It is
discouraging how many people are shocked by honesty and how few by deceit.
– Noel Coward
______________
I’m going to tell it like it is, pulling
no punches, and –
Karma’s a Bitch
Brew a pot of
coffee, pull up a chair, and settle in. This will be a long journey into the
underbelly of the domain business, complete with hijackings, outright thefts,
and domain warehousing.
My own story is
just a minor blip in something that is much bigger, for as I followed the
threads, more sleight of hand and double crossing were uncovered.
Even if you are
not a player in the domain business, these activities affect you – that is, if
you own a domain name for business or personal use. You, too, are vulnerable;
your domain is an asset, and if you own an especially appealing and valuable
dotcom, your property could be at serious risk, especially if your domains are
registered at a registrar that is involved with this activity or a registrar that
offers weak security.
At the very
least, you are likely a recipient, on a breathtaking scale, of lousy customer
service.
“Life is a Brand,”
my main site, is not a review site, so I have set up this independent space
because I would be remiss if I didn’t warn my readers, some of you in the
domain industry but most of you ordinary people who may own a domain or two for
a business or personal site.
First, let’s list
the Major Players and some pertinent details about
them because they are all related and are discussed in this posting (This is
long, but this info shows some definite connections among these companies. I
have whois screenshots, current as of 30 June 2014, for most of these links.):
____________________
Web.com
Registrar
and web hosting company
Domain
Name Web.com is registered at
Register.com (Domaintools whois and Register.com whois screenshots captured on 30 June 2014; Web.com uses
Register.com whois for its whois info)
*****
Network Solutions (a.k.a. NetSol)
Registrar
and hosting company, “a Web.com company”
Domain
Name NetworkSolutions.com registered
at Network Solutions (Domaintools whois and Network Solutions whois screenshots captured on 30 June
2014)
*****
Register.com
Registrar,
owned by Web.com.
Slogan:
“Everything Just Got Easier” (Reference to its acquisition by Web.com)
NewVcorp.com,
known as New
Ventures Services Corp, a “partner” company, is registered here.
Domain
Name Register.com is registered at
Register.com (Domaintools whois and
Register.com whois screenshots captured on 30 June 2014)
*****
New Ventures Services Corp (NVS)
A
domain name warehouse that “buys” expired domain names from registrars and then
parks them for ad revenue. When queried by former registrants, NVS offers to sell
them back (at extortionate prices) or auctions them off on the aftermarket.
Business
Domain Name: NewVcorp.com,
registered at Register.com (Domaintools whois and Register.com whois screenshots captured on 30 June 2014)
Slogan:
None (This company seems to work hard at sliding under the radar – provides
only one link, a “Contact us” fill-in-the-form page.)
Possibly owned by Web.com, but a
definite partner in the warehousing of expired and stolen domains from the
three sirens listed above.
*****
Directi/Skenzo (Directi owns Skenzo, a domain parking company, and,
possibly, ztomy.com)
A
domain parking company targeted directly to registrars for the monetization of
expired/warehoused domain names.
Directi
Slogan: “The New Online Identity for Professionals.”
Skenzo
Slogan #1: “Exclusive Traffic Monetization Programs”
Skenzo
Slogan #2: “The Only Traffic Monetization Program Built Ground Up for Registrars”
Skenzo.com
is registered at Public Domain Registry.
Skenzo
uses the notorious ztomy.com nameservers for parked domains but not for its own
URL (Skenzo nameservers are located on Akam.net).
It
seems that the major registrars use Skenzo for parking their expired and escrow
domains, using the ztomy.com nameservers.
Directi.com, registered at Public
Domain Registry
Skenzo.com, registered at Public Domain
Registry (Domaintools whois and Public
Domain Registry whois screenshots for both Directi and Skenzo captured on 30
June 2014)
*****
Ztomy.com (registered 22 November 2007 and owned by Directi/Skenzo and
may or may not be directly involved in wrongdoing, but it sure has been
implicated in several incidents.)
(BEWARE:
PLEASE DO NOT NAVIGATE TO THIS SITE; it could
contain some malicious code attached to it. See Avast Forums and Securi.net. Norton does show the site as safe,
but I have had some issues with Norton lately. McAfee offers this warning: “This
link might be dangerous. We tested it and found security risks. Beware.”
Ztomy.com
is a domain nameserver used by New Ventures Services for their warehoused
domains and has also been implicated in some hijackings and DDoS attacks.
Apparently, domains parked at Skenzo, a domain parking company designed
specifically for registrars, also use the ztomy nameservers.
Approximately
590,000 domains are hosted on ztomy.com nameservers: See Hosterstats.com and Webhosting.info.
Hosting history of ztomy.com: November
2007 – Directi.com; December 2007 – ztomy.com (self-hosted); April 2012 –
Akam.net.
Source:
Hosterstats.com.
(Domaintools
whois and Public Domain Registry whois screenshots captured on 30 June 2014, which I have on file.)
