It may be an easy way to avoid being stopped by a security tool watching outbound DNS traffic and flagging lookups to suspicious sites. .xyz is a suspicious TLD andpoolio.magratmail.xyz may get flagged. The http request to dns.google is encrypted, you don't know what they're resolving by inspecting the wire.
It may be an easy way to avoid being stopped by a security tool watching outbound DNS traffic and flagging lookups to suspicious sites. .xyz is a suspicious TLD and
poolio.magratmail.xyz
may get flagged. The http request to dns.google is encrypted, you don't know what they're resolving by inspecting the wire.That's a great point! I didn't even consider that. Pretty clever if that's the case.