IT.COM

discuss [Resolved] Domainer Loses $26k On A Stolen Domain!

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Darn! Another scam and this time it is an experienced domainer James Booth.

James must have thought he was making a sound acquisition as he transferred approximately 26k to escrow for CQD.com. Instead, after completing the escrow, the domain was taken from his account by the registrar without notification and returned to the "true" owner.

Turns out the person that sold him the domain CQD.com, may not have been the true owner.

Apparently this incident involves several parties including the registrar and the escrow.


Thanks to Theo over at DomainGang for the tip on this.
 
30
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
And THATS why you suck it up and use Escrow
 
0
•••
And THATS why you suck it up and use Escrow

She can’t. The thief sold it through Escrow, and she has no access other than forcing that by subpeona.
 
Last edited:
1
•••
This thread has been going on for than a month now, but there's little that's actually 'new' at this point. Only a court (civil or criminal) has the power to compel anyone to actually do something (as opposed to voluntarily doing something), so that's what one should focus on, since the positions of the two sides appear inflexible.
 
4
•••
I've been working with Rebecca behind the scenes to gather as much digital footprints as possible. She has been exceedingly open, and genuinely distraught throughout the process. And my heart goes out to her.

A few days ago, she authorized me to release everything (in the name of full transparency) to this thread. We're hoping that the community might recognize something, or somebody might have an open line of communication with somebody the alleged thief / hacker might have communicated with using Rebecca's alleged hacked Yahoo email.

This will make more sense once I release the screenshots. Unfortunately, I'm in the hospital right now, following complications to kidney stone surgery. So I'm not sure when I'll be able to post everything. I have my laptop with me, but with all the machines I'm hooked up to, it'd be a little difficult to use right now.
 
9
•••
I've been working with Rebecca behind the scenes to gather as much digital footprints as possible. She has been exceedingly open, and genuinely distraught throughout the process. And my heart goes out to her.

A few days ago, she authorized me to release everything (in the name of full transparency) to this thread. We're hoping that the community might recognize something, or somebody might have an open line of communication with somebody the alleged thief / hacker might have communicated with using Rebecca's alleged hacked Yahoo email.

This will make more sense once I release the screenshots. Unfortunately, I'm in the hospital right now, following complications to kidney stone surgery. So I'm not sure when I'll be able to post everything. I have my laptop with me, but with all the machines I'm hooked up to, it'd be a little difficult to use right now.
Have you also worked with Booth to gather his portion of the data? That’s the only way your material from Rebecca’s side holds weight imo.
 
3
•••
Have you also worked with Booth to gather his portion of the data? That’s the only way your material from Rebecca’s side holds weight imo.

I've asked Booth multiple times via this thread. He has yet to respond.

But as I said in my initial post in this thread, HERE we're going to get to the bottom of this with or without his help.

I can tell you that it appears Rebecca's yahoo email was used to send / receive some 33 emails with [email protected]. Hence where Jake and Odapo.com came into the picture.

This will all make more sense with the corresponding screenshots.
 
Last edited:
5
•••
I've asked Booth multiple times via this thread. He has yet to respond.

But as I said in my initial post in this thread, HERE we're going to get to the bottom of this with or without his help.

I can tell you that it appears Rebecca's yahoo email was used to send / receive some 33 emails with [email protected]. Hence where Jake and Odapo.com came into the picture.

This will all make more sense with the corresponding screenshots.
@Grilled
Do you do all this detective work probono?
 
2
•••
Have you also worked with Booth to gather his portion of the data? That’s the only way your material from Rebecca’s side holds weight imo.

James Booth is never replying to Grilled in my opinion.

@Grilled get well soon
 
4
•••
@Grilled I hope you have a speedy recovery. I know you have been working with @spoiltrider to put together cohesive evidence. Can't wait to see what you have come up with.

Best regards.
 
7
•••
I can tell you that it appears Rebecca's yahoo email was used to send / receive some 33 emails with [email protected]. Hence where Jake and Odapo.com came into the picture.

This will all make more sense with the corresponding screenshots.

upload_2018-4-22_1-59-1.png


The below email timeline screenshot of [email protected] is from the [email protected] Yahoo account.

When a mouse is hovered over each bar, it reveals the amount of emails in a given month. Hovering doesn't reveal which month, however, in this particular example, (I believe) the months can be deducted by the June - November time line. ie. The first month (bar) is June, the last month (bar) is November, and since the month (bar) in the middle is immediately next to the last month (bar), the middle month (bar) can be inferred as October. This is simply an educated guess. Without the email logs showing all the dates, there is no way of knowing 100% based on the current information.

1 email was first sent in June 2017

30 emails from October 2017

2 emails from November 2017

upload_2018-4-22_1-50-31.png


Note: The above email timeline states, He or She ([email protected]) first sent you ([email protected]) a message regarding (meaning subject line) 'Interested in your domain name cqd.com'

An email from [email protected] with the exact same subject was also sent in June 2017 to [email protected].

upload_2018-4-22_2-7-49.png


It is very possible that [email protected]'s opening (June 2017) email to [email protected] stated something similar, if not exactly, as the email he/she sent in the above screenshot to [email protected].

As (I think) it was previously stated, the running theory is that the alleged hacker/ thief, used previous emails sent to [email protected] and [email protected], as a 'rolodex' of customers (or should I say potential victims?) to solicit the alleged fraudulent sale of cqd.com.

This theory is supported by @tonecas important input HERE (or below) where he shares an email received on September 11th, 2017 in response to his March 9th, 2017 inquiry.

just dropping a little bit of information.

on 2017/03/09 i reached the administrative email "[email protected]" and got this reply on 2017/09/11:

"
Hello,


This email address hasn't been accessed for a long time because it's full of email.


I am not the rightful owner of this domain name.


It's for sale and You should ask the owner at [email protected]


I will also forward this email to him now.


Becky
"

<<<<<<<<<<<<<>>>>>>>>>>>>>

Your conjectured connection between Jack/Jake and @BoothDomains as well as assumption that someone with one of those two names is the buyer is at best a guess and at worse an incorrect belief.

My belief in the possibility that Jack/Jake was the buyer is based on the below email time line.

You ([email protected]) and ([email protected]) appeared together on 4 messages between Nov and Dec 2017. The first message was from ([email protected]) to ([email protected]) on Nov 6, 2017, regarding '#3563341-921765 CQD.com'.

1 email was first sent in November 2017

3 emails from December 2017

upload_2018-4-22_2-30-7.png


To add a little more info on Yahoo email timelines, some emails include a related contacts section, based of other people included in the TO or CC line. You will see more examples of this in the future. For now, see below:

upload_2018-4-22_2-40-50.png


The two above related contacts were included because both [email protected] and [email protected] (and [email protected]) were recipients in what is believed to be the original email sent (July 25th, 2016) from [email protected]. see below screenshot:

upload_2018-4-22_2-43-2.png


I'm still working with Rebecca to get the relevant info to the appropriate authorities. A lot more info is being passed around behind the scenes. Rest assured, in due time, everything will be uploaded to this thread.
 
Last edited:
10
•••
Have you also worked with Booth to gather his portion of the data? That’s the only way your material from Rebecca’s side holds weight imo.
James Booth is never replying to Grilled in my opinion.

@BoothDomains -- Can we be frank?

One of the reasons why I have requested the items I have requested is not only to find & log info that will help find the alleged hacker / thief, but I am also requesting it to collaborate with Rebecca's statements / technical facts. If you have info that suggests Rebecca definitively did actually sell you (or Jack/Jake) CQD.com, then I need to see it so I can stop wasting my time.

Right now, the facts strongly suggest she was hacked in multiple ways. She is working with law enforcement, and is preparing to take the necessary steps to subpoena said information.

Let me give you an example, where I falsely grilled Rebecca with an inference that she was selectively deleting emails, only to be proven wrong by myself missing a technical fact.

Rebecca's Yahoo email was CC'd (as evident below) in three emails relating to [email protected]. One of them, was originally sent from [email protected] in December 2017 with the subject: CQD.com Domain Name. There weren't any email timelines from [email protected], or any email of @bqdn.com for that matter.

upload_2018-4-23_15-38-41.png


However, a search for those emails revealed:

upload_2018-4-23_15-47-42.png


...she had other emails in her inbox from December 2017, so naturally I suspected something fishy.

Then combine that with a January email timeline from another domainers outreach with subject cqd.com domain

upload_2018-4-23_15-50-17.png


I was confused, and on that particular day, heated. Rebecca's posting of things she didn't fully understand didn't help my frustration. Both of us were semi-emotional. Rebecca vehemently denied deleting the emails. I took her word for it, and used that fire to dig deeper.

What I found, was a rookie mistake on my part, by failing to check the email filters, I missed the obvious answer. There were 29 filters in total.

Deliver to trash if:

1. Body contains: cqd.com

2. Subject contains cqd.com

3. Body / Subject contacts cqd

4. From contains [email protected]

5. From contains networksolutions

6. From contains sprint

7. From contains startlogic

8. From contains google

9. Body / Subject contains transfer

10. From contains dn.com

11. From contains [email protected]

12. From contains [email protected]

13. From contains bqdn.com

14. From contains booth.com

15. From contains escrow.com

16. From / body / subject contains escrow

17. From contains startlogic

18. From contains qq.com

19. From contains [email protected]

20. From contains [email protected]

21. Subject contains transfer

22. Body contains transfer

23. Body contains ename

24. From contains yahoo

25. From contains [email protected]

26. Subject contains tickets

27. Subject contains support

28. From contains support

29. From contains purplequail


Given the subject of both yours and Andrea's email contained cqd.com, per filter #2, these emails were delivered to trash. Where if the emails were not manually checked and moved, they were set by default to auto delete in 7 days (maybe less?)...

To be clear, Rebecca claims she didn't set any of the filters. I will go over each filter at a later date. #6 (sprint) is probably the most serious, and is being formally investigated, as it likely relates to another key piece of evidence also to be explained at a later date.

Going back to the three emails mentioned in the above Yahoo email timeline. They were found in the [email protected] startlogic account. Only one was sent from [email protected]. The other two were sent from [email protected].

<< The below emails explains the 3 emails from December 2017 in the above comments Yahoo email timeline from [email protected] >>

(1)
upload_2018-4-23_16-15-37.png


(2)
upload_2018-4-23_16-19-27.png


<<below are the two email attachments from [email protected]>>

(also note the below email screenshots from GMAIL interface were not sent from [email protected]. Rather, they were sent from [email protected])


Screen Shot 2017-12-27 at 11.43.29 AM (1).png

<<<<<>>>>>
Screen Shot 2017-12-27 at 11.43.12 AM.png

<<<<<>>>>>

(3)
upload_2018-4-23_16-23-37.png


<<below is the Escrow (1) attachment from the above email>>

Escrow (1).jpg

Which explains, why I was legitimately asking if you were kidding...

upload_2018-4-23_16-27-52.png


I don't have time for games. I have a personal engagement that is going to pull me away for an undisclosed amount of time. A road map is being prepared for the handover to the appropriate authorities, and to Rebecca's legal team.

I know the legal route isn't Rebecca's first choice, but if you insist on leaving that as her only option (and don't give me (or her) that BS that she needs to pay your lawyer Zak Muscovitch $25k for you to return the domain. I'm not a lawyer, so maybe a competent lawyer such as @jberryhill can use his valuable time by chiming in -- If the domain is deemed stolen, is it not considered selling a stolen domain if Rebecca pays Zak $25k for James to give Rebecca her domain back?

Regardless, and again I'm not a lawyer, but should James force Rebecca to take this to court (which will be costly), I hope Rebecca sues for the domain, plus her likely costly legal expenses.

But in a perfect world, my true hopes is this battle between James and Rebecca will cease. And the crook (ie. the alleged hacker/thief) will be caught and prosecuted. Maybe even @Jackson Elsegood of Escrow.com will step up...


... more to come.
 
15
•••
One thing I should note, is being that I have been privy to privileged information, my opinion/belief that Rebecca is the rightful owner of CQD.com is slanted accordingly. Whereas, somebody such as @BoothDomains (or Jack/Jake), who hasn't seen what I have seen (though, in some respect may have seen more than I have seen if he viewed the 33 emails sent to/from [email protected]) may have a different opinion/belief.

I am still holding hope that James (or Jack/Jake) will stop seemingly protecting the alleged hacker / thief by shielding information, and instead will work with us to find the alleged hacker / thief. This is the same alleged hacker / thief who arguably may have made James (or possibly James' alleged due diligence?) look like a joke. Additionally this is the same person(s) who may have cost him $25k when/if Rebecca sees cqd.com returned back to her.

I will try to explain the filters found in the Yahoo web interface of [email protected] to the best of my ability.

Deliver to trash if:
1. Body contains: cqd.com

2. Subject contains cqd.com

3. Body / Subject contacts cqd

My theory is these three filters were to prevent future email(s) related to cqd from being seen (emails that may have came from somebody the alleged hacker / thief corresponded with). These emails were to be sent to the trash to assuming prevent the real Rebecca (or any front facing investigation) from seeing evidence of such.

Additionally, these filters would have prevented [email protected] from receiving any future correspondence related to cqd or cqd.com. If web.com or network solutions sent [email protected] any emails during their three month investigation these emails most likely would have gone unseen, and subsequently sent to the trash awaiting auto-deletion.


#4 is intriguing not only due to the Yahoo timeline of a March 2017 email with the subject Unexpected sign-in attempt, but because it's the first email address directed to be sent to the trash. I assume these filters were added in numerical order.

upload_2018-4-23_21-19-33.png


5. From contains networksolutions

I assume the alleged hacker / thief wanted to prevent future updates from network solutions. Imagine, theoretically, sending a password reset request (or expecting NetSol correspondence) and not having it appear in your inbox due to an unsuspected filter. To add to the strangeness, you might be able to find the email via search box, but not via an inbox refresh.

upload_2018-4-23_21-33-12.png


A little humor I found in this unfortunate situation, is yesterday Rebecca received an email from network solutions email blasting department, stating that she already owns CQD.com, make sure you get CQD.org before it's too late:-P... Good ol' Netwok Solutions

upload_2018-4-23_21-48-8.png


FWIW: CQD.org is owned by Name Find LLC, and has a BIN of surprise-surprise...

upload_2018-4-23_21-47-5.png


<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>

Going to :sleep:. I will finish attempting to explain the remaining filters tomorrow.
 
Last edited:
8
•••
best solution:
one solution would be to have the domain back to the original owner
and Escrow .com would reimburse the Buyer

Escrow will have their reputation increase by covering this fraud.
They will probably find a way to have it covered by their insurance,
and if not it will still be their best marketing investment of the year.
 
2
•••
best solution:
one solution would be to have the domain back to the original owner
and Escrow .com would reimburse the Buyer

Escrow will have their reputation increase by covering this fraud.
They will probably find a way to have it covered by their insurance,
and if not it will still be their best marketing investment of the year.

ain't going to happen since @Jackson Elsegood is silent as the grave, waiting for the storm to pass
 
2
•••
CQD.com has been pushed back to Rebecca. We now consider this matter closed.
 
26
•••
3
•••
CQD.com has been pushed back to Rebecca. We now consider this matter closed.

Congrats on getting this matter fixed. James if you need help with tracking thief continue to post so people here can help.
 
7
•••
While the domain name is now back with Rebecca, I hope that she continues to help the police track down the thief (or thieves), so that it doesn't happen to anyone else.
 
10
•••
8
•••
We are more than happy to help James find the thief, door swings both ways, need help, just ask :)
 
11
•••
Good job! Without this community, I think Rebecca might have a had a very different outcome.
 
7
•••
CQD.com has been pushed back to Rebecca. We now consider this matter closed.

Holy Toledo... Wow!!!

I did not expect to see this. This is the high road, and I am blown away this.

I still have lots of other digital footprints to add to this. Hopefully some of it will lead the catching / prosecution of the alleged hacker / thief.

I have to take some time off but all will be handed over. As this alleged hacking looks to be more than domain theft, I don't anticipate Rebecca or law enforcement to give up on finding the culprit.

James if this was your willing choice, I know its not worth much, but my opinion of you has certainly changed. Well done.
 
Last edited:
12
•••
James Booth knew what he was doing and by that I mean he knew that he was getting into a murky situation and went through with it anyway. He claims that he did all this "due diligence" - why? When I buy a domain all I do is make sure that I receive an email from the WhoIs. Why did he go to all the lengths he claims he went to unless he knew something was fishy about the matter, such as, for example, the price.

And then we know that another domain buyer, previously, passed on the deal, because he suspected that the domain was stolen. With all the due diligence Booth was supposedly doing he couldn't have unearthed this prior deal?

CQD.com has been pushed back to Rebecca. We now consider this matter closed.

It was the right, and gentlemanly thing to do.
 
Last edited:
6
•••
Wow.. an amicable closure!

Hats off to Grilled's deep dive investigation. You Rock!!!

P.S: Would love to know what made Booth settle this. I feel his loss too!
 
6
•••
Jack and I did do all the relevant due diligence on the name. Rebecca was extremely negligent in allowing all her emails to be hacked and domain to be stolen, and the thief obviously knew what he was doing. All of this means that I have now lost a small fortune even after doing everything properly.

I appreciate all the people that actually understood my situation and supported me rather than throw accusations and accuse me of being involved somehow. I hope Rebecca is happy she has the name back, and I hope everyone will remove all the damaging things they posted online about Jack, me and my business now that this has been resolved. This situation has caused me enough grief as it is, and the last thing I want is for my name to be tarnished for absolutely no reason because of it.
 
13
•••
Back