discuss [Resolved] Domainer Loses $26k On A Stolen Domain!

[Silentptnr]

Darn! Another scam and this time it is an experienced domainer James Booth.

James must have thought he was making a sound acquisition as he transferred approximately 26k to escrow for CQD.com. Instead, after completing the escrow, the domain was taken from his account by the registrar without notification and returned to the "true" owner.

Turns out the person that sold him the domain CQD.com, may not have been the true owner.

Apparently this incident involves several parties including the registrar and the escrow.


Thanks to Theo over at DomainGang for the tip on this.

 

[MapleDots]

Yahoo also has 2-step verification (like Gmail) for enhanced security:

https://help.yahoo.com/kb/SLN5013.html

which should be enabled to protect email. Of course, one should also opt-in to 2-factor security at the registrar. Here's a list of registrars which support 2FA:

https://twofactorauth.org/#domains

although, I'm not sure if it's correct that Network Solutions doesn't offer it, e.g. see:

https://github.com/2factorauth/twofactorauth/issues/190

which claims it does offer it. Regardless, there are lots of reasons not to have domains with NSI!

Yup, double whammy.... yahoo and NS

What I meant with my previous post is that there are still so many people using Yahoo that are not aware the accounts have been hacked a long time ago. A hacker can have access to an old yahoo account and if you use that email for your domain registration you are just asking for trouble. People forget that emails are still sitting at yahoo even if they no longer actively use the account.

The owner of the lost domain was using Yahoo and I am sure that played into her loss somehow.

 

[Kate]

Exactly. Valuable domains are usually stolen by taken over the admin E-mail address.
More rarely via phishing.
I am at the office right now, but I have some big files from publicly released breaches (pwn lists). I will have a look at that particular yahoo E-mail address later. When I am saying the password may be public knowledge, the statement may be literally true.

 

[Silentptnr]

Well, I've just read that it appears @BoothDomains have acquired a highly valuable Two Letter .Com...ix.com. It is estimated to have been a six figure purchase.

I really hope that the matter of cqd is resolved. Seems like peanuts compared to ix.com.

 

[wwwweb]

I honestly don't think people are going to take up a collection, because there have been people with health issues and other serious things where few if any contributed. Plus it would have to be done for everyone, people getting scammed in this business everyday. I think James needs to pressure Escrow.com. I would also imagine James can find some tax uses for the loss as he has plenty of gains to offset.

@spoiltrider The dissecting happens because there are many elaborate scams, you would not be the first person to give an academy award performance it wasn't me and then it turns out you were. (Not saying you are and I would bet you are legit). But a lot of us have been doing this for a long time and have seen scams most wouldn't believe.

So whats the end game here, I mean it goes to court, and they try to see if there was a bonafide seller

James Booth is experienced, seems he did his homework, maybe he should have waited to get someone on the phone like someone else mentioned, but this whole situation makes the industry look bad or I should say riskier than it should using an

James Booth is experienced, seems he did his homework, maybe he should have waited to get someone on the phone like someone else mentioned, but this whole situation makes the industry look bad or I should say riskier than it should using an escrow company.

the situation was designed by a scammer to fool a newbie, the indexed google phone number listing was a great starting point, you wouldn’t expect a seasoned domain broker to get duped like this.

Escrow simply handles the handshake, verification is for their own record keeping, their tos relieves them from vouching for any buyer, or seller.

Stolen goods are sold everyday, from break ins, thefts, that is why documenting serial numbers for insurance purposes is important. If this lady can produce her receipts for renewals, and does an extensive trace of ownership for the courts, and escrow in a suponea cannot match any of her ips, or documents, the dominos will fall the same way. I assume if James Booth is already employing lawyers he has already invested in a considerable retainer, given the news him, and his brother acquired ix.com, I would hope he comes to some kind of terms. There is no way this lady is going to buy back her own domain, so hopefully they can get creative, and take a commission on an end user broker sale, or something. R B is going out of her way to tag the name as stolen, maybe stick to the facts the buyer is in possession of a domain that was stolen prior to being sold, but do not state they actively purchased a stolen domain knowingly.

 

[winst]

There is an elephant in this room that has not been addressed yet.

ANYONE USING A YAHOO EMAIL ADDRESS PLEASE CHANGE IT ASAP!!!!

Yahoo accounts have been hacked by the millions and if I had access I would search for the keyword domain and would probably start to build a nice profile on the owner of the account. The next steps would be easy, it all starts with the email address used to register the domain.

Not just Yahoo, almost every major email services have seen mass hacks in the past few years, including Microsoft Office 365 last year that was targeting major accounting and banking companies.

http://www.zdnet.com/article/forgotten-office-365-accounts-targeted-by-stealthy-attack-campaign/

 

[golan]

why would you name this forum as a thief of your domain?

I think she hardly understands how the all domaining stuff works. For example, she keeps saying here and there that she's doing something with hosting accounts and changing them and stuff, as like she does believe domains are being managed somewhere at hostings.

 

[Kate]

I am at the office right now, but I have some big files from publicly released breaches (pwn lists). I will have a look at that particular yahoo E-mail address later. When I am saying the password may be public knowledge, the statement may be literally true.

So I checked one pwn list and I found two possible passwords associated with the Yahoo address in question.

j******3
w******1

@spoiltrider if your Yahoo mail account was 'secured' by either of these passwords then it was easy game. No sophisticated hacking involved at all. it was only a question of time until someone figures out your mail was connected to a valuable asset and vulnerable.

 

[equity78]

So whats the end game here, I mean it goes to court, and they try to see if there was a bonafide seller


the situation was designed by a scammer to fool a newbie, the indexed google phone number listing was a great starting point, you wouldn’t expect a seasoned domain broker to get duped like this.

Escrow simply handles the handshake, verification is for their own record keeping, their tos relieves them from vouching for any buyer, or seller.

Stolen goods are sold everyday, from break ins, thefts, that is why documenting serial numbers for insurance purposes is important. If this lady can produce her receipts for renewals, and does an extensive trace of ownership for the courts, and escrow in a suponea cannot match any of her ips, or documents, the dominos will fall the same way. I assume if James Booth is already employing lawyers he has already invested in a considerable retainer, given the news him, and his brother acquired ix.com, I would hope he comes to some kind of terms. There is no way this lady is going to buy back her own domain, so hopefully they can get creative, and take a commission on an end user broker sale, or something. R B is going out of her way to tag the name as stolen, maybe stick to the facts the buyer is in possession of a domain that was stolen prior to being sold, but do not state they actively purchased a stolen domain knowingly.

The end game? I guess you would have to ask @BoothDomains Doesn't seem like he is willing to take a $25,000 hit. I don't know.

I am well aware of what goes on regarding stolen goods, my point was a lot of people think "I used an escrow company, they have insurance, licenses, so I can't get ripped off" You and I know it's still possible but many believe they have ultimate protection. Or like someone told me today, "Raymond if I can get f*cked using escrow.com then I will never use them again!"

 

[carob]

I am well aware of what goes on regarding stolen goods, my point was a lot of people think "I used an escrow company, they have insurance, licenses, so I can't get ripped off" You and I know it's still possible but many believe they have ultimate protection. Or like someone told me today, "Raymond if I can get f*cked using escrow.com then I will never use them again!"

The key takeaway to me from this thread, thanks to the excellent info provided by professional lawyers here, is to be more secure in the ownership of a domain you buy, you have to have a written agreement saying who is buying what from whom.

Escrow.com does not require or handle that. and on a first look seems Sedo escrow do not either: https://sedo.com/uk/services/domain-transfer/escrow/

Use our Escrow Service if you don't need any technical assistance for the Domain Transfer, but still want an intermediary party to ensure a seamless funds transfer process. Our partner "Escrow Domains" provides you with the renowned legal services of Greenberg & Lieberman, which is one of the most experienced internet law firms in the US.

