discuss [Resolved] Domainer Loses $26k On A Stolen Domain!

[Silentptnr]

Darn! Another scam and this time it is an experienced domainer James Booth.

James must have thought he was making a sound acquisition as he transferred approximately 26k to escrow for CQD.com. Instead, after completing the escrow, the domain was taken from his account by the registrar without notification and returned to the "true" owner.

Turns out the person that sold him the domain CQD.com, may not have been the true owner.

Apparently this incident involves several parties including the registrar and the escrow.


Thanks to Theo over at DomainGang for the tip on this.

 

[tonecas]

Was NetSol itself hacked? No. So the 1st push from an account of Rebecca to an account of James was technically correct from their point of view. Imho they simply reversed things back, which is what their 3 months investigation was about...

did they check the recent changes in the WHOIS content before providing the transfer code?
did they check from what IP did the login to Network Solutions came to request and get the transfer code?
did they check on the last transfers of the domain what IPs were used to make them (transfer to eName, then back to Network Solutions)?

what is the use of the ludicrous feature - that i do not see anywhere - of making a client wait for 3 days, for "security analysis", before providing the transfer code, if they cannot see that there is suspicious activity over the domain name?

 

[spoiltrider]

I beleive they never "analysed" who should be the rightful owner - Rebecca or James. They are not supposed to do this. All what they analyzed might be the following "Oh, we incorrectly moved the domain from James back to Rebecca, as James did not authorize this". Which is technically correct. No domain movements should occur based on somebodys phone call. Was NetSol itself hacked? No. So the 1st push from an account of Rebecca to an account of James was technically correct from their point of view. Imho they simply reversed things back, which is what their 3 months investigation was about...

Was NetSol itself hacked?
funny you should mention this.
my account name did change (not by me) and i was locked out of my netsol account. i had to call in to get in.
3 months investigation
how is an "investigation" conducted without ever contacting me, the rightful owner.

 

[tonyk2000]

did they check the recent changes in the WHOIS content before providing the transfer code?
did they check from what IP did the login to Network Solutions came to request and get the transfer code?
did they check on the last transfers of the domain what IPs were used to make them (transfer to eName, then back to Network Solutions)?

This is very interesting, and they will answer... to Florida court. Which is where the case will appear earlier or later, unless James returns the domain, which is still possible - at least technically possible.

 

[spoiltrider]

[
Silentptnr said:
[
BoothDomains said:
I did. The whole thing is really fishy. I called, emailed and did all the checks. It seems she told Web.com one of her employees sold the name without her authorization which is a lie.

I have all the emails from her.
]
I believe this.
]

i still don't see the question, but....
booth contacted me once, left a vm in my voicemail at 2AM EST asking why i was taking back my domain (because i did not sell it)
there are no emails in my accounts or possession of him contacting me to verify or authenticate me.
i do NOT have any employees. have not since ~1998.
my phone number is plastered all over the web page, as is my email which WAS [email protected] and is now [email protected]. [email protected] went our of "circulation" "print" in or around 2005 when i began to use my given name for business purposes. it was forwarded only to [email protected] which is the real email address that i would have responded from and too. domainbuzz56 was getting all of my @cqd.com emails from every account i had/have attached to it for communication purposes. since when? i don't know how long.

he has no emails from me or anyone attached to me, even from a arms length, regarding sale, transfer, authentication, verification and so on.

 

[spoiltrider]

This is very interesting, and they will answer... to Florida court. Which is where the case will appear earlier or later, unless James returns the domain, which is still possible - at least technically possible.

Question.
where does the transfer code come from?
how do you get a transfer code?

 

[tonyk2000]

where does the transfer code come from?

From the registration company where the domain is currently registered. In NetSol case, by e-mail. You need to login to NetSol and request the code.

 

[DNWon]

he has no emails from me or anyone attached to me

Rebecca you need to understand, as you keep saying this, and it's not factual, but he might not have emails that you created, but I'm sure he has emails from your hacked account, from the thief. Only your proof of a hacked Yahoo email account will disprove that these emails came from you. In his mind, he has emails from you!

Just as James saying that you told a Web.com employee that one of your employees sold the domain without your authorization is simply hearsay and useless for him unless James can get that employee to testify or document that you actually said that and I'm guessing he has no proof of that what so ever!

