Table of contents
- First Email
- Initial Cyber Security Analysis
- My Response to the First Email
- Second Email
- My Response to the Second Email
- Third Email
- Detailed Cyber Security Analysis
- Google Search
On 16th January 2001, I received the following email via The Clear Evidence Contact Form:
From: Davis Wang <[email protected]>
Sent: Saturday, January 16, 2021 9:07 AM
To: The Clear Evidence
(Please forward this to your CEO, because this is urgent. Thanks!)
We are a Network Service Company which is the domain name registration center in Shanghai, China. On January 11, 2021, we received an application from Shanghong Holdings Ltd requested “theclearevidence” as their internet keyword and China (CN) domain names( theclearevidence.cn/ theclearevidence.com.cn/ theclearevidence.net.cn/ theclearevidence.org.cn).After checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, we send email to you and confirm whether your company have relations with this Chinese company or not?
Mr.Davis Wang | Services & Operating Manager
TLDsCHINA | Headquarters | http://www [.] tldschina [.] com
8008, Tianan Building, No. 1399 Jinqiao Road, Shanghai 200120, China
T: 0086-134-8281-9147 | Tel: 0086-21-6191-8696 | Fax: 0086-21-6191-8697
This email contains privileged and confidential information intended for the addressee only. If you are not the intended recipient, please destroy this email and inform the sender immediately. We appreciate you respecting the confidentiality of this information by not disclosing or using the information in this email.
This message has been scanned for viruses and dangerous content, and is believed to be clean.
Initial Cyber Security Analysis
I was obviously suspicious of this email thus I checked the following:
Domain Name Request
The name “theclearevidence” is not something a chinese company or business would need.
The URL of this chinese domain registrar (http://tldschina.com/) did not have an SSL certificate.
I searched for “Shanghong Holdings Ltd” but couldn’t find it on google but it’s a Chinese company thus maybe it’s listed on Baidu or some other Chinese search engine.
I searched for Davis Wang on LinkedIn, there were many search results but I couldn’t find him.
The email content looked fine but I was not aware of the term “registration of interent keyword”.
My Response to the First Email
After doing this brief security analysis, I replied the email:
From: The Clear Evidence
Date: 2021-01-22 21:53
To: ‘Davis Wang’
Subject: RE: theclearevidence
Thanks for your msg. We do not have any relations with the mentioned company in China.
The Clear Evidence
On 25th January 2001, I received the following email:
From: Karla Ouyang <[email protected]>
Sent: Monday, January 25, 2021 3:45 PM
To: The Clear Evidence
To whom it concerns,
We will register the China domain names “theclearevidence.cn”
“theclearevidence.com.cn” “theclearevidence.net.cn” “theclearevidence.org.cn” and internet keyword “theclearevidence” and have submitted our application. We are waiting for Mr.Davis Wang approval and think these CN domains and internet keyword are very important for our business. Even though Mr.Davis Wang advises us to change another name, we will persist in this name.
My Response to the Second Email
The email is from a Gmail address. I couldn’t find “Karla Ouyang” on LinkedIn. The English used in the email doesn’t seem to be from a local Chinese company and there was again an emphasis on the term “internet keyword”. I did not reply to this email.
On 27th January 2001, I received the following email:
##- Please feedback your further request, we are trying to close this case. Thanks.-##
We have already advised them to choose another name, but they insist on this name as China domain names ( theclearevidence.cn/ theclearevidence.com.cn/ theclearevidence.net.cn/ theclearevidence.org.cn) and internet keyword. In our opinion, maybe they do the similar business as your company then register it to promote his company.
As is known to all, domain name registration based on the international
principle is opened to company and individual. Any company or individual have the right to register any domain name and internet keyword which are unregistered. Your company haven’t registered this name as China domains and internet keyword, so anyone is able to obtain them by registration. But in order to avoid this conflict, the trademark or original name owner have priority to register China domain name and internet keyword during our review period. If your company is the original owner of this name and wants to register these China domain names ( theclearevidence.cn/ theclearevidence.com.cn/
theclearevidence.net.cn/ theclearevidence.org.cn) and internet keyword to prevent anybody from using them, we can send you an application form with price list to help your company register these China domains and internet keyword during our review period.
