Acro.net – Technology Rants & Raves by Acroplex®

Here’s the summary for the impatient:

The domains jis.com, Leading.net, Southeast.net and Jaxnet.com are currently in the hands of a person who took control of a managing domain’s account and impersonated its owner.

I’m sure you want the juicy details, so please bear with me for a while, as I take a trip down memory lane.

The year is 1998 and I’ve just landed my first job in the US.

The company name: Leading Network Solutions – headquartered in Jacksonville, Florida.

As the newly hired web & graphics designer I’m substituting a good-for-nothing “photographer”; along with a ColdFusion programmer we start churning out the new web site for this “mom and pop” ISP, along with web sites for numerous clients.

Leading Net, as it was called for short, was by no means small but it was led by a married couple of Floridians who loved technology and aspired to make it big – and they did only because of hard work and honest hands.

Karl Renaut and his wife, Loretta managed a team of less than 20 people, including the Creative Services team that I was part of. There was tech support personnel for the dial-up services, support for web hosting, network engineers and system operators; we had sales guys and two shifts of ladies at the front desk. Creative Services had a designer/developer (me), a developer/programmer and during the summer of 1999 we had a really talented intern – the CS team was managed by an ambitious young man, Jason, fresh out of college, who nowadays runs his own PR firm in Jax.

From that old building in downtown Jax, we created what would become a chain of events – forging a path, a positive flow of happenings that took each of us who worked there to bigger and better things.

Karl Renaut was always soft-spoken, almost shy, a very respected guy who knew how to delegate. He gave us the go ahead, we simply had to make it happen. And we did.

Every Friday, Karl Renaut bought Papajohns pizza for the entire staff. Now, I’ve worked for some really large corporations and I can tell you that nobody else did that; at least, not every single week of the year for the entire staff and certainly not Papajohns! So Fridays were extra productive, but in all true sense we were a team of young people who loved and cared for our employers. On Karl’s birthday we were all invited to his house; we had a great time, co-workers and owners, spouses and kids, eating food and drinking beer by the pool. I will honestly say that I’ve never felt the same since; our passion was unparalleled.

In less than 6 months after I was hired we were growing fast and on July 9, 1999 the company merged with a Florida CLEC called Florida Digital which was based in Orlando. Suddenly, our “mom and pop” ISP became part of a corporate network named FDN.com; In the end of 1999 Creative Services was shut down and I moved to Orlando to become the FDN.com corporate designer and webmaster.  FDN continued to grow by leaps and bounds and as our paths separated eventually, I never stopped reminding myself what a great experience all this has been in such a short period of time.

End of story: This post is not about me, it’s about FloridaDigital.net and four stolen domains: jis.com, Leading.net, Southeast.net and Jaxnet.com – by now you know what the long introduction was about.

So let’s roll forward to the present – at a time when, a few weeks ago, I was surprised to see Elliot Silver making a post at his blog titled “How great domains drop“.

It was devastating to read that recipe for disaster, essentially a manual on how to hijack a valuable domain name with Karl Renaut as its registrant – jis.com – by grabbing its controlling domain, FloridaDigital.net that was expired. Was Elliot trying to publicize the incident in order to prevent any wrong-doings, or was that post simply a big gaffe?

As Murphy’s Law predicts, Karl Renaut was unreachable during exactly that time that I needed to regain contact with him. Having moved out of state, the soft-spoken software engineer had moved from FDN onto Nuvox and then Windstream; in a series of what I’d like to call “life upgrades”. Along with those came phone and address changes that took us apart for several years. The old team had a reunion last year but Karl was not present, as he moved out of Florida.

As Elliot’s commentators predicted, on July 19th – like clockwork – FloridaDigital.net entered auction at Namejet, where it was sold three days later for $2,500. A small price to pay for the keys to owning an aged three letter domain, JIS.com

In the days that followed, I was still trying to get hold of Karl Renaut and I finally did last week after he accepted my LinkedIn invitation. I was, after all, the “front end” guy, the one who redesigned Leading.net oh-so-long ago, before it was sold to FDN.

So what is the situation right now?

I’ll start by stating that FloridaDigital.net - the domain that was purchased for $2,500 on Namejet – was used by its Namejet winner as a Trojan horse to recreate Karl Renaut’s email account and to gain access to the Network Solutions account that manages (at least) four more domains that I’m aware of.

In the past few days, I made extensive use of DomainTools to daily capture the WHOIS changes for all four domains, all of which were systematically altered – but not much as not to raise any suspicion of activity.

Here’s a timeline:

• July 22 – Namejet account ‘freddt’ wins FloridaDigital.net for $2,500
• JIS.com – the domain that Elliot’s post disclosed to be linked to FloridaDigital.net – was to enter auction on August 1st. It never did, as you will see.
• July 23 – FloridaDigital.net WHOIS changes to a person in Rhode Island. I won’t be posting his info – not just yet – because it might be faked.
• July 24 – FloridaDigital.net nameservers change from NetSol’s “pending renewal” DNS to NS/NS1.FloridaDigital.net and GoDaddy web hosting IP’s. Our guy is getting ready for the big grab.
• July 31 – FloridaDigital.net WHOIS info changes to “Pending Renewal or Deletion”. This information is fake, because the DNS servers remain the same as before and the domain was renewed through the Namejet purchase. Our guy is trying to cover his tracks but he’s really an amateur.

So that’s when the use of FloridaDigital.net ends. Note the last day of change – July 31: the last day JIS.com would be available for renewal before entering Namejet’s auctions. It’s important to note that 139 people expected the domain to drop, pre-bidding up to $5,225 for it; little did they know that one “smart” guy had them all suckered.

Apparently, between July 29 – 30 our guy recreated the managing account “krenaut@floridadigital.net” which controlled the Network Solutions account. Since there are no records of those two days on DomainTools, we need to examine JIS.com next.

• July 30 – JIS.com still has the “pending renewal or deletion” nameservers from Network Solutions.
• July 31 – As if by magic, the old “Karl Renaut” account comes live in the WHOIS. Our guy creates “krenaut@floridadigital.net” and this is the time he accesses the NetSol account. Once there, he simply resets the password, creates a new one and has full access to the account and its domains.
• August 1 – All information remains the same, except for the registrant email, which is changed to “krenaut@gmail.com” apparently to use temporarily. Once used, that email is attempted to be deleted and it’s not accepting email currently.
• August 4 – A new email comes into play: “krenaut8@gmail.com”. Note that both emails are made so as to not raise suspicion of any foul play; as if indeed, Karl Renaut himself was tweaking things. Our guy knows, after all, that he’s probably under watch from the people that commented at Elliot’s post. Who knows, perhaps he’s one of them

No further changes to JIS.com are made. It appears as if the domain is dormant, yet not renewed despite being expired. Perhaps it’s a choice made by our guy, because despite his original focus on getting JIS.com as a bonus for gaining FloridaDigital.net, it’s now too hot to handle. It’s interesting to note that while DomainTools shows the domain as still expired, the NetSol WHOIS shows that it expires in 2011 with a last update date of July 30th. This would mean that it has been renewed by the guy who took over Karl Renaut’s account at NetSol.

In fact, our guy has discovered that Karl Renaut’s account has three more nice domain names, all aged and with former traffic and glorious history:

• JaxNet.com – Registered in 1993 by Karl Renaut as part of his original Jacksonville, FL BBS
• Southeast.net – Registered in 1994 as Karl’s business expanded into south and east Florida and bearer of the corporate name, Southeast Network Services Inc.
• Leading.net – Registered in 1997 – What would become Florida’s largest ISP until the merger with Florida Digital and the formation of the largest CLEC in Florida.

All three domains are now managed by the email “krenaut8@gmail.com” with the DNS being untouched; the exception being Southeast.net that is being tested on PIPEDNS.com servers with an IP of 69.175.54.106 as of August 10.

Let’s recap: Guy spends $2500 on Namejet, knowing he can also get the valuable domain JIS.com for that low price, after reading an interesting, detailed post at Elliot’s blog. Once he realizes the domain is under scrutiny, he treads slowly, but not before he takes over Karl Renaut’s NetSol account which contains three more domain names, on top of JIS.com

It’s important to note one thing: while FloridaDigital.net expired and was lawfully acquired by that gentleman through the Namejet auction, all three domains listed above have not expired. They are, therefore, the property of Karl Renaut and of the entities that were formed from the various corporate mergers, thus they currently belong to communications giant Windstream.

Also an important thing to note: Karl Renaut did not create those monkey accounts at Gmail and did not recreate his old FloridaDigital.net account and he did not reset his old password at Network Solutions. What we have here is a case of identity fraud, impersonation and felony theft of goods valued greater than $5,000.

Karl Renaut is fully aware of this situation and pretty soon Windstream will be very interested in claiming back their stolen assets that amount in the thousands of dollars.

As for our guy, he might as well keep the domain he paid for and hopefully he will learn a lesson in the process. I somehow hope he has the decency and understanding to acknowledge his huge mistake and to timely return the domains he didn’t pay for back to their legitimate owners.

I like NameJet for a single reason: it offers the pre-release of aged, really old domain names; some from the late days of pre-commercial Internet – circa 1992-1995. Yeah, that era of Al Gore and “Information Superhighway” when gas was 95 cents a gallon and a burger cost $2 bucks. Or something like that.

I’ve spent many thousands of dollars on NameJet’s babies and I will continue doing so because there are some great deals to be found. I was “cheap” momentarily and did not bid $2,712 for Amphibious.com but overall, the quality of the domains there is remarkable, as they’re Network Solutions inventory of expiring domains. Your not-so-favorite registrar has found the fountain of domain youth through its exclusive co-operation with NameJet – a former project of eNom’s.

