discuss [Resolved] Domainer Loses $26k On A Stolen Domain!

[Silentptnr]

Darn! Another scam and this time it is an experienced domainer James Booth.

James must have thought he was making a sound acquisition as he transferred approximately 26k to escrow for CQD.com. Instead, after completing the escrow, the domain was taken from his account by the registrar without notification and returned to the "true" owner.

Turns out the person that sold him the domain CQD.com, may not have been the true owner.

Apparently this incident involves several parties including the registrar and the escrow.


Thanks to Theo over at DomainGang for the tip on this.

 

[xynames]

I think we're beating a dead horse here. James Booth knew what he was doing and by that I mean he knew that he was getting into a murky situation and went through with it anyway. He claims that he did all this "due diligence" - why? When I buy a domain all I do is make sure that I receive an email from the WhoIs. Why did he go to all the lengths he claims he went to unless he knew something was fishy about the matter, such as, for example, the price.

And then we know that another domain buyer, previously, passed on the deal, because he suspected that the domain was stolen. With all the due diligence Booth was supposedly doing he couldn't have unearthed this prior deal?

And again, on the other side of the coin, we have Rebecca who, if this timeline is to be believed, should have been more diligent about all this and clamped down the hatches after the first time the domain was stolen or almost stolen. Or at a minimum, if Booth is to believed at all, after she stopped receiving emails for months at the domain's WhoIs email (because someone had supposedly hijacked her email).

The whole thing's...unclear...other than that there is at least some blame on both sides.

 

[equity78]

I think we're beating a dead horse here. James Booth knew what he was doing and by that I mean he knew that he was getting into a murky situation and went through with it anyway. He claims that he did all this "due diligence" - why? When I buy a domain all I do is make sure that I receive an email from the WhoIs. Why did he go to all the lengths he claims he went to unless he knew something was fishy about the matter, such as, for example, the price.

One of the better points made in 42 pages.

 

[offthehandle]

Has anyone made an exact chronology of calendar dates of what happened according the emails and paper trail? Or at least was reported to have happened here? When CQD.com was first stolen, when first sold, when sold the second time by the alleged hacker, the date it was removed by NS. The recovery date I recall seeing in the first few pages.

This is up to 1026 posts. Thanks.

 

[tonyk2000]

So we have at least 2 precedents that are favorable for Rebecca: Express Media v. Express.com (mentioned by mr. Berryhill on page 9) and mla.com case.

Current registrants attorney is no doubts aware of both, so it would be extremely interesting to follow this case in court - how exactly he will try to defend the current registrant.

Are there any precedents where a buyer of a stolen domain was allowed to keep his purchased domain?

So far I found only the following hint -

The law suit will also take years to resolve.

It is not obvious that the current registrant, being British citizen and Singapore resident (and not a lawyer), is necessary aware of the time frames required to resolve law suits in US/Florida courts. Somebody, such as his attorney, might have clarified this to him. If so, this may also show what will happen in future - delays, delays... inspired by the current registrant. Requests to dismiss the case due to formal reasons - such as claiming that the domain is not a property if Rebecca claimed that it is, or requests to send the case file to Singapore, etc.
Rebecca should be prepared.

 

[Kate]

Are there any precedents where a buyer of a stolen domain was allowed to keep his purchased domain?

Plenty...
It's very hard to recover a name once it's been stolen. Unless it's a well-known domain and the case is publicized a lot. But if you are a Mr/Mrs Nobody you're on your own and nobody is going to be in a hurry to rectify the wrong.

The thief is usually going to flip the name fast, so by the time the victim realizes what happened the name may already be in the hands of somebody who bought it in good faith.

Sex.com was stolen many years ago and it was an ordeal to get it back - a whole book was written about the story.
Another case that veterans (and @TheLegendaryJP in particular) will remember:
Five Years in State Prison Awaits Convicted Domain Thief Daniel Goncalves - Who Wants to Be Next?
Note that one of the victims was a former US Justice Department prosecutor and yet he struggled a bit because this kind of crime is fairly unusual for the courts.

