Re: [DNSOP] Phishing? was Fwd: nthpermutation
Ólafur Guðmundsson <olafur@cloudflare.com> Sun, 25 March 2018 22:15 UTC
Return-Path: <olafur@cloudflare.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1832124207 for <dnsop@ietfa.amsl.com>; Sun, 25 Mar 2018 15:15:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.026
X-Spam-Level:
X-Spam-Status: No, score=-0.026 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id axc0Zr-7aE_B for <dnsop@ietfa.amsl.com>; Sun, 25 Mar 2018 15:15:36 -0700 (PDT)
Received: from mail-wr0-x236.google.com (mail-wr0-x236.google.com [IPv6:2a00:1450:400c:c0c::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86A1D120726 for <dnsop@ietf.org>; Sun, 25 Mar 2018 15:15:36 -0700 (PDT)
Received: by mail-wr0-x236.google.com with SMTP id c24so17001907wrc.6 for <dnsop@ietf.org>; Sun, 25 Mar 2018 15:15:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=i02NOXDrEDo+qkoUb8L2Tge+AmwJFkUA5RE0H3Y/3yQ=; b=dRCq9P2vvvDgAzjiNj5bhqwBbaMG9PWqI5+6DT7a1kQjSC1F5sdyX1F2kTkyTvcCSk OdK636soyKGZbyaobxH4t0J/s1/CHjQB/UecW0ro7r3RmX7P38FMqvmcHWqgrxkVOHuF zAd/XXorFDCq5mMQ43VQZqPPEydRvsLuz1LRg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=i02NOXDrEDo+qkoUb8L2Tge+AmwJFkUA5RE0H3Y/3yQ=; b=Ezht+5M96dfP9OjOAHlzjx9GtkjAtdbaDDBMBEH2Sxkc8zaSn4FL3B8ZDXe8soHDnh r79sd71Z0Az+EUsbH2dgFul2y3g4outUIt7/XqNxq6l5r4KZi84t8PfKgKCgwNlCozBf H5LRuIAMcRSXzL3fIq5h0RjPfiKp0jG6171zsv411hEWNRKfcmpfzEyQqw5Su8wV6ito Sd5rHObRTNmIzozQEQZEMJAFl5jb4Cduala7GHAR9A7zhriUMJEND21merZ7puFnM9zz cXUiEEkZOQQXaoTOX/R3QyAD/SPccJDxHhzASIJVTc71WhmMV6PL9alh7RGJWQLwXjQV q9ig==
X-Gm-Message-State: AElRT7HsJEJjs3nO4hRDwwt989PtlhVJbuPcVdjARd/tJE2vYSILpyRI bBreyCdAWt1mBU5z0beLs8Y8raiGzvw/fgEfjDFSUJ3/Kik=
X-Google-Smtp-Source: AG47ELsSJ1sq3wfAJXtxOlLVMrOqjb9XFmHldWQrX13Oo6K6x91HEGdDsqWpIY2H/ER2ws4btrHb7wUUS3kGaSO3VuI=
X-Received: by 10.223.134.4 with SMTP id 4mr21605542wrv.230.1522016134944; Sun, 25 Mar 2018 15:15:34 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.169.41 with HTTP; Sun, 25 Mar 2018 15:15:34 -0700 (PDT)
In-Reply-To: <8c50a895-2522-1e1d-3d22-18433519c522@nthpermutation.com>
References: <DM__180322101642_54671022674@s.mopo-ip.com.cn> <8c50a895-2522-1e1d-3d22-18433519c522@nthpermutation.com>
From: Ólafur Guðmundsson <olafur@cloudflare.com>
Date: Sun, 25 Mar 2018 23:15:34 +0100
Message-ID: <CAN6NTqwqtTDKfH8T7RZL7fV9jYhndwf_+ZBDsJcmi0kMLQAbOw@mail.gmail.com>
To: Michael StJohns <msj@nthpermutation.com>
Cc: "dnsop@ietf.org" <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="001a1147d44c10dea3056843ffc1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/t2OrqyDcbPAtgDVtVzOs7iRRk10>
Subject: Re: [DNSOP] Phishing? was Fwd: nthpermutation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Mar 2018 22:15:39 -0000
Mike, This is a domain extortion attempt, they want you to buy the domain at inflated price https://security.stackexchange.com/questions/56290/is-this-domain-registration-service-email-a-scam#56304 Olafur On Sun, Mar 25, 2018 at 11:04 PM, Michael StJohns <msj@nthpermutation.com> wrote: > Apologies for dumping this here, but I figured if anyone had a clue they'd > probably be on this list. Is anyone familiar with mopo-io.com.cn? Is > this a legitimate email (or company)? If not, its one of the better > phishing emails I've seen. > > Thanks - Mike > > > -------- Forwarded Message -------- > Subject: nthpermutation > Date: Thu, 22 Mar 2018 11:59:50 +0800 > From: Sharon Han <Han@mopo-ip.com.cn> <Han@mopo-ip.com.cn> > To: msj <msj@nthpermutation.com> <msj@nthpermutation.com> > > (Letter to the President or Brand Owner, thanks) > > Dear Sir/Madam, > > We are the department of Asian Domain Registration Service in China. I > have something to confirm with you. We formally received an application on > March 22, 2018 that a company which self-styled "Gulf East Ltd " were > applying to register "nthpermutation" as their Brand Name and some domain > names through our firm. > > Now we are handling this registration, and after our initial checking, we > found the name were similar to your company's, so we need to check with you > whether your company has authorized that company to register these names. > If you authorized this, we will finish the registration at once. If you did > not authorize, please let us know within 5 workdays, so that we will handle > this issue better. After the deadline we will unconditionally finish the > registration for "Gulf East Ltd ". Looking forward to your prompt reply. > > > > Best regards, > > Sharon Han > Tel: 0086.5516349 1192 > Fax: 0086.5516349 1192 > Address:No.313, Changjiang Zhonglu, Hefei 230000 China > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop > >
- [DNSOP] Phishing? was Fwd: nthpermutation Michael StJohns
- Re: [DNSOP] Phishing? was Fwd: nthpermutation Ólafur Guðmundsson
- Re: [DNSOP] Phishing? was Fwd: nthpermutation Michael StJohns