Monday, July 7, 2014

WARNING! If You Own Domain Names, Avoid Web.com and Its Subsidiaries and Partners (Register.com, Network Solutions, and New Ventures Services – A.K.A. “New Vultures Services” – Among Others)


It is discouraging how many people are shocked by honesty and how few by deceit.
– Noel Coward
______________

I’m going to tell it like it is, pulling no punches, and –
Karma’s a Bitch
Brew a pot of coffee, pull up a chair, and settle in. This will be a long journey into the underbelly of the domain business, complete with hijackings, outright thefts, and domain warehousing.
My own story is just a minor blip in something that is much bigger, for as I followed the threads, more sleight of hand and double crossing were uncovered.
Even if you are not a player in the domain business, these activities affect you – that is, if you own a domain name for business or personal use. You, too, are vulnerable; your domain is an asset, and if you own an especially appealing and valuable dotcom, your property could be at serious risk, especially if your domains are registered at a registrar that is involved with this activity or a registrar that offers weak security.
At the very least, you are likely a recipient, on a breathtaking scale, of lousy customer service.
“Life is a Brand,” my main site, is not a review site, so I have set up this independent space because I would be remiss if I didn’t warn my readers, some of you in the domain industry but most of you ordinary people who may own a domain or two for a business or personal site.
First, let’s list the Major Players and some pertinent details about them because they are all related and are discussed in this posting (This is long, but this info shows some definite connections among these companies. I have whois screenshots, current as of 30 June 2014, for most of these links.):

____________________

Web.com

Registrar and web hosting company
Domain Name Web.com is registered at Register.com (Domaintools whois and Register.com whois screenshots captured on 30 June 2014; Web.com uses Register.com whois for its whois info)

*****

Network Solutions (a.k.a. NetSol)

Registrar and hosting company, “a Web.com company”
Domain Name NetworkSolutions.com registered at Network Solutions (Domaintools whois and Network Solutions whois screenshots captured on 30 June 2014)


*****

Register.com

Registrar, owned by Web.com.
Slogan: “Everything Just Got Easier” (Reference to its acquisition by Web.com) 
NewVcorp.com, known as New Ventures Services Corp, a “partner” company, is registered here.
Domain Name Register.com is registered at Register.com  (Domaintools whois and Register.com whois screenshots captured on 30 June 2014)


*****

New Ventures Services Corp (NVS)

A domain name warehouse that “buys” expired domain names from registrars and then parks them for ad revenue. When queried by former registrants, NVS offers to sell them back (at extortionate prices) or auctions them off on the aftermarket.
Business Domain Name: NewVcorp.com, registered at Register.com  (Domaintools whois and Register.com whois screenshots captured on 30 June 2014)
Slogan: None (This company seems to work hard at sliding under the radar – provides only one link, a “Contact us” fill-in-the-form page.)
Possibly owned by Web.com, but a definite partner in the warehousing of expired and stolen domains from the three sirens listed above.


*****

Directi/Skenzo (Directi owns Skenzo, a domain parking company, and, possibly, ztomy.com)

A domain parking company targeted directly to registrars for the monetization of expired/warehoused domain names.
Skenzo.com is registered at Public Domain Registry.
Skenzo uses the notorious ztomy.com nameservers for parked domains but not for its own URL (Skenzo nameservers are located on Akam.net).
It seems that the major registrars use Skenzo for parking their expired and escrow domains, using the ztomy.com nameservers.
Directi.com, registered at Public Domain Registry 
Skenzo.com, registered at Public Domain Registry  (Domaintools whois and Public Domain Registry whois screenshots for both Directi and Skenzo captured on 30 June 2014)

*****

Ztomy.com (registered 22 November 2007 and owned by Directi/Skenzo and may or may not be directly involved in wrongdoing, but it sure has been implicated in several incidents.)

(BEWARE: PLEASE DO NOT NAVIGATE TO THIS SITE; it could contain some malicious code attached to it. See Avast Forums and Securi.netNorton does show the site as safe, but I have had some issues with Norton lately. McAfee offers this warning: “This link might be dangerous. We tested it and found security risks. Beware.”
Ztomy.com is a domain nameserver used by New Ventures Services for their warehoused domains and has also been implicated in some hijackings and DDoS attacks. Apparently, domains parked at Skenzo, a domain parking company designed specifically for registrars, also use the ztomy nameservers.
Approximately 590,000 domains are hosted on ztomy.com nameservers: See Hosterstats.com and Webhosting.info
Hosting history of ztomy.com: November 2007 – Directi.com; December 2007 – ztomy.com (self-hosted); April 2012 – Akam.net.
Source: Hosterstats.com.
Ztomy.com is registered at Public Domain Registry.

(Domaintools whois and Public Domain Registry whois screenshots captured on 30 June 2014, which I have on file.)

*****

208.91.196.4/ FreeResultsGuide.com and SearchDicovered.com

IP number attributed to ztomy.com; direct navigation goes to FreeResultsGuide.com, tagged in a Google Safe Browsing Report as a site that “that appeared to function as intermediaries for the infection of 42 other site(s)...” (25 June 2014 report, captured in a screenshot).
SearchDiscovered.com has not been reported by Google as a malicious site; however, when users click on the url, it (sometimes) redirects users through the unsafe FreeResultsGuide.com, finally landing on infomash.org, a page with no known browsing issues (refers a safe page through an unsafe page, then landing on a safe page).
(Domaintools whois and Public Domain Registry whois screenshots captured for both domains on 30 June 2014)
Google Search regarding IP 208.91.196.4 offers a search page filled with warnings.

IP DomainTools entry for 208.91.196.4

*****

Minor Players:

Public Domain Registry
Business Domain Name: PublicDomainRegistry.com
Slogan: “...an industry leader in providing Domain Registration Solutions.”
This is the registrar for ztomy.com and FreeResultsGuide.com, a known intermediary for spreading malware. This in itself does not implicate this registrar in any wrongdoing – bad players can register domains anywhere – but, just the same, this is worth noting because several sketchy sites are registered here. I am still researching this registrar.
Current hoster: Cloudflare.com 
As of 25 June 2014, Public Domain Registry itself hosts only 12 domains.
PublicDomainRegistry.com is registered at Public Domain Registry.
(Domaintools whois and Public Domain Registry whois screenshots captured on 30 June 2014, which I have on file.)

*****

Other Connections: ASN, Company Names, and Nameservers; Registrar Info; Abuse Email addresses:

ASN: AS40034 Confluence-Network-inc, VG (registered Apr 11, 2011) – Confluence-Networks (Confluence-Networks.com)

Confluence-Networks-inc, operating out of the Virgin Islands, is “a network service provider which provides network services to it’s [sic] customers.” From its home page.  This company is listed in Whois as the autonomous system name (ASN) record in many of New Ventures Services domains.
Also using this ASN: Directi, Free Results Guide, Privacy Protect, Skenzo, Search Discovered, and ztomy.
ASN, also known as AS or ASName, is an autonomous system, “a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the Internet.” Wikipedia
Google seems to have some safe-browsing issues with Confluence-Networks.com, posting a diagnostic page for domains associated with this company. (Screen shot captured on 25 June 2014)
Confluence-Networks.com is registered at Public Domain Registry. 
(Domaintools whois and Public Domain Registry whois screenshots captured on 30 June 2014)

*****

Pertinent WHOIS Information for the Domain Names Discussed in this Article:

The Full List:


*****

SnapNames and NameJet

Domain name auction platforms, which are connected with Web.com (including subsidiaries Register.com and Network Solutions).
At one time, expiring “pre-release” Register.com domains went to SnapNames.com for auction, and Network Solution domains went to NameJet.com. Apparently, all Web.com, Network Solutions, and Register.com pre-releases now go to NameJet.
An expiring “pre-release” domain is a name that has technically expired but will be “auctioned” within three or four weeks of expiration, and, therefore, will not lose its original registration date. (Some “pre-release” domains on NameJet are not expired and owned by “elite” private sellers, but in its listings NameJet does not distinguish between the two.)
A “pending deletion” name will be deleted on day 75-76 after expiration, becoming available for anyone to register (although professional “dropcatchers” will most likely snag the highly desirable drops).
These auction companies are partners with the registrars and may very well be subsidiaries of them.
SnapNames.com is registered at UDomainName.com, possibly a reseller for Web.com (the abuse email is abuse@web.com), and owned by Moniker.com. 
NameJet.com is registered at enom.com


*****

UDomainName.com

UDomainName.com redirects to a SnapNames portal and domain management page containing a Network Solutions button and seems to be a “shell” registrar and dropcatcher (a company that snaps up recently deleted domains with sniping tools) for Network Solutions/Web.com. Once caught, UdomainName domains are auctioned off on SnapNames and held for the buyer at UdomainName for at least 60 days.
UDomainName seems to connect to several companies: Web.com, SnapNames, Moniker, enom, Register.com, and Network Solutions.
The UDomainName whois (listed in the DomainTools “Whois Server” as whois.udomainname.com) appears to be disabled, which is explicitly against ICANN rules, for each registrar must maintain its own whois data base. Navigation to Whois.UdomainName.com, returns a dead page, although Whois info can be found at Register.com and Moniker.

*****

My personal story begins with Register.com, a domain registrar that treats its customers like dirt, and follows the threads which include anecdotes and some hard facts. I began researching and writing this post on 22 June 2014, but I have held off, until now, publication for various reasons, including a transfer of another domain (unexpired and up-to-date). This transfer has now been completed, although not without its pitfalls – more on that later.
At one time, Register.com was a pretty decent, albeit a bit pricey, domain registrar. One of my premium domains resided there for years, but when Web.com (also owners of the notorious Network Solutions) acquired Register.com, I knew it was time to move it somewhere else. My acting quickly resulted in a fairly smooth transfer, a relief because this was an expensive acquisition, and now the domain resides at a domain registrar that offers white-glove service.
Fast forward to now. Upfront, I need to take responsibility on my part: I inadvertently allowed a domain to expire, but it was well within the 45 days that most registrars allow customers to redeem domains, although at a premium. Okay, I accept that; it was my fault for not updating my email redirect and missing important renewal notices.

