I don't know how popular the fextralife.com Web site is, but a very disturbing thing has happened after I've begun visiting the site just for ESO information. I received the following e-mail (full headers and text, lightly edited for privacy):

From - Mon May 21 10:33:31 2018
X-Account-Key: account3
X-UIDL: GmailId16383c233a6dfd15
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Delivered-To: ------------------@---------
Received: by 2002:a9d:3c47:0:0:0:0:0 with SMTP id j7-v6csp571805ote;
Mon, 21 May 2018 10:32:12 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpRpN/e6jCrImrw/R4O6xU3aVApX4P4b5Z5msPwgei841DPhsp7TVz3OKumu4RquYntm684
X-Received: by 2002:a9d:40d6:: with SMTP id t22-v6mr13226005oti.296.1526923932386;
Mon, 21 May 2018 10:32:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1526923932; cv=none;
d=google.com; s=arc-20160816;
b=Oc644qmeybgBW+hlM8ASHM/9KouThZOKa7XU2G35C1H/8gbMq+SdkuXdjcY+5YC0Lr
3fxNP9d9M/vQeWQ9W4wJ0LnPaQgA9y6NUMexpd0smyCYwWgTQV+gAzKGP/yKjWKKD1fI
Q83V/Vnit3/9jBvDsw7ylma5Xig4pTiPEaV/OmlCRKrmK0a+G/BtkPa9tmfVKZhZ5bKR
AtXsdr3tDgMEjKHLefiT550vWCirLEKdFKA5mAcpOalNpnjdwIYu2HsiXXljRLOexUTK
zk+ROacsRH79VRqQk76+DbUmZlrghxuLj9GnjeF/x156tMrKTJv9rWzeCART23Lnu2IL
TZdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=content-transfer-encoding:date:message-id:mime-version:sender
:reply-to:from:subject:subject:to:domainkey-signature:dkim-signature
:arc-authentication-results;
bh=GOqkH8NMkhXYg27gJ9UiK66eRm97yAQuQkuftU4/pJI=;
b=DAGwnhItCpOGvbhkT28BCVy0lE1te+kAg+QpIeKVl+yeCtCYX8bZyzMDpAGteBnetP
p7NNZOcSFuqD+zbm+bvt9TmiWk7WZRVpjCfO6JRZ1PFK6G392eHtGSqgmsGBb1b4AIh7
g6F8D9iOpxpw1Lu8Ms1vA2FmaOU/NIWQAxNj+1a8d56iRXy+Zj6blkev2lC5It0lUDyo
NdKVzvyygB+pAH1zPx1ozM1yfjdT0JFXiQ4zrCADIovHnJEECZYj8u9GxxuKLfqHWJ/H
zsP66Fr8TmIU4yGCWfLD1m4GZAlWda4vQI1LrFkfamEhqWTCIQ8/QylPFPp/a3laYpJG
kaBA==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@reasemac.com header.s=mail header.b=nG1Gvzjy;
spf=pass (google.com: domain of bounce@71hr.reasemac.com designates 206.130.127.51 as permitted sender) smtp.mailfrom=bounce@71hr.reasemac.com
Return-Path: <bounce@71hr.reasemac.com>
Received: from 71hr.reasemac.com (71hr.reasemac.com. [206.130.127.51])
by mx.google.com with ESMTPS id f2-v6si4696343oia.204.2018.05.21.10.32.12
for <------------------@--------->
(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
Mon, 21 May 2018 10:32:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounce@71hr.reasemac.com designates 206.130.127.51 as permitted sender) client-ip=206.130.127.51;
Authentication-Results: mx.google.com;
dkim=pass header.i=@reasemac.com header.s=mail header.b=nG1Gvzjy;
spf=pass (google.com: domain of bounce@71hr.reasemac.com designates 206.130.127.51 as permitted sender) smtp.mailfrom=bounce@71hr.reasemac.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mail; d=reasemac.com;
h=To:Subject:Subject:From:Reply-To:Sender:MIME-Version:Message-ID:Date:Content-Type:Content-Transfer-Encoding; i=admin@71hr.reasemac.com;
bh=9SC7qmWHSeyuip07nkE0yv6Ysm0=;
b=nG1Gvzjy7gCZr5bDV+NiNkbUU9PZkOZuo59V39unph0H+WUQXBUv+unVpN5yZ9GZdPzAw98DyEhp
8Y3JGuL8h4d9OdkDVIcUOrwLkxX+83IxKVInxxZmZIO06Zbpeykjmq5yEGRyTFZ/Kq/WRmz320GN
krKC8en/LLs4stlcw3o=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail; d=reasemac.com;
b=thwdD1YdpLvh4HYsKSMFBqVkx+SYX7JPyG4N+Y9raXd0EmxUpu8Chu/pww++dycDOAsevXFIT/yZ
/zW0Y6I3hUzx24m1KXn/Ln3LllLI5w6OeRuTYGS3d5bW965rkJmkPwrMXzPDd/7IZjQcdpYQ9aj/
kmiN1Vxa1TeGIdrJXEM=;
Return-Path: <admin@71hr.reasemac.com>
Received: from newserver.71hr.reasemac.com (newserver.71hr.reasemac.com. [ip]])
by mx.google.com with ESMTP id m70si4891447qkm.391.2018.03.16.15.32.54
for <------------------@--------->;
Mon, 21 May 2018 18:30:34 +0200 -0700 (PDT)
Received-SPF: pass (google.com: domain of admin@71hr.reasemac.com designates 206.130.127.51 as permitted sender) client-ip=206.130.127.51;
Received: by newserver.71hr.reasemac.com (Postfix, from userid 501) id DD6D793E010; Mon, 21 May 2018 18:30:34 +0200 +0100 (CET)
To: jrtyjrt <------------------@--------->
Subject: Financing Programs make Walk-In Bath Tubs Affordable~ zIUTHSJBXy
Subject: Welcome to "Fextralife"
From: WALKIN <jtrZeH@71hr.reasemac.com>
Reply-To: <admin@71hr.reasemac.com>
Sender: <admin@71hr.reasemac.com>
MIME-Version: 1.0
Message-ID: <6bafbb2a271186a7fb50c3891b8eb018@71hr.reasemac.com>
Date: Mon, 21 May 2018 18:30:34 +0200 +0000
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<center>
<a href=iniestaninja10.ddns.net/c/31/37811/433/627724/0/c5fb5b3f4f917e6ca6d3e55b9f0cca5c>
<H2><font size="5"></font></H2>
<BR><font size="20" color="#016FBD" face="century gothic">Click Here
</br><br></font><BR><BR>
<img src=iniestaninja10.ddns.net/imgs/pollgfds.png>
<a href=iniestaninja10.ddns.net/u/31/37811/433/627724/0/c5fb5b3f4f917e6ca6d3e55b9f0cca5c><br>
<img src=iniestaninja10.ddns.net/imgs/6t3obv1n.png>
</a>
<br>
<a href="iniestaninja10.ddns.net/oo/31/37811/433/627724/0/c5fb5b3f4f917e6ca6d3e55b9f0cca5c">
<img src="iniestaninja10.ddns.net/imgs/y61z5kzl.png"></a>
<br/>
<center>
<div id="d" style="display:none;">
<head>
Welcome to Fextralife forums

Please keep this e-mail for your records. Your account information is as
follows:

----------------------------
Username: jrtyjrt

Board URL: https://fextralife.com/forums
----------------------------

Please visit the following link in order to activate your account:

https://fextralife.com/forums/ucp.php?mode=activate&u=75098&k=FQ0MPDI3RK

Your password has been securely stored in our database and cannot be
retrieved. In the event that it is forgotten, you will be able to reset it
using the email address associated with your account.

Thank you for registering.

--
Thanks, Fextralife

You are receiving this email because you registered with our website, as
per our Terms of Use and Privacy Policy. If you wish to stop receiving
messages from us, you can change your preferences in your User Panel.
Welcome to "Fextralife"
config
x
admin@fextralife.com

Mar 16

to me
Welcome to Fextralife forums

Please keep this e-mail for your records. Your account information is as
follows:

----------------------------
Username: jrtyjrt

Board URL: https://fextralife.com/forums
----------------------------

Please visit the following link in order to activate your account:

https://fextralife.com/forums/ucp.php?mode=activate&u=75098&k=FQ0MPDI3RK

Your password has been securely stored in our database and cannot be
retrieved. In the event that it is forgotten, you will be able to reset it
using the email address associated with your account.

Thank you for registering.

To any of you familiar with how phishing and scam e-mail is crafted, that has a lot of the makings of it. Most importantly, though - and look at what it claims my name and username is - is that I HAVE NEVER REGISTERED AT THE SITE. All I've ever done is simply visit the site for information. Somehow someone has been able to use my visits to the site to obtain at least my primary e-mail address. Fortunately they didn't seem to be able to obtain my actual name. I haven't opened this mail in my mail client, and I don't dare do so. All I've done is copy the raw text of it without viewing the HTML. Viewing the processed HTML would likely have unpleasant consequences.

I'm not certain exactly what mechanism was used to do this, but at this point in time the site has been compromised in some way that is potentially dangerous. Do not go there unless you use safeguards. I used safeguards and still this happened.