Re: Is this a new typoe of URI obfuscation?

2012-06-12 Thread Martin Gregorie
On Wed, 2012-06-13 at 03:04 +0200, Wolfgang Zeikat wrote: > On 2012-06-12 20:52, Martin Gregorie wrote: > > > so its probably worth treating .gg > > the same way as .cn and .ru, though for slightly different reasons. > > Unless you're in .cn, .ru or vicinity or have correspondence partners > t

Re: Is this a new typoe of URI obfuscation?

2012-06-12 Thread Wolfgang Zeikat
On 2012-06-12 20:52, Martin Gregorie wrote: > so its probably worth treating .gg > the same way as .cn and .ru, though for slightly different reasons. Unless you're in .cn, .ru or vicinity or have correspondence partners there, you may be right. wolfgang

Re: Is this a new typoe of URI obfuscation?

2012-06-12 Thread Martin Gregorie
On Tue, 2012-06-12 at 18:47 +0100, Stephane Chazelas wrote: > 2012-06-12 16:36:44 +0100, Martin Gregorie: > > Today I got a piece of spam carrying the URL chasovik.it.gg as its > > payload. I was intrigued because I didn't think .gg was a valid tld and > > looked it up with 'whois'. Sure enough, no

Re: Is this a new typoe of URI obfuscation?

2012-06-12 Thread Stephane Chazelas
2012-06-12 16:36:44 +0100, Martin Gregorie: > Today I got a piece of spam carrying the URL chasovik.it.gg as its > payload. I was intrigued because I didn't think .gg was a valid tld and > looked it up with 'whois'. Sure enough, no match was found. However, > 'host' resolved it as 80.190.202.40 and

RE: Is this a new typoe of URI obfuscation?

2012-06-12 Thread si
> From: Martin Gregorie [mailto:mar...@gregorie.org] > Sent: 12 June 2012 16:37 > To: Spamassassin users list > Subject: Is this a new typoe of URI obfuscation? > > Today I got a piece of spam carrying the URL chasovik.it.gg as its > payload. I was intrigued because I d

Re: Is this a new typoe of URI obfuscation?

2012-06-12 Thread Michael Scheidell
On 6/12/12 11:36 AM, Martin Gregorie wrote: Today I got a piece of spam carrying the URL chasovik.it.gg as its payload. I was intrigued because I didn't think .gg was a valid tld and looked it up with 'whois'. that just means that the tld provider is violating RFC's, no that the tld is invalid:

Re: Is this a new typoe of URI obfuscation?

2012-06-12 Thread David F. Skoll
On Tue, 12 Jun 2012 16:36:44 +0100 Martin Gregorie wrote: > Today I got a piece of spam carrying the URL chasovik.it.gg as its > payload. I was intrigued because I didn't think .gg was a valid tld > and looked it up with 'whois'. Sure enough, no match was found. .gg is a valid TLD: http://en.wik

Is this a new typoe of URI obfuscation?

2012-06-12 Thread Martin Gregorie
Today I got a piece of spam carrying the URL chasovik.it.gg as its payload. I was intrigued because I didn't think .gg was a valid tld and looked it up with 'whois'. Sure enough, no match was found. However, 'host' resolved it as 80.190.202.40 and a 'host' lookup on the IP resolved to homepage-bauk