information Did Network Solutions conspire to allow this domain name to be stolen?

[Addison]

So I’m documenting this cautionary tale because I feel I owe it to other poor unsuspecting domain name owners and businesses to NEVER trust any network solutions company (web.com, networksolutions.com, register.com), with your domains. Why? Because they allowed our domain to be stolen clean out of our account despite appropriate checks. But I’m jumping ahead. Lets start from the beginning…

Remember, we never sought this domain name. NameKart contacted us out of the blue. And with these domain brokers, you buy it from them, you never find out who the owner actually is. And having paid for it, we didn’t receive it for days and then when we did we were told we had to transfer it into a networksolutions account that we had to set up and specify.

Then 3 months to the day later, a transfer request came in. Despite deauthorizing it, making sure the transfer lock was on and changing all security it was transferred out of the account. And was immediately up for sale with a new domain broker. Again, without it being possible to know who owns it now. My mind is perhaps over-thinking it but what if this whole thing is just a setup. What if the person or person(s) behind this have help within networksolutions or indeed work there?

Full article...



@namekart, any superfluous details to add?

 

[jberryhill]

Yeah, that was pretty much my morning today.

It's still kind of weird that the seller was able to accidentally transfer the sold name when he did a batch transfer to Epik.

But, be that as it may, Uniregistry immediately noticed that it was an old listing, got ahold of the Uniregistry account holder, and found out that the problem was Netsol releasing the name when the seller did a batch transfer to Epik. It's an account with a substantial number of names, and it seems as if Netsol's system allows batch transfers to somehow over-ride the registrant transfer lock.

Here's the funny part. When we got the basic gist of what was going on, I sent a note to Rob Monster at Epik to give him a heads up so he could have his folks look into it. In my email, I quoted the nasty comments about Uniregistry and Epik, and I said "take a look at my comment on the blog".

The way I put it, Rob reasonably thought those were my comments and fired back a salvo at me. So, I figured maybe I should pick up the phone. Ooops.

In any event, he'll be sorted out promptly.

I had been planning on doing other things this morning, though.

 

[Brandworthy]

Medium post has been deleted, but still available for now from Google's cache. Sadly the cache doesn't include the comments.

NetSol really are a mess. What are management doing over there?

As to domain front runners - I receive so much spam offering me similar names every day it's unbelievable. I use an auto responder to always say I'm interested in the hope that they'll order enough useless names that it puts them out of business. They are a major blight on the domain industry IMO.

 

[jberryhill]

John

I cannot thank you enough for your intervention following my article. Because of it, I have received back my domain name via epik.com.

As a result, I have deleted my article as clearly what I was suggesting was wrong - this was purely a monumental technical cock-up & terrible customer service by network solutions and not criminal conspiracy. I therefore realised I was disparaging NameKart, Epik.com & uniregistry.com unfairly.

I apologise for the mistaken line I took. It was my best guess at what had happened. I now know it was network solutions sole mistake. Sadly they have done nothing to help, nor even acknowledged their culpability hence why I was forced to write the article out of helplessness. Yourselves, epik & namekart have been exceptional in trying help me, you especially.

 

[carob]

Time for a contest to find a new name for Netsol - NetlossSolutions, NetworkDelusions, NetworkCollusions....

 

[offthehandle]

I had been planning on doing other things this morning, though.

I was really impressed with the quick investigation, immediacy, diplomatic and responsiveness of your comments and those of Joseph and Rob. Glad OP got the name returned and the post it was deleted. One of the quickest resolutions I have seen since I got into this. Nice job.

 

[Brandworthy]

it seems as if Netsol's system allows batch transfers to somehow over-ride the registrant transfer lock

It sounds significantly worse than that - it appears this bug allowed the previous registrant to transfer a name that was in a different user account AND override the transfer lock on that name. Combined that's a pretty serious security issue for NetSol I imagine.

 

[Addison]

IMO, it should have been updated and not deleted.

