Sponsored by..

Showing posts with label Domains. Show all posts
Showing posts with label Domains. Show all posts

Wednesday 16 December 2015

Domain registration scan: cn-registry.net / "Huabao Ltd"

This type of Chinese domain registration scam has been around for years.

From:    Jim Gong [jim.gong@cnregistry.net]
Date:    15 December 2015 at 13:40
Subject:    "petroldirect"

Dear CEO,

(If you are not the person who is in charge of this, please forward this to your CEO, because this is urgent, Thanks)

We are a Network Service Company which is the domain name registration center in Shanghai, China.

We received an application from Huabao Ltd on December 14, 2015. They want to register " petroldirect " as their Internet Keyword and " petroldirect .cn "、" petroldirect .com.cn " 、" petroldirect .net.cn "、" petroldirect .org.cn " 、" petroldirect .asia " domain names etc.., they are in China and Asia domain names. But after checking it, we find " petroldirect " conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?

 
Best Regards,
  Jim
General Manager 
Shanghai Office (Head Office)
3008, Jiulong Building, No. 836 Nandan Road,
Shanghai, China
Tel: +86 216191 8696
Mobile: +86 1870199 4951
Fax: +86 216191 8697
Web: www.cn-registry.net
In fact, there is no Huabao Ltd - it's just a made-up name that the scammers use to try to persuade you into buying some overpriced and worthless domains. Nobody is interested in buying these domains, and no domain registrar would contact you before registration in any case as it is not the responsibility of registrar to do so*.

I certainly don't recommend forwarding this to your CEO, as many CEOs will not understand the scam and may fall for it. If you do forward it, make you that you point out that this is a scam.

This scam has been around for so long, that I even made a video about it..


These following domains are all variations of the same rogue Chinese registrar:

cnregistry.net
cn-registry.net
cnwebregistry.net
cn-registry.com
cnweb-registry.com
cnwebregistry.com
cnwebregistry.org
cnweb-registry.org
cnregistry.com.cn
cn-registry.org.cn
cnweb.org.cn
webregistry.org.cn


* except in specific and limited circumstances (e.g sunrise applications) that do not apply here.


Thursday 29 October 2015

Malware spam: "Domain [domain] Suspension Notice" / abuse@enom.com.org

There appear to be many versions of this spam, aimed at domain owners and apparently coming from the actual registrar of the domain. For added authenticity, the owner's name is included in the spam. Here is one example that I got.. it would have been very convincing, except that I had the heads up on this attack a couple of day ago.

From:    ENOM, INC. [abuse@enom.com.org]
Date:    30 October 2015 at 04:11
Subject:    Domain LAPTOP-MEMORY.COM Suspension Notice

Dear Sir/Madam,

The following domain names have been suspended for violation of the ENOM, INC. Abuse Policy:

Domain Name: LAPTOP-MEMORY.COM
Registrar: ENOM, INC.
Registrant Name: CONRAD LONGMORE

Multiple warnings were sent by ENOM, INC. Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us for additional information regarding this notification.

Sincerely,
ENOM, INC.
Spam and Abuse Department
Abuse Department Hotline: 480-406-7704
In this case, clicking on the link goes to edecisions.com/abuse_report.php?LAPTOP-MEMORY.COM and downloads a file LAPTOP-MEMORY.COM_copy_of_complaints.pdf.scr - it looks more authentic because the domain name is in the file download, but in fact you can specify any domain name and it gives a matching file.

Before we look at the analysis of the downloaded executable, let's look at the domain name edecisions.com. It looks like the sort of domain that might contain abuse reports, but in fact it is a hijacked GoDaddy domain hosted on 65.78.174.100 and a quick look at VirusTotal indicates that one of the other 4 sites on the same server was also compromised and was serving up malware in 2013. This is definitely a good candidate to block.