*****
208.91.196.4/ FreeResultsGuide.com and SearchDicovered.com
IP
number attributed to ztomy.com; direct navigation goes to FreeResultsGuide.com, tagged in a Google Safe Browsing Report
as a site that “that appeared to function as intermediaries for the infection
of 42 other site(s)...” (25 June 2014 report, captured in a screenshot).
SearchDiscovered.com has not been reported by Google as a malicious site; however, when users click on the url, it (sometimes) redirects users through the
unsafe FreeResultsGuide.com, finally landing on infomash.org, a page with no
known browsing issues (refers a safe page through an unsafe page, then landing
on a safe page).
(Domaintools
whois and Public Domain Registry whois screenshots captured for both domains on
30 June 2014)
Google Search regarding IP 208.91.196.4
offers a search page filled with warnings.
IP DomainTools entry for 208.91.196.4
*****
Minor Players:
Public Domain Registry
Business
Domain Name: PublicDomainRegistry.com
Slogan:
“...an industry leader in providing Domain Registration Solutions.”
This
is the registrar for ztomy.com and FreeResultsGuide.com, a known intermediary for spreading
malware. This in itself does not implicate this registrar in any wrongdoing –
bad players can register domains anywhere – but, just the same, this is worth
noting because several sketchy sites are registered here. I am still
researching this registrar.
Current
hoster: Cloudflare.com
As
of 25 June 2014, Public Domain Registry itself hosts only 12 domains.
PublicDomainRegistry.com is registered
at Public Domain Registry.
(Domaintools
whois and Public Domain Registry whois screenshots captured on 30 June 2014, which I have on file.)
*****
Other Connections:
ASN, Company Names, and Nameservers; Registrar Info; Abuse Email addresses:
ASN: AS40034 Confluence-Network-inc, VG (registered Apr 11, 2011) – Confluence-Networks
(Confluence-Networks.com)
Confluence-Networks-inc,
operating out of the Virgin Islands, is “a network service provider which provides
network services to it’s [sic] customers.” From its home page. This company is listed in Whois as the autonomous
system name (ASN) record in many of New Ventures Services domains.
Also
using this ASN: Directi, Free Results Guide, Privacy Protect, Skenzo, Search
Discovered, and ztomy.
ASN,
also known as AS or ASName, is an autonomous system, “a collection of connected
Internet
Protocol (IP) routing prefixes
under the control of one or more network operators that presents a common, clearly defined
routing policy to the Internet.” Wikipedia
Google
seems to have some safe-browsing issues with Confluence-Networks.com, posting a diagnostic page for domains
associated with this company. (Screen shot captured on 25 June 2014)
Confluence-Networks.com is registered
at Public Domain Registry.
(Domaintools
whois and Public Domain Registry whois screenshots captured on 30 June 2014)
*****
Pertinent WHOIS Information for the Domain Names Discussed in this
Article:
The Full List:
*****
SnapNames and
NameJet
Domain
name auction platforms, which are connected with Web.com (including subsidiaries Register.com
and Network
Solutions).
At
one time, expiring “pre-release” Register.com domains went to SnapNames.com
for auction, and Network Solution domains went to NameJet.com. Apparently, all Web.com,
Network Solutions, and Register.com pre-releases now go to NameJet.
An
expiring “pre-release” domain is a name that has technically expired but will
be “auctioned” within three or four weeks of expiration, and, therefore, will
not lose its original registration date. (Some “pre-release” domains on NameJet
are not expired and owned by “elite” private sellers, but in its listings NameJet
does not distinguish between the two.)
A
“pending deletion” name will be deleted on day 75-76 after expiration, becoming
available for anyone to register (although professional “dropcatchers” will most
likely snag the highly desirable drops).
These
auction companies are partners with the registrars and may very well be subsidiaries of them.
SnapNames.com is registered at
UDomainName.com, possibly a reseller for Web.com (the abuse email is
abuse@web.com), and owned by Moniker.com.
NameJet.com is registered at enom.com
*****
UDomainName.com
UDomainName.com redirects to a SnapNames portal and domain management page containing a Network
Solutions button and seems to be a “shell” registrar and dropcatcher (a company
that snaps up recently deleted domains with sniping tools) for Network
Solutions/Web.com. Once caught, UdomainName domains are auctioned off on
SnapNames and held for the buyer at UdomainName for at least 60 days.
UDomainName
seems to connect to several companies: Web.com, SnapNames, Moniker, enom,
Register.com, and Network Solutions.
The
UDomainName whois (listed in the DomainTools “Whois Server” as
whois.udomainname.com) appears to be disabled, which is explicitly against
ICANN rules, for each registrar must maintain its own whois data base.
Navigation to Whois.UdomainName.com, returns a dead page, although Whois info can be
found at Register.com and Moniker.
*****
My personal story begins with
Register.com, a domain registrar that treats its customers like dirt, and
follows the threads which include anecdotes and some hard facts. I began
researching and writing this post on 22 June 2014, but I have held off, until
now, publication for various reasons, including a transfer of another domain
(unexpired and up-to-date). This transfer has now been completed, although not
without its pitfalls – more on that later.