Not sure how to interpret this - seems on Sedo a sales agreement with buyer is possible but not required:

4.1 Remitting Payment
...If you require an invoice or tax information (such as a form W-9) related to the purchase and sale agreement, you shall inform Sedo of this requirement prior to remitting payment. Sedo shall communicate the request to the Seller as neither Sedo nor the Escrow Partners are parties to the purchase and sale agreement and, unless an Escrow Partner offers to facilitate such a request on behalf of Buyer and Seller in accordance with the Escrow Partner’s terms and conditions, Sedo and the Escrow Partners cannot furnish those documents. You agree that you shall not portray Sedo or the Escrow Partners as the Seller of the Domain to any third party. Failure to receive these documents after remitting payment shall not be grounds to release you from any of your obligations in this Agreement.

 

[pqr]

So, I guess this is what happened:

Part 1

• Rebecca had a TV at her home.
• A thief sold Rebecca's TV to James for $25k/19k. Rebecca didn't know about it.
• James paid the thief and got the TV - he didn't know it was stolen.
• When Rebecca got to know, she took her TV back and kept it at her home.

At this point, a stolen TV was given back to the owner.
The people who dealt with stolen TV lost their money.

Part 2

• James got the local sheriff involved, and took it back from Rebecca's home, saying because he paid a lot of money for the stolen TV, he wanted it back.
• Rebecca is now furious because she lost her TV!! She tells everyone not to buy it because it is stolen.
• James won't give it back saying he paid money to the TV thief and so it is his. He is ready to compromise.

Behind the camera - 1

• OmarVG, who lives in the same block, makes fun of James (in a way not representative of the community members) saying he lost money
• James knows a lot of guys are listening so he says he did millions worth of transactions in the first three months of 2018, thus implying this is chump change for him.
• Rebecca who is also listening, now asks James, hey if you are so rich why can't you pay me back?

Behind the camera - 2

• Rebecca casually says she has a lot of horses
• A lot of people living around the block are allergic to horses and so secretly start hating Rebecca

Behind the camera - 3

• James is a guy who sells a lot of TVs - so a few people secretly hope someday he will donate a TV to them if they are nice to him.

Did I miss anything?

(Seriously: Just kidding, guys. I sincerely hope all parties [except the scammers!] can reach an amicable solution as soon as possible. )

 

[tech4]

@pqr I think you have this way off. Because it is not a "TV" and it involves not just a thief but someone saying they are "Rebecca B" and the real owner of the domain name.

Not only that, the property is a domain name, that was transferred away and back and away and back and I am guessing away now from NetworkSolution (NS). NS say it was stolen base on a report, and then say it was not stolen, or sort of "protocol" thing. We don't know what exactly is going on.

This case involves someone allegedly saying they are the rightful owner of the domain and sells it, and then another person claiming to be the rightful saying it is stolen. It was moved back and forth at NS to Ename prior to this and between accounts at NS.

Your story of the "TV" makes no sense and is no way close to this.

 

[pqr]

@pqr I think you have this way off. Because it is not a "TV" and it involves not just a thief but someone saying they are "Rebecca B" and the real owner of the domain name.

Not only that, the property is a domain name, that was transferred away and back and away and back and I am guessing away now from NetworkSolution (NS). NS say it was stolen base on a report, and then say it was not stolen, or sort of "protocol" thing. We don't know what exactly is going on.

This case involves someone allegedly saying they are the rightful owner of the domain and sells it, and then another person claiming to be the rightful saying it is stolen. It was moved back and forth at NS to Ename prior to this and between accounts at NS.

Your story of the "TV" makes no sense and is no way close to this.

