GoDaddy Scam/Phish/Spam

Published: 2010-06-21
Last Updated: 2011-02-08 23:45:29 UTC
by Adrien de Beaupre (Version: 1)
3 comment(s)

A number of readers (and myself included) have received an email claiming to be from GoDaddy. The email is grammatically correct,  and appears quite genuine. The subject is " Order Confirmation" and interestingly the images within the HTML are pulled from, excepting one which came from "hxxp://".  The links in the emails I have seen point to "hxxp://" among others. The phishing site and IP address and domain registration are in the Ukraine.

Thanks to Christopher and Dwight!

Adrien de Beaupré Inc.

3 comment(s)


I have seen similar spam, also claiming to be order confirmations and purporting to be from various e-commerce sites. The emails are loaded with an HTML part that contains obfuscated JavaScript that takes the victim to one of a few domains and the same /zzx.htm file. The URLs I have seen appear to have already been cleaned up, so I do not know what zzx.htm contained.
Yesterday I got two phishing spams claiming to be Paypal satisfaction surveys. They both came through's SMTP servers, and pointed to a link on When I tried to follow the link, Safari warned that it was a suspected fraudulent site, and I didn't go further.
I have now seen two such attempts sent to my work address, one claiming to be from go-daddy and the other saying The one was going to a url at but the style of the two are very similar.

Diary Archives