Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: GoDaddy Scam/Phish/Spam - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
GoDaddy Scam/Phish/Spam

A number of readers (and myself included) have received an email claiming to be from GoDaddy. The email is grammatically correct,  and appears quite genuine. The subject is " Order Confirmation" and interestingly the images within the HTML are pulled from, excepting one which came from "hxxp://".  The links in the emails I have seen point to "hxxp://" among others. The phishing site and IP address and domain registration are in the Ukraine.

Thanks to Christopher and Dwight!

Adrien de Beaupré Inc.

Adrien de Beaupre

353 Posts
ISC Handler
Jun 21st 2010
I have seen similar spam, also claiming to be order confirmations and purporting to be from various e-commerce sites. The emails are loaded with an HTML part that contains obfuscated JavaScript that takes the victim to one of a few domains and the same /zzx.htm file. The URLs I have seen appear to have already been cleaned up, so I do not know what zzx.htm contained.
Yesterday I got two phishing spams claiming to be Paypal satisfaction surveys. They both came through's SMTP servers, and pointed to a link on When I tried to follow the link, Safari warned that it was a suspected fraudulent site, and I didn't go further.

8 Posts
I have now seen two such attempts sent to my work address, one claiming to be from go-daddy and the other saying The one was going to a url at but the style of the two are very similar.

23 Posts

Sign Up for Free or Log In to start participating in the conversation!