While I take full responsibility for my part, what Register.com did to me (and, presumably, to others) offers a window into the soul (or non-soul) of a corporation that holds its customers in utter contempt.

On Wednesday, 18 June 2014, after I discovered the problem, I saw that my domain was still listed in my account with a “Held” notation, so it was still obviously redeemable through the registrar.
So I called Register.com’s “customer service” line and spoke with a sweet-talking representative named “Jen,” who assured me that “You will get your domain back.” She gave me my confirmation/ticket number: 999932.
I could hear her tapping in the background as she made cheerful small talk about how “Jen” is not just her nickname, but her real birth name, blah, blah, blah, I suppose trying to placate me by creating a “connection” – a rather smarmy narrative of two “Jens” in a common struggle to retrieve my domain.
I had an instant bad feeling, and rightfully so.
Because, meanwhile, she was stabbing me in the back: on 19 June 2014, I received the following message from an outfit called New Ventures Services:

Hi Jennifer,

My name is Gillian. and I represent New Ventures Services Corp., the current registrant of the domain [redacted].

The current asking price for the domain name is $125.00 USD. This offer is valid for seven days.

If you have any questions or need further assistance please let me know as I am happy to assist with the purchase of this domain name. I am available on Monday to Friday from 7:00am – 4:00pm EST.

Thank you,

Gillian
Sales Representative, New Ventures Services Corp
Office: 1-855-253-5822 | Local: 1-902-881-4212, http://newvcorp.com

So I looked up my domain name at DomainTools whois and found this entry, current as of 22 June 2014 (I also have a 22 June 2014, screenshot):

Domain Name: [redacted] Registry Domain ID: [redacted]_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: http://www.register.com
Updated Date: 2004-05-08T00:00:00-0400 [Note the date of updating; this suggests that changes to my domain were made on the very day of expiration.]
Creation Date: 2004-05-08T14:49:46-0400
Registrar Registration Expiration Date: 2015-05-08T00:00:00-0400
Registrar: Register.com
Registrar ANA ID: 9
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8773812449
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: New Ventures Services
Registrant Organization: New Ventures Services
Registrant Street: PO BOX 459
Registrant City: Drums
Registrant State/Province: PA
Registrant Postal Code: 18222
Registrant Country: US
Registrant Phone: +1.8558971723
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: admin@newvcorp.com
Registry Admin ID:
Admin Name: New Ventures Services
Admin Organization: New Ventures Services
Admin Street: PO BOX 459
Admin City: Drums
Admin State/Province: PA
Admin Postal Code: 18222
Admin Country: US
Admin Phone: +1.8558971723
Admin Phone Ext.:
Admin Fax:
Admin Fax Ext.:
Admin Email: admin@newvcorp.com
Registry Tech ID:
Tech Name: Domain Registrar
Tech Organization: Registercom
Tech Street: 12808 Gran Bay Pkwy
Tech City: West Jacksonville
Tech State/Province: FL
Tech Postal Code: 32258
Tech Country: US
Tech Phone: +1.9027492701
Tech Phone Ext.:
Tech Fax: +1.9027492701
Tech Fax Ext.:
Tech Email: domainregistrar@register.com
Name Server: sk.s5.cm.ns2.37.ztomy.com [*Interesting situation regarding the ztomy.com nameservers]
Name Server: sk.s5.cm.ns1.37.ztomy.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

[On screenshot, the ASN is Confluence-Networks-inc]

I also have a Register.com Whois screenshot, current as of 22 June 2014.
In other words, while I was on the phone with the diabolically cheerful “Jen,” she was busy handing my domain name over to New Venture Services, a shell company or partner of Web.com, who, as I said earlier, also owns Register.com and Network Solutions, notorious for questionable domain practices and name warehousing, activities supposedly going against ICANN rules for registrars.
My expired domain name is currently hosted on an adult domain parking page with a “recently placed in the marketplace” notice, with such charming titles as “Sex Chat,” “100 Free Sex Dating Sites,” “Live Sex Cams” – well, you get the idea.
The domain itself is not an adult name, never used by me as an adult site.
The sales link leads back to New Ventures Services (NewVcorp.com).
A 2 July 2014 Domain Tools update reveals that the domain has been listed at Sedo.com for $377.00.
Sweet.
So I looked up NewVCorp.com on the Register.com whois, as of 22 June 2014 (I also have screenshots of both the 22 June 2014 and 6 July 2014 Domain Tools Whois and Sedo sales page):

Domain Name: newvcorp.com
Registry Domain ID: 1711649027_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.register.com
Registrar URL: http://www.register.com
Updated Date: 2012-04-06T00:00:00-0400
Creation Date: 2012-4-06107:33:15-0400
Registrar Registration Expiration Date: 2018-04-06T00:00:00-0400
Registrar: Register.com
Registrar IANA ID: 9
Registrar Abuse Contact Email: abuse@web.com
Registrar Abuse Contact Phone: +1.8773812449
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Admin Admin
Registrant Organization: New Ventures Services, Corp
Registrant Street: PO Box 459
Registrant City: Drums
Registrant State/Province: PA
Registrant Postal Code: 18222
Registrant Country: US
Registrant Phone: +1.8558971723
Registrant Phone Ext.:
Registrant Fax:
Registrant Fax Ext.:
Registrant Email: admin@newvcorp.com
Registry Admin ID:
Admin Name: Admin Admin
Admin Organization: New Ventures Services, Corp
Admin Street: PO Box 459
Admin City: Drums
Admin State/Province: PA
Admin Postal Code: 18222
Admin Country: US
Admin Phone: +1.5707088780
Admin Phone Ext.:
Admin Fax:
Admin Fax Ext.:
Admin Email: admin@newvcorp.com
Registry Tech ID:
Tech Name: Domain Registrar
Tech Organization: Registercom
Tech Street: 12808 Gran Bay Pkwy
Tech City: West Jacksonville
Tech State/Province: FL
Tech Postal Code: 32258
Tech Country: US
Tech Phone: +1.9027492701
Tech Phone Ext.:
Tech Fax: +1.9027492701
Tech Fax Ext.:
Tech Email: domainregistrar@register.com
Name Server: dns196.b.register.com
Name Server: dns135.a.register.com
Name Server: dns093.c.register.com
Name Server: dns010.d.register.com
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>>Last update of WHOIS database: 2012-04-06T00:00:00-0400 <<<

Note the recent registration date of 12 April 2012, right around the acquisition of Register.com by Web.com.
However, New Ventures Services Corp has been in business since at least 2007.
The domain I lost is 10 years old.
My bad: I did not take a screenshot of my domain before it was transferred to New Ventures Services, so, now, it becomes a “she/they said” situation.
Then I looked up NewVenturesServices.com and NewVenturesServicesCorp.com for a current record at Domaintools whois and found...well, let’s leave that for later...
So some of you might be wondering why I didn’t just cough up the $125; after all, I was the one who allowed the domain to expire.
I might have, that is, had Register.com hadn’t handed over my domain to New Ventures Services (NVS), while I was speaking on the phone with the rep and if I hadn’t done a search on this dodgy company.
I was not about to be victimized again.
Being a skeptical person, I Googled “New Ventures Services Corp” and the Web.com subsidiaries Network Solutions (Net Sol), and Register.com, and what I found were numerous complaints and claims of malfeasance, highjackings, and skulduggery by these players.

For example,

On 9 April 2014, Adorer, a WarriorForum member, noted that he transferred FalconSubmitter.com, created on 4 January 2013 and updated 11 March 2014, from Yahoo! to Net Sol (a Whois search reveals Public Domain Registry is now the new registrar with an expiration date of 1 April 2015) and discovered that the nameservers had been parked, using the ztomy.com nameservers. It is not clear if Yahoo! had changed his nameservers to ztomy or if ztomy is the default nameserver for Yahoo! No one bothered to tell him that when transferring out a domain, he should change his nameservers to his desired hosting company.
I am still not sure if Adorer still retains control of the domain, for it retains a private registration, but the nameservers are no longer ztomy (currently BNS1.Bonazur.com and SNS2.Bonazur.com). The Falcon Submitter domain now directs to an “Index of /” page.
It is interesting to note that the 9 April 2014 update is the same day that Adorer posted his/her complaint on Warrior Forum, perhaps his/her own change of nameservers.
It seems that many victims of these sleight-of-hand maneuvers are end users, not domainers, and have no idea the difference between a nameserver and a URL, so solving the problem may seem impossible. As long as a domain owner has panel control of the domain, changing them is not all that difficult, but it’s like the old saying: “In order to answer a question, you have to know what the question is.” And some rogue registrars act dodgy when they smell the blood of an innocent.
On 1 January 2014, “bill,” a Gametz forum member, reported a possible hijacking by ztomy.com servers. According to him,

There were about 8 GameTZ people affected by this. It was all at once this morning (didn’t see it yesterday), as if suddenly a virus was spreading rapidly... kind of scary. But, I could just have it all wrong too (doubt it).

Further into the forum comments, it was revealed that some of the members affected were using AT & T as their mobile provider and that, perhaps, this had been a “fluke.”
But, then, “John” jumped in and commented, “Whoa. That’s weird. It looks like either MyCingular just acquired IPs that used to be owned by Ztomy – or the DNS was just screwed up and it was reversing to the wrong domain. Crazy...”
“Ranchan” said, “...From what I read it appears the issue popped up w/ iphone/smartphone users.”

On 3 December 2013, Trikker_Denice, a member on the CNET forum, said that Yahoo! Small Business suddenly shut down thousands of websites after customers “failed” to accept new terms of service, shutting down the websites and changing the nameservers to ztomy.com.
Yahoo! claimed that the company had sent out emails in advance, but some customers said that they never received the emails, and others said that they had accepted the new TOS but were shut down anyway.
Having tangled with Yahoo! Small Business Domains in the past, all I can say is that these claims are, sadly, all too plausible.
On 15 March 2013, at webhostingtalk.com, the original poster discusses a domain name transfer gone wrong; instead of being transferred to the buyer, the unexpired name was handed over to NVS (NewVcorp.com). and could not be managed by the buyer.
(The member mentions NVS by name in post#6.)
According to user premiumdomain, he had bought an unexpired domain from a seller at Sedo, an aftermarket domain name sales site, and requested its transfer to Network Solutions (also owned by Web.com), but that did not quite happen the way the owner expected. Somehow, the domain was “accidentally” transferred to a Net Sol account belonging to guess who? New Ventures Services. It is yet unclear if this matter has ever been straightened out or if premiumdomain simply ate a $X,XXX cost without receiving his purchased domain.
A 2011 post on “Barf” (Bay Area Rider’s Forum) discussed a similar situation as my own, except the registrar was Network Solutions (Keep in mind that Web.com owns both Net Sol and Register.com). 
A short 2012 post on TheDomains revealed some kind of deal between Homeland Security (seized domains) and New Ventures Services (NVS) acquiring GoFactoryOutlet.com.
This begs the question: why is Homeland Security selling domains to this outfit?
A 2007 post at DomainState revealed how a Net Sol employee pretended that New Ventures Services was a separate entity, having nothing to do with Net Sol.
On 27 May 2014, FuckingScam.com reports that, after New Ventures Services takes a customer’s money, the company

...misleads people into making a purchase agreement and then backs out of it giving some lame excuse that what you’re buying is owned by someone else as it was sold to another group or it is on auction with SNAPNAMES OR NAMEJET. This is a complete SCAM. THEY ARE COLLECTING CREDIT CARD INFORMATION AND THEN BACKING OUT. THEY ARE SCAMMING PEOPLE. NEW VENTURES SERVICES is a SCAM. – DO NOT BUY ANY WEB SITE FROM NEW VENTURES SERVICES, affiliated with REGISTER.COM, WEB.COM, SNAPNAMES.COM.

In a 2007 Sitepoint.com post, ferg32, a domain owner, noted that he

...had registered a domain with Network Solutions and kept it paid in full for 6 years. I found that Bravenet would host my website and register my domain for a fraction of the cost. NS customer service kept making excuses why I couldn't get my name transferred. One day I was told BY NS Customer Service (if you can call it that) to turn off my protection so I could transfer the domain. NS then conspired with New Venture[s] Services to hijack my domain and ask for a minimum bid of $100 just to see if they would consider selling my domain back. In the business world this would be illegal, why does ICANN allow this to happen. I have sent two complaints to ICANN no reply.

In a later post, he added,

I do however have a printed hard copy of my reply from Network Solutions telling me to turn off my protection so I could transfer my domain to Bravenet. Funny thing New Venture[s Services] snatched it up before I could transfer.

Myetus added this comment:

One of my clients wanted to transfer her domain name from NS to Go Daddy. She was given a code that was supposed to be entered at Go Daddy. However, Go Daddy was not able to use it. In the meantime, the domain was put up for auction and now the Whois database says that New Ventures Services owns it. As you can imagine, my client is not happy. She suggested that NS should be sued. I think, after seeing very similar complaints against NS, that a class action lawsuit should be put on NS for not providing promised service. We should start a petition and let everybody join and file the suit against them.

In fact, this two-page thread is a treasure trove of malfeasance, and I recommend that you read it in its entirety.

More complaints:

In his 17 February 2007 article “Stuck in the Mountains,” the webmaster of Lytspeed.com tells (in some detail) his domain woes with the cozy deal between Network Solutions and New Ventures Services Corp. He wasn’t fooled one bit by the so-called independent relationship between Net Sol and NVS. However, he chose to move on and found another domain name.
This kind of helplessness is one reason why these shell companies continue to flourish and exact their predatory behavior on hapless domain owners, many of them end users.
Consider this Namepros discussion about the activities of New Ventures Services as it relates to Register.com. Member tonecas offers some interesting insights about New Ventures Services Corp. You may need to click back to the previous page to get the full discussion. 
Also, see this Tribe.net complaint from 2014. 
As I was analyzing the whois record for my hijacked domain, I discovered an interesting tidbit about its nameserver domain (ztomy.com), where my domain is parked. According to a 20 June 2013 article on the Cisco blog, Ztomy.com was implicated in a DNS attack on Network Solutions, affecting about 5,000 of their customers’ domains. According to author Jaeson Schultz,

Multiple organizations with domain names registered under Network Solutions suffered problems with their domain names [20 June 2013], as their DNS nameservers were replaced with nameservers at ztomy.com... Hijacking of a domain name’s DNS records is one of the worst attacks an organization can suffer. You literally have lost control over your domain. Network Solutions, having been the original registrar for .com, .net, and .org domain names, is quite an attractive target for attackers. Originally it was unclear whether the issue was the result of an attack or a misconfiguration. It turns out the problem was both attack-related and also the result of a misconfiguration. Network Solutions issued a statement claiming, “In the process of resolving a Distributed Denial of Service (DDoS) incident on Wednesday night, the websites of a small number of Network Solutions customers were inadvertently affected for up to several hours.”

LinkedIn, among thousands of other websites, was also affected by this attack. According to Michael Lee in a 21 June 2013 ZDnet.com article, “Cisco believes that this actually lends credibility to the theory that it was not a malicious attack.”
If valid, this “accidental” in-house attack clearly shows that ztomy.com is associated with Network Solutions, Web.com, Register.com, and New Ventures Services, and that someone in-house has access to Network Solutions accounts and a connection with ztomy.com, the nameserver domain associated with the New Ventures Services’ warehouse for expired domains, and, sometimes, outright stolen and hijacked domains.
Net Sol attempted to make a case that this whole thing was an “accident,” but nameservers can’t change by themselves; at some point, nameserver changes need human intervention.
More on the DNS Made Easy site about the 20 June 2013 attack. 
Another especially egregious example: on a WarriorForum 26 January 2011 post, member Helen Mortensen reported that her company Biochromalab

...decided to move [the] domain and start fresh with a host closer to home, Sweden, and this is when my domain gets hijacked, when unlocking it for transfer to the new webhotel.
Transfer failed and I had to annulate [annul?] the order completely and it is now parked and locked at the registrar. (and Yes it is paid for)
When googling my domain-name: *biochromalab.com it is redirected to an obscure site.
I looked them up...and they specialize in hijacking domains... they are the infamous “searchdiscovered.com” [29 June 2014: currently redirects through unsafe FreeResultsGuide.com, landing on infomash.org, and under privacy] hosted at ztomy.com [29 June 2014: currently hosted at akam.net nameservers].”
They operate under several names, and they have stolen sites and domains since 2007.

Apparently, the screenshot of the “obscure site” mentioned by Ms. Mortensen has been scrubbed from the Internet Archive. She didn’t reveal the name of the rogue registrar, but ztomy.com figures into the equation.
A 21 July 2011 screenshot on the Wayback Machine (a.k.a the internet archive) reveals that the company must have reacquired BioChromalab.com and then redirected it to biochromalab.se, currently still-active. As late as 2013, the troubled .com was for sale at LifeDomains.net, after it apparently expired, for an unknown reason.
As of 23 June 2014, BioChromalab.com was “deleted and available.”
On 24 June, 2014, this writer decided to register this domain, redirect it to the biochromalab.se site, and offer it for FREE to Ms. Mortensen’s company – in preparation for the release of this story, the possible backlash, and the possibility that a malicious squatter might register the name and try to sell it back to Ms Mortensen. But, now, this domain will either be transferred to Ms. Mortensen or allowed to expire on June 24, 2015. She has already been contacted.

See this interesting discussion about SearchDiscovered.com on a 25 December 2011 discussion on the Apple forum.
On 17 July 2013, Cisco reported another Distributed Denial of Service (DDoS) attack at Network Solutions, but it is unclear if ztomy.com was involved in this incident. But author Craig Williams reported that it was “possible that the [two] DDoS attacks [were] related.”

The IP number for ztomy.com is 208.91.196.4, which redirects to a parking page (FreeResultsGuide.com, a known malware page as evidenced by Google’s Safe Browsing Report, also registered at Public Domain Registry), possibly owned by the same people who own ztomy.com.
In late 2013/early 2014, ztomy.com was implicated in a mass hijacking of Yahoo! domains as well. In Yahoo Answers, a customer complained that her domain ThurstonMillwork.com ended up on the ztomy.com nameservers: a quick search reveals that the problem was solved and that the owner (wisely) transferred the domain to another registrar, and the nameservers now look legitimate.
This article and the ensuing comments are well worth reading in their entirety, for it is yet another piece of this sordid NVS puzzle. 
Ztomy.com is registered at Public Domain Registry (PublicDomainRegistry.com), using the following for its nameservers:

ns1-106.akam.net
ns1-109.akam.net
usc4.akam.net
usc5.akam.net

Akam.net belongs to a hosting company called Akamai Technologies and is used only for nameservers (as of 25 June 2014, the domain itself does not resolve). It is interesting to note that the ztomy.com does not use its own sketchy nameservers for its own website but that akam.net appears to serve some companies that deal in questionable activities.
Ztomy.com has been implicated in several instances of “DNS Cache Poisoning,” as noted here,  here (Kurt Lang post), and here, among other sites. 
It is interesting to note that ztomy.com is used as nameservers at New Ventures Services for their “acquired” domains.
On the Search Security website, Margaret Rouse defines DN Cache Poisoning as

...the corruption of an Internet server’s domain name system table by replacing an Internet address with that of another, rogue address. When a Web user seeks the page with that address, the request is redirected by the rogue entry in the table to a different address. At that point, a worm, spyware, Web browser hijacking program, or other malware can be downloaded to the user’s computer from the rogue location.

Earlier, I noted NewVCorp.com as being a recent domain registration, only because it usually takes a company long time to develop such a lousy reputation, but New Ventures Services has taken skulduggery to a whole new level. In fact, they may have changed domain names, given that they have been in business since (at least) 2007, possibly before.
I also noted that I had looked up NewVenturesServices.com and NewVenturesServicesCorp.com on DomainTools Whois. I suspect that NVS once conducted business on these domains (I don’t know for certain – a search on Archive.org, also known as The Wayback Machine, looks scrubbed, only bringing up one entry, ironically for another complaint site).
This is where karma becomes a major bitch: someone abandoned the domains and allowed them to expire and drop.
On 22 June 2014, I registered both domains and after setting up this complaint site, I redirected both domains (NewVenturesServices.com and NewVenturesServicesCorp.com, splashing the New Ventures Services corporate name on this complaint site.
So whenever victims or potential customers New Ventures Services use direct navigation to find this company, they will land on this page and get an eyeful.
I find that very satisfying.
As I noted earlier, I was holding publication of this article until the transfer of another Register.com domain was completed. My domain is now safely at my new registrar, but it took several emails, one week, one transfer rejection, and a tense phone call to customer “no-service” before prying my EPP (authorization code) from them.
I still have three domains there and am trying to decide if I really want these domains enough to transfer them out. They all have long registration dates, so I still have plenty of time.
One tip when transferring Register.com domains out: CALL and demand your EPP code. This registrar will reject email requests as being “suspicious.” Shortly after the Web.com acquisition, this was not the case.
If you have a sad tale of lost domain names due to New Ventures Services, Register.com, Web.com, ztomy.com, Network Solutions, and/or any other company connected with this sordid business, feel free to post your comment in the comment section.
I will, of course, delete spam and unrelated topics.
Have a nice day!



24 comments:

  1. Hi Jennifer, What would you suggest to do if they are holding onto a domain name that I want?

    ReplyDelete
    Replies
    1. If the name you want isn't highly desirable, they may quietly drop it at expiration, and you may be able to pick it up then. If it's an expensive, must-have domain, you might have to go through a reputable broker who can negotiate for you and will know the ropes.

      But there is a definite risk that these companies will rip you off, given some of the experiences listed in the article.

      I, personally, would not do business with these companies. I would probably find another domain.

      Delete
    2. Thank you Jennifer I really appreciate the reply. Do you have any updated news about netsol's certified offer then?

      Delete
  2. No, I don't have info on their services, such as they are.

    Best to go to Namepros.com, a domain name forum, for more information on good and lousy registrars.

    :)

    ReplyDelete
    Replies
    1. Thanks again! I have sought your advice to find another domain instead. I appreciate you took time out to put together this article!!!

      Delete
  3. Good information. Network Solutions did something very similar to me. I've had a domain name on backorder for about five years since the first owner had it. The domain is registered with Network Solutions, the domain expired, and went to auction with NameJet. No one bid on the domain name and the auction closed at $0. The domain should have gone to me since since I had had a backorder for so many years, right? It didn't, it was taken by New Venture Services and is now parked using ztomy.com nameservers. Network Solutions and their affiliates are a scam! Something needs done about all these scammers!

    Thanks again for all the good information!

    ReplyDelete
  4. I am in the middle of a Network Solutions/New Venture domain issue right now, my fault for expired cc but I called and they had already sold to New Venture (I am however paid in full until tomorrow and they sold it last week) They have offered for me to buy it back for $399? I have had this same name since the beginning of internet, been in business 32 years, luckily I have just changed domain name to .net but it is still costing me thousands in sales, hopefully at some point it will go back at a normal price, I will move it to a USA local company!

    ReplyDelete
  5. Hey, Anonymous (February 9, 2015), you mean they "sold" (transferred to their shell company) your domain BEFORE it was expired?

    If so, could you let us know the domain in question?

    ReplyDelete
  6. Ah, I see you posted over at Dotweekly:

    http://dotweekly.com/new-ventures-services-corp-who-are-they/

    ReplyDelete
  7. This is only tangentially related, but the network of Web.com / NewVentureServices brands also seems to engage in outright theft by not closing debits of their customers closed accounts.

    Aside from having to personally call during their business hours to close my account (can't be done via a support ticket, trying will get you numerous canned messages to call their support system with conflicting codes to reach the right help desk) and reconfirming this - I'm three months later still receiving charges for my hosting purchase.

    I've had to order a stop payment with the bank to prevent them. Nobody at the company can explain why they are still charging me.

    ReplyDelete
  8. I am sorry to read your tale of woe, but I went through the exact same deal a year ago.
    I am also glad to have story as proof.
    Register dot com reps led me to believe they would help me with an expired domain that still was in redemption period.
    They totally blissfully lied to me and a couple days later New Ventures Services: contacted me with same form email they sent you.
    This was particularly bad because my boyfriend lost his domain. (I put together his health website)
    I was made to look hairbrained.
    Vile companies all around.
    Also I am very familiar with domain world. A long time ago, back in 2000, there was supposed to be something called the wait list service. WLS.
    It would have allowed people to put domains on backorder, first come, first served, set price.
    Instead scummy, worse than used car salesmen domainers applied pressure and boom snapnames and namejet took off instead.
    All dropcatchers are doing is Denial of Service attacks basically.
    There is no honor in that !

