Re: [DNSOP] Phishing? was Fwd: nthpermutation
Michael StJohns <msj@nthpermutation.com> Sun, 25 March 2018 22:51 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86B88120726 for <dnsop@ietfa.amsl.com>; Sun, 25 Mar 2018 15:51:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.075
X-Spam-Level:
X-Spam-Status: No, score=0.075 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mrGGZlFoXXDQ for <dnsop@ietfa.amsl.com>; Sun, 25 Mar 2018 15:51:31 -0700 (PDT)
Received: from mail-qt0-x236.google.com (mail-qt0-x236.google.com [IPv6:2607:f8b0:400d:c0d::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 373911204DA for <dnsop@ietf.org>; Sun, 25 Mar 2018 15:51:31 -0700 (PDT)
Received: by mail-qt0-x236.google.com with SMTP id j26so17814572qtl.11 for <dnsop@ietf.org>; Sun, 25 Mar 2018 15:51:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=8fLFqGz+wlycAO/nikiBUmKvKNpQMtDd8tqarYDr6FY=; b=S30koIeTIGERAWRcFmB5OsP/BvyPSX9jN43BGGexpcxTjX2KazC/oBdsVghSBFqvRV YS+qdvxNA3cQrA+k7MYy2twTtf6dcQDUbJcS9jVUCR+ltWGQDFi6BjIfUs371y3Zv4d0 GwStj2LT8QTtv+zMRLCdvUgMNI/557Fk7y8KV1eGedLz5IU7iA4sm5j+MfjpTW1DOi7h FjW3JHXq12aKjfNJvq94T8dJaY9yaENdH5pVZ5bhvZ9J2M8tX42N8x4JHmve3s5Kd6A7 ygs8RwzWcIM6ijxlz6/tRe+qINLcszP9JkqDElZWMpibxsohNo37wNwdt3/b/c22Pr+K PA2Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=8fLFqGz+wlycAO/nikiBUmKvKNpQMtDd8tqarYDr6FY=; b=tZ4SHqergc3ncbMX/D/0pIlpeSmA6e0mBNhlGCKTYFVjxfdAlr9rQ5WqLfqKb3yJUc Qd2yv7ng1botqn8mK/BRsNPNqiBRBE0oxXg3FTkST1sjVlyvHUo9EZ3o/pB7YxDk3Nvu 3cMKwgbj/JlevPPCDKxrrBhg1j7L5kuIsWG0rUI1uXf2ndnuuQrGYbpExjNwL7LC4FSW L5qMP0eA1FQCxcbv82u7Mfeg8AUyj7yAj9gVNKaybAtU7xT0Psyu5yu3Kl0mGY5fG82v IP3yATDSrOW344IPx7Ic95tgx4WtsxMNhdGCubvJks8R6Do2I8U8ySdXoBjgZEDPi2gB UrDQ==
X-Gm-Message-State: AElRT7GfLygWIUhSrIS+WPs9zrsqSl615UgNWpKe3VSPl3O2xSjxDMtO MRJ9FXWfjXoYqTLlt34xvqec4Slo
X-Google-Smtp-Source: AIpwx48l1wpV77veALpKBwMSns1LQ0MJLX+RRRV4UtPRNSQdkGUeFs4Q4pKLL3mbz/Fc4cQGg7KyUw==
X-Received: by 10.237.50.100 with SMTP id y91mr24712594qtd.146.1522018289760; Sun, 25 Mar 2018 15:51:29 -0700 (PDT)
Received: from ?IPv6:2601:152:4400:4013:c9a4:1a22:c8:4205? ([2601:152:4400:4013:c9a4:1a22:c8:4205]) by smtp.gmail.com with ESMTPSA id p54sm10947931qtj.29.2018.03.25.15.51.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 25 Mar 2018 15:51:28 -0700 (PDT)
To: Ólafur Guðmundsson <olafur@cloudflare.com>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
References: <DM__180322101642_54671022674@s.mopo-ip.com.cn> <8c50a895-2522-1e1d-3d22-18433519c522@nthpermutation.com> <CAN6NTqwqtTDKfH8T7RZL7fV9jYhndwf_+ZBDsJcmi0kMLQAbOw@mail.gmail.com>
From: Michael StJohns <msj@nthpermutation.com>
Message-ID: <5df2835c-bbf9-9e21-cc7f-f3c7e0b454e1@nthpermutation.com>
Date: Sun, 25 Mar 2018 18:51:29 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CAN6NTqwqtTDKfH8T7RZL7fV9jYhndwf_+ZBDsJcmi0kMLQAbOw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A16DBACA782F74AE364F8ADD"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TwwZSLPOyZX3EeCLgUSzWCcsdp4>
Subject: Re: [DNSOP] Phishing? was Fwd: nthpermutation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Mar 2018 22:51:34 -0000
On 3/25/2018 6:15 PM, Ólafur Guðmundsson wrote: > Mike, > > This is a domain extortion attempt, they want you to buy the domain at > inflated price > https://security.stackexchange.com/questions/56290/is-this-domain-registration-service-email-a-scam#56304 > > Olafur Thanks! I figured it had to be something like that.... Mike > > > On Sun, Mar 25, 2018 at 11:04 PM, Michael StJohns > <msj@nthpermutation.com <mailto:msj@nthpermutation.com>> wrote: > > Apologies for dumping this here, but I figured if anyone had a > clue they'd probably be on this list. Is anyone familiar with > mopo-io.com.cn <http://mopo-io.com.cn>? Is this a legitimate email > (or company)? If not, its one of the better phishing emails I've > seen. > > Thanks - Mike > > > > -------- Forwarded Message -------- > Subject: nthpermutation > Date: Thu, 22 Mar 2018 11:59:50 +0800 > From: Sharon Han <Han@mopo-ip.com.cn> <mailto:Han@mopo-ip.com.cn> > To: msj <msj@nthpermutation.com> <mailto:msj@nthpermutation.com> > > > > (Letter to the President or Brand Owner, thanks) > > Dear Sir/Madam, > > We are the department of Asian Domain Registration Service in > China. I have something to confirm with you. We formally received > an application on March 22, 2018 that a company which self-styled > "Gulf East Ltd " were applying to register "nthpermutation" as > their Brand Name and some domain names through our firm. > > Now we are handling this registration, and after our initial > checking, we found the name were similar to your company's, so we > need to check with you whether your company has authorized that > company to register these names. If you authorized this, we will > finish the registration at once. If you did not authorize, please > let us know within 5 workdays, so that we will handle this issue > better. After the deadline we will unconditionally finish the > registration for "Gulf East Ltd ". Looking forward to your prompt > reply. > > Best regards, > > Sharon Han > Tel: 0086.5516349 1192 > Fax: 0086.5516349 1192 > Address:No.313, Changjiang Zhonglu, Hefei 230000 China > > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org <mailto:DNSOP@ietf.org> > https://www.ietf.org/mailman/listinfo/dnsop > <https://www.ietf.org/mailman/listinfo/dnsop> > >
- [DNSOP] Phishing? was Fwd: nthpermutation Michael StJohns
- Re: [DNSOP] Phishing? was Fwd: nthpermutation Ólafur Guðmundsson
- Re: [DNSOP] Phishing? was Fwd: nthpermutation Michael StJohns