Dynadot

information Did Network Solutions conspire to allow this domain name to be stolen?

NameSilo
Watch

Addison

Top Member
Impact
1,657
So I’m documenting this cautionary tale because I feel I owe it to other poor unsuspecting domain name owners and businesses to NEVER trust any network solutions company (web.com, networksolutions.com, register.com), with your domains. Why? Because they allowed our domain to be stolen clean out of our account despite appropriate checks. But I’m jumping ahead. Lets start from the beginning…
Remember, we never sought this domain name. NameKart contacted us out of the blue. And with these domain brokers, you buy it from them, you never find out who the owner actually is. And having paid for it, we didn’t receive it for days and then when we did we were told we had to transfer it into a networksolutions account that we had to set up and specify.
Then 3 months to the day later, a transfer request came in. Despite deauthorizing it, making sure the transfer lock was on and changing all security it was transferred out of the account. And was immediately up for sale with a new domain broker. Again, without it being possible to know who owns it now. My mind is perhaps over-thinking it but what if this whole thing is just a setup. What if the person or person(s) behind this have help within networksolutions or indeed work there?
Full article...

:bookworm:

@namekart, any superfluous details to add?

:cigar:
 
2
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
I can see your frustration with Netsol, and it was explained as a batch transfer mistake by John. The nice responses as comments at the blog link above from @jberryhill @Slanted and Epiks owner to assist you appear to be very immediate, genuine, helpful, constructive and you might want to remove their companies names on your blog. Just a friendly suggestion.
 
0
•••
Poor guy. As per the story he posted, have was a victim 3 times. First, he bought his domain from somebody looking like one of known pendingdelete domains spammers who promoted the domain name as their own, even though nobody owned it at the time of spamming. I am unsure whether the spammer and the forum member @namekart are the same persons or not. The spammer then pre-ordered the domain somewhere and even messed up the things not making sure whether it was catched with enom or netsol (unless this happened exactly during a one-time transition of enom-powered dropcatched domains under ~"enom12345 llc" registrars from enomcentral to netsol). Deep whois history checks with timestamps may give better picture. Then, he renewed the domain at least once with Netsol, which by itself means he was robbed ($35?). Finally, he lost netsol-regged domain - not the first customer with this issue, and not the last, as many of similar threads in this forum are showing. I am wondering what special did could anybody else find in this particular domain, which - on a spot view - may be of interest only to the legitimate registrant who bothered to write an article and post it in various places... Not a 3L com, not even a single word regged in 198x years....
 
Last edited:
1
•••
The spammer then pre-ordered the domain

How did you discover that so quickly? Or is the subject broker already a well known front runner? Thanks for posting that detail.
 
0
•••
I read full article. There is a text inside: "I am a broker, my name is Charlotte (Indian name, really?), blah blah". Sounds very familiar, I receive tons of these each day. All for pendingdeletes or godaddy expired auctions. For the sake of fairness I also noted that I did not check historical whois records, somebody with domaintools account may post all the relevant history, so it may be that the domain was indeed owned by a spammer (they rarely do, the only one I "catched" so far is a guy from Lithuania - he, indeed, spams what he owns/handregs)/
 
Last edited:
0
•••
I read full article. There is a text inside: "I am a broker, my name is Charlotte (Indian name, really?), blah blah". Sounds very familiar, I receive tons of these each day. All for pendingdeletes or godaddy expired acuctions. For the sake of fairness I also noted that I did not check historical whois records, somebody with domaintools account may post all the relevant history, so it may be that the domain was indeed owned by a spammer (they rarely do, the only once I "catched" so far is a guy from Lithuania - he, indeed, spams what he owns/handregs)/

I never have received any spam from the subject person or company with that name. I do receive 100 whois spam messages a day some are offering names “coming available” but I rarely review. They actually are tipping me off to find a few expiring I could get myself anyway if I wanted.
 
0
•••
The guy from Lithuania, Simonas, is noticeably less active now, but I still receive offers to purchase his fresh handregs from time to time. Anything else is all for pending delete and godaddy prereleases, and I also handregged a few domains as the result of such mailings :)
 
1
•••
I never have received any spam from the subject person or company with that name

Are you tracking and categorizing your spam?? Just a curiosity. For me spam is always spam whether it is from "Adam Smith" or a random first/last name combinations or best-domains-info dot info, or anything else they register each day... and they still call it legitimate outbound marketing.
 
Last edited:
0
•••
The story ended good for the author

"We have done some further investigation into what happened here, and you will soon be getting the domain name back. In point of fact, the registrant of the domain name at Epik is the person who sold you the domain name.
On the basis of the facts available thus far, the issue appears to have arisen from approval of the batch transfer initiated by your seller, which somehow managed to over-ride your transfer lock at Network Solutions."
(end of quote from John Berryhill).

So, one should always transfer domains away from NetSol as soon as any locks, like 60 days, are expired. Hope that the author of the original (external) article now knows this, and so are a lot of his readers...

It should also be better for any legitimate domainer, who got their domain for sale @ Net Sol, to wait 60 days and transfer it away, without listing it for sale if it is still at netsol. Imho. With all recent cases of domains stolen with this provider, all reputable escrow providers and marketplaces should soon start marking such transactions as suspicious by default. I heard similar already happens with domains that are with China-based eName, which used to be a home for stolen domains by some reason for a long time.
 
Last edited:
1
•••
Glad this seems to have worked out well
I would just like to thank the posters in this thread for clearing-up and clarifying, that the practice of attempting to sell domain on pending delete is probably far more widespread than I had thought. I seem to be a daily target for these type of sales attempts.
 
