Date: Thu, 6 Sep 2012 11:00:28 -0600
Subject: Your Fedex invoice is ready to be paid now.
FedEx Billing Online - Ready for Payment
<td wid="th="10"" rowspan="2">
You have a new not paid bill from FedEx that is ready for payment.
The following ivoice(s) are ready for your review :
<table border-top="1px solid #000" solid="" #000"="" border-left="1px solid #ccc" border="-bottom="1px" height="55" width="473">
To pay or review these invoices, please sign in to your FedEx Billing Online account by clicking on this link: http://www.fedex.com/us/account/fbo
Note: Please do not use this email to submit payment. This email may not be used as a remittance notice. To pay your invoices, please visit FedEx Billing Online, http://www.fedex.com/us/account/fbo
This message has been sent by an auto responder system. Please do not reply to this message.
The content of this message is protected by copyright and trademark laws under U.S. and international law.
Subjects spotted so far include:
Pay your Fedex invoice online.
Your Fedex invoice is ready to be paid now.
Please pay your outstanding Fedex invoice.
Your Fedex invoice is ready.
The malicious payload is found at [donotclick]studiomonahan.net/main.php?page=2bfd5695763b6536 (report here) hosted on 220.127.116.11 (Hostigation, US). The server contains the following suspect domains which should also be blocked: