I received an email today with a subject of “GoDaddy Domain Account Upgrade Confirmation“, see the captured email looks like. I am not aware of GoDaddy’s upgrade confirmation so I checked the link provided to the email. The link behind “Click here Upgrade account” and call to action image “Go to My Account” are linked to an IP Address 184.108.40.206:3389. I checked the IP Address owner, it is assigned in China. I don’t know about you, but GoDaddy is based in USA. The 3389 after the colon, is a port number use for remote access. Actually, this is the default port number for most Windows Remote Server or Terminal Server.
Here’s the IP Address (220.127.116.11) Owner information:
inetnum: 18.104.22.168 – 22.214.171.124
descr: Beijing XiRang Media Cultural Co., Ltd.
descr: Build A6-1702,Fenghuahaojing,No.6 Guanganmennei Road
descr: Xuanwu, Beijing, China, 100053
changed: email@example.com 20080711
status: ALLOCATED PORTABLE
person: Dong Lin
address: Build A6-1702,Fenghuahaojing,No.6 Guanganmennei Road, Xuanwu
address: Beijing, China, 100053
changed: firstname.lastname@example.org 20060406
If you received a similar email, simply delete it.
If this helped you, please take the time to share this post by sharing using Google+, Facebook, or Twitter.