discuss [Resolved] Domainer Loses $26k On A Stolen Domain!

[Silentptnr]

Darn! Another scam and this time it is an experienced domainer James Booth.

James must have thought he was making a sound acquisition as he transferred approximately 26k to escrow for CQD.com. Instead, after completing the escrow, the domain was taken from his account by the registrar without notification and returned to the "true" owner.

Turns out the person that sold him the domain CQD.com, may not have been the true owner.

Apparently this incident involves several parties including the registrar and the escrow.


Thanks to Theo over at DomainGang for the tip on this.

 

[carob]

Lets hope every possible measure is taken to keep the domain secure from now on.

 

[TheLegendaryJP]

@BoothDomains, we are happy to now help you and pressure escrow into divulging more info if you'd like. Escrow knows who they paid, that person should have matched the verified account to even accept that amount of funds... so they are imo responsible for allowing policy breaches or should because of that help you without needing to get a order to do so. I know I was put through the ringer by them just in Jan to have my account names verified matching bank details and domain in orer to just PAY for a name let alone get paid. If they in fact paid someone not verified on that account (name doesn;t match business etc) they need to fess up.

There is the chance of going after the negligent party here to recover funds, jmo.

 

[Jasonn]

Jack and I did do all the relevant due diligence on the name. Rebecca was extremely negligent in allowing all her emails to be hacked and domain to be stolen, and the thief obviously knew what he was doing. All of this means that I have now lost a small fortune even after doing everything properly.

I appreciate all the people that actually understood my situation and supported me rather than throw accusations and accuse me of being involved somehow. I hope Rebecca is happy she has the name back, and I hope everyone will remove all the damaging things they posted online about Jack, me and my business now that this has been resolved. This situation has caused me enough grief as it is, and the last thing I want is for my name to be tarnished for absolutely no reason because of it.

Perhaps the chance is slim but I do hope you are able to recover at least some of your loss from the thief.

 

[Chris Hydrick]

... continuing on with my attempt to explain the 29 email filters added (allegedly by the thief / hacker) to [email protected].

Deliver to trash if:

6. From contains sprint

Notice an influx of emails that looks to have occurred during the time the alleged hacker / thief was most active in [email protected]?

The IP address 204.152.203.158 (estimated location: California | Device: Chrome, Windows NT) may be related. Rebecca is working with law enforcement to follow this footprint.

7. From contains startlogic

StartLogic is where [email protected] & [email protected] were located.

<<<<<>>>>>

8. From contains google

9. Body / Subject contains transfer

No screenshot to provide since this is a (Body / Subject) filter opposed to a (From) filter.

I assume this filter was added to send any emails related to a domain transfer to the trash.

10. From contains dn.com

@DN.com

Below is an email found in the sent messages of [email protected] startlogic. The writing style, and asking price is consistent with the real Rebecca. I don't think she fully understood the email she was replying to; mistaking it for a domain offer.

The email subject is different than the above Yahoo email timeline with related contacts to [email protected], and [email protected].

11. From contains [email protected]

There is no Yahoo email timeline of this in [email protected]. That doesn't necessarily mean no emails from [email protected] were sent to [email protected]. It could mean that. But I don't have a full understanding of what gets caught in Yahoo email timelines, and what is missed, to say definitively what was, and what wasn't sent.

12. From contains [email protected]

My guess is Emmily was a prospective buyer, given her initial May 2017 email subject: CQD.com Domain Name. It appears [email protected] may have responded in September 2017.

<< from [email protected] startlogic emails>>

 

[tonecas]

CQD.com has been pushed back to Rebecca. We now consider this matter closed.

unexpected but glad that you did the right thing. It is hard to take the loss but it was an honest and ethical action to do.

let's try to get the hacker, the true scammer in this story.

if you want to disclose any details about what you/Jake/Jack have done to reach the alleged Rebecca maybe we can cross reference with what we already have to get more close to the guy. from my side I am here to help you now.

 

[Chris Hydrick]

... continuing on with my attempt to explain the 29 email filters added (allegedly by the thief / hacker) to [email protected].

Deliver to trash if:

13. From contains bqdn.com

There aren't any Yahoo email timelines for emails containing @bqdn.com.

Again, just because there aren't email receipts, it doesn't necessarily mean emails from this address weren't sent/received.

An email was sent to [email protected] on March 15th, 2017 with the subject: Regarding CQD.com. I have been unable to locate a Yahoo email timeline, or any trace of this message in her yahoo account. I'm assuming given the subject contained CQD.com, that this was directed to her trash. Rebecca claimed to have no knowledge of such email when questioned. <<noticed, the email is unopened...>>

I confirmed <<with HubSpot>> an email I sent to her was opened from a Florida location prior to working with her. She was not informed the email contained a tracker when she was instructed to open / respond.

FWIW: Nevins McTwisp also confirmed Mike Han's email was opened in China << with HubSpot >>.

** IP addresses can be bounced. So this isn't to be relied on 100%. It is however (IMO) a good first tier building block.**

14. From contains booth.com

I've already shared both Yahoo email timelines, and all the available correspondence in her startlogic @cqd.com emails from @booth.com email addresses on page 46 of this thread.

15. From contains escrow.com

16. From / body / subject contains escrow

Below is all from the [email protected] Yahoo web email interface.

<<<<<<<<>>>>>>>

<<<<<<<<<<<<>>>>>>>>>>>

<<<<<<<<<<<<<<>>>>>>>>>>>>

<<<<<<<<<<<>>>>>>>>>>>>>

 

[Silentptnr]

@BoothDomains HAS RETURNED THE DOMAIN TO @spoiltrider (REBECCA)!!!!!

AWESOME!

 

[Silentptnr]

Congratulations @spoiltrider !!!!!!!!!!!

 

[Silentptnr]

@spoiltrider should update that Ripoff Report.

 

[spoiltrider]

i just want to say how thankful i am for the return of my domain. i feel a part of me has come home. thanks to all who were inspired enough to input time and energy into this situation. many of you posted much appreciated factuals that really, really helped me get cqd back.

my emails are working again. my site is updated and running again. i am in the graphic design business again.

i am taking steps tonight to get on ripoff report to remedy the reports in order to show a positive light to the world - that james booth stepped up to the plate and did the right thing.

thank you james booth. i feel very relieved now. i still have a lot of work to do to secure my identity, and i will continue to work with authorities to find the thief who dismantled me. i am happy to share with you information you might need to also find the him/her/them. i would like to see them pay restitution and serve appropriate time in jail. i am hoping that this "case" will help set a precedent for the domaining industry, buyers and sellers alike.

please think of the good old blue ink (original) signature, copy of ID, notarized paperwork; when you do your sales contracts.

i am a fighter. i am thankful.

now, it's time for a good strong margarita!

 

[Chris Hydrick]

... continuing on with my attempt to explain the 29 email filters added (allegedly by the thief / hacker) to [email protected].

Deliver to trash if:

15. From contains escrow.com

I'm going back to filter #15 to note a missed Yahoo email timeline from an @Escrow.com address.

<<<<>>>>> Continuing on <<<<<<>>>>>

17. From contains startlogic

This is a duplicate of filter #7. See above post for screenshot.

18. From contains qq.com

I assume the general sending of all emails from @qq.com to the trash was designed for (presumably Chinese) people he/she may have contacted and to not have future contact. ie a late reply... The below screenshot is from [email protected] startlogic.

**Take note of the reply to symbol to the left of some emails**

Rebecca claims not to have used the [email protected] via startlogic. The replies are presumably from the alleged hacker / thief. I still need to cross reference every email with a reply symbol (from a qq.com search via [email protected]) with Rebecca's desktop email application to identify which, if any, emails were replied to by her.

Whereas a qq.com search in [email protected] reveals nothing:

From the Yahoo web interface of [email protected]

<<<<>>>>>

<<<<<<<<>>>>>>>

<<<<<<<<<<<>>>>>>>>>

<<<<<<>>>>>

<<<<<<>>>>>>

19. From contains [email protected]

Apparently there are more emails (in [email protected]) from qq.com emails than a qq.com search revealed.

`

 

[spoiltrider]

Holy Toledo... Wow!!!

I did not expect to see this. This is the high road, and I am blown away this.

I still have lots of other digital footprints to add to this. Hopefully some of it will lead the catching / prosecution of the alleged hacker / thief.

I have to take some time off but all will be handed over. As this alleged hacking looks to be more than domain theft, I don't anticipate Rebecca or law enforcement to give up on finding the culprit.

James if this was your willing choice, I know its not worth much, but my opinion of you has certainly changed. Well done.

i agree whole-heartedly! a fiercely huge thank you!
thank you so much!

 

[spoiltrider]

ain't going to happen since @Jackson Elsegood is silent as the grave, waiting for the storm to pass

i'd like to have a meeting with him. seriously.

 

[spoiltrider]

it appears that james booth did NOT JUST voluntarily give back my domain.
Q. Would he have done it without the letter from Web.com?
A. I will never know.

I only know this. I did not authorize the sale of my domain, but i am very happy to have it back.

And...Web.com/Network Solutions...well they did the right and they got it back (not without the help from Grilled and my constant bitching and crying.)

So...i'm not so sure how i feel about my ripoff report updates now...

CAVEAT EMPTOR!

"On Apr 25, 2018, at 11:31 AM, web.com wrote:

Dear Ms. Burns,

After a thorough investigation, careful review, and consultation with our internal teams, we have concluded that the transfer of CQD.COM from your account was indeed unauthorized and illegal. As such, we have restored the domain back to your account and have placed an administrative lock on the domain to ensure that no other changes can be made without proper authorization.

We apologize for any inconvenience you may have experienced while the matter was being investigated. As a customer service gesture, and to ensure that your domain remains safe, we would like to extend to you a one (1) year term of our WebLock services which adds several layers of protection against unwanted actions on your domain (for more information about Weblock. If you would like to accept this offer, please respond to this email and we will work with you to setup the service.

We have advised the other party involved that the transfer of CQD.COM was not properly authorized by you, the Registrant, and the sale of the domain name was illegal (i.e. - purchasing stolen goods is illegal). Please note that Web.com will not be a party to any litigation that may arise from any disputes with regard to the unauthorized transfer and illegal sale of the domain CQD.COM; however we will comply with a court order or an order from a competent tribunal.

Thank you,

Web.com"

 

[DNWon]

CQD.com has been pushed back to Rebecca

Was it pushed back to Rebecca from you voluntarily or was it taken from you? Was it moved back to Rebecca's account due to Web.com/Network Solutions actually doing a proper investigation this time? Because a bunch of us here were praising you James @BoothDomains for doing the right thing? So was this transfer back to Rebecca your doing or NetSol's doing? Did we jump the gun on our praise of you doing the right thing?
I'm sure many of us here would like an honest response to this question?

 

[MasterOfMyDomains]

That answer is obvious.
Grilled to perfection
Happy for you Rebecca
My apolgies to you for being harsh at start and apolgize to david, thats been bothering me more

Thanks for sharing that letter, consider it closed

 

[tonecas]

it appears that james booth did NOT JUST voluntarily give back my domain.
Q. Would he have done it without the letter from Web.com?
A. I will never know.

I only know this. I did not authorize the sale of my domain, but i am very happy to have it back.

And...Web.com/Network Solutions...well they did the right and they got it back (not without the help from Grilled and my constant bitching and crying.)

So...i'm not so sure how i feel about my ripoff report updates now...

CAVEAT EMPTOR!

"On Apr 25, 2018, at 11:31 AM, web.com wrote:

Dear Ms. Burns,

After a thorough investigation, careful review, and consultation with our internal teams, we have concluded that the transfer of CQD.COM from your account was indeed unauthorized and illegal. As such, we have restored the domain back to your account and have placed an administrative lock on the domain to ensure that no other changes can be made without proper authorization.

We apologize for any inconvenience you may have experienced while the matter was being investigated. As a customer service gesture, and to ensure that your domain remains safe, we would like to extend to you a one (1) year term of our WebLock services which adds several layers of protection against unwanted actions on your domain (for more information about Weblock. If you would like to accept this offer, please respond to this email and we will work with you to setup the service.

We have advised the other party involved that the transfer of CQD.COM was not properly authorized by you, the Registrant, and the sale of the domain name was illegal (i.e. - purchasing stolen goods is illegal). Please note that Web.com will not be a party to any litigation that may arise from any disputes with regard to the unauthorized transfer and illegal sale of the domain CQD.COM; however we will comply with a court order or an order from a competent tribunal.

Thank you,

Web.com"

seriously @BoothDomains ???

i will for a moments refrain on commenting...

 

[carob]

I hope the name leaves Netsol as soon as possible. Netsol have now forced a change of registrant three times and moved it from one account to another three times - how they really decide that would be interesting to know.

 

[Silentptnr]

Learned a lot through this case.

Whether udrp or stolen property, research and due diligence are super important when considering investing in valuable domain names.

 

[IMEZI]

Learned a lot through this case.

Whether udrp or stolen property, research and due diligence are super important when considering investing in valuable domain names.

Usually i keep all email notification from my domain registrar company, eventough it's only a notification of dns change i still keeping it, i got more than 15K email from godaddy, namecheap, namesilo etc within my email account, this will be one solid proof of ownership LOL

 

[Arca]

@spoiltrider - First step you should take now is to move the domain away from network solutions to a more secure and reliable domain registrar.

Set up a new account with namesilo.com or dynadot.com or epik.com and set up account security features properly.

Transfer cqd.com from network solutions to your new registrar account.

Renew the domain for 10 years. It costs you less than $100. Activate WHOIS privacy.

Stop using yahoo mail. More than 1 billion of their email accounts have been hacked. It's one of the least secure email providers out there. Switch to better free email service like gmail or a paid email service like protonmail, runbox, fastmail.

Learn how to use 2 factor authentication and use it to secure your registrar account and your email account.

 

[spoiltrider]

@spoiltrider - First step you should take now is to move the domain away from network solutions to a more secure and reliable domain registrar.

Set up a new account with namesilo.com or dynadot.com or epik.com and set up account security features properly.

Transfer cqd.com from network solutions to your new registrar account.

Renew the domain for 10 years. It costs you less than $100. Activate WHOIS privacy.

Stop using yahoo mail. More than 1 billion of their email accounts have been hacked. It's one of the least secure email providers out there. Switch to better free email service like gmail or a paid email service like protonmail, runbox, fastmail.

Learn how to use 2 factor authentication and use it to secure your registrar account and your email account.

Thank you. i am soooo happy!!!
i will. i appreciate the advice and direction. i have been using that yahoo account since 1996.

it appears today as the original inception date of Tues Aug 13 1996 again per internic whois. yesterday it was a 2018 date...

 

[spoiltrider]

Learned a lot through this case.

Whether udrp or stolen property, research and due diligence are super important when considering investing in valuable domain names.

and don't forget a lot of me crying & bitching & ranting & pushing & crying more! Grilled saved CQD from the sales market! he is my saving angel! i am so happy he presented himself to me. i hope to meet him someday. Nothing i can ever do could top what he did for me! he is my saving angel! <3

 

[DNWon]

and don't forget a lot of me crying & bitching & ranting & crying more! Grilled saved CQD from the sales market! he is my saving angel! i am so happy he presented himself to me. i hope to meet him someday. Nothing i can ever do could top what he did for me! he is my saving angel! <3

@Grilled is the man, and he was resurrected at the most opportune time for you Rebecca!
Just don't let him cook you any bacon!

 

[spoiltrider]

@Grilled is the man, and he was resurrected at the most opportune time for you Rebecca!
Just don't let him cook you any bacon!

bwahaha.( i'm not up on the bacon thing )... LOL