IT.COM

WARNING: SEVERAL STOLEN NAMES, MUST READ!

Spaceship Spaceship
Watch
I am back to running down thieves, never stopped but stumbled across a rather large operation a week ago and feel I need to share with the community. I am aware it may tip off the thief to a degree but unless the names are made public he is and will continue to sell them. He likes contacting domainers privately and using 4.CN. He also uses several rars and sometimes transfers ownership 1-2 times to make separation.

Back round: About 1+ weeks ago I was informed of a stolen 4 letter dot com (remain anon for now).

I was asked for my help in recovery of said name and have done so, in fact any day now it will be recovered. I have many people at RAR's to thank and will once back to rightful owners account.

As par the course when you discover 1 you unearth many more and this case is no different.

Most all these names were stolen in 2015 and up until recently (most seem to be from web.com rars/register.com/netsol but not always). I reverse searched the thief and discovered in 2015 he went from owning a dozen or so "garbage" names to suddenly trading in 3L dot com 4L dot com 4-5N dot com etc. Rather a huge upswing set off red flags. I placed several calls to their former owners and confirmed many are stolen. I also discovered a few are legit buys from drops and other places, likely with funds made from selling the stolen names. My advice at this point avoid buying anything from this person it is just too risky and they are a confirmed thief. It was also interesting to tie them to the theft of Ammar.com, google that story, name was recovered. I also noticed this thief was a member of Namepros until banned but no reason I can see was given.

If you have a good contact for 4.CN please notify them of these thefts and the names being listed on their site! Hopefully they will remove them and ban his account.

Names confirmed stolen are as follows, names I cannot confirm yet have a (?) beside them, waiting to be contacted.

1371.com STOLEN spoke to victim
XXXX.com STOLEN working to recover will unveil name once complete
VXL.com STOLEN?
AMMAR.com STOLEN and recovered
09931.com STOLEN?
ETTI.com STOLEN?
ETST.com STOLEN?
PJDO.com Apparent buy off drop
MMAZ.com STOLEN?
7576.com STOLEN? Hope not because it appears thief already resold
ESVV.com STOLEN?
39339.com STOLEN?
2517.com STOLEN?
LFQH.com STOLEN Spoke with victim
PZYA.com STOLEN?
RQEI.com STOLEN?
ZAWA.com STOLEN?
QURO.com STOLEN

Thieves info is as follows, he went from showing info to using privacy but the link to him is undeniable. He also seems to like to scatter where he transfers them too as well.


Registrant Name: STANISLAV KHRAMOV
Registrant Organization:
Registrant Street: METALLURGOV 7-7
Registrant City: MAGNITOGORSK
Registrant State/Province: CHE
Registrant Postal Code: 455023
Registrant Country: RU
Registrant Phone: +7.9124020000
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

Ammar.com which was I believe one of if not the first name he stole, notice the email contact, same guy as above but he changed that email out on his later thefts since that cover was blown. I believe he brute force the registrants password and switched out email to complete the theft.

Registrant Name: Mohammed Ali
Registrant Organization: Mohammed Ali
Registrant Street: Villa 24, Block 4, Al-Mutawakel Street
Registrant City: Kuwait City
Registrant State/Province: Da-aiyah
Registrant Postal Code: 13113
Registrant Country: KW
Registrant Phone: +965.22563033
Registrant Fax: +965.22563033
Registrant Email: [email protected]


Here was his namepros.com account I believe....God only knows if Poob.com was clean?
https://www.namepros.com/threads/poob-com.846270/

If you have any info on this guy please share.


UPDATE TO COME!
 
42
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
UPDATE: Happy to report one of the stolen names I was helping with has been recovered!

If the owner is ok with it I would post it here but that is up to them.

Hopefully more names will follow, I am sure they will.
 
11
•••
OSOS.com CONFIRMED STOLEN as well, owner is seeking recovery, do NOT buy on Russian domain forum. There is clearly a problem on that forum which allows stolen names to be sold, the loser will ultimately be the buyers.
 
9
•••
How are domains generall stolen? Chargebacks?
I'm assuming that's why Escrow is used for pricer transactions.
 
1
•••
This is something I considered making some time ago but like many projects never finished. I certainly think that itis a good idea.

This sounds like a simplistic and fun project. Would be happy to work with you or at least provide ideas on submissions/verfication
 
1
•••
This guy stole my domain lgy.io 2 days after I registered it. I know it's the same person because his contact data was same as above until he hid it. His story was he bought it, when he could not provide any proof. It was not sold as I had just registered it, and he used a godaddy account. Godaddy refused to close his account and return the domain I rightfully bought and had just spent $59 dollars on. They said we cannot go into his account and return your property. The least they could have done is shut him down for fraud.
 
2
•••
This guy stole my domain lgy.io 2 days after I registered it. I know it's the same person because his contact data was same as above until he hid it. His story was he bought it, when he could not provide any proof. It was not sold as I had just registered it, and he used a godaddy account. Godaddy refused to close his account and return the domain I rightfully bought and had just spent $59 dollars on. They said we cannot go into his account and return your property. The least they could have done is shut him down for fraud.


Sorry to hear this :( I would demand they look at the IP that accessed your account to transfer and when it comes back Russian, bingo!
 
1
•••
This guy stole my domain lgy.io 2 days after I registered it. I know it's the same person because his contact data was same as above until he hid it. His story was he bought it, when he could not provide any proof. It was not sold as I had just registered it, and he used a godaddy account. Godaddy refused to close his account and return the domain I rightfully bought and had just spent $59 dollars on. They said we cannot go into his account and return your property. The least they could have done is shut him down for fraud.
@Joe Styler this is alarming, 2 day after you bought it?
 
2
•••
My domain name was stolen by this guy too on the 11th may last year. I can prove it easily. This domain name was ours since 1998!!!
I filed a complaint to the police in France. The only problem is that they have no action out of France, but they admitted Khramov is the thief, and all the proofs are in the file I gave them. I recognized his picture too (on your link with the name Bassta), he had it on his facebook profile at a time, I don't know if he still uses it.
I know how he did this and I tracked him easily, so he's not very intelligent nor very good. Just a basic scammer with no brains. He buys some cheap domain names and when he can, he also use them to steal. That's what he did with my domain name "harmonie.net". I don't think he's intelligent enough to break security passwords. He's not even intelligent enough not to be tracked down, thinking that using an encrypted contact e-mail address and a false name (Alibabaievitch! How credible! and your registrar doesn't even find it sleazy...) would be enough not to be found...
I didn't filed the complaint to the ICANN since the system is completely unfair. You have to pay an expensive price(which is difficult for me), then you have to prove that you'd been stolen (which is very easy for me), and once they give you your domain name back, you can't complain against nobody, and this, I can't admit. This guy is a thief and I don't see no reason why I shouldn't sue him, and my registrar didn't make their job, they should be responsible for checking transfers with the owner.
The only thing I don't understand is there's nowhere I found my name for sell, it would have been my best chance to have it back for free.
I've also been in contact with Ricardo Baretzky, president of Cyberpol, whom I know for other purposes, and they know him,as he's been closely watched upon for some months.
The guy has a facebook profile, a LinkedIn profile, says he works for Katod in Magnitogorsk, and he pretends to be an internet expert and that he can help people to help them find scammers(!!!) on several russian forums...
He's got plenty of know e-mail address, not just st......amovatgmail
You'll find him on this o001oo russian forum among other, where he sells his domain names
No hope to have nothing from the registrar, they just said evrything was done the right way, but they never informed me of any changes, and never ask the guy no proof of identity!!! When I wanted to change my contact e-mail address they asked me a letter and a copy of my passport, but to change the owner and the registrar they didn't ask anything!!
What can we do to have our property back, shall we all go to Magnitogorsk?
 
Last edited:
2
•••
About 2-3 weeks ago this Russian sent out a new sales list to a handful of buyers (several Chinese) with drastically reduced pricing. All of the names mentioned on the list were mentioned here already. I certainly hope people are not greedy enough to ignore the warnings.

Also member 1john2004 has mentioned in this thread....

https://www.namepros.com/threads/osos-com-llll-confirmed-stolen.979720/#post-5798847

The auction

https://sedo.com/auction/auction_de...2&auction_id=213251&origin=search&language=us

Avoid osos.com at Sedo it is stolen and is not yet recovered, guess what, seller is Russian!

I have contacted sedo support and Dave Evanson asking that the auction be stopped and account banned, how can they possibly support the trafficking of stolen names!


"Dave its Josh, see attached links, Osos.com is a stolen name, I suggest sedo stop the auction, ban the account and users IP etc. The community is watching. Unless sedo can confirm with Russell Steele (see whois history) name was recovered and he is selling it, unlikely as he is not Russian, Id cease.

https://www.namepros.com/threads/warning-several-stolen-names-must-read.971376/page-4#post-5874596

https://www.namepros.com/threads/osos-com-llll-confirmed-stolen.979720/#post-5874580"
 
Last edited:
4
•••
Dave Evanson was very quick to reply and has passed it along, many thanks to him!
 
4
•••
4
•••
Sold through GD.
Perhaps @Joe Styler could chime in here.

Peace,
Cyberian
 
3
•••
That would be great Cy, so far getting the thief cut off at flippa, sedo, forums and while at it Godaddy should step up as well now and join the ban parade.

Sure they can reopen accounts under other names but doing so and affecting whois will make it harder/longer to move the names.
 
5
•••
Theo had reached out to me and we took steps to ban the thief from our platforms including Afternic.
 
8
•••
3
•••
Thanks Joe :)

JP, Theo, and everyone else that steps up to quell as much of this as possible.

Peace,
Cy
 
4
•••
UPDATE:

Several of these names continue to be listed or offered for sale. My only advice to everyone is be careful what you buy. How many of these names resold since this thread 2 years ago I do not know but the risk is not worth the reward. Economically and ethically I advise to stay clear. My hope is any platform besides the 3 already mentioned continue to block/ban the sale of these names if the ownership still shows the thieves. Time does NOT heal a domain theft, it IS a hot potato.
 
3
•••
For people with large inventories how can this even be discovered that their domains we're stolen? How does this happen? Is it a hacked email or just a domain transferred internally in a registrar. If the latter, how can this be done without email confirmation?

I just don't get it and I worry I probably stolen domains.

I get tons of emails I accidentally open or open thinking it's legit.

I hear just opening can get you infected by a virus.

I imagined a scenario where a hacker gains access of my PC or email address and deleting domain registration receipts and doing a transfer and just deleting the emails pertaining to that domain.

Plus if a domain is transferred internally within a registrar Hosterstats won't show the domain was "transferred" the usual "red flag" your domain was stolen.

Many times I've done a quick whois check (instead of accessing my registrar) to see if I owned a domain or know I own it and just want to quick check when it will expire only to find out I don't own it. Then ask "didn't I reg this?". Then check my email and filter search for the domain and no records show up.

9 times out of 10 I just chalk it up as "I guess I was mistaken." But with threads like this. I'm not so sure anymore.

Can someone explain in detail how exactly these thieves get away with this undetected? Or is it always detectable eventually?

The worse thing is getting a domain stolen and never ever finding out and they keep stealing from you.

I assume these thieves target target people with large inventories.
 
0
•••
@Avtar629

A lot of info is available on how these thing happen and the remedies available. I will try to answer in short form your questions.

Theft can be done via phone, email, hacking of passwords etc.
Do they always get away with it, no and I as well as many others here like @Acroplex can testify to such.
What can you do to protect yourself is common sense really, a good defensive approach such as avoiding phishing attempts, 2 factor ID, do not use free email, good passwords, do not let a name drop you used for email on a domain ownership etc etc etc.
End of day you MUST be willing to not blindly buy, do your diligence, research ownership, look for red flags.

Not ever name or even most will be recovered but EVERYONE is a target, large or small portfolio owners.

Thieves operate in many ways but we here at Namepros know their moves, they are limited and obvious.

Hope this helps a bit but there is so many details I have not mentioned I recommend researching cases and reading more stolen threads. Owning a stolen domain is a risk and ethically wrong, period.

Take care
 
4
•••
Back