The downloaded file has a VirusTotal detection rate of 2/55. Automated analysis tools [1] [2] [3] indicate that whatever the hell this is, it tries to contact a LOT of other servers. We can see that the following domain names are accessed (mostly POST attempts):

0tv.co
abettertravelagent.com
agentclicktocall.com
airconditioning12601.com
all-inclusiveresortstravel.com
allgroupstravel.com
allreadytravel.com
ameliastyle.com
anabolicsteroidsrx.com
anunciamicasa.com
aprovechatudia.com
armangarzon.info
beachhouseplans.com
bigboattravel.com
biznal.com
bloccailmutuo.com
boilersandfurnaces.com
breakerhub.com
breathtakingsolutions.com
brindegenie.com
cameroonmarket.com
camirate.com
carltonchambers.co.uk
certifiedphytoceramides.com
chuckwhitlock.com
ciiapparelblog.com
circuitbreakerhub.com
colebar.com
cpasolutiononline.com
cruiseandtravel.agency
cruises-travelandmore.com
cruisetravelpros.com
cruisewithdawn.com
cruisingatdawn.com
cywellness.com
dallascircuitbreaker.co
dallascircuitbreaker.com
dallaselectricalsurplus.com
dallasreconditionedtransformers.com
dangerousgarciniacambogia.com
dawat-restaurant.com
designbrossard.com
designingartinstitute.com
designtravelagency.com
destinycruiseandtravel.com
enterrealtyny.com
superfunshoes.com
tarkshyainc.com

Note that almost everything is in the A-D range, which makes me suspect that this is only a fraction of the compromised domains. If we look at the IP addresses of those domains, then it gets even more interesting:

50.87.144.249 (Unified Layer, US)
50.87.151.145 (Unified Layer, US)
108.167.140.175 (WebSiteWelcome, US) [13 instances]
162.144.0.215 (Unified Layer, US)
162.144.12.115 (Unified Layer, US)
192.185.5.33 (WebSiteWelcome, US) [2 instances]
192.185.16.67 (WebSiteWelcome, US) [7 instances]
192.185.19.115 (WebSiteWelcome, US)
192.185.21.162 (WebSiteWelcome, US)
192.185.22.63 (WebSiteWelcome, US) [4 instances]
192.185.90.237 (WebSiteWelcome, US)
192.185.101.210 (WebSiteWelcome, US)
192.185.140.214 (WebSiteWelcome, US)
192.185.152.133 (WebSiteWelcome, US) [2 instances]
192.185.183.81 (WebSiteWelcome, US)
192.185.226.164 (WebSiteWelcome, US)
192.254.186.85 (WebSiteWelcome, US) [2 instances]
192.254.231.138 (WebSiteWelcome, US)
192.254.234.204 (WebSiteWelcome, US)
198.57.242.171 (Unified Layer, US) [4 instances]
198.57.244.38 (Unified Layer, US)
208.109.119.156 (GoDaddy, US)

A check of those WebSiteWelcome and Unified Layer IPs on VirusTotal (for example 192.185.226.164) indicates several compromised domains on the same server, indicating that the entire box has been popped.

It isn't clear what the payload is, but given the fact that it is aimed at domain owners and given the unusual characteristics of the malware, I can make a guess that it is some sort of password stealer, possibly harvesting domains or server admin credentials. If you are not using multi-factor authentication for your domains, then perhaps now would be a good time to choose to do so.

Recommended blocklist:
50.87.144.249
50.87.151.145
108.167.140.175
162.144.0.215
162.144.12.115
192.185.5.33
192.185.16.67
192.185.19.115
192.185.21.162
192.185.22.63
192.185.90.237
192.185.101.210
192.185.140.214
192.185.152.133
192.185.183.81
192.185.226.164
192.254.186.85
192.254.231.138
192.254.234.204
198.57.242.171
198.57.244.38
65.78.174.100

UPDATE:

The payload appears to be the Cryptowall ransomware.

Saturday 10 October 2015

Scam: "Jim Bing [jim.bing@cn-registry.cn]" / "Huayin Ltd"


This email is part of a long-running Chinese domain scam:
From:    Jim Bing [jim.bing@cn-registry.cn]
Date:    10 October 2015 at 13:52
Subject:    Re:"slimeware"





Dear CEO,
(If you are not the person who is in charge of this, please forward this to your CEO, because this is urgent, Thanks)

We are a Network Service Company which is the domain name registration center in Shanghai, China.

We received an application from Huayin Ltd on October 9, 2015. They want to register " slimeware " as their Internet Keyword and " slimeware .cn "、" slimeware .com.cn " 、" slimeware .net.cn "、" slimeware .org.cn " 、" slimeware .asia " domain names etc.., they are in China and Asia domain names. But after checking it, we find " slimeware " conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?


Best Regards,

Jim
General Manager 
Shanghai Office (Head Office)
3008, Jiulong Building, No. 836 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 1870199 4951
Fax: +86 216191 8697
Web: www.cn-registry.cn

Slimeware.com is an ancient site of mine that parodies adware companies. I doubt very much that anyone is trying to use this as a domain name for a legitimate business, and I couldn't care less if they did anyway. In fact, what is happening here is that the scammer "Jim Bing" (is he related to Terry Google?) is just trying to get you to panic and buy and overpriced and worthless domain name.

It's a pretty common scam, and I have explained the basics in the video below..


Wednesday 29 April 2015

cnwebregistry.cn / chinaygregistry.com scam and "Huayu Ltd"

This spam email is actually part of a long-running Chinese scam.

From:    Jim Bing [jim.bing@cnwebregistry.cn]
Date:    29 April 2015 at 14:27
Subject:    Re:"[redacted]"

Dear CEO,

(If you are not the person who is in charge of this, please forward this to your CEO, because this is urgent, Thanks)

We are a Network Service Company which is the domain name registration center in Shanghai, China.
We received an application from Huayu Ltd on April 27, 2015. They want to register " [redacted] " as their Internet Keyword and " [redacted] .cn "、" [redacted] .com.cn " 、" [redacted] .net.cn "、" [redacted] .org.cn " domain names etc.., they are in China domain names. But after checking it, we find " [redacted] " conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?

Best Regards,

Jim
General Manager
Shanghai Office (Head Office)
3008, Jiulong Building, No. 836 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 1870199 4951
Fax: +86 216191 8697
Web: www.cnwebregistry.cn
Whoever "Huayu Ltd" are is irrelevant, as they aren't actually interested in registering these domains, even if they exist. Instead, this is an attempt by a rogue Chinese domain registrar to get you to buy overpriced and worthless domains.

In this case the spam mentions the domain cnwebregistry.cn, but chinaygregistry.com is also on the same server and will be similarly fraudulent.

This video I made a while ago explains the scam in more detail:



Wednesday 15 April 2015

pdatamc.org / publicdmc.cn domain scam

This email message is actually a spam promoting a long-running scam where an unscrupulous party is attempting to sell overpriced and worthless domains to their intended victim.

From: Bruce Lo [mailto:bruce@publicdmc.cn]
Date: 14:59 Wednesday 15th April 2015
Subject: [victimdomain] Registration
Priority: High

To whom it may concern:

We are the Registrars accredited by China Internet Network Information Center. We have something to confirm with you. On April 7, 2015, we received an application in which a company by the name Presg Group applied to register " victimdomain " as their Brand Name and some Asia domain names through our firm.

Now we are handling this registration. After our initial checking, we found that the name are identical to your company's. We need to check with you whether your company has authorized that company to register these names. If you have authorized this, we will finish the registration at once. If not, please let us know within 7 workdays, in which case we will dicuss the matter more thoroughly. If not otherwise advised within that time limit we will proceed with the registration for Presg Group . We will be waiting for your reply. Have a nice day!

Best Regards

Bruce Lo
Registration Dept.
Phone: +86.55165184482
Fax:    +86.55165128724
Website:http://www.pdatamc.org/
Address: No. 789, XiYou Road, Zhengwu District, HeFei City, AnHui Province, China  
I've explained this particular scam so many times that I made a video explaining it..

Thursday 9 October 2014

chinaregistry.org.cn domain scam

This is an old scam that can safely be ignored.
From:     Henry Liu [henry.liu@chinaregistry.org.cn]
Date:     9 October 2014 07:53
Subject:     [redacted] domain and keyword in CN

(Please forward this to your CEO, because this is urgent. Thanks)

We are a Network Service Company which is the domain name registration center in Shanghai, China. On Oct 7, 2014, we received an application from Huaya Holdings Ltd requested "[redacted]" as their internet keyword and China (CN) domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it's necessary to send email to you and confirm whether this company is your distributor or business partner in China?Kind regards

Henry Liu 
General Manager 
China Registry (Headquarters)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai, China
Tel: +86 21 6191 8696
Mobile: +86 138 1642 8671
Fax: +86 21 6191 8697
Web:
www.chinaregistry.org.cn

Nobody is trying to register your domain name, this is simply a long-running scam aimed at getting you to spend too much money on something that you don't need. And I strongly recommend that you don't forward junk email like this to your CEO either.

I created a brief video explaining the scam that you can view below:

Sunday 28 September 2014

This is why I don't use Network Solutions

I recently acquired a domain name which ended up being registered at Network Solution, not my usual registrar.. so I then wanted to move that domain from NetSol to my main domain account. Now, do to this you need an authorisation code to transfer out.. which I duly requested.

So after a few days of waiting, I get the following email from Network Solutions.


Let's look more closely at that authorization code. Yeah, normally that's the sort of thing that you should never share.. but:

The authorisation code is frigging blank. This is meant to be an automated process.. how can it be blank? Or has someone intervened manually?

Oh wait, I didn't read this line in the email:
If you are planning to transfer your domain to another registrar, we would like to do whatever it takes to keep your business - please let us know how we can improve our service to you.
Presumably this a way of doing whatever it takes. I did even drill down into the HTML source to make sure it wasn't my mail client screwing up. It seems that I'm not the only person who has had problems transferring their domain out according to this story.

UPDATE 2014-10-03:  I raised a ticket which was acknowledged.. and then ignored completely. NetSol are breaking ICANN regulations by not providing the authorisation code in a timely manner.

UPDATE 2014-10-09:  After several support tickets and chasing through Twitter I finally got the transfer code.. after two weeks! This clearly breaches the specified five calendar days to do the job.

Just a (hopefully) final note. If you do find that a registrar is being deliberately obstructive about the transfer (or they transferred a domain without your permission) you can make a complaint to ICANN here.

Monday 14 July 2014

Scam: "CNnet Dispute Solutions Ltd" cn-network.com / cn-network.org

This email from a Chinese domain registrar styling itself as "CNnet Dispute Solutions Ltd" is a scam.

From:     james@cn-network.org
Date:     14 July 2014 11:12
Subject:     About Internet Trademark Issue: [redacted]


Dear Manager,

(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)

We are a organization specializing in trademark consulting and domain name registration services in China. We just received an application sent from "HaiTon Importing Co., Ltd" on 13/07/2014, requesting for applying the "[redacted]" as the Internet Brand and some Chinese domains such as .cn/.com.cn/.hk/.asia ect... for their business running. Though our preliminary review and verification, we found that this keyword is currently being used by your company and is applied as your domain name. In order to avoid any potential risks in terms of trademark dispute and impact on your market businesses in China and Asia in future, we need to confirm with you whether "HaiTon Importing Co., Ltd" is your own subsidiary or partner.

Will your businesses in China and Asia be impacted potentially if they apply for this trademark? And will you agree this company to apply for this trademark? Please contact us immediately within 10 working days, otherwise, you will be deemed as waived by default.

Please contact us in time in order that we can handle this issue better.


Best Regards,

James Tan

Auditing Department.

Registration Department Manager
4/F,No.9 XingHui West Street,

JinNiu ChenDu, China

Office: +86 2887662861

Fax: +86 2887783286

Web: http://www.cn-network.com



Please consider the environment before you print this e-mail.
Don't worry, this is a scam. There is no such company as "HaiTon Importing Co". Nobody is trying to register these worthless domains, there is really nothing to worry about. I've explained it all in this video.

They have a website at cn-network.com and are soliciting replies to cn-network.org. Registration details are as follows:

Registry Registrant ID:
Registrant Name: Wang XiaoGang
Registrant Organization: Cheng Du Chuang Ning Wang Luo Ke Ji You Xian Gong Si
Registrant Address: No. 69  JinFangYuanDong Road  ChengDuJinNiu District
Registrant City: ChengDuShi
Registrant Province/state: SC
Registrant Country: CN
Registrant Postal Code: 610000
Registrant Phone: +86.2887783286
Registrant Phone EXT: +86.2887783286
Registrant Fax: +86.2887783286
Registrant Fax EXT: +86.2887783286
Registrant Email: 253885777@qq.com
Registrant Email EXT: 253885777@qq.com
Registry Admin ID: 42771277


I can find the following domains that use the same contact details:

cn-nic.org
cn-network.org
cn-network.com
cn-network.net
cnnetcor.com
cnnetpro.com


This scam has been going around for years, and it is just being randomly spammed out and you should simply ignore it.

Video: Chinese Domain Scams


Monday 16 December 2013

Video: Chinese domain scams


yiyu-ipr.org domain scam

Yet another Chinese domain scam, this time trying to punt the "Tiger Direct" trademark (which I don't own!).

From:     lisa [lisa@yiyu-ipr.org]
Date:     16 December 2013 04:04
Subject:     International Trademark " tigerdirect"

(Please forward this to your CEO or President, because this is urgent. Thank you.)

Dear President & CEO,

We are an IPR registration service law office in China. On Dec.13, 2013, we received an application from "TD Investment Co., Ltd." wants to register the following Trademark and Domains:

Trademark:
tigerdirect

Domains:
 tigerdirect.com.hk
 tigerdirect.com.tw
 tigerdirect.hk
 tigerdirect.net.cn
 tigerdirect.org.cn
 tigerdirect.tw

Based on the registration procedure, we found that the name is the same as your company's name,and we must check these for you. If your company and this "TD Investment Co., Ltd." are the same company,there is no need to reply to us,We will accept their application and will register those for them soon. If your company has no relationships with that company nor authorized,please reply to us asap at latest within 7 workdays. But if we can't get any information from your side over 7 workdays,we will unconditionally approve the application submitted by "TD Investment Co., Ltd." Thanks for your cooperation.


Kind Regards,

Lisa Zeng

***************************************************
Lisa Zeng / Attorney
YIYU Chengdu Office(Head Office)
3/F,1st Building Citang Street No.8,
Qingyang District, ChengDu, China.
Tel: +86 28 8777 5008
Fax: +86 28 6246 5008
Web: http://www.yiyu-ipr.org
This e-mail contains information (including any attachments) intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient or the authorized employee or agent responsible for delivering it to the intended recipient, any dissemination, publication or copying of this e-mail is strictly prohibited and may be illegal. If you have received this communication in error, please notify the sender. Thank you for your cooperation.
P Please consider the environment before you print this e-mail.
This scam has been running for a long time. In reality registrars are in no way responsible for checking trademarks before registration, and my experience is that even after these dire warnings nobody actually registers the domains in any case.

I don't know if the WHOIS details for this domain are genuine, but there are:
Registrant ID:f0dda025f296d026
Registrant Name:David Tang
Registrant Organization:YIYU LAW OFFICE
Registrant Street1:chengdushi
Registrant Street2:
Registrant Street3:
Registrant City:chengdushi
Registrant State/Province:sichuan
Registrant Postal Code:100000
Registrant Country:CN
Registrant Phone:+86.2887775008
Registrant Phone Ext.:
Registrant FAX:+86.2862465008
Registrant FAX Ext.:
Registrant Email:296304138@qq.com


These other domains are all associated with the same outfit and you can probably assume that any similar pitch from them is a scam.

yiyu-ipr.org
yiyuinternational.com
yiyuit.org
yiyuiprlaw.com
yiyulaw.com
yiyullc.com
yy-ipr.org
yyipr.org
chadlaw.asia
chadlaw.org
chadlawoffice.org
chadiprlaw.org
marchiorousa.asia
wanbaojisige.com

Monday 9 September 2013

ygregistry.org domain scam

This Chinese domain scammers never give up, this scam has been seen several times before [1] [2] [3] [4].

From:     Jim Bing [jim.bing@ygregistry.org]
Date:     9 September 2013 14:32
Subject:     Regarding "[redacted]" Cn domain name and Internet Keyword

Dear Manager,

(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)

This email is from China domain name registration center, which mainly deal with the domain name registration and dispute internationally in China.
We received an application from Huaxiang Ltd on September 7, 2013. They want to register " [redacted] " as their Internet Keyword and " [redacted] .cn "、" [redacted] .com.cn " 、" [redacted] .net.cn "、" [redacted] .org.cn " domain names etc.., they are in China domain names. But after checking it, we find " [redacted] " conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?

Best Regards,

Jim
General Manager
Shanghai Office (Head Office)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 1870199 4951
Fax: +86 216191 8697
Web: www.ygregistry.org
The whole thing is a fraud. Nobody in China is trying to register your domain name, and in any case registrars are not responsible for checking. They are simply trying to make you panic and buy an overpriced domain that you do not need and will never use.

Monday 22 July 2013

ygregistryltd.net / "Huasheng Ltd" domain scam

This is the same scam as this, this and this. Avoid.

From:     Jim Wang [jim.wang@ygregistryltd.net]
Date:     22 July 2013 15:29
Subject:     Regarding Asia/Cn/Hk domain name & Internet Keyword

Dear Manager,

(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)

This email is from China domain name registration center, which mainly deal with the domain name registration in China and Asia. We received an application from Huasheng Ltd on July 22, 2013. They want to register " [redacted] " as their internet keyword and China/Asia/Hongkong (CN/ASIA/HK) domain names. But after checking it, we find this name conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?

Best Regards,

Jim
General Manager
Shanghai Office (Head Office)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 1870199 4951
Fax: +86 216191 8697
Web: www.ygregistryltd.net

Note, all these domains are on the same server and can be considered scammy:
ygregistryltd.com
yg-registry.cn
ygregistry.cn
ygregistryltd.net

Friday 12 July 2013

ygregistry.com.cn domain scam

This domain scam has been doing the rounds for years.

From:     Jim Wang [jim.wang@ygregistry.com.cn]
Date:     12 July 2013 15:44
Subject:     Regarding Asia/Cn/Hk domain name & Internet Keyword

Dear Manager,

(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)

This email is from China domain name registration center, which mainly deal with the domain name registration in China and Asia. We received an application from Huahong Ltd on July 8, 2013. They want to register " [redacted] " as their internet keyword and China/Asia/Hongkong (CN/ASIA/HK) domain names. But after checking it, we find this name conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?

Best Regards,

Jim
General Manager
Shanghai Office (Head Office)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86 216191 8696
Mobile: +86 1870199 4951
Fax: +86 216191 8697
Web: www.ygregistry.com.cn
Registrars are not responsible for checking if domains infringe on someone's trademark or trading name. If they were then it would make the system unworkable. What we have here are a bunch of Chinese scammers who are trying to panic you into registering an overpriced domain name that you don't need. Ignore it, or if you really are worried about brand protection then look for a trustworthy registrar that you've actually heard of.



Monday 22 October 2012

Scam: tsnetint.com and tsnetint.org

Another episode in a long-running domain scam, which attempts to get you to buy worthless domain names by scaremongering. In this case the fake company is called "Kenal investment Co. Ltd" (there are several legitimate firms with a similar name). If you get one of these, ignore it and don't give the scammers any money.

The domains quoted are tsnetint.com and tsnetint.org and the originating IP is 117.27.141.168, all hosted in deepest China.


From:     bertram bertram@tsnetint.com
Date:     22 October 2012 06:02
Subject:     Confirmation of Registration

(Letter to the President or Brand Owner, thanks)

Dear President,

We are the department of Asian Domain Registration Service in China. Here I have something to confirm with you. We formally received an application on October  19, 2012 that a company claimed Kenal investment Co. Ltd were applying to register "dynamoo" as their Net Brand and some domain names through our firm.

Now we are handling this registration, and after our initial checking, we found the name were similar to your company's, so we need to check with you whether your company has authorized that company to register these names. If you authorized this, we would finish the registration at once. If you did not authorize, please let us know within 7 workdays, so that we could handle this issue better. After the deadline we will unconditionally finish the registration for Kenal investment Co. Ltd. Looking forward to your prompt reply.

Best Regards,

Bertram  Hong

Registration Dept.

Office:Tel: 86 2885915586 || Fax: +86 2885912116
Address:9/F Libao building No,62 Kehua North Road,Wuhou District,Chengdu City,China
P Please consider the environment before you print this e-mail

Friday 3 August 2012

yg-network.org / Keyya Ltd domain scam

This is part of a domain scam that has been going on for years..

from:     Angela info@gytrademark.com
to:     sales@[redacted].com
date:     3 August 2012 03:21
subject:     Notice of Internet Intellectual Property



Dear Manager,

(If you are not the person who is in charge of this, please forward this to your CEO,Thanks)

This email is from China domain name registration center, which mainly deal with the domain name registration and dispute internationally in China and Asia.
On July 30th 2012, We received Keyya Ltd's application that they are registering the name "[redacted]" as their Internet Keyword and "[redacted].cn "、"[redacted].com.cn " 、"[redacted].asia "domain names etc.., they are China and ASIA domain names. But after auditing we found the brand name been used by your company. As the domain name registrar in China, it is our duty to notice you, so we are sending you this email to check. According to the principle in China, your company is the owner of the trademark, In our auditing time we can keep the domain names safe for you firstly, but our audit period is limited, if you object the third party application these domain names and need to protect the brand in china and Asia by yourself, please let the responsible officer contact us as soon as possible. Thank you!

Best Regards,

Angela Zhang



General Manager
Anhui Office (Head Office)
Registration Department Manager
Room 1008 Shenhui Building 
Haitian Road, Huli Anhui, China
Office:  +86 0553 4994789
Fax:     +86 0553 4994789
web:  www.yg-network.org

Basically the idea is to panic you into buying worthless domains from a dodgy Chinese registrar. Of course, there is no company actually trying to register these domains.. and even if there was there is no responsibility for the registrar to check trademark ownership (except in a tiny handful of cases such as sunrise registrations).

What's more.. I already own the .asia version of this domain name, so it is impossible that someone else is trying to register it.

So, this one is definitely a scam. Stay away.

Thursday 3 May 2012

tsnet-china.com / "Klver Industrial Co. Ltd" domain scam.

This domain scam has been around for years..

From:     jeff jeff@tsnet-china.com
To:   
Date:     3 May 2012 10:02
Subject:     Regarding " dynamoo " Dispute

(If you are not in charge of this please transfer this email to your President or appropriate person, thanks)

Dear President,

We are the department of Asian Domain registration service in china, have something to confirm with you. We formally received an application on May 2, 2012. One company which self-styled "Klver Industrial Co. Ltd" were applying to register "dynamoo" as Network Brand and following domain names:

 dynamoo.asia 
 dynamoo.cn 
 dynamoo.com.cn 
 dynamoo.com.tw 
 dynamoo.hk 
 dynamoo.in 
 dynamoo.net.cn 
 dynamoo.org.cn 
 dynamoo.tw

After our initial checking, we found the name were similar to your company's, so we need to check with you whether your company has authorized that company to register these names. If you authorized this, we will finish the registration at once. If you did not authorize, please let us know within 7 workdays, so that we will handle this issue better. Out of the time limit we will unconditionally finish the registration for "Klver Industrial Co. Ltd".

Best Regards,
                                   
Jeff  Yang
Registration Dept.

Tel: +862885915586  ||  Fax: +862885912116
Address:8/F XiYu building No,52 JinDun Road,QingYang District,Chengdu City,China.

The idea here is to panic the domain owner into registering a bunch of worthless domains. Do I really care if someone registers a bunch of Asian domain names (sub of which are on really crappy second level domains)? No, I don't. And neither should you.

Here's the thing: domain registrars for common domains* like this DO NOT carry out these checks. It isn't their responsibility. In reality, they will NOT contact you prior to registration. There is almost definitely no company interested in buying these domains. And remember, there are hundreds of top-level domains.. you could spend a LOT of money securing worthless variations for no reason.

Give this one a wide berth. If you really do want to find a registrar for additional domains, shop around to find a reliable and inexpensive registrar rather than dealing with spammers.

* some "sunrise" registrations for new top-level domains do check trademark ownership when they are launched.

Friday 22 April 2011

ygnetwork-ltd.com domain scam

This scam has been around for years - basically, you get an unsolicited email from a company claiming to be a domain registrar in China (it is usually China) that says that someone is trying to register a domain similar to one that you already own. The idea is that the recipient will panic and buy an overpriced and basically worthless domain from them.

If you are worried about domain poaching, then usually the best place to start is your own domain registrar or another well-known reliable vendor, rather than responding to this unsolicited approach.


