Date: Wed, 13 Mar 2013 06:49:25 +0100
From: LinkedIn Email Confirmation [email@example.com]
Subject: RE: Alonso - Copies of Policies.
Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.
The malicious payload is at [donotclick]giimiiifo.ru:8080/forum/links/column.php hosted on two IPs we saw earlier:
220.127.116.11 (Netinternet , Turkey)
18.104.22.168 (COLT, Italy)