[DNSOP] Phishing? was Fwd: nthpermutation

Michael StJohns <msj@nthpermutation.com> Sun, 25 March 2018 22:04 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49F4D126D85 for <dnsop@ietfa.amsl.com>; Sun, 25 Mar 2018 15:04:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.075
X-Spam-Level:
X-Spam-Status: No, score=0.075 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DEAR_SOMETHING=1.973, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IaBUR4GHmS1s for <dnsop@ietfa.amsl.com>; Sun, 25 Mar 2018 15:04:58 -0700 (PDT)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF6F1126C25 for <dnsop@ietf.org>; Sun, 25 Mar 2018 15:04:57 -0700 (PDT)
Received: by mail-qt0-x229.google.com with SMTP id i8so17780814qtj.0 for <dnsop@ietf.org>; Sun, 25 Mar 2018 15:04:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to:content-language; bh=SIw19vqFTEJUrlrwtN1SSC+RApBmHTICiGpJjLx5qi4=; b=m2C7QjPsGAXEc7mrQyTUJMJyEednm75s9NzWd82DD5tq5O5ozYqiFiOME2tXCBfEYG cyjOEhsnRs3xAnEPFxznRoc5JDSL8zPjfj60Ind1h1WseGi50skRuugkICM0wYRMjRyd /Zs01jYKaExvLFrlYTcMV85P1JP3nZv2mgSxjPhH2EDCkgX5/ODHC1sNLd/VBZxZetRe EG58TdBU94XfIxRZGwUW/fvcMaUn/gi1XIMrheFRGrUIsqhti1wk26bloVtB4WHnU8uP wTUAbTjB5lN5Z+funChoqRn9oWRk3lOuRZRoyVKgQZuDhsERCiE4CdTim8MsHz3xJBA5 e5IQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=SIw19vqFTEJUrlrwtN1SSC+RApBmHTICiGpJjLx5qi4=; b=F3sDXb7u4opb3ppXh6AUgkPf0vDd9mlQZOP8wMWL1+Q2LHFgIjxD2VFLovqFVVhI1E r3kaL0+8CHUOpNEUEu3WHths3vbcvDxzSG8kXntESFBvdGd4PCyy0O1ZEQamc7fu4yKh 2LIV19KiITg5Pm+3I3ZEX3hs1BFeTWPmPI8yKhoZYWQ0qvv2DII6cDvx6lRjJ1mbNE84 bxMVQDJ8AoT2rFqBtnNc9z3gMrnFphNlBtmJ8wizoD50iBQgRV7P8KJo0tIiMvN0cDOI pP/uFSKoezPe7vI8gLqVGYulSuN7POci9lFsG2GnRZ1AneRzbJAKAvJJmQh8ZrfbL8/Z z9HA==
X-Gm-Message-State: AElRT7Hq2f3mewhdQ6t/9U+bD4ahd1IcfXjbenlAsQ2kQTo8oY1bSUbf bCkjvRMdPUzlOxeQypEX4kLSxwTX
X-Google-Smtp-Source: AG47ELsJiPmpHNixzTBIA4cmKM1EzsNdyM73Z8C0d8qQCptaPLpCK4ewoj5T92hOQQpV7O/JOotINg==
X-Received: by 10.200.3.220 with SMTP id z28mr52892346qtg.119.1522015496622; Sun, 25 Mar 2018 15:04:56 -0700 (PDT)
Received: from ?IPv6:2601:152:4400:4013:c9a4:1a22:c8:4205? ([2601:152:4400:4013:c9a4:1a22:c8:4205]) by smtp.gmail.com with ESMTPSA id n7sm10637491qtl.22.2018.03.25.15.04.55 for <dnsop@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 25 Mar 2018 15:04:55 -0700 (PDT)
References: <DM__180322101642_54671022674@s.mopo-ip.com.cn>
To: "dnsop@ietf.org" <dnsop@ietf.org>
From: Michael StJohns <msj@nthpermutation.com>
X-Forwarded-Message-Id: <DM__180322101642_54671022674@s.mopo-ip.com.cn>
Message-ID: <8c50a895-2522-1e1d-3d22-18433519c522@nthpermutation.com>
Date: Sun, 25 Mar 2018 18:04:56 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <DM__180322101642_54671022674@s.mopo-ip.com.cn>
Content-Type: multipart/alternative; boundary="------------8412627D2FE9021BB6888469"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/w_Zxd5Ezr7Hdh59MQsM7EKGM1C4>
Subject: [DNSOP] Phishing? was Fwd: nthpermutation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Mar 2018 22:04:59 -0000

Apologies for dumping this here, but I figured if anyone had a clue 
they'd probably be on this list. Is anyone familiar with 
mopo-io.com.cn?   Is this a legitimate email (or company)?  If not, its 
one of the better phishing emails I've seen.

Thanks - Mike



-------- Forwarded Message --------
Subject: 	nthpermutation
Date: 	Thu, 22 Mar 2018 11:59:50 +0800
From: 	Sharon Han <Han@mopo-ip.com.cn>
To: 	msj <msj@nthpermutation.com>



Mail

(Letter to the President or Brand Owner, thanks)

Dear Sir/Madam,

We are the department of Asian Domain Registration Service in China. I 
have something to confirm with you. We formally received an application 
on March 22, 2018 that a company which self-styled "Gulf East Ltd " were 
applying to register "nthpermutation" as their Brand Name and some 
domain names through our firm.

Now we are handling this registration, and after our initial checking, 
we found the name were similar to your company's, so we need to check 
with you whether your company has authorized that company to register 
these names. If you authorized this, we will finish the registration at 
once. If you did not authorize, please let us know within 5 workdays, so 
that we will handle this issue better. After the deadline we will 
unconditionally finish the registration for "Gulf East Ltd ". Looking 
forward to your prompt reply.

Best regards,

Sharon Han
Tel: 0086.5516349 1192
Fax: 0086.5516349 1192
Address:No.313, Changjiang Zhonglu, Hefei 230000 China