Date: Wed, 13 Mar 2013 06:49:25 +0100
From: LinkedIn Email Confirmation [firstname.lastname@example.org]
Subject: RE: Alonso - Copies of Policies.
Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.
The malicious payload is at [donotclick]giimiiifo.ru:8080/forum/links/column.php hosted on two IPs we saw earlier:
18.104.22.168 (Netinternet , Turkey)
22.214.171.124 (COLT, Italy)