I've seen millions of phishing scams, and they've almost always had one thing in common - they pointed to server.com/phish/ or /phish/file.html etc. Today however, I saw something new (to me at least), the phishing link pointed to a .gif file;
a.gif however, isn't what it actually appears to be. All the phisher has done is configure the server to serve .gif files as it would a .html;
This phish is also valid as;
The headers for this e-mail show it was sent through either an open, or compromised mail server at;
mail.i-p-c.com (IP: 18.104.22.168)
Both cvalley.net and i-p-c.com have been notified.