[Resolved] Domainer Loses $26k On A Stolen Domain!

Labeled as discuss in General Domain Discussion, started by Silentptnr, Mar 5, 2018


  1. CryptoInvestor

    CryptoInvestor Experienced Investor VIP

    Likes Received:
    And THATS why you suck it up and use Escrow
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. offthehandle

    offthehandle . VIP

    Likes Received:
    She can’t. The thief sold it through Escrow, and she has no access other than forcing that by subpeona.
    Last edited: Apr 18, 2018
  3. GeorgeK

    GeorgeK PRO VIP ★★★★★★★★★★

    Likes Received:
    This thread has been going on for than a month now, but there's little that's actually 'new' at this point. Only a court (civil or criminal) has the power to compel anyone to actually do something (as opposed to voluntarily doing something), so that's what one should focus on, since the positions of the two sides appear inflexible.
  4. Grilled

    Grilled self challenge: don't be kcid a for xis months. VIP

    Likes Received:
    I've been working with Rebecca behind the scenes to gather as much digital footprints as possible. She has been exceedingly open, and genuinely distraught throughout the process. And my heart goes out to her.

    A few days ago, she authorized me to release everything (in the name of full transparency) to this thread. We're hoping that the community might recognize something, or somebody might have an open line of communication with somebody the alleged thief / hacker might have communicated with using Rebecca's alleged hacked Yahoo email.

    This will make more sense once I release the screenshots. Unfortunately, I'm in the hospital right now, following complications to kidney stone surgery. So I'm not sure when I'll be able to post everything. I have my laptop with me, but with all the machines I'm hooked up to, it'd be a little difficult to use right now.
  5. Keith

    Keith Top Contributor VIP ★★★★★★★★★★

    Likes Received:
    Have you also worked with Booth to gather his portion of the data? That’s the only way your material from Rebecca’s side holds weight imo.
  6. Grilled

    Grilled self challenge: don't be kcid a for xis months. VIP

    Likes Received:
    I've asked Booth multiple times via this thread. He has yet to respond.

    But as I said in my initial post in this thread, HERE we're going to get to the bottom of this with or without his help.

    I can tell you that it appears Rebecca's yahoo email was used to send / receive some 33 emails with [email protected]. Hence where Jake and came into the picture.

    This will all make more sense with the corresponding screenshots.
    Last edited: Apr 19, 2018
  7. Josh R

    Josh R PRO VIP ICA Member

    Likes Received:
    Do you do all this detective work probono?
  8. equity78

    equity78 Top Member TheDomains Staff PRO VIP ★★★★★★★★★★

    Likes Received:
    James Booth is never replying to Grilled in my opinion.

    @Grilled get well soon
  9. Silentptnr

    Silentptnr Top Contributor VIP

    Likes Received:
    @Grilled I hope you have a speedy recovery. I know you have been working with @spoiltrider to put together cohesive evidence. Can't wait to see what you have come up with.

    Best regards.
  10. Grilled

    Grilled self challenge: don't be kcid a for xis months. VIP

    Likes Received:

    The below email timeline screenshot of [email protected] is from the [email protected] Yahoo account.

    When a mouse is hovered over each bar, it reveals the amount of emails in a given month. Hovering doesn't reveal which month, however, in this particular example, (I believe) the months can be deducted by the June - November time line. ie. The first month (bar) is June, the last month (bar) is November, and since the month (bar) in the middle is immediately next to the last month (bar), the middle month (bar) can be inferred as October. This is simply an educated guess. Without the email logs showing all the dates, there is no way of knowing 100% based on the current information.

    1 email was first sent in June 2017

    30 emails from October 2017

    2 emails from November 2017


    Note: The above email timeline states, He or She ([email protected]) first sent you ([email protected]) a message regarding (meaning subject line) 'Interested in your domain name'

    An email from [email protected] with the exact same subject was also sent in June 2017 to [email protected].


    It is very possible that [email protected]'s opening (June 2017) email to [email protected] stated something similar, if not exactly, as the email he/she sent in the above screenshot to [email protected].