"(Seriously: Just kidding, guys. I sincerely hope all parties [except the scammers!] can reach an amicable solution as soon as possible. )"

Should have made this bold 20 pt font

 

[Addison]

Mike Han says:
March 14, 2018

I am the one who bought it on octorber 2017, then i found it is no safe so i returned. i have escrow.com record and i also lost money on that purchase. This is Mike Han, the domain broker and domain investor from China!!!!

Another victim? Escrow.com let it happen a second time with the same domain name?

How long did the thief have possession of this domain without Rebecca's knowledge?

A long time!

 

[tech4]

If Mike Han is honest, meaning that he purchased it and returned it via escrow service.

There are 2 problems.
1) Escrow service knows this but does not tell the buyer.
2) Rebecca you said that you moved your house, and your site was still up via cached, you only found out recently. Can you explain why it was stolen many times and returned?

There are serial owners which makes money from people by selling it, reporting it stolen, NS took it back. Then sells it again, and then report it stolen again.... Most of these domains with contact@domainITself
Basically hiding the real email contact of the thief.

I am not saying that this is the case. However very suspicious as Rebecca said that she only knew it was stolen because escrow services contacted her. However Mike Han said he used escrow and have record of it.

Mike Han, can you upload your encounter with the escrow record???? Because this seems like the domain was stolen, sold, reported as stolen, and moved back, sold again and then reported stolen, and then went back, and then James got lawyers on NS and got it back. This is like a serial case of selling and reporting via NS. NS is known to do this, and most of the stolen domains are masked with the email user@thedomainITself. Hiding from the public the real owner. This domain is that case of hiding the real contact, and is a case of serial selling, and reporting, and selling and reporting back and forth.

There seems to be 2 known culprit, NS and the escrow service which knows of this.
And then there is another suggestion that Rebecca B on NP is a fake.
And then there is another suggestion that Rebecca B is real, and that whoever she is, is the actual seller and then reported it stolen (according to some posts here claiming that).

Rebecca can you upload the price that Escrow gave you? Mike Han can you upload info that Escrow account records you have?

At first some people think its a glitch, now it seems that this and many other domains with masked whois is a haven for serial crimes selling it and then reporting it stolen. And then sells it again!

 

[Silentptnr]

If we accept that Mr. Han indeed purchased this domain using Escrow.com, then returned the domain, then who did he buy it from and who did he return it to?

Sold at least twice (Han & Booth) without owner (Rebecca) knowing?

Something is really weird here.

 

[Silentptnr]

@spoiltrider

Now we have a person claiming they bought this domain even before @BoothDomains .

There is clearly more information about this out there. Becoming weirder by the minute.

 

[tonyk2000]

What if it is where 2 different price versions came from. If it was Mike Han who paid 19K. And escrow.com messed up the things and generated a 19K screenshot from another cqd.com transaction. Which by itself it questionable, as an escrow company is not supposed to disclose such details to anybody who is not a buyer/seller/broker.

 

[Addison]

What if it is where 2 different price versions came from. If it was Mike Han who paid 19K. And escrow.com messed up the things and generated a 19K screenshot from another cqd.com transaction. Which by itself it questionable, as an escrow company is not supposed to disclose such details to anybody who is not a buyer/seller/broker.

That'd explain why James Booth and Rebecca Burns have reported incongruous sale prices.

Who would've thought they were both accurate? Not me.

 

[tech4]

I don't understand why the US doesn't step up and stops being a third world country when it comes to banking. A cash check in 2018, really? An Escrow company, proud of having a "sophisticated" KYC system in place and then it just sends out a cash check? Have the money wired to a traceable and verified bank account and you have a large paper trail that investigators can follow up on. But don't even pretend to comply with KYC when you offer "checks" as one of your forms of payment. In Switzerland they would charge you with complicity in money laundering.

This is a bit off topic. Its simple, they need to pay for spy services and a host of other services and monitoring. These services are not available to the public. Think of North Korea, but bigger like 1,000x and instead of "ban on the public" access is limited. And will never be offered to the public!

