From: Viola Chatman [mailto:email@example.com]
Sent: 27 September 2012 12:10
Subject: Your Amazon.com order of "Casio Men's PRW7035T-6CR Pathfinder Triple Sensor Tough Solar Digital Multi-Function Titanium Pathfinder Watch" has shipped!
Order # 749-1221929-9346291
Your estimated delivery date is:
Friday, August 3 2012
Track your package Thank you for shopping with us. We thought you'd like to know that we shipped this portion of your order separately to give you quicker service. You won't be charged any extra shipping fees, and the remainder of your order will follow as soon as those items become available. If you need to return an item from this shipment or manage other orders, please visit Your Orders on Amazon.com.
Casio Men's PRW7035T-6CR Pathfinder Triple Sensor Tough Solar Digital Multi-Function Titanium Pathfinder Watch $139.95
Item Subtotal: $139.95
Shipping & Handling: $0.00
Total Before Tax: $139.95
Shipment Total: $139.95
Paid by Visa: $139.95
You have only been charged for the items sent in this shipment. Per our policy, you only pay for items when we ship them to you.
Returns are easy. Visit our .
If you need further assistance with your order, please visit Customer Service.
We hope to see you again soon!
The malicious payload is at [donotclick]ciafgnepbs.ddns.ms/links/claims_separate-learns_buy.php hosted on 220.127.116.11 (TheFirst-RU, Russia), the suspect domain ynrteqhsobjv.dnset.com is also on the same server, blocking that IP address would protect against other malicious sites on the same server.
You might also want to consider blocking all ddns.ms and dnset.com domains, although this type of Dynamic DNS domain does have its uses, I personally believe that the dangers of mis-use outweigh the benefits.