Date: Tue, 5 Feb 2013 18:32:06 +0100The malicious payload should be at [donotclick]salam-tv.com/detects/visit_putts.php but at the moment this domain doesn't seem to be resolving properly. A bit of digging around shows that it may be hosted on 18.104.22.168 (Chicago VPS, US) and the following malicious domains can be traced to that IP address:
From: "Amazon.com Orders" [firstname.lastname@example.org]
Subject: Your Amazon.com order receipt.
Click here if the e-mail below is not displayed correctly.
Your Amazon.com Today's Deals See All Departments
Dear Amazon.com Customer,
Thanks for your order, [redacted]!
Did you know you can view and edit your orders online, 24 hours a day? Visit Your Account.
E-mail Address: [redacted]
1170 CROSSING CRK N Rd.
Fort Wayne OH 49476-1748
Phone: 1- 749-787-0001
Order Grand Total: $ 91.99
Earn 3% rewards on your Amazon.com orders with the Amazon Visa Card. Learn More
Order #: C59-2302433-5787713
Subtotal of items: $ 91.99
Total before tax: $ 91.99
Tax Collected: $0.00
Grand Total: $ 90.00
Gift Certificates: $ 1.99
Total for this Order: $ 91.99
Find Great Deals on Millions of Items Storewide
We hope you found this message to be useful. However, if you'd rather not receive future e-mails of this sort from Amazon.com, please opt-out here.
� 2012 Amazon.com, Inc. or its affiliates. All rights reserved. Amazon, Amazon.com, the Amazon.com logo and 1-Click are registered trademarks of Amazon.com, Inc. or its affiliates. Amazon.com, 466 Sally Ave. N., Seattle, MA 71168-8282. Reference: 25090571
Please note that this message was sent to the following e-mail address: [redacted]