IT.COM

SCAM ** Network Solutions ZTOMY.COM - NS1642.ZTOMY.COM

Spaceship Spaceship
Watch
Impact
11,976
So I woke up this morning and I got an eMail from Network Solutions informing me that some changes were being made to my DNS.

My domains were now being pointed to: NS1642.ZTOMY.COM, NS2642.ZTOMY.COM

So I checked the WhoIs for my domains to make sure this wasn't just a phishing eMail, and sure enough my name servers were changed. No account details were changed, just the name servers.

I visited one of the domains and it took me to the site FindingResult.com. Of course this domain is privacy protected etc...

The name servers are now switched back, and I have changed my password.

I don't know how this happened.

Since I have the eMail containing the ticket ID and the ID of the person who facilitated this change on the NS side I have created a support ticket and will find out more as they provide me information.

I will update this post with any more additional information that I gather.
 
4
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Oh man... wait till you hear this one...

I just had a nice chat with a rep with Network Solutions, and apparently I didn't verify my whois information so the name servers were changed and pointed to NS1642.ZTOMY.COM, which will roll the traffic to spam.

I had to yell at him for 5 minutes until he divulged that the ZTOMY name servers were theirs.

These were drop caught domains that I will be transferring out, so I don't deal with NS often.

Typically you would expect a registrar landing page to appear, but not with Network Solutions.

This is obviously another loophole using ICANN policy for them to hijack your domain name and send the traffic to their own interests.

Shame on them.

It looks like Network Solutions finds crafty ways to insert their ZTOMY name servers into any site they can. They hit LinkedIN and USPS a few years ago.

http://www.zdnet.com/article/linkedin-just-one-of-thousands-of-sites-hit-by-dns-issue-cisco/

And they do this often...

http://www.scamful.com/2014/07/warning-if-you-own-domain-names-avoid.html

All of my domains with GoDaddy are verified via eMail, so I wouldn't know their process in dealing with ICANN verification - would they do something similar?

UPDATE:

On top of everything, apparently when I changed the name servers back to what they were supposed to be, the tech I was talking to went ahead and added the ZTOMY dns on top of my entries. I had to again go back in and change the DNS for the domains. What scam artists...

V1UYDRQ.png
 
Last edited:
5
•••
4
•••
The worse this could have been was if you were lead to an external website to try "fix" any problem and for you to fill in a complaint form (with your personal info) to that website (a fake support website) .

It sounds that your registrar is affiliated with whoever made the DNS change. This is still a serious note if you're traffic is dramatically affected after this change. Also, being your own manager for your domains, why they think they can freely do this is interesting assuming that they kept previous DNS working. It doesn't make much sense.
 
2
•••
5
•••
Another NS intentional mess...

I requested an auth code, which takes 3 business days to generate by the way, and once it was sent to me it turned out to be the wrong code.

So I had to contact customer support (another 2 days) and I finally got a valid auth code.

It should not take 3 days to get a customer their auth code, ever.

I have a feeling they scan for domains that have high monthly SV and try to manipulate that domain any way they can to benefit themselves. It was painful getting this domain out.
 
0
•••
DomainVP said:
I have a feeling they scan for domains that have high monthly SV and try to manipulate that domain any way they can to benefit themselves. It was painful getting this domain out.

No. They do it on every domain. Won at auction or registered at NetSol. I use NetSol for the same reasons you do. It's ridiculous, 3 days just to get the auth code, 5-7 days waiting for the domain to transfer. That's without support becoming involved. 2 days for support is generous. 1) That doesn't include a weekend, 2) It assumes you actually get a usable answer from their first support message. If you don't, you have to create yet another support ticket, you cannot reply to the same ticket. I calculated (extrapolated) from the number of tickets issued between my 2 tickets for the same issue, that they are getting something like 400k support tickets a day :( The longest it has taken me to get a simple support ticket answered is about 1.5 weeks and 4-5 tickets being issued.

As for your actual NS issue, and eMail validation. I have never seen these nameservers on my domains at NS. You do use default defined nameservers, I presume? I've never been asked to verify my email at NS. And I always ignore the ICANN issued annual notices at all my registrars.

I always transfer my domains out 60 days after registration. You never know when they will make it more difficult. Although for the last year I have been consistently successful in transferring domains out. It never used to be so easy, as it is now ;)
 
Last edited:
2
•••
The ztomy name servers are used for New Ventures Services domains.
 
1
•••
Wow, they're still pulling this shit!

These AsSwipes (see what I did there?) claimed, "Network Solutions is now required by ICANN (the regulating body for domain registrations) to have all domain owners confirm their email address contact information. We have not received a confirmed response to the verification email communications." I understand the first sentence is true. But the second one is bullshit. I'd just created the email address about a week earlier, AND had used it to set up my main Network Solutions account.
 
0
•••
Yep they just did the same to me.

Was very scary to see that more than $30,000 worth of domains were suddenly not working and all the nameservers had changed to NS1642.ZTOMY.COM

I was scared as hell and thought my account had been hacked.

After confirming my email all the nameservers seem to have reverted to normal and my domains are working again..

I can understand them needing to verify account details for icann but to change all the nameservers to their own? Unbelievable and as a customer I feel like they just shit all over me. Still can't believe they did that.
 
0
•••
Oh well. That's NetSol. I move every domain out at the earliest possibility, after 60 days. I hate to use them, at all.
 
0
•••
They are still at it...since an email confirmation requested just after midnight Sunday night / Monday morning didn't happen within THREE minutes, the DNS servers were changed to NS1642.ZTOMY.COM & NS2642.ZTOMY.COM

Chat Transcript
05:46:26 PM [Me] DNS settings for [domain].com changed to ZTOMY.COM. Why?
05:46:54 PM [NetSolChatRep] Thank you for chatting with us today! My name is [NetSolChatRep], please allow me a moment to review your request.
05:47:06 PM [Me] Thank you. My name is [Me]
05:48:09 PM [Me] For a minute, it appeared that the DNS setting changed back after I found the email confirmation that network solutions attempted just after midnight on 9/16/2019.
05:48:35 PM [Me] Apparently since the confirmation didn't happen within three minutes the DNS servers were changed to NS1642.ZTOMY.COM & NS2642.ZTOMY.COM
05:48:39 PM [NetSolChatRep] I see. Just another moment, thank you for your patience.
05:49:11 PM [Me] Once I clicked the confirmation link they changed to the original, but now appear back to NS1642.ZTOMY.COM & NS2642.ZTOMY.COM
05:49:39 PM [Me] In the Account Manager it says the domain is still "unverified"
05:50:13 PM [NetSolChatRep] I am looking into why the name servers were changed.
05:51:25 PM [Me] If it helps, the email I received noting the change says "Order Number: [number]"
05:53:14 PM [NetSolChatRep] Just another moment. Thank you for your patience.
05:57:21 PM [NetSolChatRep] Sorry for the silence, I am still looking into this.
05:57:31 PM [Me] ok
05:58:27 PM [NetSolChatRep] Alright, it looks like they went on the ztomy servers because of an icann suspension. Since that was lifted, they should no longer be switched.
05:58:43 PM [Me] Why was there an ICANN suspension?
05:58:57 PM [Me] I received no message from ICANN
06:00:01 PM [NetSolChatRep] It would have been an email from us asking to verify your contact info.
06:01:33 PM [Me] The only email asking for confirmation from NetSol was received Mon, 16 Sep 2019 00:05:03 -0700
06:01:47 PM [Me] Just after a Sunday midnight local time.
06:02:09 PM [NetSolChatRep] That would have been the email.
06:02:27 PM [Me] The email indicating the DNS changed was Mon, 16 Sep 2019 00:08:10 -0700
06:02:38 PM [Me] THREE MINUTES LATER.
06:03:03 PM [Me] tight window for a confirmation that will render your website and email inoperable if missed.
06:04:17 PM [Me] Is that tight of a midnight response window to be expected?
06:04:28 PM [NetSolChatRep] Normally no.
06:04:36 PM [NetSolChatRep] I'm not sure why it happened so fast.
(...confirming Account Manager updated...)
06:10:35 PM [Me] How can I be sure this won't happen again?
06:10:57 PM [Me] Do I need to hire a night shift to monitor for emails from Network Solutions?
06:11:25 PM [NetSolChatRep] There should be no need. It is very odd that it happened that way, but it should not happen again. We only send those emails out when you change account info.
06:11:37 PM [NetSolChatRep] And about every 6 months.
06:11:59 PM [Me] I see.
06:12:43 PM [NetSolChatRep] Anything else I could help you with today?
06:12:55 PM [Me] No.
06:13:22 PM [NetSolChatRep] Would you mind doing me a favor and taking the survey that pops up after this chat? 4’s mean I did a good job and it would really help me out!
 
0
•••
Network Solutions is the worst.
 
0
•••
Back