    As (I think) it was previously stated, the running theory is that the alleged hacker/ thief, used previous emails sent to [email protected] and [email protected], as a 'rolodex' of customers (or should I say potential victims?) to solicit the alleged fraudulent sale of

    This theory is supported by @tonecas important input HERE (or below) where he shares an email received on September 11th, 2017 in response to his March 9th, 2017 inquiry.


    My belief in the possibility that Jack/Jake was the buyer is based on the below email time line.

    You ([email protected]) and ([email protected]) appeared together on 4 messages between Nov and Dec 2017. The first message was from ([email protected]) to ([email protected]) on Nov 6, 2017, regarding '#3563341-921765'.

    1 email was first sent in November 2017

    3 emails from December 2017


    To add a little more info on Yahoo email timelines, some emails include a related contacts section, based of other people included in the TO or CC line. You will see more examples of this in the future. For now, see below:


    The two above related contacts were included because both [email protected] and [email protected] (and [email protected]) were recipients in what is believed to be the original email sent (July 25th, 2016) from [email protected]. see below screenshot:


    I'm still working with Rebecca to get the relevant info to the appropriate authorities. A lot more info is being passed around behind the scenes. Rest assured, in due time, everything will be uploaded to this thread.
    Last edited: Apr 22, 2018
  11. Grilled

    Grilled self challenge: don't be kcid a for xis months. VIP

    Likes Received:
    @BoothDomains -- Can we be frank?

    One of the reasons why I have requested the items I have requested is not only to find & log info that will help find the alleged hacker / thief, but I am also requesting it to collaborate with Rebecca's statements / technical facts. If you have info that suggests Rebecca definitively did actually sell you (or Jack/Jake), then I need to see it so I can stop wasting my time.

    Right now, the facts strongly suggest she was hacked in multiple ways. She is working with law enforcement, and is preparing to take the necessary steps to subpoena said information.

    Let me give you an example, where I falsely grilled Rebecca with an inference that she was selectively deleting emails, only to be proven wrong by myself missing a technical fact.

    Rebecca's Yahoo email was CC'd (as evident below) in three emails relating to [email protected]. One of them, was originally sent from [email protected] in December 2017 with the subject: Domain Name. There weren't any email timelines from [email protected], or any email of for that matter.


    However, a search for those emails revealed:


    ...she had other emails in her inbox from December 2017, so naturally I suspected something fishy.

    Then combine that with a January email timeline from another domainers outreach with subject domain


    I was confused, and on that particular day, heated. Rebecca's posting of things she didn't fully understand didn't help my frustration. Both of us were semi-emotional. Rebecca vehemently denied deleting the emails. I took her word for it, and used that fire to dig deeper.

    What I found, was a rookie mistake on my part, by failing to check the email filters, I missed the obvious answer. There were 29 filters in total.

    Deliver to trash if:

    1. Body contains:

    2. Subject contains

    3. Body / Subject contacts cqd

    4. From contains [email protected]

    5. From contains networksolutions

    6. From contains sprint

    7. From contains startlogic

    8. From contains google

    9. Body / Subject contains transfer

    10. From contains

    11. From contains [email protected]

    12. From contains [email protected]

    13. From contains

    14. From contains

    15. From contains

    16. From / body / subject contains escrow

    17. From contains startlogic

    18. From contains

    19. From contains [email protected]

    20. From contains [email protected]

    21. Subject contains transfer

    22. Body contains transfer

    23. Body contains ename

    24. From contains yahoo

    25. From contains [email protected]

    26. Subject contains tickets

    27. Subject contains support

    28. From contains support

    29. From contains purplequail

    Given the subject of both yours and Andrea's email contained, per filter #2, these emails were delivered to trash. Where if the emails were not manually checked and moved, they were set by default to auto delete in 7 days (maybe less?)...

    To be clear, Rebecca claims she didn't set any of the filters. I will go over each filter at a later date. #6 (sprint) is probably the most serious, and is being formally investigated, as it likely relates to another key piece of evidence also to be explained at a later date.

    Going back to the three emails mentioned in the above Yahoo email timeline. They were found in the [email protected] startlogic account. Only one was sent from [email protected]. The other two were sent from [email protected].

    << The below emails explains the 3 emails from December 2017 in the above comments Yahoo email timeline from [email protected] >>

    (1) upload_2018-4-23_16-15-37.png

    (2) upload_2018-4-23_16-19-27.png

    <<below are the two email attachments from [email protected]>>

    (also note the below email screenshots from GMAIL interface were not sent from [email protected]. Rather, they were sent from [email protected])

    Screen Shot 2017-12-27 at 11.43.29 AM (1).png
    Screen Shot 2017-12-27 at 11.43.12 AM.png

    (3) upload_2018-4-23_16-23-37.png

    <<below is the Escrow (1) attachment from the above email>>

    Escrow (1).jpg
    Which explains, why I was legitimately asking if you were kidding...


    I don't have time for games. I have a personal engagement that is going to pull me away for an undisclosed amount of time. A road map is being prepared for the handover to the appropriate authorities, and to Rebecca's legal team.

    I know the legal route isn't Rebecca's first choice, but if you insist on leaving that as her only option (and don't give me (or her) that BS that she needs to pay your lawyer Zak Muscovitch $25k for you to return the domain. I'm not a lawyer, so maybe a competent lawyer such as @jberryhill can use his valuable time by chiming in -- If the domain is deemed stolen, is it not considered selling a stolen domain if Rebecca pays Zak $25k for James to give Rebecca her domain back?

    Regardless, and again I'm not a lawyer, but should James force Rebecca to take this to court (which will be costly), I hope Rebecca sues for the domain, plus her likely costly legal expenses.

    But in a perfect world, my true hopes is this battle between James and Rebecca will cease. And the crook (ie. the alleged hacker/thief) will be caught and prosecuted. Maybe even @Jackson Elsegood of will step up...

    ... more to come.
  12. Grilled

    Grilled self challenge: don't be kcid a for xis months. VIP

    Likes Received:
    One thing I should note, is being that I have been privy to privileged information, my opinion/belief that Rebecca is the rightful owner of is slanted accordingly. Whereas, somebody such as @BoothDomains (or Jack/Jake), who hasn't seen what I have seen (though, in some respect may have seen more than I have seen if he viewed the 33 emails sent to/from [email protected]) may have a different opinion/belief.

    I am still holding hope that James (or Jack/Jake) will stop seemingly protecting the alleged hacker / thief by shielding information, and instead will work with us to find the alleged hacker / thief. This is the same alleged hacker / thief who arguably may have made James (or possibly James' alleged due diligence?) look like a joke. Additionally this is the same person(s) who may have cost him $25k when/if Rebecca sees returned back to her.

    I will try to explain the filters found in the Yahoo web interface of [email protected] to the best of my ability.

    Deliver to trash if:
    My theory is these three filters were to prevent future email(s) related to cqd from being seen (emails that may have came from somebody the alleged hacker / thief corresponded with). These emails were to be sent to the trash to assuming prevent the real Rebecca (or any front facing investigation) from seeing evidence of such.

    Additionally, these filters would have prevented [email protected] from receiving any future correspondence related to cqd or If or network solutions sent [email protected] any emails during their three month investigation these emails most likely would have gone unseen, and subsequently sent to the trash awaiting auto-deletion.

    #4 is intriguing not only due to the Yahoo timeline of a March 2017 email with the subject Unexpected sign-in attempt, but because it's the first email address directed to be sent to the trash. I assume these filters were added in numerical order.


    I assume the alleged hacker / thief wanted to prevent future updates from network solutions. Imagine, theoretically, sending a password reset request (or expecting NetSol correspondence) and not having it appear in your inbox due to an unsuspected filter. To add to the strangeness, you might be able to find the email via search box, but not via an inbox refresh.


