Date: Mon, 16 Jul 2012 18:10:26 +0000
From: "Intuit PaymentNetwork" [firstname.lastname@example.org]
Subject: You have received a new payment through the Intuit network.
Payment received: You received $280.00 from Henderson LLC for invoice 91816
You can access the payment details here.
Funds will be deposited in your bank account.
You now have the possibility to get paid by Credit Card on your invoices. To find put more please sign in to your IPN account and click on the 'Profile' tab on the left.
The malicious payload is at [donotclick]mailmergesfinger.org/main.php?page=bfc8be54a0120bca (report here) hosted on 184.108.40.206 (GHOSTnet, Germany).
The following IPs and domains are connected and should be avoided or blocked: