- Joined
- Jul 9, 2005
- Messages
- 8,427
- Reaction score
- 1,290
Just received this crap:
Actual domain is goddaiddy.com.
If you look at the headers you can see the mailer webpage used by the scammer: http://93.104.215.135/~olatoinf/index2.php
As always be vigilant.
Code:
From - Sat May 29 14:43:54 2010
X-UIDL: 000044124bb8f8ef
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <[email protected]>
Envelope-to: ##############
Delivery-date: Sat, 29 May 2010 14:48:32 +0200
Received: from mail by ############## with spam-scanned (Exim 4.67)
(envelope-from <[email protected]>)
id 1OILSp-0006ae-TE
for ##############; Sat, 29 May 2010 14:48:32 +0200
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
##############
X-Spam-Level: **
X-Spam-Status: No, score=2.7 required=10.0 tests=BAYES_50,DNS_FROM_OPENWHOIS,
HTML_MESSAGE,HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY autolearn=no version=3.2.5
Received: from serv2.copahost.com ([93.104.215.135])
by ############## with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.67)
(envelope-from <[email protected]>)
id 1OILSp-0006ab-OR
for ##############; Sat, 29 May 2010 14:48:31 +0200
Received: from olatoinf by serv2.copahost.com with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1OILQu-0007A8-W3
for ##############; Sat, 29 May 2010 08:46:32 -0400
To: ##############
Subject: Important ICANN Notice Regarding Your Domain Name(s)
X-PHP-Script: 93.104.215.135/~olatoinf/index2.php for 173.208.161.239
MIME-Version: 1.0
Content-Type: text/html; charset=iso-8859-1
From: [email protected]
Reply-To:
X-Originating-IP: []
X-Originating-Email: [[email protected]]
X-Mailer: Anonymail
Message-Id: <[email protected]>
Date: Sat, 29 May 2010 08:46:32 -0400
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - serv2.copahost.com
X-AntiAbuse: Original Domain - sdsinc.net
X-AntiAbuse: Originator/Caller UID/GID - [614 611] / [47 12]
X-AntiAbuse: Sender Address Domain - serv2.copahost.com
<head>
<style>
<!--
#message1854099414 {
POSITION: relative; PADDING-BOTTOM: 0.8em; MARGIN: 1em 0pt; PADDING-LEFT: 0pt; PADDING-RIGHT: 0pt; COLOR: #000; PADDING-TOP: 0.8em
}
-->
</style>
</head>
<p><span id="q_125da8a7e15fd1d2_0" class="q">
<span style="TEXT-TRANSFORM: none; FONT-VARIANT: normal; FONT-STYLE: normal; TEXT-INDENT: 0px; BORDER-COLLAPSE: collapse; FONT-FAMILY: Arial; WHITE-SPACE: normal; LETTER-SPACING: normal; COLOR: rgb(0,0,0); FONT-SIZE: 12px; FONT-WEIGHT: normal; WORD-SPACING: 0px">
****************************** ***********<br>
Important ICANN Notice Regarding Your Domain Name(s)<br>
****************************** ***********<br>
<br>
Dear User,<br>
<br>
it is that time of year again. ICANN(the Internet Corporation for Assigned Names
and Numbers) annually requires that all
<span style="BORDER-BOTTOM: #0066cc 1px dashed; CURSOR: hand" id="lw_1266180957_0" class="yshortcuts">
accredited registrars</span> (like <a target="_blank" href="http://GoDaddy.com">
<span id="lw_1266180957_1" class="yshortcuts">GoDaddy.com</span></a>) ask their
domain administrators/registrants to review
<span id="lw_1266180957_2" class="yshortcuts">domain name</span> contact data,
and make any changes necessary to ensure accuracy. According to our records you
are the ADMINISTRATIVE CONTACT for one or more domains registered at
GoDaddy.com, Inc. as of May 1st, 2010.<br>
<br>
To review/update your Account data, simply:<br>
+ Login to <a style="COLOR: rgb(42,93,176)" rel="nofollow" target="_blank" href="http://dcc.goddaiddy.com/login.aspxSPKey=GDDCCEB07myaUrl=3fdefaultaspxisc=ICANN0908aci=8987/"><span id="lw_1266180957_3" class="yshortcuts">https://dcc.godaddy.com/
default.aspx?isc=ICANN0908a& amp;ci=8987</span></a><br>
+ You will be taken to a landing page and asked to enter your account
information<br>
Please take a look that your account and domain information is up to date.<br>
<br>
If, however, your domain contact information is inaccurate, you must correct it.
(Under <span id="lw_1266180957_4" class="yshortcuts">ICANN</span> rules and the
terms of your registration agreement, providing false contact information can be
grounds for domain name cancellation.) To review the ICANN policy, visit:<a style="COLOR: rgb(42,93,176)" rel="nofollow" target="_blank" href="http://www.icann.org/whois/wdrp-registrant-faq.htm"><span id="lw_1266180957_5" class="yshortcuts">http://www.icann.org/
whois/wdrp-registrant-faq.htm</span></a><br>
<br>
Should you have any questions, please email us at
<a style="COLOR: rgb(42,93,176)" rel="nofollow" target="_blank" href="http://?v=b&cs=wh&[email protected]">
<span id="lw_1266180957_6" class="yshortcuts">[email protected]</span></a> or
call our customer support line at
<span style="BORDER-BOTTOM: #0066cc 1px dashed; CURSOR: hand" id="lw_1266180957_7" class="yshortcuts">
(480) 505-8877</span>.<br>
<br>
Thanks for your attention and thank you for being a GoDaddy.com, Inc. customer.<br>
<br>
Sincerely,<br>
GoDaddy.com, Inc. Domain Support<br>
<br>
<br>
If you are the domain administrator of more than one GoDaddy.com domain account,
you may receive this notice multiple times.<br>
------------------------------ ------------------------------
------------------------------ ---<br>
Copyright (c) 2008 GoDaddy.com, Inc. All rights reserved.</span></span></p>If you look at the headers you can see the mailer webpage used by the scammer: http://93.104.215.135/~olatoinf/index2.php
As always be vigilant.