0
•••
attempting to sell domain on pending delete is probably far more widespread
Some are making living on it.... And they made a legitimate outbound marketing irrelevant. Legitimate - it is where the sellers do own what they are trying to sell, where real senders names are used (and not random John Smith in one email and Steven Smith a few min later with a very close text but to another privacy-protected email), where the texts are comopsed individually with a prior finding of responsible contact names on another end, etc...
 
Last edited:
0
•••
I do understand tonyk2000, It had crossed my mind that there was a viable business model in attempting to sell (non-owned/pending delete) domains and as mentioned I received enough proposed offers in this format to just to take a few moments to check the status of half-a-dozen or so myself. I could imagine it would actually be a growing base for those that are willing to put the work in for probably a very low response rate but nevertheless $$ to be had.

this thread just happened to coincide with the thread about 'responding to email offers'. and of course the dictated registration service to accept the transfer in just seems to tally things-up
 
0
•••
I was about to close the tab with the original story and noticed that an author incuded a date into the screenshot of initial communication he received. The date was 06/12/2017. So my original guess that this particular communication from "Charlotte" (if it is her real name) was about a pendingdelete domain was incorrect, as the domain has "Creation Date: 2016-04-06" as per whois.

Sorry about this error, was typing too fast. It however serves as a perfect illustation of what was discussed in later thread posts - any outbound marketing for an existing not-pendingdelete domain (whether it has spam characteristics or not is irrelevant in this aspect) now has little or no relevance, as the registrants of "similar" (or, in fact, any) domains are receiving tons of offers to purchase domains that the "sellers"/"brokers" do not yet own, and may never acquire...
 
Last edited:
1
•••
I consider just about 95% of what I receive unsolicited as spam. Most I will block the email address, but some go as far to enter my own email address as the return address yet are trying to sell a legit advertising product. I get offers on names a few a week, almost all from domain investors or people pretending not to be them. The SEO and rank offers are constant and annoying.
 
1
•••
There is one standout spammer. This guy has literally sent me 500 emails from variations of origin email.

"D.e.j.a.n. .... G"

Thanks. Yea, I edited fast, thanks forgot about that in the haste to post.
I dunno if I want to repost them. Not sure if anyone else would care really or not.
 
Last edited:
0
•••
Yes, very familiar. Especially "If you do not wish to be contacted again" part. Received a few earlier today. @offthehandle maybe you can edit links code from http to something else not to give his sites more exposure and se ratings/backlinks. Here they are mentioned in negative aspect, but still... backlinks
 
Last edited:
0
•••
Medium post has been deleted, but still available for now from Google's cache. Sadly the cache doesn't include the comments.

NetSol really are a mess. What are management doing over there?

As to domain front runners - I receive so much spam offering me similar names every day it's unbelievable. I use an auto responder to always say I'm interested in the hope that they'll order enough useless names that it puts them out of business. They are a major blight on the domain industry IMO.
 
5
•••
Yeah, that was pretty much my morning today.

It's still kind of weird that the seller was able to accidentally transfer the sold name when he did a batch transfer to Epik.

But, be that as it may, Uniregistry immediately noticed that it was an old listing, got ahold of the Uniregistry account holder, and found out that the problem was Netsol releasing the name when the seller did a batch transfer to Epik. It's an account with a substantial number of names, and it seems as if Netsol's system allows batch transfers to somehow over-ride the registrant transfer lock.

Here's the funny part. When we got the basic gist of what was going on, I sent a note to Rob Monster at Epik to give him a heads up so he could have his folks look into it. In my email, I quoted the nasty comments about Uniregistry and Epik, and I said "take a look at my comment on the blog".

The way I put it, Rob reasonably thought those were my comments and fired back a salvo at me. So, I figured maybe I should pick up the phone. Ooops.

In any event, he'll be sorted out promptly.

I had been planning on doing other things this morning, though.
 
6
•••
Glad to hear he pulled the post, though.
 
1
•••
I use an auto responder to always say I'm interested
fascinating :) I was always wondering what might be the reason of bidding wars between 2 or max. 3
bidders with unfamiliar bidding aliases and for domains that I would never (hand)register even completely drunk and with a 99% discount coupon :)
 
Last edited:
1
•••
I had been planning on doing other things this morning, though.

I was really impressed with the quick investigation, immediacy, diplomatic and responsiveness of your comments and those of Joseph and Rob. Glad OP got the name returned and the post it was deleted. One of the quickest resolutions I have seen since I got into this. Nice job.
 
2
•••
John

I cannot thank you enough for your intervention following my article. Because of it, I have received back my domain name via epik.com.

As a result, I have deleted my article as clearly what I was suggesting was wrong - this was purely a monumental technical cock-up & terrible customer service by network solutions and not criminal conspiracy. I therefore realised I was disparaging NameKart, Epik.com & uniregistry.com unfairly.

I apologise for the mistaken line I took. It was my best guess at what had happened. I now know it was network solutions sole mistake. Sadly they have done nothing to help, nor even acknowledged their culpability hence why I was forced to write the article out of helplessness. Yourselves, epik & namekart have been exceptional in trying help me, you especially.
 
3
•••
it seems as if Netsol's system allows batch transfers to somehow over-ride the registrant transfer lock
It sounds significantly worse than that - it appears this bug allowed the previous registrant to transfer a name that was in a different user account AND override the transfer lock on that name. Combined that's a pretty serious security issue for NetSol I imagine.
 
2
•••
Time for a contest to find a new name for Netsol - NetlossSolutions, NetworkDelusions, NetworkCollusions....
 
3
•••
2
•••
Back