From: John <john.chen@ygnetwork-ltd.com>
Date: 22 April 2011 06:26
Subject: Urgent notice of Intellectual Property protection

Dear Manager:

This email is from China domain name registration center, which mainly deal with the domain name registration and dispute internationally in China and Asia.
On April 21st 2011. We received HAITONG  company's application, they want to register " dynamoo" as its Internet keyword and CN/Asia domain names. It is china and Asia domain names. But after checking we find this domain name conflict with your company, in order to deal with this matter better, so we send you email, and want to confirm whether this company is your distributor or business partner in China?

I'm looking forward to hearing from you!

Best Regards,

John
Oversea marketing manager
Office: +86(0)21 6191 8696
Mobile: +86 1366152 9704
Fax: +86(0)21 6191 8697
web: www.ygnetwork-ltd.com

Friday 30 July 2010

"Toyton Ltd" / todayisp.com / dboxs.org scam

We've seen this scam before, an alleged Chinese registrar claims that someone is buying a domain name similar to the one that you want in an attempt to scare you into buying overpriced domains that you do not need.

From: owen@dboxs.org
To: help@[domain name redacted]
Date: 30 July 2010 06:16
subject: [domain name redacted]

Dear [domain name redacted] team,

Our organization received a formal application from a company who is called Toyton Ltd are applying to register "[domain name redacted]" as their domain name and Internet keyword. In order to prevent cyber piracy,Please explain:

1: Whether this company is your IT supplier or distributor.

2: Whether you are interested in registering these domains first to preservation your company’s brand. (.cn .com.cn .net .asia .eu and keyword etc…)

We are now obligated to inform you this issue ,So we will handle the next step after this audit procedure. Pls understand.

Best regards       
Owen
Mww Group
Internet: www.todayisp.com
Internet: www.dboxs.org 
Email: Owen@dboxs.org

Confidentiality Statement:
The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not an intended recipient, any disclosure, copying, distribution, or other action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you have received this message in error please be advised of your obligation to immediately notify sender of the error in transmission, and to destroy all associated documentation.

I always love confidentiality statements on spam!

Both domains are Chinese registered and are hosted in Hong Kong. The email comes from a Chinese IP address.

Registrars are not responsible for checking trademarks. If they were then domains registration would take days and cost a fortune.This is simply an attempt to rip you off.

Wednesday 23 September 2009

max-apprais.com and top-name.net scam

max-apprais.com and top-name.net appear to be two fake domain appraisal companies being "recommended" to domain owners as part of a long-running scam which we have touched on many times before.

max-apprais.com was created on 12th September to an anonymous registrant, hosted on 202.157.181.9 at Katz Global Singapore. It's a copy of max-appraisal.com which is hosted on 124.217.231.209 at well-known black hat hosts YoHost.org.

top-name.net is a very familiar template hosted on 66.7.196.186 (Hostdime, Florida) also to an anonymous registrant (although it appears to be a Canadian resident behind all of this spam).


sedo.com are a well-known and wholly legitimate company and are nothing do to with the spam or scam.

The "pitch" email looks like this:

From: "Domain Trade LLC"
Date: Wed, September 23, 2009 4:26 am

Dear sir,
we are interested to purchase your domain [redacted] and offer between 50% and 65% of the appraised value.
We accept appraisals from companies such as

http://www.sedo.com/
http://top-name.net/
http://max-apprais.com/


If you already have an appraisal please forward it to us.

Please let us know whether you are interested. Upon review of your valuation and in case of an agreement we send payments via PayPal for amounts less than $2,000 and via Escrow.com for amounts above $2,000, as well as further instructions on how to complete the transfer of the domain name.

We appreciate your business,

Domain Trade LLC
Originating IP for the spam is 74.55.131.10

Of course, once they have taken your money for the appraisal, then you will never hear from them again.

If you have been conned by these scammers then start a PayPal dispute to get your money back. We understand that Sedo may offer a refund in any case as they are well aware of this scam. You might also want to file a complaint with the police, especially if you live in Canada where the perp appears to be based.

Friday 4 September 2009

Macez.com domain scam

Yet another fake domain appraisal scam following on from this one, macez.com has actually been registered for a while but only came into use in September. If you receive an email recommending this appraisal site, delete it. If you have paid for a fake appraisal with PayPal, then you should open up a dispute about the transaction.