Detailed Cyber Security Analysis
Now the word “price” has been used, means money is involved, thus this requires a detailed cyber security analysis:
Emails Content Analysis
There are formating, grammatical and logical mistakes in the email, like:
- “domain names( theclearevidence.cn” – misplaced space
- “theclearevidence.org.cn).After checking” – space missing
- “Mr.Davis Wang” – No one refers to himself as “Mr.” in his email signature
- “http://www [.] tldschina [.] com” – Companies make it easy for the users (potential customers) to reach their website, they do not try to hide it from the search engines and email scanning software.
- “8008, Tianan Building, No. 1399 Jinqiao Road, Shanghai 200120, China” – Not available on Google Maps
- “This message has been scanned for viruses and dangerous content, and is believed to be clean. https://www.avg.com” – Big companies do not use the free version of AVG Antivirus to scan their emails.
- “To whom it concerns” – “may” is missing
- “we will persist in this name” – it should be “with” instead of “in”
- “promote his company” – it should be “their”
- Other grammatical mistakes…
Domain Name Registrar Website Analysis
- As stated previously, http://tldschina.com/ is missing SSL certificate.
- Outdated design of the website.
- Being a Chinese domain name registrar, the website should open by default in the chinese language, but it opens in the english language.
- Link to Chinese version of the website doesn’t work thus the people who developed this website and sent above emails are not chinese.
- The website is hosted in USA thus it cannot be a chinese company.
- There is no option to signup for an account.
- “Submit a ticket” and “Sign In” pages have the same form.
- “Shopping Cart” link keeps on loading.
- Some of the images used on the website have western people instead of Chinese people.
- The minimum time period for domain registration is 10 years, whereas normally it’s 1 month to 1 year.
- Very expensive email and hosting solutions thus no current market know-how.
- As per their website, their servers are based in Hong Kong, which also doesn’t seem likely if it’s a Chinese company.
- None of the social media links given on the website works.
- URL slugs are very unprofessional, seems to be developed by a student.
- The content of the website has been copied from other valid domain name registrars in China.
- Similar Websites:
This is a Phising Attack and its not from China.
Search Term: “TLDsCHINA“
- Spam Scam Watch: Domain scam spammers continue
- Scam to register asian domain names
- Scam Alert: Beware Of Chinese Domain Emails | Bruceb Consulting
- Domain Name Registration Spam – Scam
- 188.8.131.52 | Psychz Networks | AbuseIPDB
Search Term: “8008, Tianan Building, No. 1399 Jinqiao Road, Shanghai 200120, China”
- Confirm: About freebsd Registration
- Domain registration scam in China | Joe Wein’s blog
- Parasites Domain blackmailing – an extreme shame for the Peoples Republic of China
- YGCHINA – China Top Level Domain Registrar
- Re: Confirm: About freebsd Registration
- [FreeBSD-users-jp 96652] freebsd
- No 1399 Jinqiao Road
- WHO?::?? WHO THISE? NOW? WHATS GING ON?
Search Term: “0086-21-6191-8696”
- Scam ?? | The Combine Forum
- “www.asianetwork.net” – it is a Fake CN and ASIA Domain Name Registration Website
- Spam e-mail? | Bugs | Pinside.com
- Confirm: About consumerblitz Registration | Consumer Blitz
- COLEMAN KESTIN & SMITH: China’s Internet Domain Services “Hijacks” US Company Names to Force them to sign with .CN
- freebsd-ports – Confirm: About freebsd Registration
- Betrug mit meinem guten Namen: Domain-Registrierung in China? – Henning Uhle
Search Term: “0086-21-6191-8697”
Search Term: “internet keyword”
- Is $140 a Reasonable Price for Buying an “Internet Keyword?” (Don’t Fall For This Scam!) | by Irina Tsumarava — Digital Consulting | Medium
- Internet keyword scam – WebCoast Web Development Sunshine Coast
- “Internet Keywords” – What is it and How do you get one? – Webmaster General forum at WebmasterWorld – By Pubcon
- They want to take my Internet Keyword | Annoying stuff I figured out (or am trying to)
- Did you get the Scam email? | BusinessBlogs Hub
- The Chinese ‘Internet Keyword Scam’ – OxGadgets
It seems this scam / fruad has been happening since 2006. It indicates that they must be earning good money.