I don't have stats but my impression is that stolen domains being returned are more the exception than the norm. Earlier I quoted two recent WIPO rulings filed in order to recover stolen domains, both were denied.

Legal action is costly. Even if the domain is valuable you have to pick your battles carefully.

To put it simply, if the thief cannot be identified and prosecuted, and the money can no longer be recovered, then each of the remaining parties will likely fight to defend their own interests. It is an ugly situation where everyone is a loser.

 

[offthehandle]

Unless it's a well-known domain and the case is publicized a lot.

That’s what was suggested earlier, get it into the mainstream news. I don’t think that anyone could lose on that, and perhaps the thief will be caught and prosecuted like in that DNJ article you posted.

I see @equity78 posts and CQD.com articles rank immediately up on the top of google. Nice.

 

[Chris Hydrick]

Has anyone made an exact chronology of calendar dates of what happened according the emails and paper trail?

I think the first mentioning of suspicious activity (as we know it) occurred on September 11th, 2017.

on 2017/03/09 i reached the administrative email "[email protected]" and got this reply on 2017/09/11:

"
Hello,


This email address hasn't been accessed for a long time because it's full of email.


I am not the rightful owner of this domain name.


It's for sale and You should ask the owner at [email protected]


I will also forward this email to him now.


Becky

here is some more info, by trying to get access to this gmail account

note also that the registrant email address on the domain WHOIS (which can be the primary account email address on NS) changed to "[email protected]" on around 2016-08-13

After a bit of forensics, I had a hunch the recovery email address was [email protected]

However, as I don't have access to [email protected], I was unable to confirm the verification code.

Selecting "Try another way", will allow you to enter another (any) email, and google will send a new code there. However, upon verifying that code, I was not granted access. I assume Google has a number of security protocols to grant access to a secondary email, not previously affiliated with the account.

IDK... but I will keep trying to find the alleged hacker / thief...

 

[anantj]

As a side note, since mr. Booth knowingly elected to keep (allegedly) stolen property

When you yourself use the term allegedly, why then, without unequivocal proof should @BoothDomains return the "allegedly" stolen property without having the allegations proved in a court of law?

 

[Chris Hydrick]

When you yourself use the term allegedly, why then, without unequivocal proof should @BoothDomains return the "allegedly" stolen property without having the allegations proved in a court of law?

Why did allegedly @BoothDomains allegedly purchase an alleged stolen domain for allegedly $25k when allegedly Jack K. was allegedly presented an alleged cancelled escrow transaction screenshot that allegedly showed $19k?

 

[Silentptnr]

@Grilled Any updates?

 

[Chris Hydrick]

@Grilled Any updates?

I haven't spoke to Rebecca in a few days. I was planning on reaching out tonight to reconvene.

 

[winst]

Wow, I left for vacation for 1 week and this thread is now 42 pages!

It is likely that we will not learn the real details(if ever) because Network Solutions, Escrow.com, and James Booth are all following their lawyer's advise and keeping the details private.

I do sympathize with Rebecca. It has always been my pet-peeve when James, Escrow, NetSol all claim no responsibility because they all followed an "established system" with flaws. The reality is the hacker exploited the weakness from all three(or more) parties:

Network Solutions and various hosting and email companies: sloppy security, incompetent support staff (often make things up to please customers)
Escrow.com and James: verify ownership only via current WhoIS, never look at suspicious whois history or other activities (for most cases, there were no reason to).

 

[anantj]

Why did allegedly @BoothDomains allegedly purchase an alleged stolen domain for allegedly $25k when allegedly Jack K. was allegedly presented an alleged cancelled escrow transaction screenshot that allegedly showed $19k?

AFAIK, it was alleged to have been stolen AFTER he'd purchased the domain. Not before. Prove otherwise with hard evidence and not conjectures, theories and assumptions.

Your conjectured connection between Jack/Jake and @BoothDomains as well as assumption that someone with one of those two names is the buyer is at best a guess and at worse an incorrect belief. Until you can provide evidence proving this theory unequivocally, it does not hold any weight where it really matters, in a court of law and not the court of public (read namepros) opinion.

