-875-4311 TechEmail: noc@cogentco.com OrgAbuseHandle: COGEN-ARIN OrgAbuseName: Cogent Abuse OrgAbusePhone: +1-877-875-4311 OrgAbuseEmail: abuse@cogentco.com OrgNOCHandle: ZC108-ARIN OrgNOCName: Cogent Communications OrgNOCPhone: +1-877-875-4311 OrgNOCEmail: noc@cogentco.com OrgTechHandle: IPALL-ARIN OrgTechName: IP Allocation OrgTechPhone: +1-202-295-4200 OrgTechEmail: "ipalloc@cogentco.com"@nospam.com # ARIN Whois database, last updated 2003-01-07 20:00 # Enter ? for additional hints on searching ARIN's Whois database. # # WHOIS format will be changing on February 6, 2003 # For specifics visit: http://www.arin.net/mailing_lists/dbwg/0393.html $ telnet rwhois.cogentco.com 4321 Trying 66.28.3.10... Connected to rwhois.cogentco.com. Escape character is '^]'. %rwhois V-1.5:0010b0:00 rwhois.cogentco.com 66.250.52.70 network:ID:NET-42FA340018 network:Network-Name:NET-42FA340018 network:IP-Network:66.250.52.0/24 network:Org-Name:Netagomi Systems network:Street-Address:238 W. 5th St #223 network:City:San Bernardino network:State:CA network:Postal-Code:92401 network:Country-Code:US network:Tech-Contact:ZC108-ARIN network:Updated:2002-04-29 14:48:27 network:Updated-By:ddiller %ok Connection closed by foreign host. $ whois baraban.com [whois.crsnic.net] Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: BARABAN.COM Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM Whois Server: whois.directnic.com Referral URL: http://www.directnic.com Name Server: NS0.DIRECTNIC.COM Name Server: NS1.DIRECTNIC.COM Updated Date: 11-feb-2002 >>> Last update of whois database: Wed, 8 Jan 2003 05:09:20 EST <<< The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and Registrars. [whois.directnic.com] Registration and WHOIS Service Provided By: directNIC.com Intercosmos Media Group, Inc. provides the data in the directNIC.com Registrar WHOIS database for informational purposes only. The information may only be used to assist in obtaining information about a domain name's registration record. directNIC makes this information available "as is," and does not guarantee its accuracy. Registrant: Baraban.Com 524 E. Maude Ave., #35 Sunnyvale, CA 94086 US (408)739-9659 Domain Name: BARABAN.COM Administrative Contact: Berzon, Jake affiliates@russiantimes.com 524 E. Maude Ave., #35 Sunnyvale, CA 94086 US (408)739-9659 Technical Contact: Berzon, Jake affiliates@russiantimes.com 524 E. Maude Ave., #35 Sunnyvale, CA 94086 US (408)739-9659 Record last updated 07-17-2002 07:11:18 AM Record expires on 04-02-2003 Record created on 04-02-1999 Domain servers in listed order: NS0.DIRECTNIC.COM 66.79.10.199 NS1.DIRECTNIC.COM 64.38.245.203 By submitting a WHOIS query, you agree you will use this data only for lawful purposes. You also agree that, under no circumstances, will you use this data to: a) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass, unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or to (b) enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar. The compilation, repackaging, dissemination, or other use of this WHOIS data is expressly prohibited without the prior written consent of directNIC.com. directNIC.com reserves the right to terminate your access to its WHOIS database in its sole discretion, including without limitation, for excessive querying of the database or for failure to otherwise abide by this policy. directNIC reserves the right to modify these terms at any time. NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY. $ whois russiantimes.com [whois.crsnic.net] Whois Server Version 1.3 Domain names in the .com, .net, and .org domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: RUSSIANTIMES.COM Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM Whois Server: whois.directnic.com Referral URL: http://www.directnic.com Name Server: NS0.DIRECTNIC.COM Name Server: NS1.DIRECTNIC.COM Updated Date: 13-sep-2002 >>> Last update of whois database: Wed, 8 Jan 2003 05:09:20 EST <<< The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and Registrars. [whois.directnic.com] Registration and WHOIS Service Provided By: directNIC.com Intercosmos Media Group, Inc. provides the data in the directNIC.com Registrar WHOIS database for informational purposes only. The information may only be used to assist in obtaining information about a domain name's registration record. directNIC makes this information available "as is," and does not guarantee its accuracy. Registrant: Baraban.Com 524 E. Maude Ave., #35 Sunnyvale, CA 94086 US (408)739-9659 Domain Name: RUSSIANTIMES.COM Administrative Contact: Berzon, Jake affiliates@russiantimes.com 524 E. Maude Ave., #35 Sunnyvale, CA 94086 US (408)739-9659 Technical Contact: Berzon, Jake affiliates@russiantimes.com 524 E. Maude Ave., #35 Sunnyvale, CA 94086 US (408)739-9659 Record last updated 07-17-2002 07:11:18 AM Record expires on 10-12-2003 Record created on 10-12-1999 Domain servers in listed order: NS0.DIRECTNIC.COM 66.79.10.199 NS1.DIRECTNIC.COM 64.38.245.203 By submitting a WHOIS query, you agree you will use this data only for lawful purposes. You also agree that, under no circumstances, will you use this data to: a) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass, unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or to (b) enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar. The compilation, repackaging, dissemination, or other use of this WHOIS data is expressly prohibited without the prior written consent of directNIC.com. directNIC.com reserves the right to terminate your access to its WHOIS database in its sole discretion, including without limitation, for excessive querying of the database or for failure to otherwise abide by this policy. directNIC reserves the right to modify these terms at any time. NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.