Date: Tue, 4 Dec 2012 15:19:16 +0100The malicious payload is at [donotclick]attachedsignup.pro/detects/links-neck.php (report here) hosted on 18.104.22.168 (Essar Wireless Kenya Ltd) which also hosts the probably malicious domain sessionid0147239047829578349578239077.pl
From: " Facebook Security Team" [email@example.com]
Subject: Most recent events on Facebook
You have closed your Facebook account. You can rebuild your account whenever you wish by logging into Facebook using your current login email address and password. Subsequently you will be able to take advantage of the site as usually.
Please use the link below to reactivate :
If this was you, please pass over this informer. If this wasn't you, please secure your account, as some outlaw person may be explore it.
Best regards, The FaceBook Team
Please note: Facebook will never ask for your personal data through email.
This message was sent to [redacted] from your profile details. Facebook, Inc., Attention: Department 437, PO Box 20000, Palo Alto, CA 96906