On 6/12/12 11:36 AM, Martin Gregorie wrote:
Today I got a piece of spam carrying the URL chasovik.it.gg as its
payload. I was intrigued because I didn't think .gg was a valid tld and
looked it up with 'whois'.
that just means that the tld provider is violating RFC's, no that the
tld is invalid:
;; QUESTION SECTION:
;chasovik.it.gg. IN A
;; ANSWER SECTION:
chasovik.it.gg. 86387 IN A 80.190.202.40
;; AUTHORITY SECTION:
it.gg. 86386 IN NS ns2.webme.com.
it.gg. 86386 IN NS ns1.webme.com.
;; ADDITIONAL SECTION:
ns1.webme.com. 287 IN A 62.116.130.62
ns2.webme.com. 287 IN A 62.116.162.62
and it is a valid tld:
<http://en.wikipedia.org/wiki/.gg>
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
______________________________________________________________________