Still alive = acrobat-reader10-download.com
both as a site and as a name server domain.
And it is a redirection from this one, still alive = acrobat-download1.com
This document may be found <a HREF="http:
Look out for the others, so far acrobat-download2.com
They also have IP blocking for known anti-spammers
220.127.116.11 = NINBO-LANZHONG-LTD, China, abuse - email@example.com
18.104.22.168 = IT Systems LLC., Kiev, Ukraine, abuse - firstname.lastname@example.org
Clicking the download button on the phishing site takes you to the next stage at http:/
If you work through that you get to the unsecure page requesting your credit card,
Although maybe irrelevant, it has a trailer
Multibill is a site of Multibill
© Copyright 1999-2011, Virtual Access Internet BV, the Netherlandshttp://www.vxsbill.com/
Presumably, however, they are simply harvesting credit cards right there themselves.