 

[tonecas]

i still don't see the question, but....
booth contacted me once, left a vm in my voicemail at 2AM EST asking why i was taking back my domain (because i did not sell it)
there are no emails in my accounts or possession of him contacting me to verify or authenticate me.
i do NOT have any employees. have not since ~1998.
my phone number is plastered all over the web page, as is my email which WAS [email protected] and is now [email protected]. [email protected] went our of "circulation" "print" in or around 2005 when i began to use my given name for business purposes. it was forwarded only to [email protected] which is the real email address that i would have responded from and too. domainbuzz56 was getting all of my @cqd.com emails from every account i had/have attached to it for communication purposes. since when? i don't know how long.

he has no emails from me or anyone attached to me, even from a arms length, regarding sale, transfer, authentication, verification and so on.

OK, but James (@BoothDomains ) thinks he has because he probably reached your email address when it was hacked...

regarding talking to you, he must have spoken to a person with a women's voice...

however, i do not know if it was your phone number "352.870.5272", or "352.505.0879" that was shown on the WHOIS information of your domain since 2013 until 2016 in the Registrant section, or "352.378.1465" that was shown on the WHOIS information of your domain since the end of times in the Administrator section.

Do you recognize these 3 phone numbers?

 

[equity78]

Excellent, glad you have a case number and ongoing work with agencies. I believe you might also contact the tech dept news media (Techcrunch, etc) as well locally as this is good story and perhaps online news websites with a news release listing the details as you can get an tech industry investigative reporter that might interested, it might move things along and expose all the mistakes made to a much wider audience.

Some of the domain blogs are not going to assist, as some of them are part of a boys club and not where you should be posting anymore, especially when as demonstrated yesterday if you read the above comments are deleted selectively months after they were posted, at least Namepros won’t do that.

There were 2 comments made on January 9th, @Grilled posted it here in the thead here yesterday, and within hours the blog owner deleted one on them according to @tonyk2000 who alerted us to that, and I confirmed the selective editing of the comment removed from 6:50pm, but the 6:48 comment remains the the one removed stated something like “I used domainiq....” ....blah, blah”.



The seller email field on both escrow.com 19k cancelled transaction screenshots posted above in this thread are different. The “CQD-JR” Was the screenshot I believe you originally posted. So the question is who is company or person sent that to you?

I have written about this story once, and just published a fresh piece, and let me say people might not like some things on blogs but there is no one actively running any reputable blog that is going to put their rep on the line to cover up stuff for James Booth.

The boys club doesn't blog, the people who blog for the most part are working each day and many don't even have great ties to one another to be running some collusion scam to protect James Booth.

I am not saying there can't be times where you think someone deleted a comment in appropriately but there is no collusion going on, I know I can speak for every publication I am involved with.

 

[equity78]

Just published, The continuing saga of CQD.com

 

[spoiltrider]

@spoiltrider

If you could check and see what the telephone number was that called you that night at 2am. Probably not hard to find being the middle of the night.

Not sure how a woman at escrow.com would know that a man in los angeles cashed their check. And surprising they didn't tell you who the check was made out to. They would tell you what the person looked like that cashed the check but not who the payee was? Please try to remember who the payee was.

In order to have a business account here in LA, you need a business license or DBA.

that phone number will be requested through the subpoena process.
it does not show up in my call log because i did not take the call. but i have all my phone records and i am going through them all the way back to january 2017 and beyond if i have too.
i vaguely remember what the number looked like the call came in on sunday night (here) i think. so if it 2AM here, what time would it be where he is and where is he anyway, Singapore, Great Britian, Dubia?

...it was an overseas caller. "james" definitely left a voice message. i picked it up, mid morning on a sunday, if i remember correctly. the text translation was crappy but his name was texted into it. my first thought was that it was a joke, james booth shot abraham lincoln...but then i realized it was john wilkes booth who murdered him (thats how i remember things). and the phone number was not a USA number by formatting. but regardless his voicemail was to the perturbed question of "why i was taking back the domain, what was going on...." effect.

OK, but James (@BoothDomains ) thinks he has because he probably reached your email address when it was hacked...

regarding talking to you, he must have spoken to a person with a women's voice...

however, i do not know if it was your phone number "352.870.5272", or "352.505.0879" that was shown on the WHOIS information of your domain since 2013 until 2016 in the Registrant section, or "352.378.1465" that was shown on the WHOIS information of your domain since the end of times in the Administrator section.