At one time,
Register.com was a pretty decent, albeit a bit pricey, domain registrar. One of
my premium domains resided there for years, but when Web.com (also owners of
the notorious Network Solutions) acquired Register.com, I knew it was time to
move it somewhere else. My acting quickly resulted in a fairly smooth transfer,
a relief because this was an expensive acquisition, and now the domain resides at
a domain registrar that offers white-glove service.
Fast forward to
now. Upfront, I need to take responsibility on my part: I inadvertently allowed
a domain to expire, but it was well within the 45 days that most registrars
allow customers to redeem domains, although at a premium. Okay, I accept that;
it was my fault for not updating my email redirect and missing important
renewal notices.
While I take full responsibility for my
part, what Register.com
did to me (and, presumably, to others) offers a window into the soul (or
non-soul) of a corporation that holds its customers in utter contempt.
On Wednesday, 18 June
2014, after I discovered the problem, I saw that my domain was still listed in my
account with a “Held” notation, so it was still obviously redeemable through
the registrar.
So I called
Register.com’s “customer service” line and spoke with a sweet-talking
representative named “Jen,” who assured me that “You will get your domain
back.” She gave me my confirmation/ticket number: 999932.
I could hear her
tapping in the background as she made cheerful small talk about how “Jen” is
not just her nickname, but her real birth name, blah, blah, blah, I suppose trying
to placate me by creating a “connection” – a rather smarmy narrative of two
“Jens” in a common struggle to retrieve my domain.
I had an instant
bad feeling, and rightfully so.
Because, meanwhile,
she was stabbing me in the back: on 19 June 2014, I received the following
message from an outfit called New Ventures Services:
Hi Jennifer,
My name is
Gillian. and I represent New Ventures Services Corp., the current registrant of
the domain [redacted].
The current
asking price for the domain name is $125.00 USD. This offer is valid for seven
days.
If you have any
questions or need further assistance please let me know as I am happy to assist
with the purchase of this domain name. I am available on Monday to Friday from
7:00am – 4:00pm EST.
Thank you,
Gillian
Sales
Representative, New Ventures Services Corp
Office: 1-855-253-5822
| Local: 1-902-881-4212, http://newvcorp.com
So I looked up my
domain name at DomainTools whois and found this entry, current as of 22 June
2014 (I also have a 22 June 2014, screenshot):
Domain Name: [redacted]
Registry Domain ID: [redacted]_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: http://www.register.com
Updated Date: 2004-05-08T00:00:00-0400 [Note the date of updating; this suggests
that changes to my domain were made on the very day of expiration.]
Creation Date: 2004-05-08T14:49:46-0400
Registrar Registration Expiration Date: 2015-05-08T00:00:00-0400
Registrar: Register.com
Registrar ANA ID: 9
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8773812449
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: New Ventures Services
Registrant Organization: New Ventures Services
Registrant Street: PO BOX 459
Registrant City: Drums
Registrant State/Province: PA
Registrant Postal Code: 18222
Registrant Country: US
Registrant Phone: +1.8558971723
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: admin@newvcorp.com
Registry Admin ID:
Admin Name: New Ventures Services
Admin Organization: New Ventures Services
Admin Street: PO BOX 459
Admin City: Drums
Admin State/Province: PA
Admin Postal Code: 18222
Admin Country: US
Admin Phone: +1.8558971723
Admin Phone Ext.:
Admin Fax:
Admin Fax Ext.:
Admin Email: admin@newvcorp.com
Registry Tech ID:
Tech Name: Domain Registrar
Tech Organization: Registercom
Tech Street: 12808 Gran Bay Pkwy
Tech City: West Jacksonville
Tech State/Province: FL
Tech Postal Code: 32258
Tech Country: US
Tech Phone: +1.9027492701
Tech Phone Ext.:
Tech Fax: +1.9027492701
Tech Fax Ext.:
Tech Email: domainregistrar@register.com
Name Server: sk.s5.cm.ns2.37.ztomy.com [*Interesting
situation regarding the ztomy.com nameservers]
Name Server: sk.s5.cm.ns1.37.ztomy.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
[On screenshot, the ASN is Confluence-Networks-inc]
I also have a Register.com
Whois screenshot, current as of 22 June 2014.
In other words,
while I was on the phone with the diabolically cheerful “Jen,” she was busy
handing my domain name over to New Venture Services,
a shell company or partner of Web.com, who, as I said earlier, also owns
Register.com and Network Solutions, notorious for questionable domain practices
and name warehousing, activities supposedly going against ICANN rules for
registrars.
My expired domain
name is currently hosted on an adult domain parking page with a “recently
placed in the marketplace” notice, with such charming titles as “Sex Chat,”
“100 Free Sex Dating Sites,” “Live Sex Cams” – well, you get the idea.
The domain itself
is not an adult name, never used by me as an adult site.
The sales link
leads back to New Ventures Services (NewVcorp.com).
A 2 July 2014
Domain Tools update reveals that the domain has been listed at Sedo.com
for $377.00.
Sweet.
