Verisign

WARNING: SEVERAL STOLEN NAMES, MUST READ!

Discussion in 'Warnings and Alerts' started by TheLegendaryJP, Sep 12, 2016.

Replies:
90
Views:
10,447

  1. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472
    I am back to running down thieves, never stopped but stumbled across a rather large operation a week ago and feel I need to share with the community. I am aware it may tip off the thief to a degree but unless the names are made public he is and will continue to sell them. He likes contacting domainers privately and using 4.CN. He also uses several rars and sometimes transfers ownership 1-2 times to make separation.

    Back round: About 1+ weeks ago I was informed of a stolen 4 letter dot com (remain anon for now).

    I was asked for my help in recovery of said name and have done so, in fact any day now it will be recovered. I have many people at RAR's to thank and will once back to rightful owners account.

    As par the course when you discover 1 you unearth many more and this case is no different.

    Most all these names were stolen in 2015 and up until recently (most seem to be from web.com rars/register.com/netsol but not always). I reverse searched the thief and discovered in 2015 he went from owning a dozen or so "garbage" names to suddenly trading in 3L dot com 4L dot com 4-5N dot com etc. Rather a huge upswing set off red flags. I placed several calls to their former owners and confirmed many are stolen. I also discovered a few are legit buys from drops and other places, likely with funds made from selling the stolen names. My advice at this point avoid buying anything from this person it is just too risky and they are a confirmed thief. It was also interesting to tie them to the theft of Ammar.com, google that story, name was recovered. I also noticed this thief was a member of Namepros until banned but no reason I can see was given.

    If you have a good contact for 4.CN please notify them of these thefts and the names being listed on their site! Hopefully they will remove them and ban his account.

    Names confirmed stolen are as follows, names I cannot confirm yet have a (?) beside them, waiting to be contacted.

    1371.com STOLEN spoke to victim
    XXXX.com STOLEN working to recover will unveil name once complete
    VXL.com STOLEN?
    AMMAR.com STOLEN and recovered
    09931.com STOLEN?
    ETTI.com STOLEN?
    ETST.com STOLEN?
    PJDO.com Apparent buy off drop
    MMAZ.com STOLEN?
    7576.com STOLEN? Hope not because it appears thief already resold
    ESVV.com STOLEN?
    39339.com STOLEN?
    2517.com STOLEN?
    LFQH.com STOLEN Spoke with victim
    PZYA.com STOLEN?
    RQEI.com STOLEN?
    ZAWA.com STOLEN?
    QURO.com STOLEN

    Thieves info is as follows, he went from showing info to using privacy but the link to him is undeniable. He also seems to like to scatter where he transfers them too as well.


    Registrant Name: STANISLAV KHRAMOV
    Registrant Organization:
    Registrant Street: METALLURGOV 7-7
    Registrant City: MAGNITOGORSK
    Registrant State/Province: CHE
    Registrant Postal Code: 455023
    Registrant Country: RU
    Registrant Phone: +7.9124020000
    Registrant Phone Ext:
    Registrant Fax:
    Registrant Fax Ext:
    Registrant Email: [email protected]

    Ammar.com which was I believe one of if not the first name he stole, notice the email contact, same guy as above but he changed that email out on his later thefts since that cover was blown. I believe he brute force the registrants password and switched out email to complete the theft.

    Registrant Name: Mohammed Ali
    Registrant Organization: Mohammed Ali
    Registrant Street: Villa 24, Block 4, Al-Mutawakel Street
    Registrant City: Kuwait City
    Registrant State/Province: Da-aiyah
    Registrant Postal Code: 13113
    Registrant Country: KW
    Registrant Phone: +965.22563033
    Registrant Fax: +965.22563033
    Registrant Email: [email protected]


    Here was his namepros.com account I believe....God only knows if Poob.com was clean?
    https://www.namepros.com/threads/poob-com.846270/

    If you have any info on this guy please share.


    UPDATE TO COME!
     
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. NameAcquisitions

    NameAcquisitions Name Acquisitions/Sales ICA Member Business Account

    Joined:
    Aug 20, 2016
    Posts:
    110
    Likes Received:
    130
    Terrible news. A stolen domain database would be ideal. Has anyone tried to put one up?
     
  3. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472
    No database I am aware of we just share as we come across them. My only fear is the Chinese are not reading these forums as much as they could to see what may be mentioned.

    If you are in the domain community and know of this and other forums, do your do diligence and search the name, no reason to say you didn't know. Not sure if as many Chinese buyers pay attention to the forums in comparison to the number of buyers they have.
     
  4. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472
    btw looked at Poob.com, sold in 2013 for $3750 at Godaddy, the thief sold it on Namepros with an ask of just $1600!!! to start and dropped to $1k and change before posting sold. He didn't own it until 2015 so very likely was STOLEN! :(

    Goes to show if the buyer just did a namebio.com search for sales records he would have known something was off. Or the buyer didn;t care but I will give benefit of the doubt.

    So if Poob.com was stolen from you, you can recover it!
     
    Last edited: Sep 12, 2016
  5. 1john2004

    1john2004 Top Member VIP ★★★★★★★★★★

    Joined:
    Dec 14, 2005
    Posts:
    3,331
    Likes Received:
    512
  6. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472
    Excellent info John, thank you. I figured 7576.com did resell unfortunately but never to late to try and recover.

    So Bassta new name to look out for associated with the thief.

    https://domen forum/showthread.php?p=1381925#post1381925

    I wonder if one of our Russian speaking members can join that forum and warn them in that thread, looks like offers are being made on the stolen names.
     
    Last edited: Sep 12, 2016
  7. JeremyK

    JeremyK Account Auto-Closed

    Joined:
    Aug 16, 2016
    Posts:
    76
    Likes Received:
    66
    How is possible to stole domains? :O
     
  8. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472

    It is, how at the moment is moot, they are, be it brute force of passwords on account/emails, phishing doesn't matter atm.
     
  9. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472
    I see someone in that Russian domain forum found this thread and posted a link, hopefully they all stay clear of the thief. They should because any names they buy and are recovered they will lose all their money.

    https://domen forum/images/statusicon/post_old.gif 12.09.2016, 23:58

    #1009
    trader https://domen forum/images/misc/menu_open.gif

    https://domen forum/customavatars/avatar1680_2.gif

    Регистрация: 11.02.2006
    Адрес: KIEV-LONDON
    Сообщений: 2,211

    Доменные сделки: 60
    Реноме: 1455



    https://domen forum/images/buttons/collapse_alt.gif Одобрения
    Спасибо (Отдано): 56
    Спасибо (Получено): 156


    Сообщение от Bassta https://domen forum/images/buttons/viewpost.gif
    А у меня есть 39339.com - у кого круче?)))
    39339.com был украден?
    https://www.namepros.com/threads/war...t-read.971376/
     
  10. 1john2004

    1john2004 Top Member VIP ★★★★★★★★★★

    Joined:
    Dec 14, 2005
    Posts:
    3,331
    Likes Received:
    512
    I did. I have asked Bassta about the names
     
    Last edited: Sep 12, 2016
  11. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472

    Many thanks John!
     
  12. Nat Hunt

    Nat Hunt Business Member Business Account VIP

    Joined:
    Dec 16, 2014
    Posts:
    4,143
    Likes Received:
    2,875
  13. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472

    Looks like the thief renewed it.

    Domain Name: ETTI.COM
    Registrar: ALPNAMES LIMITED
    Sponsoring Registrar IANA ID: 1857
    Whois Server: whois.alpnames.com
    Referral URL: http://www.alpnames.com
    Name Server: NS1.4.CN
    Name Server: NS2.4.CN
    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
    Updated Date: 25-aug-2016
    Creation Date: 30-jan-1999
    Expiration Date: 30-jan-2018
     
  14. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472
    Emailing 4.CN shortly to axe this guys names/account.
     
  15. 1john2004

    1john2004 Top Member VIP ★★★★★★★★★★

    Joined:
    Dec 14, 2005
    Posts:
    3,331
    Likes Received:
    512
    Last edited: Sep 12, 2016
  16. Kate

    Kate Thinking inside the Box™ VIP ★★★★★★★★★★

    Joined:
    Aug 7, 2005
    Posts:
    17,936
    Likes Received:
    14,419
    Hacking into the E-mail account of the registrant. Then it becomes possible to take over the user account at the registrar. Some people use free E-mail service and their E-mail addresses maybe be deleted and released for non-usage... that was the case with Yahoo, perhaps it's still true today.
    I have seen whois records listing admin E-mail addresses on domains that have dropped. So anybody could steal the domains. All it takes is re-register the domain name, then you set up the mailbox to impersonate the rightful domain holder.

    It's hard to recover a stolen domain and don't think that your registrar will raise hell for you when that happens.

    The E-mail address usually is the weak link. Or weak passwords, or password reuse across sites. When a breach happens on some site, there is a risk that the username/password pairs will be used against other sites.

    So, to be safe:
    • don't use weak passwords
    • don't reuse passwords
    • use a password manager if needed
    • use an E-mail address that is safe, preferably one that you control. Avoid free E-mail. If someone hijacks your E-mail account there is no guarantee you will ever recover it. The privacy considerations are serious of course and the incident could even escalate to identity theft.
    • take advantage of security features available like 2FA
    • monitor your domain names like any estate, virtual or otherwise
    • keep a digital/paper trail: invoices etc
     
  17. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472
    Appreciate the post on the Russian forum, at this point stopping him from reselling is the first step. Then comes recovery, I dont care how many times he transfers as long as losing and gaining rar agree, we will recover.

    I translated his replies to you and see he just doesn't care, very immoral guy, who cares it happens all the time. Proof doesn't exist because he used bitcoin, all lies of course but I never expected a thief to admit it but he kind of does in a way.

    As he starts to lose names his care free attitude will change :)

    Please warn that forum not to buy from him because all names he owns now are subject to retrieval.
     
    Last edited: Sep 12, 2016
  18. Stivie Malone

    Stivie Malone Supportive Member NamePros Supporter

    Joined:
    Sep 5, 2016
    Posts:
    89
    Likes Received:
    98
    I hope this time i do not own any of the stolen domain.......
     
  19. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472
  20. Eric Lyon

    Eric Lyon Community Admin, NamePros Administrator PRO Business Account VIP Trusted Contest Holder

    Joined:
    Aug 16, 2009
    Posts:
    17,822
    Likes Received:
    11,001
    Here's a great article by @DomainSherpa:

    Confirmed: He was banned for trying to sell stolen domains.

    Currently, the best way to stay informed about stolen domains is to Watch our Warnings and Alerts section.

    I checked and he did not sell it on NamePros. He listed it for sale, but fortunately a completed sale did not occur on NamePros for this domain name.
     
  21. TheLegendaryJP

    TheLegendaryJP Business Member Business Account VIP ★★★★★★★★★★

    Joined:
    May 21, 2005
    Posts:
    272
    Likes Received:
    472
    Thank you for the answers Eric, great help, glad np's member avoided buying that name.
     
  22. elevator

    elevator Active Member VIP

    Joined:
    Apr 19, 2014
    Posts:
    1,205
    Likes Received:
    709
    @TheLegendaryJP
    This job you are doing is commendable. I give you a thumb up. Good Job!

    Cheers.
     
  23. Nem0

    Nem0 Active Member VIP

    Joined:
    Jan 6, 2008
    Posts:
    2,644
    Likes Received:
    610
    I sold poob.com to a "***ang Nguyen" in 2012 through escrow. If you want to follow through with him to see if he had it stolen PM me for his old email
     
  24. Peter

    Peter Top Member VIP

    Joined:
    Nov 9, 2003
    Posts:
    6,274
    Likes Received:
    191
    This is something I considered making some time ago but like many projects never finished. I certainly think that itis a good idea.
     
  25. stimpi777

    stimpi777 CannabisDomains Business Account

    Joined:
    May 16, 2015
    Posts:
    140
    Likes Received:
    98
    I am selling 2an2.com on go daddy - I always google a domain before I sell any domain. I found some newbie at Flippa had it for sale already. I pitched at fit. Flippa said:

    Hey James,
    Thanks for touching base with us on your domain.
    Looks like the previous owner had an older listing for the domain on his account, I went ahead and canceled it so that you could upload it to yours.
    Please let me know if you have any other questions or need help with anything else!
    Thanks,

    I google every domain and I an always looking at my NS.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!

Share This Page

Loading...