Yashar Ghaffarloo

Ramblings of an internet marketer

Crush CBD (Tinted Brew Inc.): A Laughable Attempt at Domain Name Hijacking

On October 10, 2018, I acquired the domain name CrushCBD.com through GoDaddy Auctions for $1,250.

The domain name was registered on GoDaddy with the following page up for display up until earlier this week.

This is the default page that GoDaddy displays after a domain name is acquired through their auction house.

The “Get This Domain” CTA on all GoDaddy-parked domains is a way for GoDaddy to generate revenue on domain names for which they are a registrar and where the registrant hasn’t pointed the domain’s DNS elsewhere.

Users interested in a domain not in use can pay GoDaddy’s brokers to contact the domain owner for a fixed fee plus percentage of the final sale price (usually 10-20%) on behalf of the interested party.

In late January 2019 I received a call from a GoDaddy broker informing me that there was a party interested in acquiring my domain CrushCBD.com. I pushed for a dollar amount and was presented with an offer range of $5,000 – $10,000 which I declined.

On January 30, 2019 I received an email from GoDaddy’s brokerage team confirming that negotiations had ended and that the thread was closed.

On July 28, 2019 I received a phone call from a party interested in acquiring the domain name. This individual presented an offer an order of magnitude stronger than the one I received through GoDaddy’s brokerage arm in January.

While I had no interest in selling the domain name at the time of acquisition – prepared to sit on it for a few years until the time came to do develop it – I’d be lying if I said the offer didn’t pique my interest. I told the potential buyer that I’d get back to them.

In doing so, I did research on the party who made the offer through GoDaddy in January and hypothesized that it was Tinted Brew, Inc.: the owner of the CrushCBD.co domain.

Why? The domain name CrushCBD.co was registered the same month that I received an offer for the CrushCBD.com domain.

Additionally, upon conducting a trademark search, Tinted Brew, Inc. (d/b/a Crush CBD) registered an intent to use trademark for Crush CBD in June of 2019 – meaning that they hadn’t deployed the trademark in use in commerce at that point.

Still with me? Let’s recap the timeline:

  1. October 10, 2018: I acquire the domain name CrushCBD.com.
  2. January 11, 2019: Tinted Brew, Inc. registers domain name CrushCBD.co.
  3. January 30, 2019: I end negotiations for an offer in the $5,000 – $10,000 range GoDaddy’s brokerage service for the domain name CrushCBD.com.
  4. June 4, 2019: Tinted Brew, Inc. registers intent to use the “Crush CBD” trademark in commerce.
  5. July 28, 2019: I receive an offer of $20,000 for CrushCBD.com through a phone call.
  6. July 29, 2019: I reach out to Tinted Brew, Inc., asking if they are interested in making an offer higher than the one presented by the above mentioned party.

When calling, I reached a support agent who took down my name and number and said the owner would get back to me.

Later that day, Jonathan Nemr, the owner of Tinted Brew, Inc. gave me a call. I let him know that I had an offer for the domain and asked if they’d be interested in presenting an offer higher than the $20,000 one that I had received.

He said that they couldn’t afford that, closing with something along the lines of “we have a trademark for Crush CBD” – registering an intent to use in commerce does not mean that they were actually using the Crush CBD trademark in June – and “nobody else can use the domain name” – which is also false.

I told him that it wasn’t a problem and ended the call.


On August 5, 2019, I received the following email from Mayra Lopez of Ferguson Case Orr Paterson, LLP representing Tinted Brew, Inc.

(A letter in the mail arrived shortly after.)

The attachment “Crush CBD Letter.pdf” reads as follows.

Let’s dissect this letter together.

Tinted Brew, Inc. is a well known provider of e-liquid related products, but for all the wrong reasons. A quick Google search for the brand name uncovers a warning letter from the Center of Tobacco Products branch of the FDA.

What’s more: they themselves have infringed upon the intellectual property of Intercontinental Great Brands LLC – a subsidiary of Kraft Foods – using their trademark in their line of vape oils without the holder’s permission.

Digging deeper into the letter, the irony is uncanny.

If we visit Tinted Brew, Inc.’s site, we see an empty storefront.

Well known my ass.

Moving on to the following snippet from the legal scare letter sent by Ferguson Case Orr Paterson, LLP, we see the following United States Code cited as the one I am allegedly in violation of.

This is laughable, and shows negligence on behalf of the firm who dispatched the letter.

Let’s take a look at 15 U.S.C. § 1125(D) – the Code that I am allegedly in violation of – and see truly how the claims made in the letter couldn’t be further from the truth.

  1. “has a bad faith intent to profit from that mark”
    1. Bad faith would only be a valid complaint if the complainant’s trademark existed at the time the domain name was registered.
      1. The registration of their trademark was neither a valid trademark (only an intent to use in commerce) and postdated the date I acquired CrushCBD.com.
    2. Furthermore, I forewent profit by not monetizing the domain through a for-profit parking service like Bodis or Sedo.
      1. Even if I had decided to go down this route, this would be a valid use of the domain name. This goes to show the negligence of Ferguson Case Orr Paterson, LLP.
  2. “in the case of a mark that is distinctive at the time of registration of the domain name”
    1. Tinted Brew, Inc.’s trademark was registered 8 months after I acquired the domain name CrushCBD.com.
    2. My use of the CrushCBD.com domain name never infringed upon any of Tinted Brew, Inc.’s intellectual property.

For my registration to be in violation of 15 U.S.C. § 1125(D), both of the points above must be true. Neither are.

Moving on to the following:

This couldn’t be further from the truth. If I had wanted $10,000 for the domain name, I would have accepted the offer made through GoDaddy’s brokerage arm in January. Furthermore, during the call made to Tinted Brew, Inc. on July 29, never did I express interest in letting them acquire the domain name for $10,000 – only reaching out to see if they had an offer higher than the $20,000 offer I had received earlier that month.

And, finally, the letter closes with the following.

“You’re in violation of all of these laws – but wait! If you give us the domain name for free, we’ll let you off the hook.”

Cute.


Now, the author of the email – Mayra Lopez – seems to be a paralegal and not the individual who drafted the letter.

In her email, she cites that the letter was sent “For Corey A. Donaldson, Esq.” and that is the partner whose signature appears on the letter.

Let’s take a look at Corey A. Donaldson’s profile on the firm’s website.

As a partner, his expertise seems to lie in the protection of his clients’ intellectual property. The letter claimed that I was in violation of 15 U.S.C. § 1125(D). As we explored earlier, this is a baseless claim and shows that the Donaldson did not bother to do any research before making his claims.

There’s no room for interpretation on this one: it’s so black and white that it’s hard to believe that Donaldson did not knowingly send the letter in bad faith, knowing that what was contained in the letter was untrue.

I’ll let you draw your own conclusions on the integrity of the firm, Donaldson’s ethics, and the depth of his expertise in IP law.


The process that a party who believes that their intellectual property is being infringed upon must go through is ICANN’s Uniform Domain-Name Dispute-Resolution Policy (UDRP.)

ICANN panelists then decide whether or not to transfer the domain name to the complainant based on the evidence presented in the complaint.

Now, for a UDRP case to be valid, there has to be evidence showing infringement of the complainant’s intellectual property.

In the event of a UDRP being filed, the firm would be in violation of reverse domain name hijacking (RDNH.)

Reverse domain name hijacking is when a party wants a domain name, but doesn’t want to pay for it. Said party retroactively files a trademark – postdating the registration of the domain name in question – and files a UDRP in bad faith in an attempt to steal the domain.

We saw in the USC cited above that a case where a registrant acquires a domain name before the trademark is registered, the UDRP case for cybersquatting is not valid.

Let’s take a look at the definition from RDNH.com:

This false complaint letter sent by Corey A. Donaldson of Ferguson Case Orr Paterson on behalf of Jonathan Nemr of Tinted Brew, Inc. – if filed for review by ICANN panelists – would be a textbook definition of RDNH.

Let’s explore further.

  • The Disputed Domain was registered prior to any trademark use by the Complainant;
    • Both the domain registration date and my acquisition date predated Tinted Brew, Inc.’s registration of CrushCBD.co and their registration of the trademark “Crush CBD.”
  • The Complaint failed to provide any evidence that the Respondent was specifically targeting the Complainant in its registration and use of the Disputed Domain;
    • No evidence was presented, and none exists.
    • Rather than provide evidence, the firm representing Nemr attempted me to turning over the domain name for free by falsesly claiming that I was in violation of USC.
  • The Complaint is used as a Plan “B” option to acquire a domain after commercial negotiations have failed;
    • A party – almost certainly Tinted Brew, Inc. – reached out through GoDaddy’s brokerage service the same month that CrushCBD.co was registered by Tinted Brew, Inc. and made an offer in the $5,000 – $10,000 range for the domain which I declined.
    • While GoDaddy didn’t identify the party making the offer – as they don’t want us to skip using their brokerage service and collecting their commission – you can draw your own conclusions with the information and timeline presented above on whether or not the inquiring party was Tinted Brew, Inc.
    • Jonathan Nemr expressed interest in acquiring the domain in my phone call until he didn’t like the price tag. A legal scare letter was his Plan “B.”
  • The Complainant attempted to deceive the Respondent in communications that preceded the filing of the Complaint;
    • The firm that Jonathan Nemr hired attempted to blackmail me into surrendering the domain name.
      • The firm did so by falsely claiming that I was in violation of 15 U.S.C. § 1125(D).
  • The Complainant attempts to misrepresent material facts to the panel, or fails to disclose material facts.
    • Tinted Brew, Inc. is yet to file a UDRP for review by a panel, as the processing costs start at $1,500 plus legal fees.

I have invited them to file a UDRP, though I don’t expect to be receiving one because Ferguson Case Orr Paterson, LLP has no case – and they know it.

This is not the first time they’ve made false claims against a domain registrant.

Let’s take a look at this WIPO Arbitration and Mediation Center complaint from 2006 where the panelists concluded that they were reverse domain name hijackers and denied their domain transfer request.

The claims that the firm made in its 2006 filing – where it was labeled a reverse domain name hijacker – are shockingly similar to those made against my registration.

This firm clearly knows how to file a UDRP and has gone through the process before (and lost.)

If they truly believed that my registration of the domain name CrushCBD.com was invalid, they wouldn’t “kindly ask me” to transfer the domain name to them. They would file a UDRP.

They didn’t because they have no case. Instead, they skipped the proper grounds to file such a complaint and attempted to blackmail me into transferring the domain name to them free of charge under false pretenses.


Why am I writing this postDomain owners often fall victim to reverse domain name hijacking, losing their assets in fear of being litigated against. I’ve seen too many cases of registrants being bullied into transferring the domain names for which they have a valid use case for to complainants – like Tinted Brew, Inc. – only later to realize that they were not in violation of what the letter claimed.

For the unexperienced domain owner, receiving a legal scare letter can be frightening and make the option of transferring their assets to a company making a baseless claim the easiest option to avoid litigation. Often times it’s just a cheapskate trying to slip one past you and get you to transfer the domain name to them for free.

Reverse domain name hijacking is a real issue – so much so that sites like HallOfShame.com exist to name and shame complainants and their law firms who file invalid UDRPs against registrants.

If you receive a letter like the one above, don’t be so quick to comply, and dig into the claims made and the laws you are supposedly in violation of.

Stay safe out there, brothers, and protect your domains.

Raising $8,600 for suicide prevention by shaving my head

Last Sunday night, I created a fundraiser raising funds for suicide awareness and prevention.

After seeing local families affected by such tragedy, as well as individuals creating fundraisers raising funds for charities for which they are passionate about supporting and have a connection to, I decided that I wanted to take part and contribute in my own way. As somebody who has seen first hand the impacts of suicide, I wanted to take action.

I was looking for a way to raise funds for the AFSP — the American Foundation for Suicide Prevention.

If you know me personally, you know there are few things I like more than my hair. It’s the reason I spend an unfathomable amount of money on hair product, bring a mini-mirror and a (now not-so-secret) comb in my backpack, and run my fingers through my hair several times per hour.

I’ve had long hair all my life.

The shortest I had my hair was a short, dark time when I got gum stuck in my hair and panicked, making an evident bald spot in the middle of my head. I got a haircut in an attempt to hide the bald spot, and looking back, it worked pretty well. I purchased hair-growing vitamins from GNC and would take twice the recommended daily dose because I hated the short hair look and it was the shortest I ever went.

It became clear to me that shaving my head was the driving factor I was going to use behind the fundraiser. Plus, it helps that other fundraisers, such as runs or walks, didn’t fit me too well (I ran a 14-minute mile in middle school).

So, I put aside everything else that I was doing and created a fundraiser with a goal of $500. To be honest, I wasn’t sure that I was going to reach that goal, and was deciding putting a goal of $250.

Needless to say, the then-ambitious goal of $500 was not so ambitious after all. 1,720% of the initial goal of $500 was raised, and I have no words but to say that I am so humbled and thankful. I have just returned from shaving my head.

Photo taken about a week after the shave.. me with less hair (brace yourselves: it’s not pretty!) available on my Facebook

So, what’s next?

The next step is to donate the funds to the AFSP. I have submitted a form and am waiting for verification from Generosity.com. When approved, the payment will be disbursed on the week of June 12. As soon as the funds hit my account, a donation, as well as a thank you video will both be recorded live and posted on this page.

Update: June 1, 2017

Generosity.com is making me jump through quite a few more hoops. I submitted my last 4, then they asked me for my full SSN, which I provided. They have now asked for a full passport photo (each of these after a delay after submitting the last piece of information) and will do so, as well as update this post once the funds reach my account and when they are donated.

Update: June 12, 2017

I have finally finished verification. Funds have not been disbursed to my account yet, but I will update this post as soon as they have been.

Update: July 12, 2017

Funds have not yet been disbursed.

Update: August 16, 2017

I have put the AFSP in touch with Generosity.com. Generosity.com will be disbursing funds directly to them. I will update this post accordingly.

Update: October 19, 2017

It’s been a rough three months trying to get everything sorted. There has been a lot of back and forth, support tickets, and reaching out to people at Generosity.com and the AFSP. I am glad to say that Generosity.com funds have cleared! Just waiting on a void check from AFSP and Generosity.com will disburse the finally cleared funds. They offered to disburse to my own bank account which I asked them not to, and instead disburse directly to the AFSP.

Here’s the ticket history over the past few months:

Three months of back and forth

 

 

Just one more step required from the AFSP. Once my contact there sends the requested information on where to send the wire, it will all be sorted. 🙂

Update: October 24, 2017

Funds have been sent from my bank account to the AFSP. Generosity.com support has not been helpful at all in the process. The original plan was to receive the wire to my account and send it to the AFSP. They then required me to send it to the AFSP directly through Generosity.com — perfect, no problems with that. Took 2 months for them to clear that action, and then they ask me to confirm funds will be sent to my account, I tell them no, and then they put the funds on hold pending AFSP account information and then they wire them, saying “sorry” after three months of back and forth that could have been avoided.

OK, ok.. now that my rant is over, I did send an eCheck of $8,300 to the AFSP just now. ($8,337 is what I received, $35 wire/eCheck fee from Comerica).

Funds should be there in 3-5 business days. A big thank you to Kathryn Frattarola from the AFSP for all of her help to organize fund disbursal from Generosity.com.

I will update this post when the funds are confirmed from my bank and out of it.

Update: October 26, 2017

Funds have left my account and en route to AFSP via PayPal eCheck.

Update: November 6, 2017

Funds have been cleared for one week now. I received a letter in the mail from AFSP CEO with a handwritten thank you. Thank you to all who helped me make this possible.

The Better Way to Hide Links from SEO Crawlers

It’s no question that hiding links is critical to any successful SEO campaign.

When building links, especially on PBNs and the like, it’s important to block SEO crawlers like Ahrefs (ahrefsbot) and Majestic (MJ12Bot). Most SEOs accomplish through abhorrent .htaccess lists of bots to block.

what are all of these bots anyway?

The current solutions are…

  • .htaccess files
    • Not always applicable if you don’t have full control over the site
    • Often times blocked from being edited
    • Require some technical know-how, updating, and blind trust
    • Footprint if set up incorrectly
      • Blind trust / copying pasting code you find online is bound to lead to problems
  • robots.txt
    • (lol)
  • WordPress plugins
    • Not so great if you’re not using WordPress
    • Require blind-trust in the author of the plugin
    • Footprint if (when) set up incorrectly (more on that in another post)

Using Javascript, we can abuse the achilles heel of crawlers and have links “hidden” in the source code of a site, but visible on the page load.

This is what the SEO crawlers will see (no visible links), but here is what Google will see.

Because we broke the link up into two parts (variable a and variable b) and combined the variables when the page loaded, we were able to hide our link from third party SEO crawlers.

This requires little to no technical knowledge and relies on simple Javascript. No sneaky redirects or cloaking.

This is helpful for those who are also building links on public facing properties and can place Javascript: most website builders and submission platforms allow Javascript embed within the HTML, but not access to .htaccess or robots.txt. Using this, you can block your competitors from viewing more than just your PBNs!

You can view the code for this here. Replace link with your anchor text, and replace the URL split among the two variables with your own.

After doing so, simply invoke your link by using <span id=“target”></spaninstead of the hyperlink HTML code.

Bulk Twitter Username Availability Checker

This is a free tool that uses Twitter’s undocumented username availability checking API to verify the availability of a large list of Twitter usernames.

To use, create two files: input.txt and proxy.txt. The former should contain a list of usernames, one per line, that you want to check, while the latter should contain a list of proxies, one per line. Actions are logged to the console (visible window so you can see what is going on) and the list of available usernames are saved to output.txt.

The program is designed to check one username per proxy every five seconds: safe limits to keep the program running without worrying about limitations. Although not recommended, because the source is included, this number can quickly be modified by those with basic programming knowledge.

A visual of the program in action is available here (refresh a few times if it doesn’t load), while the program can be downloaded here. For this program to function properly, need the latest version of the Microsoft .NET framework.

Those who act quickly can take advantage of this free data from Majestic (reuploaded, Majestic 404) to find juicy Twitter accounts that are available for registration. This list is from 2012 and sorted by Majestic metrics, meaning the users in the list have had enough time to change their usernames, leaving powerful usernames available to register.

This tool was created because using software like Gscraper and Scrapebox is inefficient and inaccurate. The abovementioned softwares request a whole page to get the status code, and often times are timed out and return an empty (–) response, leaving you with no idea if the username is available or not. Additionally, using those softwares to check for 404s returns inaccurate results, as usernames that return as 404s are not necessarily ones that are available to register (such as banned accounts, reserved usernames [BritishMonarchy, for example], and URLs that don’t exist, but are not usernames available to register).

This tool is light years faster and not even comparable in terms of accuracy to the above mentioned solutions.

Oh, and it’s free. 😉

Powered by an unhealthy amount of caffeine. &

Yashar Ghaffarloo | Yashar Ghaffarloo | Yashar Ghaffarloo