So I looked up
NewVCorp.com on the Register.com whois, as of 22 June 2014 (I also have screenshots
of both the 22 June 2014 and 6 July 2014 Domain Tools Whois and Sedo sales page):
Domain Name: newvcorp.com
Registry Domain ID: 1711649027_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: http://www.register.com
Updated Date: 2012-04-06T00:00:00-0400
Creation Date: 2012-4-06107:33:15-0400
Registrar Registration Expiration Date: 2018-04-06T00:00:00-0400
Registrar: Register.com
Registrar IANA ID: 9
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8773812449
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Admin Admin
Registrant Organization: New Ventures Services, Corp
Registrant Street: PO Box 459
Registrant City: Drums
Registrant State/Province: PA
Registrant Postal Code: 18222
Registrant Country: US
Registrant Phone: +1.8558971723
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: admin@newvcorp.com
Registry Admin ID:
Admin Name: Admin Admin
Admin Organization: New Ventures Services, Corp
Admin Street: PO Box 459
Admin City: Drums
Admin State/Province: PA
Admin Postal Code: 18222
Admin Country: US
Admin Phone: +1.5707088780
Admin Phone Ext.:
Admin Fax:
Admin Fax Ext.:
Admin Email: admin@newvcorp.com
Registry Tech ID:
Tech Name: Domain Registrar
Tech Organization: Registercom
Tech Street: 12808 Gran Bay Pkwy
Tech City: West Jacksonville
Tech State/Province: FL
Tech Postal Code: 32258
Tech Country: US
Tech Phone: +1.9027492701
Tech Phone Ext.:
Tech Fax: +1.9027492701
Tech Fax Ext.:
Tech Email: domainregistrar@register.com
Name Server: dns196.b.register.com
Name Server: dns135.a.register.com
Name Server: dns093.c.register.com
Name Server: dns010.d.register.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>>Last update of WHOIS database: 2012-04-06T00:00:00-0400
<<<
Note the recent
registration date of 12 April 2012, right around the acquisition of
Register.com by Web.com.
However, New
Ventures Services Corp has been in business since at least 2007.
The domain I lost
is 10 years old.
My bad: I did not
take a screenshot of my domain before it was transferred to New Ventures
Services, so, now, it becomes a “she/they said” situation.
Then I looked up
NewVenturesServices.com and NewVenturesServicesCorp.com for a current record at
Domaintools whois and found...well, let’s leave that for later...
So some of you
might be wondering why I didn’t just cough up the $125; after all, I was the
one who allowed the domain to expire.
I might have,
that is, had Register.com hadn’t handed over my domain to New Ventures Services
(NVS), while I was speaking on the phone with the rep and if I hadn’t done a
search on this dodgy company.
I was not about
to be victimized again.
Being a skeptical
person, I Googled “New Ventures Services Corp” and the Web.com subsidiaries Network
Solutions (Net Sol), and Register.com, and what I found were numerous complaints
and claims of malfeasance, highjackings, and skulduggery by these players.
For example,
On 9 April 2014,
Adorer, a WarriorForum member, noted that he transferred FalconSubmitter.com,
created on 4 January 2013 and updated 11 March 2014, from Yahoo! to Net Sol (a
Whois search reveals Public Domain Registry is now the new registrar
with an expiration date of 1 April 2015) and discovered that the nameservers
had been parked, using the ztomy.com nameservers. It is not clear if Yahoo!
had changed his nameservers to ztomy or if ztomy is the default nameserver for
Yahoo! No one bothered to tell him that when transferring out a domain, he
should change his nameservers to his desired hosting company.
I am still not
sure if Adorer still retains control of the domain, for it retains a private
registration, but the nameservers are no longer ztomy (currently BNS1.Bonazur.com
and SNS2.Bonazur.com). The Falcon Submitter domain now directs to an “Index of
/” page.
It is interesting
to note that the 9 April 2014 update is the same day that Adorer posted his/her
complaint on Warrior Forum, perhaps his/her own change of nameservers.
It seems that
many victims of these sleight-of-hand maneuvers are end users, not domainers,
and have no idea the difference between a nameserver and a URL, so solving the
problem may seem impossible. As long as a domain owner has panel control of the
domain, changing them is not all that difficult, but it’s like the old saying:
“In order to answer a question, you have to know what the question is.” And
some rogue registrars act dodgy when they smell the blood of an innocent.
On 1 January
2014, “bill,” a Gametz forum member, reported a possible hijacking by ztomy.com
servers. According to him,
There were about 8 GameTZ people affected by
this. It was all at once this morning (didn’t see it yesterday), as if suddenly
a virus was spreading rapidly... kind of scary. But, I could just have it all
wrong too (doubt it).
Further into the
forum comments, it was revealed that some of the members affected were using AT
& T as their mobile provider and that, perhaps, this had been a “fluke.”
But, then, “John”
jumped in and commented, “Whoa. That’s weird. It looks like either MyCingular
just acquired IPs that used to be owned by Ztomy – or the DNS was just screwed
up and it was reversing to the wrong domain. Crazy...”
“Ranchan” said,
“...From what I read it appears the issue popped up w/ iphone/smartphone
users.”
On 3 December
2013, Trikker_Denice, a member on the CNET forum, said that Yahoo! Small
Business suddenly shut down thousands of websites after customers “failed” to
accept new terms of service, shutting down the websites and changing the
nameservers to ztomy.com.
Yahoo! claimed that
the company had sent out emails in advance, but some customers said that they
never received the emails, and others said that they had accepted the new TOS but were shut down anyway.
Having tangled
with Yahoo! Small Business Domains in the past, all I can say is that these claims are, sadly, all too
plausible.
On 15 March 2013,
at webhostingtalk.com,
the original poster discusses a domain name transfer gone wrong; instead of
being transferred to the buyer, the unexpired name was handed over to NVS (NewVcorp.com).
and could not be managed by the buyer.
(The member
mentions NVS
by name in post#6.)
According to user
premiumdomain, he had bought an unexpired domain from a seller at Sedo, an aftermarket
domain name sales site, and requested its transfer to Network Solutions (also
owned by Web.com), but that did not quite happen the way the owner expected. Somehow,
the domain was “accidentally” transferred to a Net Sol account belonging to
guess who? New
Ventures Services. It is yet unclear if this matter has ever been straightened
out or if premiumdomain simply ate a $X,XXX cost without receiving his
purchased domain.
A 2011 post on
“Barf” (Bay Area Rider’s Forum) discussed a similar situation as my own, except
the registrar was Network Solutions (Keep in mind that Web.com owns both Net
Sol and Register.com).
A short 2012 post
on TheDomains revealed some kind of deal between Homeland Security (seized domains) and New Ventures
Services (NVS) acquiring GoFactoryOutlet.com.
This begs the
question: why is Homeland Security selling domains to this outfit?
A 2007 post at DomainState revealed how a Net Sol
employee pretended that New Ventures Services was a separate entity, having
nothing to do with Net Sol.
On 27 May 2014,
FuckingScam.com reports that, after New Ventures Services takes a customer’s money,
the company
...misleads people into making a purchase
agreement and then backs out of it giving some lame excuse that what you’re
buying is owned by someone else as it was sold to another group or it is on
auction with SNAPNAMES OR NAMEJET. This is a complete SCAM. THEY ARE COLLECTING
CREDIT CARD INFORMATION AND THEN BACKING OUT. THEY ARE SCAMMING PEOPLE. NEW
VENTURES SERVICES is a SCAM. – DO NOT BUY ANY WEB SITE FROM NEW VENTURES
SERVICES, affiliated with REGISTER.COM, WEB.COM, SNAPNAMES.COM.
In a 2007 Sitepoint.com post, ferg32, a domain
owner, noted that he
...had registered a domain with Network
Solutions and kept it paid in full for 6 years. I found that Bravenet would
host my website and register my domain for a fraction of the cost. NS customer
service kept making excuses why I couldn't get my name transferred. One day I
was told BY NS Customer Service (if you can call it that) to turn off my
protection so I could transfer the domain. NS then conspired with New Venture[s]
Services to hijack my domain and ask for a minimum bid of $100 just to see if
they would consider selling my domain back. In the business world this would be
illegal, why does ICANN allow this to happen. I have sent two complaints to
ICANN no reply.
In a later post,
he added,
I do however have a printed hard copy of my
reply from Network Solutions telling me to turn off my protection so I could
transfer my domain to Bravenet. Funny thing New Venture[s Services] snatched it
up before I could transfer.
Myetus added this
comment:
One of my clients wanted to transfer her
domain name from NS to Go Daddy. She was given a code that was supposed to be
entered at Go Daddy. However, Go Daddy was not able to use it. In the meantime,
the domain was put up for auction and now the Whois database says that New
Ventures Services owns it. As you can imagine, my client is not happy. She
suggested that NS should be sued. I think, after seeing very similar complaints
against NS, that a class action lawsuit should be put on NS for not providing
promised service. We should start a petition and let everybody join and file
the suit against them.
In fact, this two-page thread is a treasure trove of malfeasance, and I recommend that you
read it in its entirety.
More complaints:
In his 17
February 2007 article “Stuck in the Mountains,” the webmaster of Lytspeed.com tells (in some detail) his
domain woes with the cozy deal between Network Solutions and New Ventures Services Corp. He wasn’t fooled one bit by the so-called independent relationship between Net
Sol and NVS. However, he chose to move on and found another domain name.
This kind of helplessness
is one reason why these shell companies continue to flourish and exact their
predatory behavior on hapless domain owners, many of them end users.
Consider this Namepros discussion about the
activities of New Ventures Services as it relates to Register.com. Member tonecas offers some interesting insights about New Ventures Services Corp. You may need to click back to the previous page to get the full discussion.
Also, see this Tribe.net complaint from 2014.
As I was analyzing
the whois record for my hijacked domain, I discovered an interesting tidbit
about its nameserver domain (ztomy.com), where my domain is parked. According
to a 20 June 2013 article on the Cisco blog, Ztomy.com was implicated in a DNS
attack on Network Solutions, affecting about 5,000 of their customers’ domains.
