Thank you, ok I am going to try and lay out a time line of events as I see them according to whois history and based on my own opinion. Try to clean this thread up a bit and stay focused.
Rebecca @spoiultrider
1.You said you renewed the domain in August 2017, that is correct as I believe according to whois history the name went into pending renewal status on or around August 17th and through to your renewal on or around the 23rd for an additional term.
2. I noticed you continued to use as in the past years 2 emails for the purpose of registration:
(registrant)
[email protected] and
[email protected] (admin).
3.On Sept. 28th approx 1 month after renewal the admin email changed to remove
[email protected] and replaced it with your registrant email
[email protected], changes like this are important in pin pointing timelines of a theft. Did you make this change? If not read on...
4.If you did not make the email change to the admin contact then THAT was the day the domain was stolen or should I say the day the thief gained access to your yahoo email account and thus the domain. (Your
[email protected] was compromised). They removed
[email protected] in order to stop you from getting correspondence during the planned sale of the name while they negotiated (maybe maybe not) via your yahoo email and it worked!
5.Escrow: That screen shot shows a failed transaction however without the email showing we can make no link a part from assuming it was the first buyer who backed out.
6.We then see the new owner (Booth) appear the first week of March 2018 along with Nameservers etc.
If anything about the above is wrong please say so but I think that general time line minus the headaches in between for you is right.
There are some KEY and I mean KEY elements to proving a theft, this is one.
1. The registrar Netsol absolutely knows what IP address logged into your account not just on the day the name was transferred to Booth but also on or about the day of Sept 28th. If those IP addresses do not match you and or do not match you AND match each other that is a 100% red flag.
2.Remember I said the funny email change happened Sept 28th, well that first failed escrow deal started Oct 2nd! HUGE red flag, huge. Meaning the thief had the domain flipped within 4 days of gaining access. Which leads me to believe the thief knows domains and buyers, they are not new to this, I mean just 4 days to flip!
3.It would take an attorney of course but getting details from Escrow.com as to whom was paid would also remove the vale.
4.Yahoo IP records to see location of log in's as well but at this point the legal bills are mounting.
May I ask, has Booth shared his screen shot unedited of whom he paid with you? If he believed it was you then there would be nothing to hide, correct?
I will not get into trying to connect dots such as Booth/Jack/Jake/Han etc and simply stick to facts and provable pieces of evidence.
Now Mr. Booth, I may still get a detail wrong so forgive me but...
You claim you bought this name from Rebecca, correct?
You used escrow.com, correct?
You know as well as I you do not buy a domain via escrow.com from someone other than the registered owner, correct?
Can you provide a snap shot of the transaction for us to see? No reason you shouldn;t be able to, correct?
Further on escrow is now very picky about receiving and paying the rightful owner, requiring ID etc. I would think a simple screen shot puts this issue to bed, no?
And if you do not have an escrow transaction with Rebecca verified then you know better brother.