Things were good until I realized that a few odd things were happening. Some domains that reached high, competitive bids ended up in the hands of various entities within days of the auction’s end, despite being won by the same bidder. Then, quite a few high-bid domains were never claimed; their deadbeat winners still bidding away on other domains. Apparently, some people at NameJet bid with other people’s money, and others don’t pay when the deal falls through.

Lack of ethics in a competitive market; what an opportunity to show one’s true colors of 100% stinky brown.

The straw that broke the proverbial camel’s back came earlier this week, when a trustworthy source brought to my attention the sickening and unethical practices of a NameJet bidder, who approaches trademark holders as a “savior”, offering to grab a domain name at auction on NameJet – for a cool few bucks, I am sure. In the process, he describes other bidders – excluding himself – as “cybersquatters” and seems to have developed a streamlined modus operandi. I wonder if Mr. Slick acquired his skills from talking to barflies.

Here is the modified copy from the email that he sent out to one of the corporations; the dates, names and times have been edited out. Our Slick friend even sends screenshots of private NameJet auctions attached to his smooth-talking, brown-nosing, corporate coyote bark of an email.

I wonder how NameJet will feel about all this.

Pursuant to our telephone conversation moments ago, I appreciate your help in passing this important message along to XXXXXXX’s I.P. legal department. It would be helpful, as well, if you would forward the information to related senior management at XXXXX:

The domain name XXXXXXXXX.com, which had previously been held by a cybersquatter, recently expired and was deleted from the domain registry this afternoon. As displayed in the screenshot below my signature (he then pastes the Namejet bidding screen), one of several service registrars which capture deleted, high-demand domain names at the instant they become available is conducting a private online auction for the trademark-protected domain name, XXXXXXXXX.com on xxxday, xxxx xx at about x:xxpm (EST). Insofar as XXXXXXXX is a globally recognized trademark, all but one of the xx pre-registered bidders clearly have designs on infringing on XXXXXXX’s mark by monetizing the domain’s valuable type-in traffic. This domain name is the plural of XXXXXXXX.com, which XXXXXXXX already owns and publishes.

I bring this to XXXXXXXX’s attention because we routinely monitor expired domain names which infringe on famous brands, in an effort to foil successor cybersquatters and quickly recover branded domain names for their rightful trademark-holders. To that end, we can help. I have reserved a bid position in this private online auction and, with XXXXXXXX’s prior written authorization, will be pleased to acquire XXXXXXXX.com in XXXXXXXX’s behalf. No muss, no fuss, no litigation required. And based on our auction monitoring of recent brand-infringing domain sales, this will not likely be a costly domain acquisition.

Lest XXXXXXXX somehow misinterpret my intentions, as lawyers are often prone to do, be assured that I will not participate in this private auction without XXXXXXXX’s consent. We protect famous brands, not infringe on them. We have successfully recovered domain names for major corporate and entertainment-related clients worldwide. We would be pleased and honored to serve XXXXXXXX, as well.

Time is short. Please contact me at your earliest opportunity and I will be pleased to explain the acquisition process.

Namejet’s utilization of the Network Solutions pre-release service has created an aftermarket for really old domains that expired and were not renewed. Instead of dropping them, Netsol offers them up on auction. Several people, myself included, go through the pre-release lists for domains of value: aged domains, traffic generators or simply brandable domains. So far, I’ve invested several thousand dollars into this business.

Here lies the problem: two different platforms, with no common support system.

Namejet is a spinoff of eNom, another large domain registrar. Network Solutions is the original domain registrar, with a huge and aged inventory of domains. Although they are in this venture exclusively together, they share no common ticketing system.

My credit card was charged the nice sum of $2,500 in the middle of last week, after I won a Namejet auction. Since then, the domain has not landed in my Netsol account. Upon calling tech support at Netsol, I am told that they cannot confirm the status of my order and that I need to either wait past the 24-48 hour window or to contact Namejet. The problem is, it’s been 4 days since my credit card was charged.

I opened a ticket at the Namejet web site as they don’t offer phone support – another major flaw for an operation of this magnitude. I suspect that they simply share resources with eNom, the ticket system is identical and I get the same canned replies. So I was told that Network Solutions has been notified when payment was made and that the domain WHOIS shows my details. Except, it doesn’t. The WHOIS at Network Solutions still displays the usual “Pending renewal or deletion” blurb and their tech support, despite their ultra-polite demeanor, have no idea why the domain is not in my account yet.

To add a twist of absurdity into this, Namejet mentioned that transactions that end before the weekend or before a holiday might extend the process time of the domain. Only problem is, another transaction that ended on 8/31 – a Sunday – was processed immediately by Namejet and I got hold of the domain instantly. The difference: the domain was with eNom, not Netsol.

So who’s telling the truth, Namejet or Netsol? Personally, I don’t care. I paid for something four days ago and have yet to receive it. It’s easy to blame computer software for delays in processing but when a credit card is successfully charged the items should be delivered within the reasonable time set forth in the agreement. Four days is not a reasonable time in the domain world.