According to author Jaeson Schultz,
Multiple organizations with domain names
registered under Network Solutions suffered problems with their domain names [20
June 2013], as their DNS nameservers were replaced with nameservers at ztomy.com... Hijacking of a domain name’s DNS records
is one of the worst attacks an organization can suffer. You literally have lost
control over your domain. Network Solutions, having been the original
registrar for .com, .net, and .org domain names, is quite an attractive target
for attackers. Originally it was unclear whether the issue was the result
of an attack or a misconfiguration. It turns out the problem was both
attack-related and also the result of a misconfiguration. Network Solutions
issued a statement claiming, “In the process of resolving a Distributed Denial
of Service (DDoS) incident on Wednesday night, the websites of a small number
of Network Solutions customers were inadvertently affected for up to several
hours.”
LinkedIn, among
thousands of other websites, was also affected by this attack. According to Michael Lee in a 21 June 2013 ZDnet.com article,
“Cisco believes that this actually lends credibility to the theory that it was
not a malicious attack.”
If valid, this
“accidental” in-house attack clearly shows that ztomy.com is associated with Network Solutions,
Web.com, Register.com,
and New Ventures Services, and that someone
in-house has access to Network Solutions accounts and a connection with
ztomy.com, the nameserver domain associated with the New Ventures Services’
warehouse for expired domains, and, sometimes, outright stolen and hijacked
domains.
Net Sol attempted to
make a case that this whole thing was an “accident,” but nameservers can’t
change by themselves; at some point, nameserver changes need human
intervention.
More on the DNS Made Easy site about the 20 June
2013 attack.
Another
especially egregious example: on a WarriorForum 26 January 2011 post, member
Helen Mortensen reported that her company Biochromalab
...decided to move [the] domain and start
fresh with a host closer to home, Sweden, and this is when my domain gets hijacked,
when unlocking it for transfer to the new webhotel.
Transfer failed and I had to annulate [annul?] the order completely and it is now parked
and locked at the registrar. (and Yes it is paid for)
When googling my domain-name: *biochromalab.com
it is redirected to an obscure site.
I looked them up...and they specialize in
hijacking domains... they are the infamous “searchdiscovered.com” [29 June 2014: currently redirects through
unsafe FreeResultsGuide.com, landing on infomash.org, and under privacy]
hosted at ztomy.com [29 June 2014: currently hosted at
akam.net nameservers].”
They operate under several names, and they
have stolen sites and domains since 2007.
Apparently, the
screenshot of the “obscure site” mentioned by Ms. Mortensen has been scrubbed
from the Internet Archive. She didn’t reveal the name of the rogue registrar,
but ztomy.com
figures into the equation.
A 21 July 2011
screenshot on the Wayback Machine (a.k.a the internet archive) reveals that the
company must have reacquired BioChromalab.com and then redirected it to
biochromalab.se, currently still-active. As late as 2013, the troubled .com was
for sale at LifeDomains.net, after it apparently expired, for an unknown reason.
As of 23 June 2014,
BioChromalab.com was “deleted and available.”
On 24 June, 2014,
this writer decided to register this domain, redirect it to the biochromalab.se site, and offer it for FREE to Ms.
Mortensen’s company – in preparation for the release of this story, the possible
backlash, and the possibility that a malicious squatter might register the name
and try to sell it back to Ms Mortensen. But, now, this domain will either be
transferred to Ms. Mortensen or allowed to expire on June 24, 2015. She has
already been contacted.
See this
interesting discussion about SearchDiscovered.com on a 25 December 2011
discussion on the Apple forum.
On 17 July 2013,
Cisco reported another Distributed Denial of Service (DDoS) attack at Network Solutions, but it is unclear if ztomy.com was involved in this incident. But
author Craig Williams reported that it was “possible that the [two] DDoS
attacks [were] related.”
The IP number for
ztomy.com
is 208.91.196.4,
which redirects to a parking page (FreeResultsGuide.com, a known malware page as
evidenced by Google’s Safe
Browsing Report, also registered at Public Domain Registry), possibly owned
by the same people who own ztomy.com.
In late 2013/early
2014, ztomy.com was implicated in a mass hijacking of Yahoo! domains as well. In
Yahoo Answers, a customer complained that her domain ThurstonMillwork.com ended
up on the ztomy.com nameservers: a quick search reveals that the problem was
solved and that the owner (wisely) transferred the domain to another registrar,
and the nameservers now look legitimate.
This article and the ensuing comments are well worth reading in their entirety, for it is yet
another piece of this sordid NVS puzzle.
Ztomy.com
is registered at Public Domain Registry (PublicDomainRegistry.com), using the following
for its nameservers:
ns1-106.akam.net
ns1-109.akam.net
usc4.akam.net
usc5.akam.net
Akam.net belongs
to a hosting company called Akamai Technologies and is used only for
nameservers (as of 25 June 2014, the domain itself does not resolve). It is
interesting to note that the ztomy.com does not use its own sketchy nameservers
for its own website but that akam.net appears to serve some companies that deal in questionable activities.
Ztomy.com
has been implicated in several instances of “DNS Cache Poisoning,” as noted here, here (Kurt Lang post), and
here, among other sites.
It is interesting to note that ztomy.com is used as nameservers at New Ventures
Services for their “acquired” domains.
