PDD .com Story is Eye Opening

Someone shared a story on NamePros about the alleged purchase of PDD.com, and it is eye opening.​. From what I understand, it looks like the buyer agreed to buy PDD.com for $42,000, used Escrow.com to transact, had the domain name in his Network Solutions account for a brief period of time, instructed Escrow.com to release the funds, and then had the domain name removed from his Network Solutions account. It is eye opening and probably something every domain investor fears.

I quickly scanned the thread and took a look at the ownership history of PDD.com using the invaluable DomainTools Whois History Tool. For quite some time, it looks like the registrant email address was first initial last name @pdd.com. That is what the current Whois record shows as well. At some point in late October or early November, the Whois email address changed to an @gmail.com address. It looks like the other fields stayed the same. This is a red flag. A second red flag would be the alleged seller’s email address not matching the Whois email address.

This is really eye opening because even though there were two red flags that I could see, this is not necessarily a dealbreaker. I have bought names where the seller changed the email from @domainname in preparation for a sale. Someone who used the domain name for email would likely change the email prior to the sale so they could continue to communicate after the sale. In addition, people don’t always use the same email for escrow as the Whois email address. Those two factors would cause concern for me, and I probably would have picked up the phone and called the Whois phone number (from before any changes if different) to confirm the offering was legitimate.

It is going to be interesting to see what happens in this situation. The alleged bonafide buyer is out tens of thousands of dollars and doesn’t have the domain name. Escrow.com will hopefully help the buyer track down where the funds were disbursed, but it could be expensive to hire an attorney to use the legal system to get the funds returned. I am not sure if Escrow.com has any recourse to recover the funds if it was a case of theft or some other type of illegal activity. It is also interesting to see what Network Solutions has to say in this matter. If they can see an account was compromised (if that is what happened), is it ok for them to take the domain name from one account and return it to the owner? What would prevent someone from faking a theft in the future to make it look stolen and have a registrar return it? I don’t have the answers to this hypothetical.

As a domain investor, this deal is eye opening and concerning. I will be monitoring the thread to see what comes of this.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

46 COMMENTS

  1. my concern is that the previous address had rights under the new TRANSFER POLICY, what if a tricky seller, changed the email, let the transfer go through, then receives the 60 day notice and they decline it….

    does the account move go through long enough to get the escrow to close, then get undone?

    Page Howe

  2. This exact story happened to me with Pam.com bought off flippa. Same thing. There used to be a full site, the owner switched to a gmail. I assumed because they wanted to sell Pam.com so that all made sense.

    Days after the sale I update the name servers and I get contacted by someone that claims to be former owner saying it was stolen.

    I then contact escrow but they had released funds (or said they did)

    After A TON of threats on my part they claim to somehow get the funds back.

    They never tell me where the party had them wired.

    Afterwards someone from escrow tells me the wire and the seller both went to neitherlands. So pretty slim chance of that.

    Overall big scam. Not sure who was in on it or helped make it happen. I sent the site back got my money back and the previous developed site was never restored.

    • IMHO, before the purchase, you should have at least called on the phone the owner according to Whois (the one with a corporate email) to be sure they were selling the domain.
      I see several Whois changes in a few years for PAM.com, with different emails, but the addresses are all in The Netherlands.

  3. Always do a proper Due Diligence BEFORE buying/selling a domain (before starting any Escrow transaction), not only on the name but also on the buyer/seller.
    Unfortunately in this specific case many red flags were ignored by the Chinese buyer.

  4. Why would I call the owner … at which point would I determine the Whois to be the real one?

    If you have access to change Whois you can change number also. So how’s that any different then email confirmation.

    Onus is on the owner to maintain accurate Whois records.

    • In the PDD case, the only thing I noticed change was the email. I would have called the phone number, which was the same before and after, to confirm whomever was selling the name had the right to sell it. Had the buyer done that, I presume he would have learned the domain name wasn’t for sale.

    • That’s exactly what I meant in my post above to Bill Kara.
      Normally fraudsters change the email only, they are attentive to keep the Whois as unchanged as possible in order not to raise suspects.
      Thanks Elliot. 🙂

  5. Elliot, This EXACT same thing just happened to me. I just lost CQD.com ($25,000). GONE. Bought it using Escrow.com for $25k. Had it in my Network Solutions account. Released the funds. 2 weeks later I log in and the name is gone. I call Network Solutions and they tell me the owner contacted their legal team so they released the name back to the owner. Well the owner was in fact the seller! So the seller got $25,000 and the name back. I am now left with NOTHING. Any advice?

    • I see a recent email change to a Yahoo email …
      This is the last WHOIS, as of now:

      Domain Name: CQD.COM
      Registry Domain ID:
      Registrar WHOIS Server: whois.networksolutions.com
      Registrar URL: http://www.networksolutions.com
      Updated Date: 2017-12-26T17:17:27Z
      Creation Date: 2017-10-25T08:31:47Z
      Registrar Registration Expiration Date: 2020-08-12T04:00:00Z
      Registrar: NETWORK SOLUTIONS, LLC.
      Registrar IANA ID: 2
      Registrar Abuse Contact Email: abuse@web.com
      Registrar Abuse Contact Phone: +1.8003337680
      Reseller:
      Domain Status:
      Registry Registrant ID:
      Registrant Name: ComQuest Designs LLC
      Registrant Organization: ComQuest Designs LLC
      Registrant Street: 22580 NW 142ND AVE
      Registrant City: HIGH SPRINGS
      Registrant State/Province: FL
      Registrant Postal Code: 32643-3783
      Registrant Country: US
      Registrant Phone: +1.3528705272
      Registrant Phone Ext:
      Registrant Fax: +1.9999999999
      Registrant Fax Ext:
      Registrant Email: rjbtwinsis@yahoo.com
      Registry Admin ID:
      Admin Name: ComQuest Designs LLC
      Admin Organization: ComQuest Designs LLC
      Admin Street: 22580 NW 142ND AVE
      Admin City: HIGH SPRINGS
      Admin State/Province: FL
      Admin Postal Code: 32643-3783
      Admin Country: US
      Admin Phone: +1.3528705272
      Admin Phone Ext:
      Admin Fax: +1.9999999999
      Admin Fax Ext:
      Admin Email: rjbtwinsis@yahoo.com
      Registry Tech ID:
      Tech Name: ComQuest Designs LLC
      Tech Organization: ComQuest Designs LLC
      Tech Street: 22580 NW 142ND AVE
      Tech City: HIGH SPRINGS
      Tech State/Province: FL
      Tech Postal Code: 32643-3783
      Tech Country: US
      Tech Phone: +1.3528705272
      Tech Phone Ext:
      Tech Fax: +1.9999999999
      Tech Fax Ext:
      Tech Email: rjbtwinsis@yahoo.com
      Name Server: NS1.STARTLOGIC.COM
      Name Server: NS2.STARTLOGIC.COM
      DNSSEC: Unsigned
      URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
      >>> Last update of WHOIS database: 2018-01-10T00:43:58Z <<<

      While this is the WHOIS as of Sept 2017:

      Admin Contact

      The Admin Contact is the person or organization who controls the domain.
      Burns, Rebecca (1)
      Changes: +0 ccTLD: 0
      Name
      CQD Inc (1)
      Changes: +0 ccTLD: 0
      Org.
      becky@CQD.COM (1)
      Changes: +0 ccTLD: 0
      Email
      1920 NE 55 Blvd (1)
      Changes: +0 ccTLD: 0
      Street

      Street 2
      Gainesville (49,998)
      Changes: -20,988 ccTLD: 734
      City
      FL (4,540,422)
      Changes: -576,733 ccTLD: 48,008
      Region
      32641 (528)
      Changes: -134 ccTLD: 6
      Zip / Post
      UNITED STATES (63,781,675)
      Changes: -22,114,274 ccTLD: 1,182,874
      Country
      3523781465 (1)
      Changes: +0 ccTLD: 0
      Phone
      3523736677 (1)
      Changes: +0 ccTLD: 0

      As far as I can see, the Yahoo email is owned by Rebecca Burns as well:
      REBECCA BURNS
      Address:PO BOX 358521, GAINESVILLE, FL 32635 Phone: (352) 505-0879 Gender: F Email: rjbtwinsis@yahoo.com

    • BS booth! i DID NOT SELL MY DOMAIN. You bought a STOLEN domain! YOU did NOT verify me! YOU did not authenticate me! YOU did everything wrong to gain my 22yo 3L top domain FAST. i can’t even describe here with the words i want to use on your excitement to get it!

  6. To add. I called the Whois number. Spoke to them there. Spoke to the number on the website also. Used domain IQ and emailed previous emails who also confirmed everything. Everything seemed fine.

  7. None of these suggestions like calling or looking back to previous records and this that would prevent fraud. Onus is on the owner to maintain secure and accurate Whois records. Period.

    The argument that hackers only change email and not phone numbers is absurd.

    The only one not at fault is the buyer. The owner didn’t secure his Whois and the hacker stole so why would the buyer be the only one to pay the price.

    The former owner needs to now make the effort to recover funds/press charges because for 1/1000 of that effort those Whois records would have been secure.

    If you can do domain charge backs even when dealing with the formal recorded owner this industry is finished.

    • In the PDD.com case, the email seems to be the only thing that changed. If the buyer called the Whois number and spoke with someone to confirm the sale, it is likely he would have found out the domain name was not for sale (assuming it was a case of theft). Obviously, every situation is different.

      Regarding the other points – that was a big reason why this was an eye opening scenario for me. I would not have suspected the registrar would have pulled the domain name out of the registrant’s account without a court order. I presume it passed whatever threshold they have for (I assume) theft so they put it into the original registrant’s account, but I didn’t know they could do that.

    • “The argument that hackers only change email and not phone numbers is absurd.”
      It’s not absurd at all, fraudsters know that rarely buyer would call the phone number on the Whois to double-check, and that’s exactly what happens in many cases, same occurred for PDD.com.
      Hackers usually change as little as possible to (try to) go unnoticed.

    • And if they can pull of email Im sure changing a phone number is even easier as at least with email most get an email change confirmation. In any event your suggestion is terrible as if they can change one field changing 2 fields is certainly not going to stop anything.

    • Sure, but you can call the original phone number (that was the same for 10+ years) to confirm that they sold the domain name to whomever is offering it for sale.

      It would be an even bigger red flag to me if the Whois email and phone number changed (especially if phone number is in a different area than the original registrant) when the registrant name remained the same.

      Finally, if I did call the new number and the person had an accent that wasn’t from Indiana, I would be even more troubled if they claimed to be the same person.

      All situations are different. Scammers do different things to gain trust. I am only discussing this particular case if I was the prospective buyer.

    • I agree fully there is a due process that must happen. In my case I put pam.com under Godaddy certified protection, emailed them and told them there is some dispute and to lock the domain down entirely till its solved. Once escrow got my funds back (which I still dont know how that happened as you can reverse a wire) I released the domain back to the guy claiming to be the owner and confirmed with escrow that was a valid return email.

      The entire process was full of question marks and escrow.com was not forthcoming into who the “seller” was. It was actually Kevin at Flippa that said its going to the same country.

      So in a case like this whats to stop people from running a scam. One guy sells the domain, the other claims it back. Unless the buyer presses charges for funds the 2 parties have very little to lose.

      In my case I requested a local police file be opened, I requested outgoing records from Flippa and escrow.com and Kevin at Flippa was great. Everyone else I was going to list on kissmyass.com till the entire thing was sorted out.

      They decided to sort it out, in that I got my money back, but the domain and the entire process left me missing Brandon at escrow.com very much.

    • I never said changing a phone number is difficult, read again what I wrote before commenting.
      You are totally missing the point.
      My suggestion is terrible only if you don’t get what it means, as you did.
      And maybe you should be less arrogant, Mr Karamouzis, a too big ego doesn’t help.

    • You can call as many numbers as you want, if you can find them, or you can and we all can require a valid whois.

      Hi my name is Elliot and 10 years ago you sold a domain to X person is that true? Hi my name is Elliot and 7 years ago you sold a domain to X person is that true? ect…

      Good luck with that.

    • The phone number from October 2017 was the same for a long time. I would have called that number and said, “hey, I just want to make sure you’re the guy I’ve been emailing about regarding my purchase of PDD.com.” If he said no or I wasn’t comfortable with a non-response, I would not have moved forward given the other red flags. Since the only thing that changed was the email address, the registrant of PDD.com should have been the same before and after.

      Incidentally, I saw a LLL.com name on NamePros last year that seemed like a great deal. The Whois had recently changed, and it turns out, the former registrant’s company is located 15 minutes from my house. I drove over to the shop, and he confirmed the name was stolen and was working with his registrar to recover. Long story short, he ended up working with Stevan Lieberman to recover the domain name, which he still uses for his business. Had I not taken this extra step, I would have ended up owning a stolen domain name. The first red flag was a recent registrant change and a relatively cheap price had it been recently sold before.

      I wish you could just trust the current Whois records, but as you can see in this scenario, that doesn’t really work.

    • It’s way more than that.
      I see you have little experience about investigations.
      Anyway, I stick to my view, and I definitely know how to do an in-depth due diligence.
      Good luck to you. 🙂

    • Im not being arrogant, your suggestion to prevent fraud by calling a number, as if email is not valid enough puts the onus back on the buyer and not the seller to maintain accurate whois records. If there are zero requirements to have accurate whois records then how does buying and selling a domain work? A urine sample from the last 5 owners?

      Keep your accounts secure, your valuable names under additional locked services and if you mess up expect to work with the courts to get made whole by the fraudster. Not the legitimate buyer.

      A domain is valuable, treat it as such.

      So if I wanted to sell a domain and scam someone I would … change the email to something random. Have a friend in a shitty country sell it. Wait til funds move to said shitty country were contracts are hard to enforce and then do a claw back from the registar?

      If you think that’s a valid processes you dont buy and sell domains for a living.

    • I buy and sell domains for a living. Driving to peoples homes is not a reasonable expectation. It’s quite silly in fact to even suggest it.

      Oh hi Im Bill… are you reaaaaaalllly selling your domain name?

      Come on now lol

    • Again, I never suggested that you can prevent a fraud by calling a number, can’t you read? 🙂
      That’s just the first very basic thing to do, but a complete due diligence, as I said above, is more complex and time-consuming than that.

      I’ve been working in the financial industry for 20+ years, also advised in cases of fraud and bankruptcy, in court as well, thanks but I know what a scam and a proper due diligence are.
      And we advise and do business in the domain space as well.

    • It’s the same telephone number that the 20+ year user of the site had posted on their website for just as long. A hacker can change a telephone number in WHOIS. Changing a telephone number on an archived screenshot at screenshots.com from three years ago is a little trickier.

      In any event, Elliot, are you troubled by Twitter restoring Mike Berkens’ account without a court order?

    • I wondered, and remember talking to you about this (NOT that it would have solved anything) if the owner was the scammer – even though he claimed innocence and that he himself was the real victim.

      Talking to the FBI was also “fun” but I was horrified, although I suppose not terribly surprised, to learn that recourse across borders for this kind of theft is slim-to-none.

      That fact you got your money back was one of the happier memories of my Flippa time…

  8. Im going to have coffee and tea with every seller while I have them fill out a 23andMe ancestry kit before I buy any domain name going forward.

  9. What’s even worse is that, as John Berryhill noted in his posts on NamePros, Escrow.com “confirmation of received funds” are not reliable, to use a euphemism …
    He wrote (page 6 of NP thread) “Twice in the last year, I have seen instances in which Escrow.com falsely confirmed receipt of funds and then, to cover up their error, started flinging bizarre accusations at others.” …
    and
    “For those playing along at home: A buyer in an Escrow.com sent Escrow.com a fake wire transfer document, which Escrow.com then relied upon in order to issue a payment confirmation – instead of checking their own bank account to see if they had received the payment.”
    “I’m pretty sure the California Financial Code Section 17414 assumes, that the business of a licensed escrow company is to accurately confirm whether they have been paid or not, before they issue a confirmation of payment.”

    IMHO an Escrow company should have their license revoked in those cases …

    BTW, great post by Brandon on NP, he’s the only one who mentioned the Suspicious Activity Report you can file to FinCEN in case of a suspected incident of money laundering or fraud.

  10. Pretty scary stuff. Especially what Berryhill has to say about Escrow.com at NamePros.

    If he is right, they couldn’t care less as long as they get their fee. I fully understand it is buyer’s obligation to do the due diligence, but didn’t Escrow.com begin verifying accounts?

  11. I am frankly astonished this does not happen more often. It’s terrifying to think that identity theft cuts both ways in this regard (someone impersonating whichever party is needed to approve/authorize either the asset transfer or release of funds). The fact that this isn’t a “regular” thing and the fact there aren’t any sure-fire solutions (other than registrar lock-down, 2FA, Escrow scrutiny) are kind of surreal.

  12. Could this happen with Godaddy auctions ?

    I get the escrow.com part – ie the confirmation before having cleared funds which is insane but the network solutions part I dont get. How did the thief actually convince netsol to transfer the domain name back to him / her ? Just by doing what exactly ?

    • I am the originator and rightful owner of CQD.com

      i DID NOT SELL MY DOMAIN.
      Booth: You bought a STOLEN domain!
      YOU did NOT verify me!
      YOU did not authenticate me!
      You NEVER spoke to me. My cell phone bill will prove i never had conversations with you!

      YOU did everything wrong to gain my business brand, my 22yo 3L top domain FAST. i can’t even describe here with the words i want to use on your excitement to get it!

  13. Maybe somebody should start a GoFundMe for Rebecca. Why should she bear the extra expenses alone. If she wins, every one wins.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Afternic: Pending Sync

1
I hand registered 29 domain names at GoDaddy two days ago. I registered them in two swaths - 20 names and 9 names. Afternic...

Candy.com Acquired by Hilco Digital

8
In 2021, the Candy.com domain name was sold for an undisclosed sum in a deal brokered by Andrew Miller of Hilco Digital and Amanda...

Darpan Munjal Doing AMA on X

1
I have always appreciated how Atom.com CEO Darpan Munjal has been willing to share data freely. It's helpful to see what types of domain...

Results from One Month with Afternic Boost

20
Afternic began charging for its upgraded "Boost" features on September 4th. Instead of paying 15% commission for selling a domain name via Afternic with...

Video: How Anime.com was Acquired

2
I heard the Anime.com domain name had been recently acquired, but I knew nothing about it. Anime is a a style of Japanese animation,...