Here's the full article... https://archive.today/yX86j

 

[Brand Herald]

Netsol gets two thumbs down from me as well. Stay away. Decided to test the waters with a $4.99 transfer. I initiated the transfer but then I got an email about a problem with my home address, which I had no idea how to rectify. Typically, with other registrars, one provides the auth code and then one is off to the races. I then sent support a ticket saying its transfer process was too complex for me and asked for a refund of the $4.99. Support replied "no can do" but it did something on its end to rectify that "home address" problem so that I could proceed with the transfer. So I replied that (1) I canceled the transfer on my end and (2); how about crediting me $4.99 to my a/c or letting me use the money towards a different transfer. Both were against policy. I explained or rather mini-ranted to the support that other registrars allow the fee from incomplete transfers to be applied to other transfers. I said - have a drink on me with the $4.99 you got and left it at that. Thankfully, I have no domains with them and never will

 

[tonyk2000]

Poor guy. As per the story he posted, have was a victim 3 times. First, he bought his domain from somebody looking like one of known pendingdelete domains spammers who promoted the domain name as their own, even though nobody owned it at the time of spamming. I am unsure whether the spammer and the forum member @namekart are the same persons or not. The spammer then pre-ordered the domain somewhere and even messed up the things not making sure whether it was catched with enom or netsol (unless this happened exactly during a one-time transition of enom-powered dropcatched domains under ~"enom12345 llc" registrars from enomcentral to netsol). Deep whois history checks with timestamps may give better picture. Then, he renewed the domain at least once with Netsol, which by itself means he was robbed ($35?). Finally, he lost netsol-regged domain - not the first customer with this issue, and not the last, as many of similar threads in this forum are showing. I am wondering what special did could anybody else find in this particular domain, which - on a spot view - may be of interest only to the legitimate registrant who bothered to write an article and post it in various places... Not a 3L com, not even a single word regged in 198x years....

 

[tonyk2000]

The guy from Lithuania, Simonas, is noticeably less active now, but I still receive offers to purchase his fresh handregs from time to time. Anything else is all for pending delete and godaddy prereleases, and I also handregged a few domains as the result of such mailings

 

[tonyk2000]

The story ended good for the author

"We have done some further investigation into what happened here, and you will soon be getting the domain name back. In point of fact, the registrant of the domain name at Epik is the person who sold you the domain name.
On the basis of the facts available thus far, the issue appears to have arisen from approval of the batch transfer initiated by your seller, which somehow managed to over-ride your transfer lock at Network Solutions."
(end of quote from John Berryhill).

So, one should always transfer domains away from NetSol as soon as any locks, like 60 days, are expired. Hope that the author of the original (external) article now knows this, and so are a lot of his readers...

It should also be better for any legitimate domainer, who got their domain for sale @ Net Sol, to wait 60 days and transfer it away, without listing it for sale if it is still at netsol. Imho. With all recent cases of domains stolen with this provider, all reputable escrow providers and marketplaces should soon start marking such transactions as suspicious by default. I heard similar already happens with domains that are with China-based eName, which used to be a home for stolen domains by some reason for a long time.

 

[tonyk2000]

I was about to close the tab with the original story and noticed that an author incuded a date into the screenshot of initial communication he received. The date was 06/12/2017. So my original guess that this particular communication from "Charlotte" (if it is her real name) was about a pendingdelete domain was incorrect, as the domain has "Creation Date: 2016-04-06" as per whois.

Sorry about this error, was typing too fast. It however serves as a perfect illustation of what was discussed in later thread posts - any outbound marketing for an existing not-pendingdelete domain (whether it has spam characteristics or not is irrelevant in this aspect) now has little or no relevance, as the registrants of "similar" (or, in fact, any) domains are receiving tons of offers to purchase domains that the "sellers"/"brokers" do not yet own, and may never acquire...

 

[offthehandle]

I consider just about 95% of what I receive unsolicited as spam. Most I will block the email address, but some go as far to enter my own email address as the return address yet are trying to sell a legit advertising product. I get offers on names a few a week, almost all from domain investors or people pretending not to be them. The SEO and rank offers are constant and annoying.

 

[jberryhill]

Glad to hear he pulled the post, though.

 

[tonyk2000]

I use an auto responder to always say I'm interested

fascinating I was always wondering what might be the reason of bidding wars between 2 or max. 3
bidders with unfamiliar bidding aliases and for domains that I would never (hand)register even completely drunk and with a 99% discount coupon

 

[wwwweb]

Thanks, for reminding me just spend 17 minutes requesting auth codes from them one by one, painful, but worth it.

 

[wwwweb]

Thanks, for reminding me just spend 17 minutes requesting auth codes from them one by one, painful, but worth it.

Before network solutions allowed you to turn off, and request auth code in the single que of steps, now you have to do it in two different menus. As well no bulk edit lock on/off, or request auth codes. Enom, and Name are guilty of these also when it comes to bulk auth code request. Enom is also guilty of no way to override 5 day pending transfer hold. Name kudos for enacting instant transfer out button.

Choose who you do business wisely, as the wrong partner can cost you a sale.

 

[tonyk2000]

How do you setup a spam filter for random first/last name combinations?

Mission impossible.... In may cases automated massmailing still can be detected manually though, and blacklisted using other criterias. Such as if an India-based domainer is using 100% Western FirstName LastName random combinations and asking "Can you give me a price for <..>?" in two separate emails for 2 different Sedo-parked domains, with the bin price shown right on Sedo parked pages... for both.

 

[offthehandle]

I can see your frustration with Netsol, and it was explained as a batch transfer mistake by John. The nice responses as comments at the blog link above from @jberryhill @Slanted and Epiks owner to assist you appear to be very immediate, genuine, helpful, constructive and you might want to remove their companies names on your blog. Just a friendly suggestion.

 

[offthehandle]

The spammer then pre-ordered the domain

How did you discover that so quickly? Or is the subject broker already a well known front runner? Thanks for posting that detail.

 

[tonyk2000]

I read full article. There is a text inside: "I am a broker, my name is Charlotte (Indian name, really?), blah blah". Sounds very familiar, I receive tons of these each day. All for pendingdeletes or godaddy expired auctions. For the sake of fairness I also noted that I did not check historical whois records, somebody with domaintools account may post all the relevant history, so it may be that the domain was indeed owned by a spammer (they rarely do, the only one I "catched" so far is a guy from Lithuania - he, indeed, spams what he owns/handregs)/

 

[offthehandle]

I read full article. There is a text inside: "I am a broker, my name is Charlotte (Indian name, really?), blah blah". Sounds very familiar, I receive tons of these each day. All for pendingdeletes or godaddy expired acuctions. For the sake of fairness I also noted that I did not check historical whois records, somebody with domaintools account may post all the relevant history, so it may be that the domain was indeed owned by a spammer (they rarely do, the only once I "catched" so far is a guy from Lithuania - he, indeed, spams what he owns/handregs)/

I never have received any spam from the subject person or company with that name. I do receive 100 whois spam messages a day some are offering names “coming available” but I rarely review. They actually are tipping me off to find a few expiring I could get myself anyway if I wanted.

 

[tonyk2000]

I never have received any spam from the subject person or company with that name

Are you tracking and categorizing your spam?? Just a curiosity. For me spam is always spam whether it is from "Adam Smith" or a random first/last name combinations or best-domains-info dot info, or anything else they register each day... and they still call it legitimate outbound marketing.

 

[BaileyUK]

Glad this seems to have worked out well
I would just like to thank the posters in this thread for clearing-up and clarifying, that the practice of attempting to sell domain on pending delete is probably far more widespread than I had thought. I seem to be a daily target for these type of sales attempts.