Anyway, I think Rebecca have not provided the escrow information and contact upload screen. If she did indeed have the previous selling price from a previous date, meaning whoever she is, she is doing it selling and reporting it stolen. Rebecca I am just curious, pardon my for implying that you knew and reported, but can you provide the screenshot that you mentioned? Without that information and Mr. Han statement that he bought it before, it looks like you are the culprit.

You contradicted with Mr. Han statement and James. Please provide screenshots from escrow services that contacted you with date and time. Thanks.

 

[Silentptnr]

This is a bit off topic. Its simple, they need to pay for spy services and a host of other services and monitoring. These services are not available to the public. Think of North Korea, but bigger like 1,000x and instead of "ban on the public" access is limited. And will never be offered to the public!

Anyway, I think Rebecca have not provided the escrow information and contact upload screen. If she did indeed have the previous selling price from a previous date, meaning whoever she is, she is doing it selling and reporting it stolen. Rebecca I am just curious, pardon my for implying that you knew and reported, but can you provide the screenshot that you mentioned? Without that information and Mr. Han statement that he bought it before, it looks like you are the culprit.

You contradicted with Mr. Han statement and James. Please provide screenshots from escrow services that contacted you with date and time. Thanks.

I think Mr. Han could help clear a lot of this up too. Truth be known, I am not 100% convinced that @spoiltrider (Rebecca) is real. I am also not convinced Mr. Han is real. This is one big mess.

I did notice an interesting "coincidence" in how "Mr. Han" and "Rebecca" communicate. Weird stuff.

 

[MapleDots]

I will add one thing from my experience dealing with clients.

A client that has not done anything wrong traditionally communicates in a few sentences. A client that is practicing deceit usually responds with overly lengthy explanations and a history not asked for in the case.

I am not implying this is always the case but in my years of experience running numerous businesses I have found this to be a trend when cases of fraud were presented to me. I traditionally investigated the people leaving overly lengthy explanations much further than the people answering short, direct and to the point. Anyone who has nothing to hide does not need to be overly defensive.

Does it apply in this case?
I will let everyone else judge that for themselves.

 

[carob]

I see quotes here from a Mr Han but no original post? Who is this Mr Han?

https://en.wikiquote.org/wiki/Enter_the_Dragon
Williams

• I don't waste my time with it, when it comes, I won't even notice; I'll be too busy looking good. (to Han)
• I was outside, but I wasn't the only one. (to Han)
• Mr. Han, suddenly, I'd like to leave your island. (to Han)
• Bullshit, mister Han-Man! (to Han)
• Been practicing huh? (to Han)
• Man, you've come right out of a comic book! (to Han)

 

[Addison]

Mr. Han was the registrant from at least 2017-10-16 to 2017-10-24.

Whois Record for 2017-08-24
Domain Name: cqd.com
Registrar: NETWORK SOLUTIONS, LLC.
Registrant Name: ComQuest Designs LLC

Whois Record for 2017-10-15
Domain Name: cqd.com
Registrar: eName Technology Co.,Ltd.
Registrant Name: Xiamen PrivacyProtection Service Co., Ltd.

Whois Record for 2017-10-16 to 2017-10-24
Domain Name: cqd.com
Registrar: eName Technology Co.,Ltd.
Registrant Name: han quan ming
Registrant Street: Wanda plaza, Huli qu,Xiamen City,China
Registrant City: xia men shi
Registrant State/Province: fu jian
Registrant Postal Code: 361000
Registrant Country: CN
Registrant Phone: +86.15985803295
Registrant Email: [email protected]

Whois Record for 2017-10-25
Domain Name: cqd.com
Registrar: NETWORK SOLUTIONS, LLC.
Registrant Name: ComQuest Designs LLC

 

[campout]

I see quotes here from a Mr Han but no original post?

https://domaingang.com/domain-crime...owner-claims-domain-was-stolen/#comment-94599

 

[Hellbent]

The persons behind thee Iana id 146 i think is behind alot.