On the Search Security website, Margaret Rouse defines DN Cache Poisoning as
...the corruption of an Internet server’s domain
name system table by replacing an Internet address with that of
another, rogue address. When a Web user seeks the page with that address, the
request is redirected by the rogue entry in the table to a different address.
At that point, a worm, spyware,
Web browser hijacking program, or other malware
can be downloaded to the user’s computer from the rogue location.
Earlier, I noted
NewVCorp.com as being a recent domain registration, only because it usually
takes a company long time to develop such a lousy reputation, but New Ventures
Services has taken skulduggery to a whole new level. In fact, they may have
changed domain names, given that they have been in business since (at least)
2007, possibly before.
I also noted that
I had looked up NewVenturesServices.com and NewVenturesServicesCorp.com on
DomainTools Whois. I suspect that NVS once conducted business on these domains
(I don’t know for certain – a search on Archive.org, also known as The Wayback
Machine, looks scrubbed, only bringing up one entry, ironically for another complaint
site).
This is where
karma becomes a major bitch: someone abandoned the domains and allowed them to expire
and drop.
On 22 June 2014,
I registered both domains and after setting up this complaint site, I
redirected both domains (NewVenturesServices.com
and NewVenturesServicesCorp.com, splashing
the New Ventures Services corporate name on this complaint site.
So whenever
victims or potential customers New Ventures Services use direct navigation to
find this company, they will land on this
page and get an eyeful.
I find that very
satisfying.
As I noted earlier,
I was holding publication of this article until the transfer of another Register.com
domain was completed. My domain is now safely at my new registrar, but it took
several emails, one week, one transfer rejection, and a tense phone call to
customer “no-service” before prying my EPP (authorization code) from them.
I still have
three domains there and am trying to decide if I really want these domains
enough to transfer them out. They all have long registration dates, so I still
have plenty of time.
One tip when
transferring Register.com domains out: CALL and demand your EPP code. This
registrar will reject email requests as being “suspicious.” Shortly after the Web.com
acquisition, this was not the case.
If you have a sad
tale of lost domain names due to New Ventures Services, Register.com, Web.com, ztomy.com, Network Solutions, and/or any other
company connected with this sordid business, feel free to post your comment in
the comment section.
I will, of
course, delete spam and unrelated topics.
Have a nice day!
Hi Jennifer, What would you suggest to do if they are holding onto a domain name that I want?
ReplyDeleteIf the name you want isn't highly desirable, they may quietly drop it at expiration, and you may be able to pick it up then. If it's an expensive, must-have domain, you might have to go through a reputable broker who can negotiate for you and will know the ropes.
DeleteBut there is a definite risk that these companies will rip you off, given some of the experiences listed in the article.
I, personally, would not do business with these companies. I would probably find another domain.
Thank you Jennifer I really appreciate the reply. Do you have any updated news about netsol's certified offer then?
DeleteNo, I don't have info on their services, such as they are.
ReplyDeleteBest to go to Namepros.com, a domain name forum, for more information on good and lousy registrars.
:)
Thanks again! I have sought your advice to find another domain instead. I appreciate you took time out to put together this article!!!
Deletenice
ReplyDeleteGood information. Network Solutions did something very similar to me. I've had a domain name on backorder for about five years since the first owner had it. The domain is registered with Network Solutions, the domain expired, and went to auction with NameJet. No one bid on the domain name and the auction closed at $0. The domain should have gone to me since since I had had a backorder for so many years, right? It didn't, it was taken by New Venture Services and is now parked using ztomy.com nameservers. Network Solutions and their affiliates are a scam! Something needs done about all these scammers!
ReplyDeleteThanks again for all the good information!
I am in the middle of a Network Solutions/New Venture domain issue right now, my fault for expired cc but I called and they had already sold to New Venture (I am however paid in full until tomorrow and they sold it last week) They have offered for me to buy it back for $399? I have had this same name since the beginning of internet, been in business 32 years, luckily I have just changed domain name to .net but it is still costing me thousands in sales, hopefully at some point it will go back at a normal price, I will move it to a USA local company!
ReplyDeleteHey, Anonymous (February 9, 2015), you mean they "sold" (transferred to their shell company) your domain BEFORE it was expired?
ReplyDeleteIf so, could you let us know the domain in question?
Ah, I see you posted over at Dotweekly:
ReplyDeletehttp://dotweekly.com/new-ventures-services-corp-who-are-they/
This is only tangentially related, but the network of Web.com / NewVentureServices brands also seems to engage in outright theft by not closing debits of their customers closed accounts.
ReplyDeleteAside from having to personally call during their business hours to close my account (can't be done via a support ticket, trying will get you numerous canned messages to call their support system with conflicting codes to reach the right help desk) and reconfirming this - I'm three months later still receiving charges for my hosting purchase.
I've had to order a stop payment with the bank to prevent them. Nobody at the company can explain why they are still charging me.
I am sorry to read your tale of woe, but I went through the exact same deal a year ago.
ReplyDeleteI am also glad to have story as proof.
Register dot com reps led me to believe they would help me with an expired domain that still was in redemption period.
