WARNING: SEVERAL STOLEN NAMES, MUST READ!

[TheLegendaryJP]

I am back to running down thieves, never stopped but stumbled across a rather large operation a week ago and feel I need to share with the community. I am aware it may tip off the thief to a degree but unless the names are made public he is and will continue to sell them. He likes contacting domainers privately and using 4.CN. He also uses several rars and sometimes transfers ownership 1-2 times to make separation.

Back round: About 1+ weeks ago I was informed of a stolen 4 letter dot com (remain anon for now).

I was asked for my help in recovery of said name and have done so, in fact any day now it will be recovered. I have many people at RAR's to thank and will once back to rightful owners account.

As par the course when you discover 1 you unearth many more and this case is no different.

Most all these names were stolen in 2015 and up until recently (most seem to be from web.com rars/register.com/netsol but not always). I reverse searched the thief and discovered in 2015 he went from owning a dozen or so "garbage" names to suddenly trading in 3L dot com 4L dot com 4-5N dot com etc. Rather a huge upswing set off red flags. I placed several calls to their former owners and confirmed many are stolen. I also discovered a few are legit buys from drops and other places, likely with funds made from selling the stolen names. My advice at this point avoid buying anything from this person it is just too risky and they are a confirmed thief. It was also interesting to tie them to the theft of Ammar.com, google that story, name was recovered. I also noticed this thief was a member of Namepros until banned but no reason I can see was given.

If you have a good contact for 4.CN please notify them of these thefts and the names being listed on their site! Hopefully they will remove them and ban his account.

Names confirmed stolen are as follows, names I cannot confirm yet have a (?) beside them, waiting to be contacted.

1371.com STOLEN spoke to victim
XXXX.com STOLEN working to recover will unveil name once complete
VXL.com STOLEN?
AMMAR.com STOLEN and recovered
09931.com STOLEN?
ETTI.com STOLEN?
ETST.com STOLEN?
PJDO.com Apparent buy off drop
MMAZ.com STOLEN?
7576.com STOLEN? Hope not because it appears thief already resold
ESVV.com STOLEN?
39339.com STOLEN?
2517.com STOLEN?
LFQH.com STOLEN Spoke with victim
PZYA.com STOLEN?
RQEI.com STOLEN?
ZAWA.com STOLEN?
QURO.com STOLEN

Thieves info is as follows, he went from showing info to using privacy but the link to him is undeniable. He also seems to like to scatter where he transfers them too as well.


Registrant Name: STANISLAV KHRAMOV
Registrant Organization:
Registrant Street: METALLURGOV 7-7
Registrant City: MAGNITOGORSK
Registrant State/Province: CHE
Registrant Postal Code: 455023
Registrant Country: RU
Registrant Phone: +7.9124020000
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

Ammar.com which was I believe one of if not the first name he stole, notice the email contact, same guy as above but he changed that email out on his later thefts since that cover was blown. I believe he brute force the registrants password and switched out email to complete the theft.

Registrant Name: Mohammed Ali
Registrant Organization: Mohammed Ali
Registrant Street: Villa 24, Block 4, Al-Mutawakel Street
Registrant City: Kuwait City
Registrant State/Province: Da-aiyah
Registrant Postal Code: 13113
Registrant Country: KW
Registrant Phone: +965.22563033
Registrant Fax: +965.22563033
Registrant Email: [email protected]


Here was his namepros.com account I believe....God only knows if Poob.com was clean?
https://www.namepros.com/threads/poob-com.846270/

If you have any info on this guy please share.


UPDATE TO COME!

 

[Chrislclawson]

This guy stole my domain lgy.io 2 days after I registered it. I know it's the same person because his contact data was same as above until he hid it. His story was he bought it, when he could not provide any proof. It was not sold as I had just registered it, and he used a godaddy account. Godaddy refused to close his account and return the domain I rightfully bought and had just spent $59 dollars on. They said we cannot go into his account and return your property. The least they could have done is shut him down for fraud.

 

[wwwweb]

This guy stole my domain lgy.io 2 days after I registered it. I know it's the same person because his contact data was same as above until he hid it. His story was he bought it, when he could not provide any proof. It was not sold as I had just registered it, and he used a godaddy account. Godaddy refused to close his account and return the domain I rightfully bought and had just spent $59 dollars on. They said we cannot go into his account and return your property. The least they could have done is shut him down for fraud.

@Joe Styler this is alarming, 2 day after you bought it?

 

[Rafimus]

My domain name was stolen by this guy too on the 11th may last year. I can prove it easily. This domain name was ours since 1998!!!
I filed a complaint to the police in France. The only problem is that they have no action out of France, but they admitted Khramov is the thief, and all the proofs are in the file I gave them. I recognized his picture too (on your link with the name Bassta), he had it on his facebook profile at a time, I don't know if he still uses it.
I know how he did this and I tracked him easily, so he's not very intelligent nor very good. Just a basic scammer with no brains. He buys some cheap domain names and when he can, he also use them to steal. That's what he did with my domain name "harmonie.net". I don't think he's intelligent enough to break security passwords. He's not even intelligent enough not to be tracked down, thinking that using an encrypted contact e-mail address and a false name (Alibabaievitch! How credible! and your registrar doesn't even find it sleazy...) would be enough not to be found...
I didn't filed the complaint to the ICANN since the system is completely unfair. You have to pay an expensive price(which is difficult for me), then you have to prove that you'd been stolen (which is very easy for me), and once they give you your domain name back, you can't complain against nobody, and this, I can't admit. This guy is a thief and I don't see no reason why I shouldn't sue him, and my registrar didn't make their job, they should be responsible for checking transfers with the owner.
The only thing I don't understand is there's nowhere I found my name for sell, it would have been my best chance to have it back for free.
I've also been in contact with Ricardo Baretzky, president of Cyberpol, whom I know for other purposes, and they know him,as he's been closely watched upon for some months.
The guy has a facebook profile, a LinkedIn profile, says he works for Katod in Magnitogorsk, and he pretends to be an internet expert and that he can help people to help them find scammers(!!!) on several russian forums...
He's got plenty of know e-mail address, not just st......amovatgmail
You'll find him on this o001oo russian forum among other, where he sells his domain names
No hope to have nothing from the registrar, they just said evrything was done the right way, but they never informed me of any changes, and never ask the guy no proof of identity!!! When I wanted to change my contact e-mail address they asked me a letter and a copy of my passport, but to change the owner and the registrar they didn't ask anything!!
What can we do to have our property back, shall we all go to Magnitogorsk?

 

[TheLegendaryJP]

How is possible to stole domains? :O

It is, how at the moment is moot, they are, be it brute force of passwords on account/emails, phishing doesn't matter atm.

 

[TheLegendaryJP]

I did.

Many thanks John!

 

[stimpi777]

YOU GUYS ROCK = What a big job but I looked at every domain I have...
Check your wallets people

 

[WhoaDomain.com]

The TAKE AWAY from this story is make sure to change your password regularly. even better never access your registrar via Mobile or at the very least use Mcafee's Password Storage app that generates a highly encrypted password for any site you enter from your desktop and keeps yours passwords in an encrypted file.

 

[TheLegendaryJP]

btw STANISLAV KHRAMOV the thief is starting to move names to a Russian registrar Reg.ru 2517.com for example but never fear it doesn't matter where they are, they can be recovered. We have contacted the owners of that rar and I suggest everyone who reads this thread emails them too to complain and link this thread.

Email/Contact/Phone especially Russian speakers and let them know STANISLAV is a thief!

Registrant Name: Alexey Korolyuk
Registrant Organization: Domain name registrar REG.RU
Registrant Street: Domain names registrar REG.RU, house 3, Vassily Petushkov str.
Registrant City: Moscow
Registrant State/Province: Moscow
Registrant Postal Code: 125476
Registrant Country: RU
Registrant Phone: +74955801111
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]

 

[UAdomainer]

Email/Contact/Phone especially Russian speakers and let them know STANISLAV is a thief!

I will try to call him later today. But I guess the owner is already aware (mattNetsol at domenforum who posted about filing a police complaint). Anyway, I'll give a call just in case the domains were stolen from different people.

It's also interesting that Stanislav (username Bassta at domenforum) who is suspected to be a theif here, said on that Russian forum that he had bought those domains from someone for a low price (no proof of purchase provided though). So, he might not necessarily be a real thief, just someone who bought those domains despite the fact he knew (or at least must have suspected because of low price) that they were stolen. He registered at that forum in 2006 and sold good domains back in 2013 and earlier, so he has some reputation there. But I guess xxx,xxx$ numbers he is talking there about can make miracles. It's up to police to investigate now.

 

[dordomai]

another way to protect yourself from domain theft is to use 2 factor authentication and have your domains monitored by a service like domaintools.com

When someone unlocks your domain the service will send you an email. Then you could contact the registrar to have them cancel the transfer.

 

[TheLegendaryJP]

I get your point. But in my opinion it still doesn't prove that the guy (Stanislav aka Bassta) is the real thief. He might have bought all those domains from the same thief who stole domains, and then resold. Surely doing this continually and closing eyes on the origin of the domains can be considered as being a companion in crime. I think it's the case. Let's hope police will be able to investigate it

Believe me there is no doubt he is the thief, he goofed up on names that he stole where he didn't move them twice (he likes to do this often) to try and cover his tracks or lie about origins. Secondly several rar's now know his IP address and it matches the IP that has illegally accessed the victims of his crime. You cannot see an IP access a victims account and two registrars later be the same IP and not be the thief! He thinks he is smart but the evidence of your tracks are clear online, he IS the thief, no doubt. And in the coming week(s) hope to report another name has been recovered.

There is no debate here and secondly he never even uses the excuse he bought them from a thief unknowingly as an excuse, he is very smart and incredibly sloppy at the same time because he doesn't care, he is highly immoral.

No doubt Stanislav is a thief, none, zero, zilch, nada, zippo, he's a thief!

 

[UAdomainer]

Believe me there is no doubt he is the thief, he goofed up on names that he stole where he didn't move them twice (he likes to do this often) to try and cover his tracks or lie about origins. Secondly several rar's now know his IP address and it matches the IP that has illegally accessed the victims of his crime. You cannot see an IP access a victims account and two registrars later be the same IP and not be the thief! He thinks he is smart but the evidence of your tracks are clear online, he IS the thief, no doubt. And in the coming week(s) hope to report another name has been recovered.

There is no debate here and secondly he never even uses the excuse he bought them from a thief unknowingly as an excuse, he is very smart and incredibly sloppy at the same time because he doesn't care, he is highly immoral.

No doubt Stanislav is a thief, none, zero, zilch, nada, zippo, he's a thief!

Thanks for more details! With the IP information you mentioned it's getting much more clear. I will definitely contact the administrator of the Russian forum and post your info there. Also call the reg.ru and the owner. (a bit later)

 

[domainer51]

I had also hijacked my domain. There are real options how to return? GoDaddy (registrar) says: "Took much time gone, - more than 2-3 weeks".

 

[TheLegendaryJP]

UPDATE ON FURTHER NAME

HAAT.com

https://domenforum/showthread.php?t=205158

I have been contacted by many members of the Russian Domain forums and HAAT.com has been brought to my attention. I have calls into the rightful owner, waiting on confirmation.

I am not sure if it is tied to our thief here a partner or different guy (they now both use reg.ru) but warning non the less do NOT buy HAAT.com atm. Also stolen from a Web.com registrar Netsol.

I searched and current whois shows a known thief as the owner!

See this link below, same thief of this name is asking just $1k for HAAT.com far below market value.

http://domaingang.com/domain-crime/domain-crime-omed-com-is-a-stolen-domain-name/

Look at whois in above link now look at whois name for HAAT.com below....

Domain Name: HAAT.COM
Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
Sponsoring Registrar IANA ID: 1606
Whois Server: whois.reg.com
Referral URL: http://www.reg.ru
Name Server: NS1.SEDOPARKING.COM
Name Server: NS2.SEDOPARKING.COM
Status: ok https://icann.org/epp#ok
Updated Date: 16-sep-2016
Creation Date: 02-nov-1997
Expiration Date: 01-nov-2018
>>> Last update of whois database: Sat, 17 Sep 2016 14:01:03 GMT <<<
Domain name: haat.com
Domain idn name: haat.com
Status: ok http://www.icann.org/epp#ok
Registry Domain ID:
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com/
Registrar URL: https://www.reg.ru/
Registrar URL: https://www.reg.ua/
Updated Date:
Creation Date: 1997-11-02T00:00:00Z
Registrar Registration Expiration Date: 2018-11-01
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +7.4955801111
Registry Registrant ID:
Registrant Name: Anton Murzin <-------------------------------
Registrant Organization: Private Person
Registrant Street: Mochalina str, 8-6
Registrant City: Pervomaysk
Registrant State/Province: Nizhegorodskaya
Registrant Postal Code: 220000
Registrant Country: RU
Registrant Phone: +79111234567
Registrant Phone Ext:
Registrant Fax: +79111234567
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:

