Email Interception in Action: Exhibit W – Deletion of Domain 8 Months PRIOR to Expiration Date

We now come to Exhibit W, which shows the records and images of the domain thieves taking deliberate action to delete WRTA's stolen domain name 8 months PRIOR to its natural expiration date.

Approximately 30 days after the Jan 19, 2010 emails were sent and intercepted (see previous blog posts and Exhibits A-V), the domain thieves began the deliberate process of deleting WRTA's stolen domain name (ReligiousTravelAssociation.com).

Domain thieves initiated the deletion process of the domain name around Feb 22, 2010.  This deletion was a full 8 months PRIOR to the stolen domain name's natural expiration date of Oct 28, 2010 (which WRTA had pre-paid with its financial resources through this October date).

Among the reasons the thieves began the deletion process of the domain name was to destroy among other things evidence of their domain theft and email interception/theft. 

Financial gain may have also been a part of the deletion process, as WRTA re-purchased its stolen domain name 6 months later (Aug 2010) for $500 from an unknown domain broker.


WHAT TO LOOK FOR?

The images below are in chronological order of the events as they happened in Jan-Feb 2010.

Image #1
+ This shows the instructions from GoDaddy.com regarding how to delete a domain name.

Image #2
+ This is a record of the stolen domain name showing/listing the most recent update as Jan 20, 2010. Furthermore, the record shows a natural expiration date of Oct 28, 2010.
+ The registrar status of the domain shows no signs of a redemption period, deletion, etc.

Image #3
+ This screenshot shows that domain thieves have begun the deliberate premature deletion process of the stolen domain name. As seen in the record, it shows that as of Feb 22, 2010 - the domain is now in the "redemption period".  Yet again, the natural expiration date as seen here isn't until Oct 28, 2010.

Image #4
This is the last screen shot on record and available from Google cache featuring content on the stolen domain before the content was removed due to the deletion of the domain by the thieves.

Image #5
Google search of the stolen domain on Feb 25, 2010.

Image #6
Screenshot of the stolen domain of ReligiousTravelAssociation.com as it appeared on Feb 26, 2010. Due to the deletion of the domain by the thieves, there is no longer content on the stolen website as seen in this image.

Image #7
Google search of the stolen domain on Feb 28, 2010.

Images #8-9
Domain records show the "pending deletion" of the stolen domain name on March 25, 2010. The domain record also shows "Acquire this Domain Name".

Image #10
Domain record as seen on March 26, 2010 for the cybersquatted domain ReligiousTravelAssociation.ORG.

Email Interception in Action: Exhibit V – Domain Records AFTER Jan 19, 2010

This Exhibit is a direct follow-up to Exhibit U.

Be sure to read/review my blog post from 3 days ago (Sat, July 21) regarding Exhibit U.

After doing that, you're ready to review the records below regarding the stolen domain name of ReligiousTravelAssociation.com.


WHAT TO LOOK FOR?

IMAGE #1

+ This image (from DomainTools.com) shows January 2010 domain record for stolen domain name of ReligiousTravelAssociation.com.

+ As noted on image below, the record reflects changes/updates made to the stolen domain name on Jan 20, 2010. This is significant because this is less than 24-48 hours after my sending of two emails to WRTA email addresses associated with this same domain name (ReligiousTravelAssociation.com).

+ This update on Jan 20 (2010) is also consistent with a "major change/update" made to the website/domain ReligiousTravelAssociation.com as seen in my previous blog post regarding Exhibit U. As we saw in that Exhibit, the stolen domain was repointed to WRTA's expo website and domain name (WRTAexpo.com) subsequent to Jan 19, 2010.


IMAGE #2

+ The second image below shows January 2010 domain record for the cybersquatted domain of ReligiousTravelAssn.com.

+ One of the significant aspects of this image/record is that it too shows an "update" on Jan 20, 2010 to its domain name. Again, this time period falls less than 24-48 hours after my sending of two emails to WRTA email addresses associated with ReligiousTravelAssociation.com.

Today (July 22) is 1-Year Anniversary of First Criminal Conviction of Domain Name Theft in U.S.A.

The title says it all.

To mark this big and very pivotal anniversary date in the world of domain name theft - a big announcement will be released within the next week. Stay tuned.

Being the anniversary date, today is a good day to step back and review what happened a year ago on this date of July 22 - while also reviewing the legal developments over the past 5 years.


NEWS STORIES - DOMAIN NAME THEFT


Year 2011: First-ever Criminal Conviction of Domain Name Thief

Press Release
New Jersey Attorney General's Office - Division of Criminal Justice (Press Release regarding domain thief sentenced to prison)

News Story #1
First domain thief to be criminally prosecuted in the United States

News Story #2
DN Journal - The Domain News Industry Magazine

News Story #3
World Trademark Review Daily


Year 2009: Indictment of Domain Name Theft in Goncalves Case

Press Release
First indictment of domain name theft in U.S. (Media Release)

Court Indictment Document
Court Indictment Document Regarding Goncalves Case (Superior Court of New Jersey)

News Story
NJ Man charged with Web name theft, sale on eBay


Year 2007: The Wall Street Journal Reports "Domain Theft is Everyday Event"
Web-address theft is everyday event (Wall St. Journal)

Email Interception in Action: Exhibit U – Website #8 Featuring Article AFTER Jan 19, 2010

Our review continues - and we arrive now at Exhibit U. This exhibit is in correlation to and direct follow up to Exhibit K.

Below is the review of WRTA's stolen domain name (ReligiousTravelAssociation.com) before and after the date of Jan 19, 2010.


WHAT TO LOOK FOR?

WEBPAGES DATE, TIME & URL ADDRESS
As you review each image/screen shot below, where available - take note of following items:

1) Website address
2) Company name
3) Date and time of each webpage
+ Take note of whether date/time on each particular webpage is BEFORE or AFTER Jan 19, 2010 - 7:28pm MST (the time at which my email was sent - see Exhibits L and M).

IMAGE #1
+ This is a collection (collage) of screenshots of WRTA's stolen website/domain name prior to Jan 19, 2010.

IMAGES #2-4
+ These images feature a snapshot of WRTA's domain name as it appeared on Jan 30, 2010.
+ As noted in my comments on the images, domain thieves briefly redirected (after Jan 19, 2010) WRTA's stolen domain name to WRTA's official Expo website/domain name.

IMAGES #5-7
+ These images provide a comparison view of WRTA's stolen domain name prior to and after Jan 19, 2010.
+ My notes on the images provide additional information, along with identification of each screenshot (on top and bottom)

IMAGES #8-9
+ These two images from DomainTools.com provide screenshots of WRTA's stolen domain name - including how the webpages appeared (looked) on Sep 22, 2009 and Feb 12, 2010 respectively.

IMAGE #10
+ This is a screenshot of the actual WRTA Expo website and domain name (WRTAexpo.com).
+ This is the actual website that domain thieves repointed the stolen domain to beginning approx. Jan 19, 2010 and for approx. 30 days after that.
+ The WRTA Expo website was the official website for WRTA's "World Religious Travel Expo."

IMAGE #11
+ This is a domain record from DomainTools.com showing WRTA's stolen domain name in the process of being deleted, sold and/or "tampered with" in some form or another by domain thieves.

IMAGE #12
+ This image shows a Feb 26, 2010 screenshot of WRTA's stolen domain name.
+ As seen here, the stolen domain name no longer hosts any content.
+ The action taken by domain thieves in image #10 above affected WRTA's stolen domain name in such a way that all content was permanently removed from the stolen website - and the stolen domain name never again thereafter pointed to and/or was redirected to WRTA's Expo website/domain name.

IMAGE #13
+ This image shows Google search results for WRTA's domain name on Feb 25, 2010.
+ As seen and noted on the image, the following 3 "versions" of WRTA's domain name(s) are featured in Google's search results:
1) WRTA's stolen domain name being repointed by domain thieves to WRTA's Expo website.
2) WRTA's stolen domain name with original content of the domain thieves.
3) WRTA's new domain name (WRTAreligioustravel.com), which WRTA had to invest in (in 2009) due to the theft of its original company website and domain name ReligiousTravelAssociation.com

Summarization:
+ After Jan 19, 2010 - domain thieves briefly (for approx. 30 days) redirected WRTA's stolen domain name to WRTA's official Expo website/domain name address.
+ Witin this same 30 day time period following Jan 19, 2010, domain thieves began the deletion and/or selling process of WRTA's stolen domain name - a full 8 months PRIOR to the domain name's natural expiration date of Oct 28, 2010. (We'll be covering this entire process and related subsequent actions and documents in upcoming blog posts).

Email Interception in Action: Exhibit T – Website #7 Featuring Article AFTER Jan 19, 2010

Welcome to Exhibit T. This exhibit is in correlation to and a direct follow up to Exhibit J.

This exhibit deals with the national publication of Christian Press and related article.


WHAT TO LOOK FOR?

WEBPAGES DATE, TIME & URL ADDRESS
As you review each image/screen shot below, where available - take note of following items:

1) Website address
2) Company name
3) Date and time of each webpage
+ Take note of whether date/time on each particular webpage is BEFORE or AFTER Jan 19, 2010 - 7:28pm MST (the time at which my email was sent - see Exhibits L and M).

IMAGE #1
+ This is an image taken from Exhibit J.
+ The screenshot of the webpage features a "Travel Ministry" article published by Christian Press. The Google cache/snapshot of the webpage is as it appeared on Jan 13, 2010.

IMAGE #2
+ This image shows the above "Travel Ministry" article REMOVED from the Christian Press website/webpage. As seen, the date is Jan 21, 2010.

IMAGE #3
+ This image shows the Christian Press webpage that (previously) featured the "Travel Ministry" article.
+ The screenshot is taken after Jan 19, 2010.

IMAGE #4
+ This image features two different screenshots of the same Christian Press webpage.
+ The screenshot in upper-half of the image is the Christian Press webpage featuring the "Travel Ministry" article dated Jan 13, 2010.
+ The screenshot in lower-half of the image is same Christian Press webpage - yet with the "Travel Ministry" article completely removed.

IMAGE #5
+ This image is taken from Exhibit J.
+ The image is included here primarily for reference purposes. Please see attached notes on image.

Summarization:
+ Any and all references to the content featured on the Christian Press website regarding "Top 10 Reasons to Have a Christian Travel Ministry" have been completely removed. This also includes any hyperlinks to the "Travel Ministry" article from the Christian Press website.

In summary, there are no remnants of the "Travel Ministry" article, text and/or content that the publisher Christian Press had just days earlier hosted/featured.

Email Interception in Action: Exhibit S – Website #6 Featuring Article AFTER Jan 19, 2010

We've now reached Exhibit S. This exhibit is in correlation to and a direct follow up to Exhibit I.

Let's begin the review.....


WHAT TO LOOK FOR?

IMAGE #1
+ This is a screenshot of the website "christiantravelinternational.com" as it appeared in the days after Jan 19, 2010.
+ As seen in this image, the website features a generic "Red Hat" notice.

IMAGE #2
+ This is a screenshot from Exhibit I.
+ This is a screenshot of the website "christiantravelinternational.com" as it appeared prior to Jan 19, 2010.

IMAGE #3
+ This image contains the above two screenshots in a comparision format (image #1 on top; image #2 below).
+ As seen from the two contrasting screenshots, the original text regarding "Christian Travel International Coming Soon" has been completely removed.

Summarization:
+ Any and all references to the text "Christian Travel International Coming Soon" has been completely removed from the website. Furthermore, this phrase was the only text ever featured on the website dating back to the domain's inception and debut around June 19, 2009.

As such, any and all text references to what "Christian Travel International is and/or represents" has been completely removed from the website - thus leaving no remnants of the content it had previously hosted for prior six months and leaving no remaining explanation of the "entity" and/or what happened to it.

Email Interception in Action: Exhibit R – Website #5 (Twitter) Featuring Article AFTER Jan 19, 2010

And we continue on.  Getting a little closer to end of the alphabet, as we now arrive at Exhibit R. 

Exhibit R is in correlation to and a direct follow up to Exhibit H. 

Let's begin the review.....


WHAT TO LOOK FOR?

IMAGE #1
+ This image is actually from Exhibit H.
+ I've inserted this screen shot here for your review, so that you can easily reference this image against the following two images below.
+ The notes on this image are pretty self-explanatory. In short though, this is a company's twitter feed with two tweets from Sep 2 and Sep 9 (2009) highlighted and noted.
+ And as seen here, the "Travel Ministry" webpage/content that is connected to the Sep 2 and Sep 9 tweets is featured here too (on right-side of image).

IMAGE #2
+ This is a screen shot of the same company Twitter feed (featured in Image #1 above) - yet as noted, the Sep 2 and Sep 9 (2009) tweets have been REMOVED.
+ All other tweets remain featured/listed.

IMAGE #3
+ This is a "comparison" screen shot of the above same company Twitter feed.
+ The image is pretty self-explanatory especially with my notes and arrows. In short, the Twitter feed on right shows that two tweets (from Sep 2 and Sep 9) have been REMOVED from the feed.
+ On left hand side of the image is the Twitter feed featuring the two tweets (from Sep 2 and Sep 9) prior to their removal.

Summarization:
+ Any and all references to the "Travel Ministry" links, content and/or text were completely removed from the company Twitter feed - thus leaving no remnants of these links and content it had previously hosted.

Email Interception in Action: Exhibit Q – Website #4 Featuring Article AFTER Jan 19, 2010

Moving along - we now arrive at Exhibit Q.  This exhibit is in correlation to and a direct follow up to Exhibit G.

Please review Exhibit G - and then once you've done this, you're ready to review the following.....


WHAT TO LOOK FOR?

WEBPAGES DATE, TIME & URL ADDRESS
As you review each image/screen shot below, where available - take note of following items:

1) Website address
2) Company name
3) Date and time of each webpage
+ Take note of whether date/time on each particular webpage is BEFORE or AFTER Jan 19, 2010 - 7:28pm MST (the time at which my email was sent - see Exhibits L and M).

IMAGES #1-2
+ These are screenshots of the company's homepage.
+ The first image is a screenshot of the company's homepage as it appeared on Jan 15, 2010.
+ The second image is a screen shot of the company's homepage as it appeared on Jan 21, 2010.

+ As noted on the images, the "Travel Ministry" title, paragraph and hyperlink at bottom of the company's homepage (see first image) has been removed on the Jan 21, 2010 edition (see second image).

+ Regarding the "Travel  Ministry" link featured in the paragraph (in the first image), this was directly hyperlinked to the "Travel Ministry" webpage/content hosted on the same company website (see image #3 below).

IMAGES #3-4
+ These are two screenshots from Exhibit G.
+ These screenshots are placed here for your review, so that you can see how this company website features a "Travel Ministry" link at the bottom of its website. And as you'll see, the "Travel Ministry" link is located in-between the links of "Media" and "Groups".
+ The "Travel Ministry" link at bottom of the website/webpages is directly hyperlinked to the "Travel Ministry" webpage/content featured in Image #3.
+ Both of these images/screenshots are dated prior to Jan 19, 2010.

IMAGES #5-9
+ These are sample images and webpages from the company's website after Jan 19, 2010.
+ As seen and noted in these images, the "Travel Ministry" link has been removed from each webpage.

Summarization:
+ Any and all references to "Travel Ministry" links, content, and/or text were completely removed from the website after Jan 19, 2010 - thus leaving no remnants of these links and content it had hosted just days earlier. 

Email Interception in Action: Exhibit P – Website #3 Featuring Article AFTER Jan 19, 2010

Now we come to Exhibit P - which is in correlation to and a direct follow up to Exhibit F.

Once you've reviewed Exhibit F, it's time to begin the review below.....


WHAT TO LOOK FOR?

WEBPAGES DATE, TIME & URL ADDRESS
As you review each image/screen shot below, where available - take note of following items:

1) Website address
2) Company name
3) Date and time of each webpage
+ Take note of whether date/time on each particular webpage is BEFORE or AFTER Jan 19, 2010 - 7:28pm MST (the time at which my email was sent - see Exhibits L and M).

IMAGES #1-2
+ These are screenshots of company's homepage as seen on Jan 23, 2010. In the second image, I've also included a screen shot of the company's hompage as it looked prior to Jan 19, 2010.

+ You can also review the company's hompage as it looked on Dec 28, 2009 by going to the Internet Archive located at http://web.archive.org/. Or you can just click on this following link and it should take you to the company's homepage for this date (12/28/2009): http://web.archive.org/web/20091228175401/http://travelwithspirit.com/

+ As noted on the images, the "Travel Ministry" link at bottom of the company's homepage has been removed on Jan 23, 2010 edition.

+ Regarding the "Travel  Ministry" links themselves, this is how they worked. When someone would click on the "Travel Ministry" link (at bottom of company's homepage and webpages), the link would then take them to a webpage featuring content about Travel Ministry - as discussed and shown in Exhibit F.  The webpage that featured the "Travel Ministry" content is addressed in Images #3-4 (see below).

IMAGES #3-4
+ Image #3 shows the "Travel Ministry" webpage after all its content had been removed.
+ Image #4 shows the "Travel Ministry" webpage's content as it was featured prior to Jan 19, 2010.

IMAGES #5-6
+ Images #5 and #6 are essentially "before" and "after" photos of the company's media webpage (before and after "Jan 19, 2010" that is).
+ Image #5 shows no "Travel Ministry" link existing at the bottom of company's media webpage on Jan 25, 2010 edition.
+ Image #6 shows the company's media webpage featuring the "Travel Ministry" link on Jan 10, 2010 edition.

IMAGES #7-8
+ These are just sample images and webpages from the company's website after Jan 19, 2010.
+ The two webpages featured in these images include the Contact Us webpage (Jan 22, 2010) and Subscriptions webpage (Jan 26, 2010).
+ As you'll see on these images, the "Travel Ministry" link has been removed on each webpage.

OVERALL REVIEW
+ The "Travel Ministry" link has been completely removed from all webpages of the company's website.
+ The "Travel Ministry" links at the bottom of each webpage were directly connected (hyperlinked) to a webpage featuring "Travel Ministry" content.
+ The webpage featuring the "Travel Ministry" content had all of its (Travel Ministry) content and text completely removed.

Summarization:
+ Any and all references to "Travel Ministry" links, content, and/or text were completely removed from the website - thus leaving no remnants of these links and content it had hosted just days earlier.