Date: Wed, 21 Aug 2013 22:05:38 +0530 [12:35:38 EDT]Nothing good will come from clicking the link. First victims go to a legitimate but hacked site that attempts to load the following three scripts:
From: Facebook [firstname.lastname@example.org]
Subject: You requested a new Facebook password
You recently asked to reset your Facebook password.
Click here to change your password.
Didn't request this change?
If you didn't request a new password, let us know immediately.
This message was sent to [redacted] at your request.
Facebook, Inc., Attention: Department 415, PO Box 10005, Palo Alto, CA 94303
From there the victim is directed to a malware landing page at [donotclick]thenatemiller.co/topic/able_disturb_planning.php (.co, not .com) which is a hijacked GoDaddy domain hosted on 220.127.116.11 (Nuclear Fallout Enterprises, US) along with several other hijacked domains (listed below in italics).