MALWARE & SCAM American Airlines Fake Electronic Ticket scam sent by web131@claudia.hosting-friends.de (support-223@1st-choicetickets.com) with link redirecting to phishing URL: http://www.benia.net.pl/images/index.php?ticket=843_890131198(DO NOT CLICK ON LINK OR DOWNLOAD FILE) ------------ Source IP: 93.190.94.88 ISP: comtrance GmbH Host Name: claudia.hosting-friends.de Organization: SQAMPY.net IT Solutions Country: Germany ------------- Received: from claudia.hosting-friends.de ([93.190.94.88]) by COL0-MC4-F10.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4900); Thu, 18 Apr 2013 09:02:26 -0700 Received: by claudia.hosting-friends.de (Postfix, from userid 33) id 2EA611C304F3; Thu, 18 Apr 2013 18:02:06 +0200 (CEST) To: --- Subject: Order has been completed From: "Airlines" <support-223@1st-choicetickets.com> X-Mailer: Spmailver8.5 Reply-To: "Airlines" <support-223@1st-choicetickets.com> *** Message-Id: <20130418160221.2EA611C304F3@claudia.hosting-friends.de> Date: Thu, 18 Apr 2013 18:02:06 +0200 (CEST) Return-Path: web131@claudia.hosting-friends.de X-OriginalArrivalTime: 18 Apr 2013 16:02:26.0317 (UTC) FILETIME=[1EDBF3D0:01CE3C4E] -----------1366300926517018FE25697 Video: Free diving as kids American Airlines Customer Notification Your bought ticket is attached to the letter as a scan document. To use your ticket you should <a href="http://www.benia.net.pl/images/index.php?ticket=843_890131198"> Download It E-ticket EH1141200971 Seat 14A/ZONE 1 Date / Time of Departure 29 APRIL, 2013, 10:47 PM Flight Time 09:35 Arriving Huntsville Ref KE6675 ST / OK Bag 1PC Form of payment CC Total Price 396.96 USD Thank you for your attention, AA.com Team. American Airlines 2013
Please help us keep Internet safer and cleaner by leaving a descriptive comment about 93.190.94.88 IP address
- Hacked Gmail accounts
- WordPress Hacking Attempts
- SSH Hacking Attempts
- Why Can't I See The Exact Address?
DNSBL* - is a list of IP addresses published through the Internet Domain Name Service (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. DNSBLs are most often used to publish the addresses of computers or networks linked to spamming; most mail server software can be configured to reject or flag messages which have been sent from a site listed on one or more such lists.
WHOIS** - is a query/response protocol that is widely used for querying databases in order to determine the registrant or assignee of Internet resources, such as a domain name, an IP address block, or an autonomous system number. WHOIS lookups were traditionally performed with a command line interface application, and network administrators predominantly still use this method, but many simplified web-based tools exist. WHOIS services are typically communicated using the Transmission Control Protocol (TCP). Servers listen to requests on the well-known port number 43.
** Approximate Geographic Location - This is NOT the exact geographical location of the person/organization with the given IP address. However, this should still give you a good idea about the area/region where this person/orgranization is located.