WARNING: SEVERAL STOLEN NAMES, MUST READ!

[TheLegendaryJP]

I am back to running down thieves, never stopped but stumbled across a rather large operation a week ago and feel I need to share with the community. I am aware it may tip off the thief to a degree but unless the names are made public he is and will continue to sell them. He likes contacting domainers privately and using 4.CN. He also uses several rars and sometimes transfers ownership 1-2 times to make separation.

Back round: About 1+ weeks ago I was informed of a stolen 4 letter dot com (remain anon for now).

I was asked for my help in recovery of said name and have done so, in fact any day now it will be recovered. I have many people at RAR's to thank and will once back to rightful owners account.

As par the course when you discover 1 you unearth many more and this case is no different.

Most all these names were stolen in 2015 and up until recently (most seem to be from web.com rars/register.com/netsol but not always). I reverse searched the thief and discovered in 2015 he went from owning a dozen or so "garbage" names to suddenly trading in 3L dot com 4L dot com 4-5N dot com etc. Rather a huge upswing set off red flags. I placed several calls to their former owners and confirmed many are stolen. I also discovered a few are legit buys from drops and other places, likely with funds made from selling the stolen names. My advice at this point avoid buying anything from this person it is just too risky and they are a confirmed thief. It was also interesting to tie them to the theft of Ammar.com, google that story, name was recovered. I also noticed this thief was a member of Namepros until banned but no reason I can see was given.

If you have a good contact for 4.CN please notify them of these thefts and the names being listed on their site! Hopefully they will remove them and ban his account.

Names confirmed stolen are as follows, names I cannot confirm yet have a (?) beside them, waiting to be contacted.

1371.com STOLEN spoke to victim
XXXX.com STOLEN working to recover will unveil name once complete
VXL.com STOLEN?
AMMAR.com STOLEN and recovered
09931.com STOLEN?
ETTI.com STOLEN?
ETST.com STOLEN?
PJDO.com Apparent buy off drop
MMAZ.com STOLEN?
7576.com STOLEN? Hope not because it appears thief already resold
ESVV.com STOLEN?
39339.com STOLEN?
2517.com STOLEN?
LFQH.com STOLEN Spoke with victim
PZYA.com STOLEN?
RQEI.com STOLEN?
ZAWA.com STOLEN?
QURO.com STOLEN

Thieves info is as follows, he went from showing info to using privacy but the link to him is undeniable. He also seems to like to scatter where he transfers them too as well.


Registrant Name: STANISLAV KHRAMOV
Registrant Organization:
Registrant Street: METALLURGOV 7-7
Registrant City: MAGNITOGORSK
Registrant State/Province: CHE
Registrant Postal Code: 455023
Registrant Country: RU
Registrant Phone: +7.9124020000
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

Ammar.com which was I believe one of if not the first name he stole, notice the email contact, same guy as above but he changed that email out on his later thefts since that cover was blown. I believe he brute force the registrants password and switched out email to complete the theft.

Registrant Name: Mohammed Ali
Registrant Organization: Mohammed Ali
Registrant Street: Villa 24, Block 4, Al-Mutawakel Street
Registrant City: Kuwait City
Registrant State/Province: Da-aiyah
Registrant Postal Code: 13113
Registrant Country: KW
Registrant Phone: +965.22563033
Registrant Fax: +965.22563033
Registrant Email: [email protected]


Here was his namepros.com account I believe....God only knows if Poob.com was clean?
https://www.namepros.com/threads/poob-com.846270/

If you have any info on this guy please share.


UPDATE TO COME!

 

[Kate]

How is possible to stole domains? :O

Hacking into the E-mail account of the registrant. Then it becomes possible to take over the user account at the registrar. Some people use free E-mail service and their E-mail addresses maybe be deleted and released for non-usage... that was the case with Yahoo, perhaps it's still true today.
I have seen whois records listing admin E-mail addresses on domains that have dropped. So anybody could steal the domains. All it takes is re-register the domain name, then you set up the mailbox to impersonate the rightful domain holder.

It's hard to recover a stolen domain and don't think that your registrar will raise hell for you when that happens.

The E-mail address usually is the weak link. Or weak passwords, or password reuse across sites. When a breach happens on some site, there is a risk that the username/password pairs will be used against other sites.

So, to be safe:

• don't use weak passwords
  
• don't reuse passwords
• use a password manager if needed
  
• use an E-mail address that is safe, preferably one that you control. Avoid free E-mail. If someone hijacks your E-mail account there is no guarantee you will ever recover it. The privacy considerations are serious of course and the incident could even escalate to identity theft.
  
• take advantage of security features available like 2FA
• monitor your domain names like any estate, virtual or otherwise
• keep a digital/paper trail: invoices etc

 

[Eric Lyon]

Here's a great article by @DomainSherpa:

• My Domain Name Was Stolen (And 3 Ways to Recover It) - With David Weslow

I also noticed this thief was a member of Namepros until banned but no reason I can see was given.

Confirmed: He was banned for trying to sell stolen domains.

A stolen domain database would be ideal. Has anyone tried to put one up?

Currently, the best way to stay informed about stolen domains is to Watch our Warnings and Alerts section.

the thief sold it on Namepros with an ask of just $1600!!!

I checked and he did not sell it on NamePros. He listed it for sale, but fortunately a completed sale did not occur on NamePros for this domain name.

 

[TheLegendaryJP]

UPDATE: Happy to report one of the stolen names I was helping with has been recovered!

If the owner is ok with it I would post it here but that is up to them.

Hopefully more names will follow, I am sure they will.

 

[TheLegendaryJP]

OSOS.com CONFIRMED STOLEN as well, owner is seeking recovery, do NOT buy on Russian domain forum. There is clearly a problem on that forum which allows stolen names to be sold, the loser will ultimately be the buyers.

 

[1john2004]

I see someone in that Russian domain forum found this thread and posted a link, hopefully they all stay clear of the thief.

I did. I have asked Bassta about the names

 

[Joe Styler]

Theo had reached out to me and we took steps to ban the thief from our platforms including Afternic.

 

[Stivie Malone]

I hope this time i do not own any of the stolen domain.......

 

[elevator]

@TheLegendaryJP
This job you are doing is commendable. I give you a thumb up. Good Job!

Cheers.

 

[NameAcquisitions]

Terrible news. A stolen domain database would be ideal. Has anyone tried to put one up?

 

[1john2004]

Some of names currently belongs to one Russian guy with nick name Bassta
https://domenforum/showthread.php?p=1381925#post1381925
such as
7576.com it seems this one he already sold to China
39339.com
and possibly more

 

[TheLegendaryJP]

Emailing 4.CN shortly to axe this guys names/account.

 

[TheLegendaryJP]

This one also belongs to the same Russian
He also admit having 1371.com

Appreciate the post on the Russian forum, at this point stopping him from reselling is the first step. Then comes recovery, I dont care how many times he transfers as long as losing and gaining rar agree, we will recover.

I translated his replies to you and see he just doesn't care, very immoral guy, who cares it happens all the time. Proof doesn't exist because he used bitcoin, all lies of course but I never expected a thief to admit it but he kind of does in a way.

As he starts to lose names his care free attitude will change

Please warn that forum not to buy from him because all names he owns now are subject to retrieval.

 

[Nem0]

Here was his namepros.com account I believe....God only knows if Poob.com was clean?
https://www.namepros.com/threads/poob-com.846270/

If you have any info on this guy please share.


UPDATE TO COME!

I sold poob.com to a "***ang Nguyen" in 2012 through escrow. If you want to follow through with him to see if he had it stolen PM me for his old email

 

[Peter]

Terrible news. A stolen domain database would be ideal. Has anyone tried to put one up?

This is something I considered making some time ago but like many projects never finished. I certainly think that itis a good idea.

 

[Addison]

@LucidDomains,

If you had done your own research from the information that has been provided in this thread, you wouldn't be questioning it. It's very obvious that Khramov Stanislav is a crook. Do the research, make a few phone calls, and send a few emails. This is not difficult to confirm.

There is a big difference between a healthy skepticism of posts on a forum vs. ignoring everything that has been posted and requesting more proof unnecessarily. You are ignorantly providing credence to this criminal and doubt about the information that has been provided, which can all be easily verified if you took the time to do any research yourself. Will I tell you how to do that research? No. Why? Because then I'd be telling the thief himself how to hide his tracks.

Please research before posting, or just stay out of it if you are too lazy to do the necessary research. Your idleness is causing harm.

 

[TheLegendaryJP]

That would be great Cy, so far getting the thief cut off at flippa, sedo, forums and while at it Godaddy should step up as well now and join the ban parade.

Sure they can reopen accounts under other names but doing so and affecting whois will make it harder/longer to move the names.

 

[TheLegendaryJP]

btw looked at Poob.com, sold in 2013 for $3750 at Godaddy, the thief sold it on Namepros with an ask of just $1600!!! to start and dropped to $1k and change before posting sold. He didn't own it until 2015 so very likely was STOLEN!

Goes to show if the buyer just did a namebio.com search for sales records he would have known something was off. Or the buyer didn;t care but I will give benefit of the doubt.

So if Poob.com was stolen from you, you can recover it!

 

[1john2004]

ETTI is coming up for auction on NameJet:

http://www.namejet.com/Pages/Auctions/BackorderDetails.aspx?domainname=etti.com

This one also belongs to the same Russian
He also admit having 1371.com

 

[WhoaDomain.com]

Great stuff, my hope is they give him some Russian style justice, his brazenness is sickening.

a few years in a Siberian Gulag will do nicely!

 

[TheLegendaryJP]

About 2-3 weeks ago this Russian sent out a new sales list to a handful of buyers (several Chinese) with drastically reduced pricing. All of the names mentioned on the list were mentioned here already. I certainly hope people are not greedy enough to ignore the warnings.

Also member 1john2004 has mentioned in this thread....

https://www.namepros.com/threads/osos-com-llll-confirmed-stolen.979720/#post-5798847

The auction

https://sedo.com/auction/auction_de...2&auction_id=213251&origin=search&language=us

Avoid osos.com at Sedo it is stolen and is not yet recovered, guess what, seller is Russian!

I have contacted sedo support and Dave Evanson asking that the auction be stopped and account banned, how can they possibly support the trafficking of stolen names!


"Dave its Josh, see attached links, Osos.com is a stolen name, I suggest sedo stop the auction, ban the account and users IP etc. The community is watching. Unless sedo can confirm with Russell Steele (see whois history) name was recovered and he is selling it, unlikely as he is not Russian, Id cease.

https://www.namepros.com/threads/warning-several-stolen-names-must-read.971376/page-4#post-5874596

https://www.namepros.com/threads/osos-com-llll-confirmed-stolen.979720/#post-5874580"

 

[TheLegendaryJP]

Dave Evanson was very quick to reply and has passed it along, many thanks to him!

 

[TheLegendaryJP]

Acro is staying on top of the original list and sadly one more has sold (zawa.com). The only hope is so cheap because market places are being cut off at each turn.

The buyer with little research would have found it is stolen, sad.

http://domaingang.com/domain-crime/...ain-thief-sold-zawa-com-via-godaddy-auctions/

 

[Kenny]

Thanks Joe

JP, Theo, and everyone else that steps up to quell as much of this as possible.

Peace,
Cy

 

[TheLegendaryJP]

@Avtar629

A lot of info is available on how these thing happen and the remedies available. I will try to answer in short form your questions.

Theft can be done via phone, email, hacking of passwords etc.
Do they always get away with it, no and I as well as many others here like @Acroplex can testify to such.
What can you do to protect yourself is common sense really, a good defensive approach such as avoiding phishing attempts, 2 factor ID, do not use free email, good passwords, do not let a name drop you used for email on a domain ownership etc etc etc.
End of day you MUST be willing to not blindly buy, do your diligence, research ownership, look for red flags.

Not ever name or even most will be recovered but EVERYONE is a target, large or small portfolio owners.

Thieves operate in many ways but we here at Namepros know their moves, they are limited and obvious.

Hope this helps a bit but there is so many details I have not mentioned I recommend researching cases and reading more stolen threads. Owning a stolen domain is a risk and ethically wrong, period.

Take care