Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
GoDaddy Scam/Phish/Spam

A number of readers (and myself included) have received an email claiming to be from GoDaddy. The email is grammatically correct,  and appears quite genuine. The subject is " Order Confirmation" and interestingly the images within the HTML are pulled from, excepting one which came from "hxxp://".  The links in the emails I have seen point to "hxxp://" among others. The phishing site and IP address and domain registration are in the Ukraine.

Thanks to Christopher and Dwight!

Adrien de Beaupré Inc.

I will be teaching next: Enterprise and Cloud | Threat and Vulnerability Assessment - SANS Secure Japan 2022

Adrien de Beaupre

353 Posts
ISC Handler
Jun 21st 2010
I have seen similar spam, also claiming to be order confirmations and purporting to be from various e-commerce sites. The emails are loaded with an HTML part that contains obfuscated JavaScript that takes the victim to one of a few domains and the same /zzx.htm file. The URLs I have seen appear to have already been cleaned up, so I do not know what zzx.htm contained.
Yesterday I got two phishing spams claiming to be Paypal satisfaction surveys. They both came through's SMTP servers, and pointed to a link on When I tried to follow the link, Safari warned that it was a suspected fraudulent site, and I didn't go further.

8 Posts
I have now seen two such attempts sent to my work address, one claiming to be from go-daddy and the other saying The one was going to a url at but the style of the two are very similar.

23 Posts

Sign Up for Free or Log In to start participating in the conversation!