Domainer asks court to block Epik sell-off
The customer suing Epik and its management over a fumbled $327,000 domain deal has asked a US court to prevent the company from selling off its assets and “absconding”.
Matthew Adkisson has amended his fraud complaint, first filed in March, to demand an injunction:
enjoining Defendants from transferring, liquidating, converting, encumbering, pledging, loaning, selling, concealing, dissipating, disbursing, assigning, withdrawing, granting a lien or security interest or other interest in, or otherwise disposing of Adkisson’s Escrow Funds and any other amounts owed to Adkisson, including but not limited to by transferring, liquidating, converting, encumbering, pledging, loaning, selling, concealing, dissipating, disbursing, assigning, withdrawing, granting a lien or security interest or other interest in, or otherwise disposing of any of Defendants’ assets or companies that Adkisson’s Escrow Funds were used in connection with
The amendment follows tweets from current Epik CEO Brian Royce which strongly suggested the company is in the process of selling off its assets. The complaint quotes former CEO and majority shareholder Rob Monster as confirming a sale was being “finalized”.
“If Royce, Monster, and Epik are allowed to sell Epik or its assets, consumers like Adkisson are highly unlikely to be repaid for the funds that Royce, Monster, and Epik and misappropriated,” the complaint says.
Adkisson attempted to buy the domain nourish.com via Epik and its “escrow” service last year, but after the sale fell through the company did not return his money. He now claims Epik was illegally mingling its escrow funds with its general operations fund.
The amended complaint now includes several citations from TrustPilot — other customers who says they bought domains only to see Epik take their cash and not hand over the domain.
While Epik has admitted that it owes Adkisson money, it has otherwise denied any wrongdoing. After the amendment, Royce withdrew his motion to dismiss the case.
Epik CEO tries to wriggle out of $327,000 refund lawsuit
Epik CEO Brian Royce has filed a motion to dismiss a lawsuit against him, as the company denies it defrauded a customer out of $327,000 in a botched domain purchase.
Royce was named alongside Epik companies and former CEO Rob Monster in a legal complaint last month by customer Matthew Adkisson, who had tried to buy the domain nourish.com through Epik’s escrow service.
But Royce says he should be removed from the list of defendants because he wasn’t employed by Epik when the deal was inked last May. He became CEO in September 2022, after Monster stepped aside.
The motion to dismiss was filed as the companies — Epik, parent Epik Holdings, and sister company Masterbucks — simultaneous denied the allegations of fraud and racketeering, while admitting they still owe Adkisson money.
Epik admits Adkisson paid $327,000 for the domain, that he never received the domain, and that he is still owed a refund:
Defendants admit that the domain name has not been transferred to Adkisson. Defendants additionally admit that they intended, and still intend, to return Plaintiff’s funds that he had paid for the purchase of the domain name
…
Defendants admit that Epik owes Adkisson a refund of the $327,000 in funds he previously transferred to it
Monster, who is also named as a defendant and remains Epik’s majority shareholder, has not yet filed his answer to the complaint with the court, according to PACER records.
Epik sued over financial meltdown
Domain registrar Epik has been sued by a customer who says he is owed $327,000 over an aborted secondary market purchase.
Matthew Adkisson says he paid the sum to Epik to buy the domain nourish.com from a third-party seller, with Epik paid $27,000 for its escrow service.
However, Adkisson alleges, the sale fell through and when he asked Epik for his money back he was given the runaround for months.
His lawsuit describes a scheme whereby Epik, former CEO Rob Monster and current CEO Brian Royce were using supposedly escrowed funds for general corporate — and possibly even personal — purposes.
There are even alleged Ponzi-like elements, with funds from new customers being used to pay off debts to former customers.
The suit describes it as a “widespread and illegal fraudulent scheme — replete with misrepresentations, embezzlement, and misappropriation”.
Similar complaints of this nature have been made against Epik for months, with many buyers and sellers struggling to get paid.
The suit, which suggests it believes some of Epik’s actions may have been criminal, lists eight counts including breach of contract, fraud and racketeering. Adkisson wants his money back, as well as unspecified damages.
You can read the complaint here (pdf). Hat tip to John Berryhill.
Facebook sues free domains registry for cybersquatting
Facebook parent Meta has sued Freenom, the registry behind multiple free-to-register ccTLDs including .tk, claiming the company engages in cybersquatting.
Meta alleges that Freenom infringes its Facebook, Instagram and WhatsApp trademarks over 5,000 domain names in the TLDs it operates.
While best-known for Tokelau’s .tk, which had almost 25 million registrations when Verisign stopped counting them a year ago, Freenom also operates .gq for Equatorial Guinea, .cf for the Central African Republic, .ml for Mali, and .ga for Gabon.
Apart from some reserved “premiums”, the company gives domains away for free then monetizes, with parking, residual traffic when the domains expire or, one suspects more commonly, are suspended for engaging in abuse.
Naturally enough, it therefore has registered, to itself, a great many domains previously used for phishing.
Meta lists these names as examples of infringers: faceb00k.ga, fb-lnstagram.cf, facebook-applogin.ga, instagrams-help.cf, instaqram.ml, chat-whatsaap.gq, chat-whatsaap-com.tk, and supportservice-lnstagram.cf, though these do not appear to be monetized right now.
It accuses the registry of cybersquatting, phishing and trademark infringement and seeks over half a billion dollars in damages (at $100,000 domain).
Today, Freenom is not accepting new registrations, but it’s blaming “technical issues” and says it hopes to resume operations “shortly”.
Facebook is one of the most prolific and aggressive enforcers of its trademarks in the domain space, having previously sued OnlineNIC, Namecheap and Web.com. OnlineNIC had to shut up shop due to its lawsuit.
(Via Krebs on Security)
XYZ bosses agree to pay $1.5 million to settle Fed’s loan scam claims
Some of XYZ’s top executives have agreed to pay $1.5 million to settle a US Federal Trade Commission lawsuit alleging they “deceptively” harvested vast amounts of personal data on millions of people and sold it “indiscriminately” to third parties including potential scammers and identity thieves.
The FTC says that the execs, through a network of interlinked companies, deceptively collected loan applications through at least 200 web sites, promising to connect the applicant with verified lenders, but instead sold the personal data willy-nilly to the highest bidder through a lead-generation marketplace.
The data was bought by companies that in the vast majority of cases were not in the business of providing loans, the FTC said. The buyers were not checked out by the XYZ execs and exposed consumers to identity theft and fraud, it added.
The allegations cover activities starting in 2012 and carrying on until recently, the FTC said.
“[They] tricked millions of people into giving up sensitive financial information and then sold it to companies that were not making loans,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection said in a press release. “The company’s extraction and misuse of this data broke the law in several ways.”
“The FTC’s allegations were wholly without merit,” the defendants’ lawyer, Derek Newman, told DI in an email. “But litigation against the FTC is expensive and resource draining. For that reason, my clients chose to settle the case and move on with their business.”
“In fact, the FTC did not require any changes to my clients’ business practices that they had not already implemented before the case was filed,” he added.
The suit (pdf) named as defendants XYZ.com CEO Daniel Negari, COO Michael Abrose, business development manager Jason Ramin, and general counsel Grant Carpenter. Two other named defendants, Anisha Hancock and Sione Kaufusi, do not appear at first glance to be connected to the domains business.
The settlement (pdf) sees the defendants pay $1.5 million and agree to certain restrictions on their collection and use of data, but they did not admit or deny any liability.
The lead generation business was carried out via at least 17 named companies, including XYZ LLC (which appears to be a different company to the .xyz registry, XYZ.com LLC), Team.xyz LLC and Dev.xyz LLC. The FTC complaint groups them together under the name ITMedia.
Some of the companies are successors to Cyber2Media, the FTC said, a company that in 2011 had to settle a massive typosquatting lawsuit filed by Facebook.
Despite the personnel crossover, nothing in the complaint relates directly to the .xyz domains business, and the only domains listed in the complaint are some pretty nice .coms, including badcreditloans.com, personalloans.com, badcredit.com, fastmoney.com and cashadvance.com.
The complaint alleged deceptive representations and unfair distribution of sensitive information as well as violations of the Fair Credit Reporting Act. It reads:
In numerous instances, Defendants, through ITMedia’s actions, have shared and sold sensitive personal and financial information from consumers’ loan forms — including consumers’ full names, addresses, email addresses, phone numbers, birthdates, Social Security numbers, bank routing and account numbers, driver’s license and state identification numbers, income, status and place of employment, military status, homeownership status, and approximate credit scores—without consumers’ knowledge or consent and without regard for whether the recipients are lenders or otherwise had a legitimate need for the information.
Essentially, the complaint alleged that the defendants bullshitted consumers into handing over personal info thinking they were applying for a legitimate loan, when in fact the info was just being harvested for resale to sometimes dodgy buyers.
The complaint reads:
ITMedia’s practice of broadly disseminating consumer information, including to entities that share information with others whose identities and use of the information are unknown to ITMedia, exposes consumers to the risk of substantial harm from identity theft, imposter scams, unauthorized billing, phantom debt collection, and other misuse of the consumers’ information. Some consumers have complained that, shortly after submitting loan applications to ITMedia, they have received communications using the names of ITMedia websites to present sham loan offers or demands for repayment of counterfeit debt.
The $1.5 million settlement will be paid by “Individual Defendants and Corporate Defendants, jointly and severally”, according to court documents.
UPDATE: This article was updated shortly after publication with a statement from XYZ’s lawyer.
As .spa launches, former partner pisses in the champagne
The world’s newest gTLD is due to hit its landrush launch phase tomorrow, but a disgruntled former business partner is warning that it plans to get all the registrations cancelled.
DotPH, the ccTLD registry for the Philippines, reckons it is owed half of the equity in .spa under a 2012 agreement, and has been warning registrars that to sell .spa domains would be to breach three injunctions it has secured through a Hong Kong court.
The latest such injunction (pdf), dated April 23, in part prevents the registry, Asia Spa and Wellness Promotion Council:
(whether directly or indirectly and whether by itself or via its agents or service providers (viz. registrars and registry backend) (“Agents/Service Providers”), employees and/or associated corporate entities whatsoever) be restrained from entering into any agreements for the sale, lease or other use or disposal of any .spa sub-domains (“Launch Agreements”) and/or causing, procuring or giving consent to the Agents/Service Providers to enter into any Launch Agreements
The injunctions are being interpreted differently by DotPH and ASWPC.
DotPH told participating registrars — there are at least 36 of them, according to the ASWPC web site — in a May 12 letter (pdf) from its lawyers:
ASWPC must stop selling .spa domains – by itself, or by or through its agents including Registrars… ASWPC cannot allow or permit any of its Registrars to sell any .spa domains.
It goes on to say:
Our clients will seek orders to cancel all registrations accepted by the .Spa Registry in breach of the Court order. You should alert any existing registrants, and any intending registrants of the Court order, and of the likelihood that any .spa domains registered are likely to be cancelled – unless they have a contract dating before 19 April 2021 requiring ASWPC, or you, to register their domains.
ASWPC’s interpretation appears to differ, in that it does not believe registrars are bound by the injunction, due to the chain of contracts between registry and registrant.
DotPH says that the Hong Kong High Court is next due to consider the case in August.
The .spa landrush phase is due to run from 1600 UTC May 26 until October 1. It’s ostensibly a community-based gTLD, but has eligibility policies that make it open to essentially anyone.
Facebook gunning for Web.com in latest $27 million-plus cybersquatting lawsuit
Facebook has sued what it believes is a Web.com subsidiary, claiming the company has been engaged in wholesale cybersquatting for well over a decade.
The complaint, filed in a Pennsylvania District Court, alleges that New Venture Services Corp current owns 74 domains, and has previously owned 204 more, that infringe its Facebook, Instagram and WhatsApp trademarks.
While no other named defendants are listed, the complaint makes it abundantly clear that it believes NVSC is a subsidiary of Web.com and a sister of Network Solutions, Register.com, SnapNames and Perfect Privacy.
Facebook is suing partly under the Anti-Cybersquatting Consumer Protection Act, allowing it to claim $100,000 damages per infringing domain, so we’re looking at a floor of $27.8 million of potential damages should the lawsuit be successful.
But it’s also looking for NVSC to hand over any profits it’s made from the domains in question, which are generally parked with ads and listed for sale via the SnapNames network for premium fees.
While NVSC is registered in the British Virgin Islands and uses a Pennsylvania post office box as its mailing address, there’s a wealth of evidence going back to 2007 that it’s been affiliated first with NetSol and then Web.com.
Web.com’s last regulatory filing before it went private in 2017 lists NVSC as a subsidiary, which is probably the most compelling piece of evidence establishing ownership.
It appears that NVSC is a shell company that Web.com uses to hold potentially valuable or traffic-rich domains that its customers have allowed to expire. The names are then parked and put up for resale.
Example domains listed in the complaint include httpinstagram.com, faceebbok.com, facebooc.net, instagram-login.com, and installwhatsapps.com.
One would have to assume these names were captured using a fully automated process; even a cursory human review would clock that they’re useful only to bad actors.
The lawsuit is the latest in Facebook’s crusade against mainstream registrars it believes are profiting by infringing its trademarks, which has already ensnared Namecheap a year ago and OnlineNIC in October 2019.
Namecheap recently filed a counterclaim in which it tries to get some of Facebook’s trademarks cancelled.
Facebook has all but admitted that putting legal pressure on registrars is part of its strategy when it comes to getting the policies it wants out of ICANN on privacy and Whois access, where there’s currently an impasse.
Here’s the complaint (pdf).
Schreiber really did sue you all, sorry
It seems the aggrieved domain registrant and troll Graham Schreiber really has filed a lawsuit against scores of current and former domain name industry and ICANN community members.
You may recall that last week I blogged about a purported lawsuit by Schreiber against many industry professionals, as well as people who’ve been heavily involved in ICANN over the last couple decades.
I noted that there was no independent confirmation that any complaint has actually been filed in any court, but it turns out a complaint has now actually been filed.
A search on the Canadian Federal Court system reveals:
That appears to be an intellectual property lawsuit filed August 25 by Schreiber against “Jeffrey Levee et al”.
That’s five days after the document started circulating among defendants and my original coverage.
Levee is the long-time outside counsel for ICANN, working for Jones Day for two decades. In the org’s early days, his name often popped up in conspiracy theories.
The Schreiber document that was circulated last week just happened to name Levee as his first defendant, followed by several dozen more, often far less influential, individuals and companies.
To see my original coverage of the pretty much incomprehensible complaint, along with a link to the document, go here.
It’s a CONSPIRACY! Canadian registrant “sues” pretty much everybody
Canadian domain registrant and noted industry troll Graham Schreiber has sued, or at least claims to have sued, just about every notable figure in the ICANN community.
A document purporting to be a lawsuit is being circulated today among some of the dozens of named defendants, which include several people who’ve not been involved with ICANN for many years.
It names 27 volunteers from ICANN’s Intellectual Property Constituency, 21 current and former senior executives of registries and registrars, several members of the US and UK governments, an FBI agent, an unnamed “White House Conspirator”, as well as lawyers for LinkedIn, Facebook, Twitter, ICANN, Google and the UK Intellectual Property Office.
It’s my job to tell you in simple terms what the alleged lawsuit alleges, but I’m afraid I’m at an utter loss with this one. It reads like the fever dream of a conspiracy theorist that would make the average Qanon believer appear the model of reason and clarity.
Schreiber variously refers to his defendants as “Kingpins” involved in a “Cartel” or “Conspiracy”, the factual details of which he never quite gets to.
Here’s a representative sample paragraph, unedited:
If and when, the “Defensive Registrations” obliged by ICANN’s R[r]egistry & R[r]egistrar “Stakeholders” = “Kingpins” and specifically CentralNic [ weren’t purchased ] assailants would strike; and Infringe, Dilute, Blur and Pass-Off as our online business, individually with identical and confusingly similar domain name, faking to be appointed or an authorized agent of the primary Registrant, in a country’s entrepreneurs Intellectual Property may or may not have been protectable at Common Law Trademark, under Madrid Protocol Rules, as it / they fulfilled the obligations of local National laws, to become a Registered Trademark, as I secured in the USA with USPTO, after the CIPO did their work.
At one point, he admits to trolling the defendants on social media since 2012, and points to their failure to sue him as evidence of a conspiracy:
I’ve made statements via those Social Media resources which would, if they were untrue, subject me to a singular lawsuit or multiple lawsuits from the Defendants listed, for: Defamation, Slander and Libel.
As yet, these well taunted Defendants have all conspired together, in collective silence, anticipating that their grandeur and my insignificance would, maintain safe passage, for them to continue.
As the vast majority of the Defendants are well schooled, powerful U.S. Attorneys, it’s my expectation that the Court oblige them to address the charges here stated, or collectively for their defence, they must File a lawsuit with this Court, charging me for what could be [ but aren’t ] remarks constituting Defamation, Slander & Libel against them, which again, I’ve posted on some of the Defendants own clients, Social Media Platforms
Schreiber was once a regular fixture in DI’s comments section too. Thankfully, we’ve not heard from him in years.
The root cause of the “lawsuit” appears to be an old beef Schreiber has with CentralNic.
He says he owns what he calls a “common law trademark” on the term “Landcruise” and he once used the matching .com domain to operate a motor-home rental business.
At some point in 2011, he became aware that a British registrant had registered landcruise.co.uk and landcruise.uk.com.
At the time, CentralNic was primarily in the business of selling domains at the third level in pseudo-gTLDs such as uk.com, gb.com and us.com.
Schreiber tried and failed (twice) to get the .uk domain transferred under Nominet’s Dispute Resolution Service, and then he took his beef to the courts.
In 2012, he sued CentralNic, ICANN, Verisign, eNom, and Network Solutions in a complaint that barely made much more sense than the “lawsuit” being circulated today.
That case was thrown out of court in 2013.
I expect the same fate to befall the current lawsuit, if indeed it has even been filed in a court.
Schreiber wants $5 million from every defendant.
If you want to check whether you’re one of them, read the PDF “complaint” here.
US officials gunning for coronavirus domains
US state and federal law enforcement are pursuing domain names being used to push bogus products and misinformation related to coronavirus Covid-19.
In separate actions, the US Department of Justice forced Namecheap to take down a scam site that was allegedly using fear of coronivirus to hoodwink visitors out of their cash, while the New York Attorney General has written to registrars to demand they take action against similar domains.
The DoJ filed suit (pdf) against the anonymous “John Doe” registrant of coronavirusmedicalkit.com on Saturday and on Sunday obtained a temporary restraining order obliging Namecheap to remove the DNS from the domain and lock it down, which Namecheap seems to have done.
Namecheap is not named as a defendant, but the complaint notes that the DoJ had requested the domain be taken down on March 19 and no action had been taken by the evening of March 21.
The web site in question allegedly informed visitors that the World Health Organization was giving away free coronavirus vaccines to anyone prepared to pay a $4.95 shipping fee by handing over their credit card details.
This is an identity theft scam and wire fraud, the complaint says.
Meanwhile, NYAG Letitia James has sent letters, signed by IT chief Kim Berger, to several large US registrar groups — including GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance — to ask them to “stop the registration and use of internet domain names by individuals trying to unlawfully and fraudulently profit off consumers’ fears around the coronavirus disease”.
In the letter to GoDaddy (pdf), Berger asks for a “dialogue” on the following preventative measures:
- The use of automated and human review of domain name registration and traffic patterns to identify fraud;
- Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints;
- Revising your terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains; and
- De-registration of the domains cited in the articles identified above that were registered at GoDaddy, and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains.
In other words: try to stop these domains being registered, and take them down if they are.
No specific malicious sites are listed in the letter. Rather, Berger cites a study by Check Point Software that estimates that something like 3% of the more than 4,000 coronavirus-related domains registered between January and March 5 are “malicious” in nature.
Recent Comments