Dynadot

WARNING: SEVERAL STOLEN NAMES, MUST READ!

Spaceship Spaceship
Watch
I am back to running down thieves, never stopped but stumbled across a rather large operation a week ago and feel I need to share with the community. I am aware it may tip off the thief to a degree but unless the names are made public he is and will continue to sell them. He likes contacting domainers privately and using 4.CN. He also uses several rars and sometimes transfers ownership 1-2 times to make separation.

Back round: About 1+ weeks ago I was informed of a stolen 4 letter dot com (remain anon for now).

I was asked for my help in recovery of said name and have done so, in fact any day now it will be recovered. I have many people at RAR's to thank and will once back to rightful owners account.

As par the course when you discover 1 you unearth many more and this case is no different.

Most all these names were stolen in 2015 and up until recently (most seem to be from web.com rars/register.com/netsol but not always). I reverse searched the thief and discovered in 2015 he went from owning a dozen or so "garbage" names to suddenly trading in 3L dot com 4L dot com 4-5N dot com etc. Rather a huge upswing set off red flags. I placed several calls to their former owners and confirmed many are stolen. I also discovered a few are legit buys from drops and other places, likely with funds made from selling the stolen names. My advice at this point avoid buying anything from this person it is just too risky and they are a confirmed thief. It was also interesting to tie them to the theft of Ammar.com, google that story, name was recovered. I also noticed this thief was a member of Namepros until banned but no reason I can see was given.

If you have a good contact for 4.CN please notify them of these thefts and the names being listed on their site! Hopefully they will remove them and ban his account.

Names confirmed stolen are as follows, names I cannot confirm yet have a (?) beside them, waiting to be contacted.

1371.com STOLEN spoke to victim
XXXX.com STOLEN working to recover will unveil name once complete
VXL.com STOLEN?
AMMAR.com STOLEN and recovered
09931.com STOLEN?
ETTI.com STOLEN?
ETST.com STOLEN?
PJDO.com Apparent buy off drop
MMAZ.com STOLEN?
7576.com STOLEN? Hope not because it appears thief already resold
ESVV.com STOLEN?
39339.com STOLEN?
2517.com STOLEN?
LFQH.com STOLEN Spoke with victim
PZYA.com STOLEN?
RQEI.com STOLEN?
ZAWA.com STOLEN?
QURO.com STOLEN

Thieves info is as follows, he went from showing info to using privacy but the link to him is undeniable. He also seems to like to scatter where he transfers them too as well.


Registrant Name: STANISLAV KHRAMOV
Registrant Organization:
Registrant Street: METALLURGOV 7-7
Registrant City: MAGNITOGORSK
Registrant State/Province: CHE
Registrant Postal Code: 455023
Registrant Country: RU
Registrant Phone: +7.9124020000
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

Ammar.com which was I believe one of if not the first name he stole, notice the email contact, same guy as above but he changed that email out on his later thefts since that cover was blown. I believe he brute force the registrants password and switched out email to complete the theft.

Registrant Name: Mohammed Ali
Registrant Organization: Mohammed Ali
Registrant Street: Villa 24, Block 4, Al-Mutawakel Street
Registrant City: Kuwait City
Registrant State/Province: Da-aiyah
Registrant Postal Code: 13113
Registrant Country: KW
Registrant Phone: +965.22563033
Registrant Fax: +965.22563033
Registrant Email: [email protected]


Here was his namepros.com account I believe....God only knows if Poob.com was clean?
https://www.namepros.com/threads/poob-com.846270/

If you have any info on this guy please share.


UPDATE TO COME!
 
42
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Terrible news. A stolen domain database would be ideal. Has anyone tried to put one up?
 
5
•••
Terrible news. A stolen domain database would be ideal. Has anyone tried to put one up?

No database I am aware of we just share as we come across them. My only fear is the Chinese are not reading these forums as much as they could to see what may be mentioned.

If you are in the domain community and know of this and other forums, do your do diligence and search the name, no reason to say you didn't know. Not sure if as many Chinese buyers pay attention to the forums in comparison to the number of buyers they have.
 
2
•••
btw looked at Poob.com, sold in 2013 for $3750 at Godaddy, the thief sold it on Namepros with an ask of just $1600!!! to start and dropped to $1k and change before posting sold. He didn't own it until 2015 so very likely was STOLEN! :(

Goes to show if the buyer just did a namebio.com search for sales records he would have known something was off. Or the buyer didn;t care but I will give benefit of the doubt.

So if Poob.com was stolen from you, you can recover it!
 
Last edited:
4
•••
Some of names currently belongs to one Russian guy with nick name Bassta
https://domenforum/showthread.php?p=1381925#post1381925
such as
7576.com it seems this one he already sold to China
39339.com
and possibly more
 
5
•••
Excellent info John, thank you. I figured 7576.com did resell unfortunately but never to late to try and recover.

So Bassta new name to look out for associated with the thief.

https://domenforum/showthread.php?p=1381925#post1381925

I wonder if one of our Russian speaking members can join that forum and warn them in that thread, looks like offers are being made on the stolen names.
 
Last edited:
2
•••
How is possible to stole domains? :O
 
1
•••
How is possible to stole domains? :O


It is, how at the moment is moot, they are, be it brute force of passwords on account/emails, phishing doesn't matter atm.
 
1
•••
I see someone in that Russian domain forum found this thread and posted a link, hopefully they all stay clear of the thief. They should because any names they buy and are recovered they will lose all their money.

https://domenforum/images/statusicon/post_old.gif 12.09.2016, 23:58

#1009
trader https://domenforum/images/misc/menu_open.gif

https://domenforum/customavatars/avatar1680_2.gif

Регистрация: 11.02.2006
Адрес: KIEV-LONDON
Сообщений: 2,211

Доменные сделки: 60
Реноме: 1455



https://domenforum/images/buttons/collapse_alt.gif Одобрения
Спасибо (Отдано): 56
Спасибо (Получено): 156


Сообщение от Bassta https://domenforum/images/buttons/viewpost.gif
А у меня есть 39339.com - у кого круче?)))
39339.com был украден?
https://www.namepros.com/threads/war...t-read.971376/
 
2
•••
I see someone in that Russian domain forum found this thread and posted a link, hopefully they all stay clear of the thief.
I did. I have asked Bassta about the names
 
Last edited:
8
•••
1
•••
2
•••


Looks like the thief renewed it.

Domain Name: ETTI.COM
Registrar: ALPNAMES LIMITED
Sponsoring Registrar IANA ID: 1857
Whois Server: whois.alpnames.com
Referral URL: http://www.alpnames.com
Name Server: NS1.4.CN
Name Server: NS2.4.CN
Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Updated Date: 25-aug-2016
Creation Date: 30-jan-1999
Expiration Date: 30-jan-2018
 
3
•••
Emailing 4.CN shortly to axe this guys names/account.
 
5
•••
Last edited:
4
•••
How is possible to stole domains? :O
Hacking into the E-mail account of the registrant. Then it becomes possible to take over the user account at the registrar. Some people use free E-mail service and their E-mail addresses maybe be deleted and released for non-usage... that was the case with Yahoo, perhaps it's still true today.
I have seen whois records listing admin E-mail addresses on domains that have dropped. So anybody could steal the domains. All it takes is re-register the domain name, then you set up the mailbox to impersonate the rightful domain holder.

It's hard to recover a stolen domain and don't think that your registrar will raise hell for you when that happens.

The E-mail address usually is the weak link. Or weak passwords, or password reuse across sites. When a breach happens on some site, there is a risk that the username/password pairs will be used against other sites.

So, to be safe:
  • don't use weak passwords
  • don't reuse passwords
  • use a password manager if needed
  • use an E-mail address that is safe, preferably one that you control. Avoid free E-mail. If someone hijacks your E-mail account there is no guarantee you will ever recover it. The privacy considerations are serious of course and the incident could even escalate to identity theft.
  • take advantage of security features available like 2FA
  • monitor your domain names like any estate, virtual or otherwise
  • keep a digital/paper trail: invoices etc
 
15
•••
This one also belongs to the same Russian
He also admit having 1371.com

Appreciate the post on the Russian forum, at this point stopping him from reselling is the first step. Then comes recovery, I dont care how many times he transfers as long as losing and gaining rar agree, we will recover.

I translated his replies to you and see he just doesn't care, very immoral guy, who cares it happens all the time. Proof doesn't exist because he used bitcoin, all lies of course but I never expected a thief to admit it but he kind of does in a way.

As he starts to lose names his care free attitude will change :)

Please warn that forum not to buy from him because all names he owns now are subject to retrieval.
 
Last edited:
5
•••
I hope this time i do not own any of the stolen domain.......
 
6
•••
2
•••
Here's a great article by @DomainSherpa:

I also noticed this thief was a member of Namepros until banned but no reason I can see was given.
Confirmed: He was banned for trying to sell stolen domains.

A stolen domain database would be ideal. Has anyone tried to put one up?
Currently, the best way to stay informed about stolen domains is to Watch our Warnings and Alerts section.

the thief sold it on Namepros with an ask of just $1600!!!
I checked and he did not sell it on NamePros. He listed it for sale, but fortunately a completed sale did not occur on NamePros for this domain name.
 
14
•••
Thank you for the answers Eric, great help, glad np's member avoided buying that name.
 
3
•••
@TheLegendaryJP
This job you are doing is commendable. I give you a thumb up. Good Job!

Cheers.
 
6
•••
5
•••
Terrible news. A stolen domain database would be ideal. Has anyone tried to put one up?

This is something I considered making some time ago but like many projects never finished. I certainly think that itis a good idea.
 
5
•••
I am selling 2an2.com on go daddy - I always google a domain before I sell any domain. I found some newbie at Flippa had it for sale already. I pitched at fit. Flippa said:

Hey James,
Thanks for touching base with us on your domain.
Looks like the previous owner had an older listing for the domain on his account, I went ahead and canceled it so that you could upload it to yours.
Please let me know if you have any other questions or need help with anything else!
Thanks,

I google every domain and I an always looking at my NS.
 
2
•••
Back