Do you recognize these 3 phone numbers?

yes.
352.870.5272 is my current/active long time cell phone number, the number booth called and left the 2AM vm in . this is my only voice line. this one is all over the place in my advertising. this is the number i am reached at.

352.505.0879 (after divorce NW 8th Ave house) was my number YEARS ago at my old address through COX.com. i havent had that number for 12 years or so.

352.378.1465 another OLD landline/modem number i had since around 2005 before my divorce (NE 55th Place house). this was a bellsouth landline.

 

[offthehandle]

With all due respect, I deleted the comment that had Mr. Booth's name because he told me he did not leave the comment. The IP address did not match any other comment either (from him or anyone else). It was not deleted because of some sort of "boys club" or for any other reason than the fact that he said it was not his comment. Also, your comment about "months after they were posted" is inaccurate as the now deleted comment was written on March 28, which is about one week ago.

If a third party posted a comment on a blog using my full name, I would hope the blog owner would remove it when asked, especially if the comment was incendiary. I think others would hope for the same courtesy.

I don’t expect any "due respect" - I just call things like I see them. You claim "I deleted the comment", but in fact you deleted more than one comment, which is my point. It looks like you are covering up things. The second one that mentioned the due diligence. You are attempting to twist this around to focus on my "boy's club" comment (Opinion), not the facts.

I could be wrong, but what I see is you erased this comment immediately after you were alerted as there are ton's of people watching this thread and lurking, and it's not exactly 3 months, but close within a few days- I should have counted it is 85 days. lol. Please. As of yesterday, only one of the the January 9th comments remained. So 2 comments were erased, not one as you state above. Maybe by now today you erased that one too.

The "Incendiary" STFU comment you also erased that was posted sometime in March.

You simply cut out part of my above post, then state I am wrong, sorry but you are incorrect. And the posts were sequentially made within 2 minutes of one another.

This is what I wrote:

There were 2 comments made on January 9th, @Grilled posted it here in the thead here yesterday, and within hours the blog owner deleted one on them according to @tonyk2000 who alerted us to that, and I confirmed the selective editing of the comment removed from 6:50pm, but the 6:48 comment remains the the one removed stated something like “I used domainiq....” ....blah, blah”.

https://www.namepros.com/threads/do...-a-stolen-domain.1068888/page-31#post-6651041

 

[offthehandle]

I have written about this story once, and just published a fresh piece, and let me say people might not like some things on blogs but there is no one actively running any reputable blog that is going to put their rep on the line to cover up stuff for James Booth.

The boys club doesn't blog, the people who blog for the most part are working each day and many don't even have great ties to one another to be running some collusion scam to protect James Booth.

I am not saying there can't be times where you think someone deleted a comment in appropriately but there is no collusion going on, I know I can speak for every publication I am involved with.

Equity, You write a blog that is helpful and pushes the limits and you post here continually and help here on Namepro's, I appreciate it- everybody appreciates it. You even start threads that are in fact excellent and well received like:

https://www.namepros.com/threads/le...s-idea-of-owners-bidding-in-auctions.1030988/

Which was a branch off the :
https://www.namepros.com/threads/bidding-on-your-own-names-at-namejet.1030874/

 

[tonyk2000]

I was looking for something in the beginning of this thread and noticed an interesting post from a memeber who "Joined: Dec 27, 2016" but currently has account auto-closed

Maybe a storm is coming that is unlike any you have seen before. No comment!

Since a member with 920 posts and >1 years activity will unlikely post fantasies or random texts, it would be interesting to find the basis of the quoted post. Guess we will know only after the court decision

 

[tonecas]

@offthehandle i think you are mistaken on this one.

just put this on your web browser address (Chrome):
cache:https://domaininvesting.com/pdd-com-story-eye-opening/

this shows the cache from March 31 and there are two comments from James Booth. The only comment that was deleted is the STFU of March 28.

but it seems James Booth (@BoothDomains ), or Mr. Booth as Elliot Silver calls him, is reading this thread.

 

[offthehandle]

@offthehandle i think you are mistaken on this one.

I don't use chrome, but 2 separate computers and browsers. The 6:50pm comment is gone from where it was. Now, I see it was moved lower or below. Yes, I am incorrect. Sorry. My sincere apologies, as there were additional ones between it.

 

[tonyk2000]

At the time of this writing, I also see a comment with "Used domain IQ" words inside

 

[offthehandle]

At the time of this writing, I also see a comment with "Used domain IQ" words inside

Again, my mistake, I retract everything I stated. My sincere apologies to the blogger. In any event, glad that remains there.

 

[spoiltrider]

[
Silentptnr said:
    [
    BoothDomains said:
        I did. The whole thing is really fishy. I called, emailed and did all the checks. It seems she told Web.com          one of her employees sold the name without her authorization which is a lie.

        I have all the emails from her.
    ]
I believe this.
]

a. booth never ever spoke to me.
b. i don't have any employees that he could have spoken too.
c. if i did have employees(s) they would certainly not have authority to make financial decisions or authorization to make a sale or transfer of my domain.

hey booth, show me and this domaining group PROOF that you
1. called and spoke to ME - show me the call log with a considerable discussion that would have had to have taken place in order to negotiate a deal like this.
2. emailed ME. i want to see the emails and then i want to find them in my outgoing email box.
3. show the transaction paperwork from escrow.com that i don't have so we can all see the seller at escrow.com

just put it out there, like i have.
i have NOTHING to hide!
that way, we can lay this to rest and move on.

either you have it (proof) or you don't. i am growing weary of your game.

i want to see PROOF of you dealing with ME. i want to see PROOF of your ability to authenticate and properly vet the seller, that being me.
PLEASE show me the proof!

 

[spoiltrider]

"boys club" - well said



@spoiltrider if you do this - would be an excellent idea. Just make sure to use "mainstream" tech media, not domaining-specific. Many domaining-specific blogs indeed would not assist, for example I think that a particular blog running radio shows may not help, etc., etc.
Better press coverage (online and offline) is something you should really consider if you have time to

thank you. i wrote to them today.

 

[offthehandle]

thank you. i wrote to them today.

Wall Street Journal and INC magazines perhaps.... send in an inquiry to a writer about your story.

https://www.wsj.com/articles/now-cy...opriating-businesses-web-addresses-1426120840
https://www.inc.com/guides/201102/how-to-protect-your-domain-name-from-cybersquatting.html
https://www.forbes.com/sites/theyec/2015/02/28/how-to-recover-from-a-domain-name-hijacking/
https://www.cnet.com/news/meet-the-mann-who-registered-14962-domains-in-24-hours/ find the editor
https://www.theguardian.com/profile/jackschofield tech writer
https://www.searchenginejournal.com/contact/
https://www.crunchbase.com/organization/search-engine-watch
https://searchengineland.com/contact
http://www.circleid.com/ plenty of writers here. This is one location bloggers get their info
http://www.domainsuccess.com/cnet-covers-new-gtlds/
https://www.mcafee.com/us/about/contact-us.aspx
https://www.linkedin.com/in/rustybrick

report it:

https://www.tracechecker.com/ worlds largest base of stolen goods
http://www.stolenregister.com/
https://www.einvestigator.com/fbi-stolen-articles-database/
http://myfox8.com/2016/03/07/online-database-helps-police-recover-lost-stolen-property/
https://www.police.gov.sg/e-services/find-out/stolen-and-lost-property-index singapore police report
https://www.fbi.gov/services/cjis/ncic ncic fbi
https://www.cashconverters.co.nz/contact/report-stolen-goods
http://resources.infosecinstitute.com/domain-theft-stolen-domain/#gref
https://securedomain.org/
http://internetgovernancecoalition.com/
https://www.actionfraud.police.uk/report_fraud
https://www.justice.gov/criminal-cc...ternet-related-or-intellectual-property-crime


http://tcattorney.typepad.com/domainnamedispute/someone_stole_my_domain_name/

 

[tonyk2000]

I'd add theregister.co.uk - very popular (worldwide, not only in UK), and they periodically post things about GTLD registrars/domains/security

 

[Silentptnr]

We KNOW James completed the purchase on escrow.com.

We KNOW the domain was temporarily taken from him, then returned to him by Netsol.

We KNOW Rebecca had the domain listed for sale.

We dont KNOW James called Rebecca.

We dont KNOW James was harrassing Rebecca as she stated.

We dont KNOW the female at Escrow that told Rebecca a male cashed a check in LA.

We dont KNOW who hacked Rebecca.

We dont KNOW who sold the domain.

We dont KNOW who was paid for the domain.

 

[MasterOfMyDomains]

We do want to see the bill of sale from escrow to mr. Booth

 

[Silentptnr]

We do want to see the bill of sale from escrow to mr. Booth

You mean the transaction receipt?