Personally, I don't like @BoothDomains especially due to their involvement in the shill bidding scandal at NJ (and a very very weak argument on that thread) and think their ethics are at a standard much below what they should be. And further still, I don't think offering to sell the domain to the previous registrant is a nice gesture (far from magnanimous as some have indicated it). I think their hands are not fully clean.

But, in this case, I don't think they should merely give the domain back without all facts available and judged by a court of law. For all I know, the person claiming to be the previous registrant either isn't or is misrepresenting facts. I don't know either and nor am I (or anyone on this thread) a judge in a court of law to pass judgement. Form opinions all you (you in the 3rd party) want but that changes nothing for either of the alleged victims. And consequently, as much as many folks here want him to return the domain, answer their insinuations/allgations/accusations/questions etc., it is either's choice to do so. And as it is "alleged" that the new buyer has retained legal counsel, pretty sure they'll listen to the counsel more than anyone else here despite calls and warnings to share evidence here.

He owes nothing to anyone here.

 

[Chris Hydrick]

Both these emails are being checked, and are opening new emails. But what alleged scammer wouldn't open an email with the subject offering $50k for each 3 letter domain

Does anyone think he/she/they are watching this thread?

 

[DNWon]

Does anyone think he/she/they are watching this thread?

I would say most definitely, as this was orchestrated by someone with a superior knowledge of the domain industry and it's security vulnerabilities!

 

[spoiltrider]

AFAIK, it was alleged to have been stolen AFTER he'd purchased the domain. Not before. Prove otherwise with hard evidence and not conjectures, theories and assumptions.

Your conjectured connection between Jack/Jake and @BoothDomains as well as assumption that someone with one of those two names is the buyer is at best a guess and at worse an incorrect belief. Until you can provide evidence proving this theory unequivocally, it does not hold any weight where it really matters, in a court of law and not the court of public (read namepros) opinion.

Personally, I don't like @BoothDomains especially due to their involvement in the shill bidding scandal at NJ (and a very very weak argument on that thread) and think their ethics are at a standard much below what they should be. And further still, I don't think offering to sell the domain to the previous registrant is a nice gesture (far from magnanimous as some have indicated it). I think their hands are not fully clean.

But, in this case, I don't think they should merely give the domain back without all facts available and judged by a court of law. For all I know, the person claiming to be the previous registrant either isn't or is misrepresenting facts. I don't know either and nor am I (or anyone on this thread) a judge in a court of law to pass judgement. Form opinions all you (you in the 3rd party) want but that changes nothing for either of the alleged victims. And consequently, as much as many folks here want him to return the domain, answer their insinuations/allgations/accusations/questions etc., it is either's choice to do so. And as it is "alleged" that the new buyer has retained legal counsel, pretty sure they'll listen to the counsel more than anyone else here despite calls and warnings to share evidence here.

He owes nothing to anyone here.

i am owed my 22 year old domain back. he didn't buy it from me. it is stolen. everyone knows it. and the naysayers....well there's always a batch in the crowd no matter what the discussion is.

 

[offthehandle]

i am owed my 22 year old domain back. he didn't buy it from me. it is stolen. everyone knows it. and the naysayers....well there's always a batch in the crowd no matter what the discussion is.

I hope your FBI or Police contacts have been in touch with you and opened the investigation. You might start sending news releases out to the above links I posted, this needs some tech industry or other wide media visibility.

 

[spoiltrider]

Plenty...
It's very hard to recover a name once it's been stolen. Unless it's a well-known domain and the case is publicized a lot. But if you are a Mr/Mrs Nobody you're on your own and nobody is going to be in a hurry to rectify the wrong.

The thief is usually going to flip the name fast, so by the time the victim realizes what happened the name may already be in the hands of somebody who bought it in good faith.

Sex.com was stolen many years ago and it was an ordeal to get it back - a whole book was written about the story.
Another case that veterans (and @TheLegendaryJP in particular) will remember:
Five Years in State Prison Awaits Convicted Domain Thief Daniel Goncalves - Who Wants to Be Next?
Note that one of the victims was a former US Justice Department prosecutor and yet he struggled a bit because this kind of crime is fairly unusual for the courts.

