I have a question about the mechanism of an email to deliver a phishing and URL redirection attack. Note: the following links/urls are reported by me so they are nonfunctional anymore to be safe. 1. Today I received an email from "my bank" informing I had my account blocked. 2. There's a link embedded in the text of the message like this: Code: http://www.banorte.com/portal/personas/home.web 3. When I hover the mouse over the link, I can see down below in the browser the real url: Code: http://www.uniformesbordados.com.mx/karen/Logos%20Vida%20Nocturna%20200x200/03bhy.html 4. Next, if I click on the link it redirects to: Code: http://baainoirtee-14121.gotdns.ch Question: Does the uniformesbordados.com.mx domain is compromised? If so, the Hosting service, in this case Servnet Mexico, SA de CV, has already a compromised infrastructure or something? http://whois.domaintools.com/uniformesbordados.com.mx Actually www.uniformesbordados.com.mx is a working domain and legit owned by a company in Mexico.