    ReplyDelete
    Replies
    1. Thank you for sharing your experience.

      We need to get more examples against these predatory companies out there.

      Delete
    2. They are in fact scum of the earth. Register.com - offer domains for 1.99, 2.99 etc, then renewal is 38.00. Trying to transfer away before expiry is difficult to say the least. I suspect they started the other companies simply for the purpose of scooping up absolutely every domain which expires. Of course, they can do this at no or negligible cost since they're a registrar. The amount of money they're asking for my domain is laughable, so I just changed names. Hope they get what they deserve.

      Delete
  9. I removed your post, cheap domains, because you included a spammy link.

    ReplyDelete
  10. Yeah, I've been dealing with them for years on a website that they snatched up mid transfer (I had just paid a whole year on the domain at registrar.com and was transferring it elsewhere because of the problems I had with their lousy customer service). The transfer code never worked, and my domain was acquired during the transfer by NewVenture corp without permission. Every single year I attempt to get it back, but they keep holding on to it. They want a ridiculous amount of money for a domain I had already renewed. It is so frustrating.

    I had the domain for over a decade until this happened.

    ReplyDelete
  11. You are all very silly. I have some knowledge on how all this works, and have had a domain with web.com for years. Web/Register/Netsol and onther registrars cannot be help accountable for your actions. If you provide them with a bad/wrong email address, ignore the numerous reminders that go out, or wait past the 30-45 day redemption point, you are a bad business owner/manager. The minute you notice your email stops working or the website doesnt come up, you call to find out whats wrong. Once that happens, someone will tell you the domain is expired and time to renew. Once a domain name is is expired and past it's redemption period, the domain is pulled from the public registry and at that point put up for sale or auction bu whichever company get it. New venture services, for example.
    Other notes, you cannot move an expired domain mane with web/netsol/register. you must renew it prior to it expiring. If you pay for a renewal, and then transfer it, that time is never lost. Additionally, if the domain expires while it is in the transfer process, it ill not be transferred.
    This reminds me of owning a car, or a home. You stop making payments, and the bank will call/write you and advise you that you need to pay what is owed. If you don't, the bank will repo your car or take your home. This is the exact same.

    ReplyDelete
    Replies
    1. Why is that Go Daddy gives registrants 42 days to renew a domain while the Web companies take domains away one day late and give them to Web's shell company New Ventures Services?

      Even when a home goes into foreclosure, the owner is given several chances to make payments, often months or even years.

      In addition, there are too many instances of the Web companies pulling the trigger even BEFORE a domain has expired.

      There are horror stories all over the web.

      Delete
  12. Yep! They got me, charged my card 3 mo. I disputed, all except original chg for domain name, my dispute won, they took my domain name. Kept my $. I outright asked today if Register was affiliated with NewVCorp and rep said no!

    ReplyDelete
  13. It's time to put all of this together and go to our Senators and Congresspeople with this. President Obama made a huge mistake when he allowed the controll of the internet to leave the US and go to Singapore, this is the last year the internet will be ran in the US.

    ReplyDelete
  14. There are no "not highly desirable" domain names to these bastards. No matter what your domain name is, if it exists, and it expires, it will be hoarded by the registrar as a traffic sink, and you will have to pay a ridiculous price to get it back. I've had many domains expire on my that I used for personal or non-profit purposes, and I cannot afford to get them back even though they are technically worth no more than any other unregistered name. It doesn't cost the registrar anything to hold onto it forever in the hopes that someday, someone will pay $1000 for it, and until then, they will just keep it locked up.

    ReplyDelete
  15. I have my domain name registered with Network Solution up to 2017-9-14
    but found out my domain name owned by New Venture Corp. I called Network
    Solution they ask me to contact NVC to get my domain name back. I paid for the service why my domain name belong to some one else. I email them the receive paid-through PayPal. They did not call me back. I don't know what to do next. Please advise.

    ReplyDelete
  16. So glad I came across this discussion. I just found out New Venture is the registrant of my domain name. I let the web host service expire a long time ago, but kept paying to keep the name while I decided what I wanted to do with the site. So now if I want to reopen the website, I'll have to pay New Venture to have the space back. tsk tsk tsk

    ReplyDelete
  17. I transferred my company URL from GoDaddy to Register.com in 2013. One year later, according to Register.com, the URL failed to renew against my credit card. I didn't receive notification of the pending expiration or the failed payment. My URL, which I've had since 2001, continued to operate until 8 AM this morning. That's more than 2 years after it supposedly expired. Now Register says there is nothing they can do. And New Ventures doesn't answer it's phone number, which was really hard to get.

    Any idea what I need to do to get my URL back? My site is shut down and 15 staff can't receive their emails.

    ReplyDelete

You know the drill.

Spam and unrelated topics will not be accepted.

No outside links unless they are related to the topic.