Hey, Just received an email saying my domains security password etc has been changed and that to follow a link to reset it... obviously this is some sort of a phish attack so I thought I'd post the details to try and track this person! The links in the emails went to the following urls: Anchor: "https://edit.---------.com/forgot?stage=fe100&src=&intl=us&done=&partner=reg" URL: http://standhostesi.org/index2.html Anchor: "https://---------.com/EmailPage.srf?emailid=mail/?shva=1#inbox/12983ccaa8732d93" URL: http://equitativo.com.ar/index2.html Here's the email header in case anyone can find anything? Email Headers: Return-path: <aridest@rcmcpa.com> Envelope-to: contact@---------.com Delivery-date: Tue, 29 Jun 2010 09:55:07 -0500 Received: from [109.111.28.90] (helo=vpn38-90.altair-tv.ru) by server. ---------.com with esmtp (Exim 4.69) (envelope-from <aridest@rcmcpa.com>) id 1OTcDK-0000pR-7s for contact@---------.com; Tue, 29 Jun 2010 09:55:07 -0500 Received: from 109.111.28.90 (port=3352 helo=[microsofbcd847]) by mail.rcmcpa.com with asmtp id 320F70-000898-29 for contact@---------.com; Tue, 29 Jun 2010 18:55:07 +0300 Message-ID: <2C0E6035.5763301@rcmcpa.com> Date: Tue, 29 Jun 2010 18:55:07 +0300 From: "---------.com" <support@---------.com> MIME-Version: 1.0 To: contact@---------.com Subject: Reset your ---------.com password Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/html; charset=iso-8859-1 X-Spam: Not detected X-Mras: OK X-Spam-Status: No, score=4.3 X-Spam-Score: 43 X-Spam-Bar: ++++ X-Spam-Flag: NO Code (markup):