An email message asking users to visit a site to get the details of an exploit kit infection chain was sent to a series of compromised wordpress sites. The campaign only lasted a couple of hours and used a wide variety of company names including well known sites such as Amazon, AT&T, Comcast, and General Electric. Using a gate allows the adversary to change the location of the landing page without changing the compromised site. There were a total of 22 sites leveraged to host the activity, a full list of which are found below.”]
Source: https://blog.talosintelligence.com/2016/05/angler-phish.html