Threat Level: green Handler on Duty: Russ McRee

SANS ISC: GoDaddy Scam/Phish/Spam - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
GoDaddy Scam/Phish/Spam

A number of readers (and myself included) have received an email claiming to be from GoDaddy. The email is grammatically correct,  and appears quite genuine. The subject is "GoDaddy.com Order Confirmation" and interestingly the images within the HTML are pulled from imagesak.godaddy.com, excepting one which came from "hxxp://img.securepaynet.net/bbimage.aspx?pl=somecodeandmyemailaddress".  The links in the emails I have seen point to "hxxp://dextersss-com-ua.1gb.ua/zzx.htm" among others. The phishing site and IP address and domain registration are in the Ukraine.

Thanks to Christopher and Dwight!

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.

Adrien de Beaupre

353 Posts
ISC Handler
I have seen similar spam, also claiming to be order confirmations and purporting to be from various e-commerce sites. The emails are loaded with an HTML part that contains obfuscated JavaScript that takes the victim to one of a few domains and the same /zzx.htm file. The URLs I have seen appear to have already been cleaned up, so I do not know what zzx.htm contained.
Anonymous
Yesterday I got two phishing spams claiming to be Paypal satisfaction surveys. They both came through wanadoo.fr's SMTP servers, and pointed to a link on mx01.hospitalnovo.com.br. When I tried to follow the link, Safari warned that it was a suspected fraudulent site, and I didn't go further.
Barmar

8 Posts
I have now seen two such attempts sent to my work address, one claiming to be from go-daddy and the other saying buy.com. The buy.com one was going to a url at sonda.co.kr but the style of the two are very similar.
BGC

23 Posts

Sign Up for Free or Log In to start participating in the conversation!