    A little humor I found in this unfortunate situation, is yesterday Rebecca received an email from network solutions email blasting department, stating that she already owns, make sure you get before it's too late:-P... Good ol' Netwok Solutions


    FWIW: is owned by Name Find LLC, and has a BIN of surprise-surprise...



    Going to :sleep:. I will finish attempting to explain the remaining filters tomorrow.
    Last edited: Apr 24, 2018
  13. UncleBrand

    UncleBrand Top Contributor VIP

    Likes Received:
    best solution:
    one solution would be to have the domain back to the original owner
    and Escrow .com would reimburse the Buyer

    Escrow will have their reputation increase by covering this fraud.
    They will probably find a way to have it covered by their insurance,
    and if not it will still be their best marketing investment of the year.
  14. tonecas

    tonecas Top Contributor VIP ★★★★★★★★★★

    Likes Received:
    ain't going to happen since @Jackson Elsegood is silent as the grave, waiting for the storm to pass
  15. BoothDomains

    BoothDomains Contact us if you are looking for a premium domain PRO VIP ICA Member

    Likes Received:
    737 has been pushed back to Rebecca. We now consider this matter closed.
  16. Marshall

    Marshall Top Contributor VIP

    Likes Received:
    Just Like That?
  17. equity78

    equity78 Top Member TheDomains Staff PRO VIP ★★★★★★★★★★

    Likes Received:
    Congrats on getting this matter fixed. James if you need help with tracking thief continue to post so people here can help.
  18. GeorgeK

    GeorgeK PRO VIP ★★★★★★★★★★

    Likes Received:
    While the domain name is now back with Rebecca, I hope that she continues to help the police track down the thief (or thieves), so that it doesn't happen to anyone else.
  19. DNWon

    DNWon eCommerce Branding Specialist VIP

    Likes Received:
  20. TheLegendaryJP

    TheLegendaryJP Top Member VIP ★★★★★★★★★★

    Likes Received:
    We are more than happy to help James find the thief, door swings both ways, need help, just ask :)
  21. Donna Mahony

    Donna Mahony Established Member ★★★★★★★★★★

    Likes Received:
    Good job! Without this community, I think Rebecca might have a had a very different outcome.
  22. Grilled

    Grilled self challenge: don't be kcid a for xis months. VIP

    Likes Received:
    Holy Toledo... Wow!!!

    I did not expect to see this. This is the high road, and I am blown away this.

    I still have lots of other digital footprints to add to this. Hopefully some of it will lead the catching / prosecution of the alleged hacker / thief.

    I have to take some time off but all will be handed over. As this alleged hacking looks to be more than domain theft, I don't anticipate Rebecca or law enforcement to give up on finding the culprit.

    James if this was your willing choice, I know its not worth much, but my opinion of you has certainly changed. Well done.
    Last edited: Apr 24, 2018
  23. xynames

    xynames PRO VIP

    Likes Received:
    It was the right, and gentlemanly thing to do.
    Last edited: Apr 24, 2018
  24. Vimal Kumar

    Vimal Kumar

    Likes Received:
    Wow.. an amicable closure!

    Hats off to Grilled's deep dive investigation. You Rock!!!

    P.S: Would love to know what made Booth settle this. I feel his loss too!
  25. BoothDomains

    BoothDomains Contact us if you are looking for a premium domain PRO VIP ICA Member

    Likes Received:
    Jack and I did do all the relevant due diligence on the name. Rebecca was extremely negligent in allowing all her emails to be hacked and domain to be stolen, and the thief obviously knew what he was doing. All of this means that I have now lost a small fortune even after doing everything properly.

    I appreciate all the people that actually understood my situation and supported me rather than throw accusations and accuse me of being involved somehow. I hope Rebecca is happy she has the name back, and I hope everyone will remove all the damaging things they posted online about Jack, me and my business now that this has been resolved. This situation has caused me enough grief as it is, and the last thing I want is for my name to be tarnished for absolutely no reason because of it.

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice