> From: Martin Gregorie [mailto:mar...@gregorie.org] > Sent: 12 June 2012 16:37 > To: Spamassassin users list > Subject: Is this a new typoe of URI obfuscation? > > Today I got a piece of spam carrying the URL chasovik.it.gg as its > payload. I was intrigued because I didn't think .gg was a valid tld and > looked it up with 'whois'. Sure enough, no match was found. However, > 'host' resolved it as 80.190.202.40 and a 'host' lookup on the IP > resolved to homepage-baukasten.de, which is known to 'whois'. > > This is the first time I've seen this type of obfuscation. Has anybody > else seen it? If so is it at all common, and how can it be set up apart > from using some form of DNS poisoning exploit?
> Martin ------------------------------------------------------------- .gg is Guernsey ... it's definitely there ... I can see it out the window :)
