I am back to running down thieves, never stopped but stumbled across a rather large operation a week ago and feel I need to share with the community. I am aware it may tip off the thief to a degree but unless the names are made public he is and will continue to sell them. He likes contacting domainers privately and using 4.CN. He also uses several rars and sometimes transfers ownership 1-2 times to make separation. Back round: About 1+ weeks ago I was informed of a stolen 4 letter dot com (remain anon for now). I was asked for my help in recovery of said name and have done so, in fact any day now it will be recovered. I have many people at RAR's to thank and will once back to rightful owners account. As par the course when you discover 1 you unearth many more and this case is no different. Most all these names were stolen in 2015 and up until recently (most seem to be from web.com rars/register.com/netsol but not always). I reverse searched the thief and discovered in 2015 he went from owning a dozen or so "garbage" names to suddenly trading in 3L dot com 4L dot com 4-5N dot com etc. Rather a huge upswing set off red flags. I placed several calls to their former owners and confirmed many are stolen. I also discovered a few are legit buys from drops and other places, likely with funds made from selling the stolen names. My advice at this point avoid buying anything from this person it is just too risky and they are a confirmed thief. It was also interesting to tie them to the theft of Ammar.com, google that story, name was recovered. I also noticed this thief was a member of Namepros until banned but no reason I can see was given. If you have a good contact for 4.CN please notify them of these thefts and the names being listed on their site! Hopefully they will remove them and ban his account. Names confirmed stolen are as follows, names I cannot confirm yet have a (?) beside them, waiting to be contacted. 1371.com STOLEN spoke to victim XXXX.com STOLEN working to recover will unveil name once complete VXL.com STOLEN? AMMAR.com STOLEN and recovered 09931.com STOLEN? ETTI.com STOLEN? ETST.com STOLEN? PJDO.com Apparent buy off drop MMAZ.com STOLEN? 7576.com STOLEN? Hope not because it appears thief already resold ESVV.com STOLEN? 39339.com STOLEN? 2517.com STOLEN? LFQH.com STOLEN Spoke with victim PZYA.com STOLEN? RQEI.com STOLEN? ZAWA.com STOLEN? QURO.com STOLEN Thieves info is as follows, he went from showing info to using privacy but the link to him is undeniable. He also seems to like to scatter where he transfers them too as well. Registrant Name: STANISLAV KHRAMOV Registrant Organization: Registrant Street: METALLURGOV 7-7 Registrant City: MAGNITOGORSK Registrant State/Province: CHE Registrant Postal Code: 455023 Registrant Country: RU Registrant Phone: +7.9124020000 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: [email protected] Ammar.com which was I believe one of if not the first name he stole, notice the email contact, same guy as above but he changed that email out on his later thefts since that cover was blown. I believe he brute force the registrants password and switched out email to complete the theft. Registrant Name: Mohammed Ali Registrant Organization: Mohammed Ali Registrant Street: Villa 24, Block 4, Al-Mutawakel Street Registrant City: Kuwait City Registrant State/Province: Da-aiyah Registrant Postal Code: 13113 Registrant Country: KW Registrant Phone: +965.22563033 Registrant Fax: +965.22563033 Registrant Email: [email protected] Here was his namepros.com account I believe....God only knows if Poob.com was clean? https://www.namepros.com/threads/poob-com.846270/ If you have any info on this guy please share. UPDATE TO COME!