I received an email today with a subject of “GoDaddy Domain Account Upgrade Confirmation“, see the captured email looks like. I am not aware of GoDaddy’s upgrade confirmation so I checked the link provided to the email. The link behind “Click here Upgrade account” and call to action image “Go to My Account” are linked to an IP Address 18.104.22.168:3389. I checked the IP Address owner, it is assigned in China. I don’t know about you, but GoDaddy is based in USA. The 3389 after the colon, is a port number use for remote access. Actually, this is the default port number for most Windows Remote Server or Terminal Server.
Here’s the IP Address (22.214.171.124) Owner information:
inetnum: 126.96.36.199 – 188.8.131.52
descr: Beijing XiRang Media Cultural Co., Ltd.
descr: Build A6-1702,Fenghuahaojing,No.6 Guanganmennei Road
descr: Xuanwu, Beijing, China, 100053
changed: firstname.lastname@example.org 20080711
status: ALLOCATED PORTABLE
person: Dong Lin
address: Build A6-1702,Fenghuahaojing,No.6 Guanganmennei Road, Xuanwu
address: Beijing, China, 100053
changed: email@example.com 20060406
If you received a similar email, simply delete it.
If this helped you, please take the time to share this post by sharing using Google+, Facebook, or Twitter.