Fucked Up – The Theft of Fucked.com and Pornos.com
March 7, 2008 · Print This Article
A domainer is cheated of over $120,000. The FBI and the police are involved. And so is an allegedly 16 year old boy in Ontario, Canada.
You work hard for what you have earned in life. You spend all day crouched over your computer doing research and negotiating deals. But some people aren’t willing to put in this work and want quick shortcuts – and will do this at the expense of your life savings.
So unfolds the latest drama over stolen domains at DN Forum. In this case, “jayspot” of DNF purchased the domains pornos.com, liveporn.com, and asianxxx.com from “Alexa the Top”. Jayspot paid $115,000 for the first two domains, and paid via Escrow.com. He paid $8,500 for the third domain – $3,500 via Western Union to Alexa the Top and $5,000 via wire to the TD Canada Trust bank account of one “[name removed on request]” in Toronto. The sale was brokered by “9MM” of DNF, who received the domain fucked.com as his commission.
It turns out that all of these domains were stolen. Jayspot has lost his money despite taking the precaution of completing most of the purchase via Escrow.com. 9MM, who claims to be a 16 year old boy in Ontario, admits that he knew all along that the domains were stolen. While the domains have been or are in the process of being returned to their rightful owner, Jayspot is out of a heck of a lot of money. He has contacted the FBI and may be contacting the Toronto police.
In the DNF thread, Alexa the Top claims that 9MM and him were partners; 9MM claims that he was just brokering the deal. 9MM claims that he was just in it to try to get the domains returned to their rightful owner – why he still let the deal go through with jayspot is unclear if that is the case. It is also alleged by 9MM that Alexa the Top is the hacker who stole the domains.
It is also not clear whether [name removed on request] and Alexa the Top are different people. Regardless of what the case is, it does show a Canadian connection to the domain thieves. While I’m not happy that this is right in my backyard, the good part of this is that it is easier to track criminal activity and do something about it in Canada than in say, Iran.
A number of things need to be cleared up – most importantly: who received the money from Escrow.com. 9MM claims that it wasn’t him. Escrow.com will (quite properly) only release this information if there is law enforcement involvement; I would imagine that this is one of the first steps the FBI will take.
One other member of DNF almost got burned as well; the transaction was set up and he had already wired the funds to Escrow.com. While he managed to stop the transaction in time, he still lost the wire and escrow fees. As well, there are claims in the thread that this is just the tip of the iceberg and that Alexa the Top has sold over $600,000 of stolen domains.
How To Protect Yourself from Domain Fraud
While you’re quickly logging into your accounts to make sure none of your domains have been stolen, here are some tips to keep in mind:
1. Escrow Isn’t Enough. All escrow does is ensure that the transaction goes through as agreed – the seller gets paid his money and the buyer gets his domain.
2. Research the Domain History. Before purchasing a domain, check the whois history (on DomainTools.com). Be especially suspicious of changes that occurred recently, particularly a change of the administrative email contact. For a larger domain purchase, pick up the telephone and contact the previous owners to verify the pedigree of the domain.
3. Don’t Rush A Transaction. People are likely to notice that their valuable domains are stolen pretty quickly, so a thief want to unload the domain quickly. Be particularly wary of someone who seems to be in a big rush to close a sale.
4. Buy From Reputable Buyers. Research the person you are buying from. Find out more about them, and particularly about any past domain dealings.
5. Too Good to Be True. If the deal is too good to be true, it probably is. When Alexa the Top offered an $XXX,XXX domain for sale at DNF for $X,XXX this raised alarm bells for several members.
6. Keep Your Domains Safe. Make sure your domains are with a registrar that cares about domain security – Moniker and Fabulous are the two that everyone states are good in this regard. Apparently, neither registrar has ever had a domain stolen.
7. Don’t Use Free Email Accounts. Free email accounts should not be used as the contact for your domains. The normal way that a thief gets control of a domain is by getting control of the email account of the administrative contact. Free email accounts are generally easier to hack than ones that you control.
I hope that justice is served in the case of Fucked.com. I hope that jayspot gets his money back. With at least two Canadian connections, I’m hoping that some light can be put on the recent wave of domain thefts that have been sweeping the community. And perhaps some entrepreneur will start a domain insurance program to protect domainers in these sort of situations.
Written by admin · Filed Under Domaining
This post you have is Interesting.
Great post 100%
The domain I saw posted by “Alexa the Top” was fuck.net not fucked.com.
Well that is very sad to hear. We need to protect this industry from fraudulent activities like this. My sorrows to the victim.
@doobee – that was the domain posted in the thread at DNF that started this. The other domain is the one given to 9MM for his brokering services.
I have no clue about the story they’re talking about. Some one had a deal with some one else and now it’s my name under this crap. they just tried to abuse my bank account and I ended up returning the money to its strange chinese owner who sends money to someone without knowing him.
And you dear blogger, please do not publish such a story that you’re not aware of it and it’s not proven.
Ehsan, thanks for the clarification.
Very good post, inspiring and informational.
Scammers should get pwnd!
A thought just occured to me about additional security. It would probably also be good to have the administrative contact email different from the email used for the registrar account. That way the thief of the domain contact email would have a harder time login into the registrar account.
I think that would help in some cases – it depends on how the registrar is set up.
I’m uncomfortable with the fact that at many registrars (esp the ones using logic box systems) one’s username is also one’s email address. That’s one less layer of security.
Why would you publish anything claimed by anyone?
I have no relationship with this fraud case and I absolutely have absolutely no idea about what they are talking about. This was an identity theft and they used my id to do their job.