 

[LucidDomains]

Understood but you will learn that when this person (me) says something, it's true. You don;t have to believe it, seeing is believing so google me.

No offence but I'm not going to Google you. I don't care if you're the owner of Google or a homeless man, I will treat you the same way. If you throw accusations on the net publically, I will ask the same questions I have done here regardless of who you are.

 

[LucidDomains]

That is your choice not to see who a source is goodbye and when one day you need help don't ask me because who am I, maybe just a homeless guy or owner of google and cannot be trusted lol

If you want to let your ego dictate your actions, that's totally up to you.

Good luck.

 

[LucidDomains]

If domains are stolen, I do wish for a speedy resolution. If @TheLegendaryJP is as helpful to the domaining community as he says he is, then he's an asset. I will be monitoring this thread for further information and hopefully if Khramov Stanislav is confirmed to be a thief, we taken him down and recover all that's been lost.

Good luck.

 

[LucidDomains]

...I just wonder what to do in case of stolen.

Contact your registrar immediately.
Change your passwords on your registrar and email accounts.
Ensure 2FA is added everywhere.
Create a post on NamePros informing others that your domain has been stolen.
Provide evidence to relevant parties to confirm you had ownership.
Ensure you move your domains to reputable registrars.
If the domain is worth a lot, you might want to seek legal advice from a domain lawyer, some offer free initial consultations.

 

[Peter]

Thats quite common Stimpi, people tend to list their domains but forget to delist them on all services when they sell the domain.

 

[CursedToast]

How are domains generall stolen? Chargebacks?
I'm assuming that's why Escrow is used for pricer transactions.

 

[CursedToast]

This is something I considered making some time ago but like many projects never finished. I certainly think that itis a good idea.

This sounds like a simplistic and fun project. Would be happy to work with you or at least provide ideas on submissions/verfication

 

[TheLegendaryJP]

This guy stole my domain lgy.io 2 days after I registered it. I know it's the same person because his contact data was same as above until he hid it. His story was he bought it, when he could not provide any proof. It was not sold as I had just registered it, and he used a godaddy account. Godaddy refused to close his account and return the domain I rightfully bought and had just spent $59 dollars on. They said we cannot go into his account and return your property. The least they could have done is shut him down for fraud.

Sorry to hear this I would demand they look at the IP that accessed your account to transfer and when it comes back Russian, bingo!

 

[Domo Sapiens]

thanks for the heads up JP...
ex-Domainstate right?

 

[UAdomainer]

There is no doubt he is the thief, you do not buy 20+ stolen domains from 20 different people within 18 months and expect us to believe on top of that nearly improbable scenario you have no real proof of paying anyone because bitcoin.

One stolen name, maybe even a few from the same seller but not 20+ all owned by different people, this guys lies lack creativity and insult intelligence.

Keep in mind as he flips the stolen domains I have seen where he does buy with the ill gotten gains.

Any way appreciate the calls to the reg.ru rar and reporting this guy.

I get your point. But in my opinion it still doesn't prove that the guy (Stanislav aka Bassta) is the real thief. He might have bought all those domains from the same thief who stole domains, and then resold. Surely doing this continually and closing eyes on the origin of the domains can be considered as being a companion in crime. I think it's the case. Let's hope police will be able to investigate it

 

[UAdomainer]

another way to protect yourself from domain theft is to use 2 factor authentication and have your domains monitored by a service like domaintools.com

When someone unlocks your domain the service will send you an email. Then you could contact the registrar to have them cancel the transfer.

I don't really see how this may help. If a thief wants to transfer a domain from your account, he will have to have an access to your email account to confirm it. Unless you indicate a different email for domain unlocking notification.