I don't have stats but my impression is that stolen domains being returned are more the exception than the norm. Earlier I quoted two recent WIPO rulings filed in order to recover stolen domains, both were denied.

Legal action is costly. Even if the domain is valuable you have to pick your battles carefully.

To put it simply, if the thief cannot be identified and prosecuted, and the money can no longer be recovered, then each of the remaining parties will likely fight to defend their own interests. It is an ugly situation where everyone is a loser.

the way i see it...
i had it for sale advertised for 150k for just over 2 years.
booth paid 25k to a thief.
if you knew you were going to get sued one way to another, who would you award it back to?
not to mention the morally and ethically right thing to do...

 

[spoiltrider]

I am almost thinking James should demand his money back from escrow and give escrow back the domain.

Then escrow could return the domain to Rebecca, and begin chasing down the criminal that peddled it through them.

Escrow would have all the authorities behind them unlike James and Rebecca.

that's what i'm saying!!!
their system is seriously flawed!

 

[Chris Hydrick]

the naysayers....well there's always a batch in the crowd no matter what the discussion is.

I don't think @anantj is necessarily a naysayer. He's thorough, and goes off the facts available.

 

[wwwweb]

the way i see it...
i had it for sale advertised for 150k for just over 2 years.
booth paid 25k to a thief.
if you knew you were going to get sued one way to another, who would you award it back to?
not to mention the morally and ethically right thing to do...

why don't you just try to file a udrp? and send all your receipts, and evidence, and at least you can lock up the domain, and put it on public record out there. It will publish your case. The lawyers will come running.

 

[spoiltrider]

I don't think @anantj is necessarily a naysayer. He's thorough, and goes off the facts available.

i didn't mean to sound like it was directed at @anantj ... there are others with their views that i was just reading.

 

[spoiltrider]

why don't you just try to file a udrp? and send all your receipts, and evidence, and at least you can lock up the domain, and put it on public record out there. It will publish your case. The lawyers will come running.

; ) i have.

 

[wwwweb]

; ) i have.

I think that is your most cost effective first step, he will go for a 3 member panel, and it all comes down to the judges, and the case Z M makes, it will be hard to defend a stolen domain in an honest way, I think Z M will find a lot of personal conflict in defending this as he is a fighter for domain owner rights.

 

[tonyk2000]

UDRP? This will not work. The Respondents attorney will respond, request 3-members panel, carefully suggesting and rating the panelists (it is an art, and the Respondents attorney will likely be able to "beat" others in this selection/rating process). In the best case, UDRP panel will decide to dismiss the case as they are not supposed to deal with stolen domains, most notably, they are not supposed to request evidence from netsol/escrow/banks/etc. In the worst case, UDRP panel will award the domain name to mr. Booth as he will be able to demonstrate that:

- he has rights and legitimate interests in the domain name, and registered the domain in good faith (escrow.com screenshot alone will be sufficient for the Panel). Also, in panels views, legitimate rights for short or dictionary terms can be established by simply registering it.

- he is using the domain name in good faith (offering the domain for sale is OK)

- the domain name is not (confusingly) similar to any trademark or service mark owned by Rebecca. Assuming that Rebecca does not have a registered mark for CQD, she will have to show unregistered tm rights (which may happen), but the public worldwide does not exclusively associate "CQD" abbreviation with products and services offered by Rebecca. So there is no confusion.

Above elements are the only elements UDRP panel is supposed to investigate. Who-called-whom, whois is Jack(ie), was the domain stolen by seller - it is not part of a limited UDRP process, and should not be considered in any aspect.

So, by starting UDRP in this case (where the respondent will no doubts respond), Rebecca will have ~$2000 (initial fee + extra 3members panel fee) lost. An exact amount will depend on UDRP provider.

Long story short - current registrant and his attorney will start celebrating at the same day they receive a notification of a pending UDRP from UDRP provider.

An outcome might be different in case of a "silent" Respondent and 1-members panel if the Complainant is lucky. But it will not happen in cqd.com UDRP case.