|
A number of readers (and myself included) have received an email claiming to be from GoDaddy. The email is grammatically correct, and appears quite genuine. The subject is "GoDaddy.com Order Confirmation" and interestingly the images within the HTML are pulled from imagesak.godaddy.com, excepting one which came from "hxxp://img.securepaynet.net/bbimage.aspx?pl=somecodeandmyemailaddress". The links in the emails I have seen point to "hxxp://dextersss-com-ua.1gb.ua/zzx.htm" among others. The phishing site and IP address and domain registration are in the Ukraine. Thanks to Christopher and Dwight! Cheers, |
Adrien de Beaupre 353 Posts ISC Handler Jun 21st 2010 |
| Thread locked Subscribe |
Jun 21st 2010 1 decade ago |
|
I have seen similar spam, also claiming to be order confirmations and purporting to be from various e-commerce sites. The emails are loaded with an HTML part that contains obfuscated JavaScript that takes the victim to one of a few domains and the same /zzx.htm file. The URLs I have seen appear to have already been cleaned up, so I do not know what zzx.htm contained.
|
Anonymous |
| Quote |
Jun 22nd 2010 1 decade ago |
|
Yesterday I got two phishing spams claiming to be Paypal satisfaction surveys. They both came through wanadoo.fr's SMTP servers, and pointed to a link on mx01.hospitalnovo.com.br. When I tried to follow the link, Safari warned that it was a suspected fraudulent site, and I didn't go further.
|
Barmar 8 Posts |
| Quote |
Jun 22nd 2010 1 decade ago |
|
I have now seen two such attempts sent to my work address, one claiming to be from go-daddy and the other saying buy.com. The buy.com one was going to a url at sonda.co.kr but the style of the two are very similar.
|
BGC 23 Posts |
| Quote |
Jun 24th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
