+ Reply to Thread
Page 1 of 2
1 2 LastLast
Results 1 to 20 of 23

Thread: CAUTION! GoDaddy phishing happening right now

  1. #1
    Bloody lovely
    Last Activity Today 01:04 PM
    Acro's Avatar

    Join Date
    Feb 2004
    Location
    USA
    Country
    Posts
    24,172
    DNF$
    5,212

    CAUTION! GoDaddy phishing happening right now

    The following email appears to come from support@godaddy.com but it points to:
    http://205.234.236.23/~ytrindic/

    It's a server in Pakistan mzwebhost.com. Contacting their upstream provider.

    +++++++++++


    Dear Customer,

    This notification is generated automatically as a service to you.

    Because of unusual number of invalid login attempts on you account, we had to believe that, their might be some security problem on you account. So we have decided to put an extra verification process to ensure your identity and your account security.
    Please click on sign in to domain servers to continue to the verification process and ensure your account security. It is all about your security. Thank you. and visit the customer service section.

    please contact us within 1 days.

    If you need to address this matter, or in any way need further assistance or technical support, call us any time at (480) 505-8877 or email us at support@godaddy.com. We appreciate your business!

    Sincerely,
    GoDaddy.com DomainAlert team

    DomainGang.com - Digital Entertainment for Domainers
    Acroplex - Web & Graphics
    Acro.net - My Blog


  2. #2
    iSpoof.com
    Last Activity Today 12:19 PM
    biggedon's Avatar

    Join Date
    Sep 2002
    Location
    96.net
    Posts
    11,290
    DNF$
    52,846
    yeah

    i got two of these emails yesterday

    knew it was fake when i did a "hover over" the link

    also who would attempt to steal my crap names at godaddy?
    pmm.org * svc.net * belisted.com * mobi.us.com * sop.net
    * qfm.net * upyo.com * vioz.com * uce.org * wta.net * eoso.com
    Need A SedoPro Account PM Me


  3. #3
    Bloody lovely
    Last Activity Today 01:04 PM
    Acro's Avatar

    Join Date
    Feb 2004
    Location
    USA
    Country
    Posts
    24,172
    DNF$
    5,212
    I got 5 so far. Complaint sent via http://www.servercentral.net/supportrequest

    DomainGang.com - Digital Entertainment for Domainers
    Acroplex - Web & Graphics
    Acro.net - My Blog


  4. #4
    DNF Addict
    Last Activity 02-07-2010 09:09 PM
    jdk's Avatar

    Join Date
    Jul 2004
    Location
    Florida
    Country
    Posts
    6,853
    DNF$
    38,732
    I received 7 over the past two days. I forwarded them to Godaddy, but likely won't do any good.


  5. #5
    Last Activity Yesterday 07:36 PM
    PRED's Avatar

    Join Date
    May 2006
    Country
    Posts
    8,100
    DNF$
    1,013

    thanks very much Acro, as ever you are always on top of things
    cheers. I actually just got 5!
    If it had been one i would maybe have clicked but seen the redirect.
    I havd already junked them as phishing and redirected one to godaddy support.
    Spread the word on the forums guys!
    dental recruitment |UK Dental Jobs|
    All offers good for 48 hours. All sales threads good for 10 days


  6. #6
    Bloody lovely
    Last Activity Today 01:04 PM
    Acro's Avatar

    Join Date
    Feb 2004
    Location
    USA
    Country
    Posts
    24,172
    DNF$
    5,212
    NP Pred. The email is very well constructed, also the form page itself that takes the username/password is exceptionally done. I submitted a few pairs such as "fbi_is_coming/sore_loser" - hopefully they will be shut down soon. Just complain using the form above.

    DomainGang.com - Digital Entertainment for Domainers
    Acroplex - Web & Graphics
    Acro.net - My Blog


  7. #7
    Platinum Lifetime Member
    Last Activity Yesterday 04:51 PM
    Seraphim's Avatar

    Join Date
    Jan 2006
    Location
    Hillsboro, OR
    Country
    Posts
    3,104
    DNF$
    1,590
    Whoa, got several of these. Thanks for the heads up Theo.


  8. #8
    Bloody lovely
    Last Activity Today 01:04 PM
    Acro's Avatar

    Join Date
    Feb 2004
    Location
    USA
    Country
    Posts
    24,172
    DNF$
    5,212
    The form and images are hosted at
    Code:
     http://elpos.ba/galerija/albums/userpics2/msg/
    
    .ba = Bosnia

    Some photos of the sore losers implicated in this scam:

    Code:
    http://elpos.ba/galerija/albums/userpics2/ado.jpg
    http://elpos.ba/galerija/albums/userpics2/enes.JPG
    http://elpos.ba/galerija/albums/userpics2/square00.JPG
    http://elpos.ba/galerija/albums/userpics2/square05.JPG
    http://elpos.ba/galerija/albums/userpics2/normal_square06.JPG
    http://elpos.ba/galerija/albums/userpics2/nijaz.JPG
    http://elpos.ba/galerija/albums/userpics2/kancelarija1.JPG
    
    Last edited by Acro; 04-10-2009 at 01:20 PM. Reason: Automerged Doublepost

    DomainGang.com - Digital Entertainment for Domainers
    Acroplex - Web & Graphics
    Acro.net - My Blog


  9. #9
    Domain Magnate™
    Last Activity Yesterday 07:21 PM
    DomainMagnate's Avatar

    Join Date
    Nov 2005
    Location
    DnMagnate.com
    Posts
    3,678
    DNF$
    28,318
    I only got 4 so far, feeling a little left out :o


