Date: Mon, 1 Oct 2012 21:31:57 +0430The malicious payload is at [donotclick]art-london.net/detects/stones-instruction_think.php hosted on 18.104.22.168 (Skand Meteorologi och Miljoinstr AB, Sweden), a site which also hosts the presumably malicious domains buzziskin.net and indice-acores.net. Presumably this IP is a hacked server belonging to some legitimate Swedish organisation, but you should block it nonetheless.
From: "Intuit Customer Service" [firstname.lastname@example.org]
Subject: Intuit Shipment Confirmation
Great News! Your order, ID859560, was shipped today (see info below) and will complete shortly. We hope that you will find that it exceeds your expectations. If you ordered not one products, we may send them in separate boxes (at no additional cost to you) to ensure the fastest possible delivery. We will also provide you with the ability to track your shipments via the information below.
Thank you for your interest.
Order #: ID859560
Order Date: Sep 25, 2012
Item(s) In Your Order
Shipping Date: October, 1 2012
Shipping Method: USPS Express Mail
Estimated Delivery Date: October, 3 2012 - October 05, 2012
Tracking No.: 5182072894288348304217
1 Intuit Card Reader Device - Gray
Please be informed that shipping status details may be not available yet online. Check the Website Status link above for details update.
We sent your item(s) to the next address:
065 S Paolo Ave, App. 5A
S Maria, FL
Questions about your order? Please visit Customer Service.
Return Policy and Instructions
Privacy | Legal Disclaimer | Contact Us | About
You have received this business note as part of our efforts to fulfill your request and service your account. You may receive more email notifications from us even if you have previously selected out of marketing notifications.
Please note: This email was sent from an automative notification system that not configured to accept incoming mail. Please don't reply to this message.
�2008-2012 Intuit Llc. or its affiliates. All rights reserved.