They totally blissfully lied to me and a couple days later New Ventures Services: contacted me with same form email they sent you.
This was particularly bad because my boyfriend lost his domain. (I put together his health website)
I was made to look hairbrained.
Vile companies all around.
Also I am very familiar with domain world. A long time ago, back in 2000, there was supposed to be something called the wait list service. WLS.
It would have allowed people to put domains on backorder, first come, first served, set price.
Instead scummy, worse than used car salesmen domainers applied pressure and boom snapnames and namejet took off instead.
All dropcatchers are doing is Denial of Service attacks basically.
There is no honor in that !
Thank you for sharing your experience.
DeleteWe need to get more examples against these predatory companies out there.
They are in fact scum of the earth. Register.com - offer domains for 1.99, 2.99 etc, then renewal is 38.00. Trying to transfer away before expiry is difficult to say the least. I suspect they started the other companies simply for the purpose of scooping up absolutely every domain which expires. Of course, they can do this at no or negligible cost since they're a registrar. The amount of money they're asking for my domain is laughable, so I just changed names. Hope they get what they deserve.
DeleteI removed your post, cheap domains, because you included a spammy link.
ReplyDeleteYeah, I've been dealing with them for years on a website that they snatched up mid transfer (I had just paid a whole year on the domain at registrar.com and was transferring it elsewhere because of the problems I had with their lousy customer service). The transfer code never worked, and my domain was acquired during the transfer by NewVenture corp without permission. Every single year I attempt to get it back, but they keep holding on to it. They want a ridiculous amount of money for a domain I had already renewed. It is so frustrating.
ReplyDeleteI had the domain for over a decade until this happened.
You are all very silly. I have some knowledge on how all this works, and have had a domain with web.com for years. Web/Register/Netsol and onther registrars cannot be help accountable for your actions. If you provide them with a bad/wrong email address, ignore the numerous reminders that go out, or wait past the 30-45 day redemption point, you are a bad business owner/manager. The minute you notice your email stops working or the website doesnt come up, you call to find out whats wrong. Once that happens, someone will tell you the domain is expired and time to renew. Once a domain name is is expired and past it's redemption period, the domain is pulled from the public registry and at that point put up for sale or auction bu whichever company get it. New venture services, for example.
ReplyDeleteOther notes, you cannot move an expired domain mane with web/netsol/register. you must renew it prior to it expiring. If you pay for a renewal, and then transfer it, that time is never lost. Additionally, if the domain expires while it is in the transfer process, it ill not be transferred.
This reminds me of owning a car, or a home. You stop making payments, and the bank will call/write you and advise you that you need to pay what is owed. If you don't, the bank will repo your car or take your home. This is the exact same.
Why is that Go Daddy gives registrants 42 days to renew a domain while the Web companies take domains away one day late and give them to Web's shell company New Ventures Services?
DeleteEven when a home goes into foreclosure, the owner is given several chances to make payments, often months or even years.
In addition, there are too many instances of the Web companies pulling the trigger even BEFORE a domain has expired.
There are horror stories all over the web.
Yep! They got me, charged my card 3 mo. I disputed, all except original chg for domain name, my dispute won, they took my domain name. Kept my $. I outright asked today if Register was affiliated with NewVCorp and rep said no!
ReplyDeleteIt's time to put all of this together and go to our Senators and Congresspeople with this. President Obama made a huge mistake when he allowed the controll of the internet to leave the US and go to Singapore, this is the last year the internet will be ran in the US.
ReplyDeleteThere are no "not highly desirable" domain names to these bastards. No matter what your domain name is, if it exists, and it expires, it will be hoarded by the registrar as a traffic sink, and you will have to pay a ridiculous price to get it back. I've had many domains expire on my that I used for personal or non-profit purposes, and I cannot afford to get them back even though they are technically worth no more than any other unregistered name. It doesn't cost the registrar anything to hold onto it forever in the hopes that someday, someone will pay $1000 for it, and until then, they will just keep it locked up.
ReplyDeleteI have my domain name registered with Network Solution up to 2017-9-14
ReplyDeletebut found out my domain name owned by New Venture Corp. I called Network
Solution they ask me to contact NVC to get my domain name back. I paid for the service why my domain name belong to some one else. I email them the receive paid-through PayPal. They did not call me back. I don't know what to do next. Please advise.
So glad I came across this discussion. I just found out New Venture is the registrant of my domain name. I let the web host service expire a long time ago, but kept paying to keep the name while I decided what I wanted to do with the site. So now if I want to reopen the website, I'll have to pay New Venture to have the space back. tsk tsk tsk
ReplyDeleteI transferred my company URL from GoDaddy to Register.com in 2013. One year later, according to Register.com, the URL failed to renew against my credit card. I didn't receive notification of the pending expiration or the failed payment. My URL, which I've had since 2001, continued to operate until 8 AM this morning. That's more than 2 years after it supposedly expired. Now Register says there is nothing they can do. And New Ventures doesn't answer it's phone number, which was really hard to get.
ReplyDeleteAny idea what I need to do to get my URL back? My site is shut down and 15 staff can't receive their emails.