  10. #10
    Platinum Lifetime Member
    Last Activity Yesterday 04:51 PM
    Seraphim's Avatar

    Join Date
    Jan 2006
    Location
    Hillsboro, OR
    Country
    Posts
    3,104
    DNF$
    1,590
    Quote Originally Posted by Acro View Post
    The form and images are hosted at
    Code:
     http://elpos.ba/galerija/albums/userpics2/msg/
    
    .ba = Bosnia

    Some photos of the sore losers implicated in this scam:

    Code:
    http://elpos.ba/galerija/albums/userpics2/ado.jpg
    http://elpos.ba/galerija/albums/userpics2/enes.JPG
    http://elpos.ba/galerija/albums/userpics2/square00.JPG
    http://elpos.ba/galerija/albums/userpics2/square05.JPG
    http://elpos.ba/galerija/albums/userpics2/normal_square06.JPG
    http://elpos.ba/galerija/albums/userpics2/nijaz.JPG
    http://elpos.ba/galerija/albums/userpics2/kancelarija1.JPG
    
    That is bizarre. A hijacked domain perhaps? They aren't actually using their own domain are they? Would be pretty funny if so.


  11. #11
    Bloody lovely
    Last Activity Today 01:04 PM
    Acro's Avatar

    Join Date
    Feb 2004
    Location
    USA
    Country
    Posts
    24,172
    DNF$
    5,212
    Probably so.

    Code:
    link to a toolkit http://elpos.ba/galerija/albums/userpics2/boom.php
    

    DomainGang.com - Digital Entertainment for Domainers
    Acroplex - Web & Graphics
    Acro.net - My Blog


  12. #12
    Platinum Lifetime Member
    Last Activity Yesterday 04:51 PM
    Seraphim's Avatar

    Join Date
    Jan 2006
    Location
    Hillsboro, OR
    Country
    Posts
    3,104
    DNF$
    1,590
    Quote Originally Posted by Acro View Post
    Probably so.

    Code:
    link to a toolkit http://elpos.ba/galerija/albums/userpics2/boom.php
    
    Wow, what the hell is that? What's a toolkit?


  13. #13
    Bloody lovely
    Last Activity Today 01:04 PM
    Acro's Avatar

    Join Date
    Feb 2004
    Location
    USA
    Country
    Posts
    24,172
    DNF$
    5,212
    Looks like a root toolkit that can perform other penetration tasks remotely. Also it links to http://milw0rm.com which is a known repository of exploits. These ****ers need to be shut down.

    DomainGang.com - Digital Entertainment for Domainers
    Acroplex - Web & Graphics
    Acro.net - My Blog


  14. #14
    Domain Magnate™
    Last Activity Yesterday 07:21 PM
    DomainMagnate's Avatar

    Join Date
    Nov 2005
    Location
    DnMagnate.com
    Posts
    3,678
    DNF$
    28,318
    Good research there Acro, just blogged about it


  15. #15
    Bloody lovely
    Last Activity Today 01:04 PM
    Acro's Avatar

    Join Date
    Feb 2004
    Location
    USA
    Country
    Posts
    24,172
    DNF$
    5,212
    Nice pic, Michael

    DomainGang.com - Digital Entertainment for Domainers
    Acroplex - Web & Graphics
    Acro.net - My Blog


  16. #16
    Dances With Dogs
    Last Activity Today 01:24 PM
    Doc Com's Avatar

    Join Date
    Dec 2006
    Location
    gerry.mobi
    Country
    Posts
    11,013
    DNF$
    1,797
    Yea, DNFers, Mobility, NPers post on your twitter accounts also.

    Many noobs (and veterans) may fall for this.

    Phew, what a relief.

    And to think I had to acually renew domain names.






















    =)
    Last edited by Doc Com; 04-10-2009 at 02:03 PM. Reason: Automerged Doublepost



    Conservative With A Conscience



  17. #17
    Domains Biatch!
    Last Activity 02-05-2010 01:29 AM
    Poker's Avatar

    Join Date
    Oct 2002
    Location
    Nirvana
    Country
    Posts
    3,175
    DNF$
    12,434
    Quote Originally Posted by biggedon View Post
    also who would attempt to steal my crap names at godaddy?
    people with crap mentalities (or crack problems)...


  18. #18
    Bloody lovely
    Last Activity Today 01:04 PM
    Acro's Avatar

    Join Date
    Feb 2004
    Location
    USA
    Country
    Posts
    24,172
    DNF$
    5,212
    Looks like the hacking tools have been removed. The IP that was sending the emails has also been turned off.

    DomainGang.com - Digital Entertainment for Domainers
    Acroplex - Web & Graphics
    Acro.net - My Blog


  19. #19
    DotAgent
    Last Activity 01-18-2010 11:05 PM
    Domainator's Avatar

    Join Date
    Sep 2004
    Country
    Posts
    1,021
    DNF$
    6,841
    We reported these to GD yesterday and they confirmed was a scam..
    DOMAINator


  20. #20
    Platinum Lifetime Member
    Last Activity Yesterday 04:51 PM
    Seraphim's Avatar

    Join Date
    Jan 2006
    Location
    Hillsboro, OR
    Country
    Posts
    3,104
    DNF$
    1,590
    Quote Originally Posted by Acro View Post
    Looks like the hacking tools have been removed. The IP that was sending the emails has also been turned off.
    You and LegendaryJP need to start your own DN-PI service, you both have solid research skills. I know it's inevitable I'd send some cash your way.


+ Reply to Thread
Page 1 of 2
1 2 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts