From: Leonide Saad - LinkedIn [firstname.lastname@example.org]The catch with this is that the email address being used is one used only to file WHOIS Compliance Reports with ICANN. If you file reports of inaccurate WHOIS data, then you need to be aware that by default ICANN will forward your contact details to the bad guys.. you can request that this be suppressed, but using an alias is (ironically) probably the best bet. So in this case, the bad guys have presumably just added the email in the complaint to their spam list..
Date: 10 April 2013 15:19
Subject: Join my network on LinkedIn
From Leonide Saad (Developer at Perot Systems)
There are a total of 8 messages awaiting your response. Go to InBox now.
This message was sent to email@example.com. Don't want to receive email notifications? Login to your LinkedIn account to Unsubscribe.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. c 2013, LinkedIn Corporation.
Anyway, this has a link to a legitimate hacked site and thence on to [donotclick]mailedspokesperson.biz/closest/f2ihoiwegjowiejf230hfaj.php (report here) hosted on 18.104.22.168 (Siteko Ltd / Hetzner Online, Germany). The WHOIS details are characteristic of the Amerika gang:
Registrant ID: INTEUMYC18TPLDWG
Registrant Name: Hunter Afkham
Registrant Address1: 181 Sullivan St #4
Registrant City: New York
Registrant Postal Code: 10012
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.7914260046
Registrant Email: firstname.lastname@example.org
There are a couple of other bad looking sites on the same server, so this is my recommended blocklist: