Security
Security

Weird domain name entries for microsoft.com

When I go to this link and search for google.com or microsoft.com:

http://www.whois.net/whois_new.cgi?d=microsoft&tld=com

I get a lot of strange entries like:

MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET
MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM

How is this done? And how can I prevent my domain from having the same type of problem?

eggster34Asked: 2006-11-20

Who is Participating?

LVL 1

data_grrrCommented: 2006-11-20

no it's not a dns poisoning.. like i said above it's just stupid :)

Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at a.root-servers.net [198.41.0.4]: Got referral to F.GTLD-SERVERS.NET. (zone: com.) [took 7 ms]
Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at F.GTLD-SERVERS.NET. [192.35.51.30]: Got referral to ns1.gulli.com. (zone: gulli.com.) [took 101 ms]
Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at ns1.gulli.com. [80.190.192.41]: Reports microsoft.com.warez.at.toplist.gulli.com. [took 200 ms]
microsoft.com.warez.at.toplist.gulli.com. A IN 3600 80.190.192.33

ns1.gulli.com just gives its A record for the address.

and both of the addresses are in the same class: A:80.190.192.33 and ns1: 80.190.192.41
which tells me dns zone controlled by the person who put this record in dns.

LVL 1

data_grrrCommented: 2006-11-20

you can't.

MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM

'com' is the top level domain
and somebody has taken the 'gulli ' second level domain.

then this person probably has taken the control of his domain from the domain name seller.

than at his dns server he created the
toplist subdomain
at subdomain
warez subdomain
com subdomain
microsoft subdomain

the second 'com' isn't the top-level domain 'com'.

if its been created in the records of the domain seller's server, maybe you have a chance to warn the company.

LVL 1

data_grrrCommented: 2006-11-20

also these subdomains shouldn't be listed with whois.. but whois doesn't search your exact term.. and any registrar (there are a lot of registrars now) gives these 'funny' whois information then it must be listed.

actually it isn't the problem of internic.net. if you go to their site

www.internic.net and look the whois info. there
you will see the actual whois records of microsoft.com

now the gulli.com has given extra whois information and this is the problem.

maybe you could warn the 'false'(literally) registrar not to use that information
but this is again not a solution..cos there is actually a
MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM on the Internet.

LVL 38

Rich RumbleSecurity SamuraiCommented: 2006-11-20

I've seen this too, my whois runs against crsnic.net (verisign) and returns those same results, but another PC hit's OpenSRS/TuCows for the actual record. I think it might have something to do with a DNS poison, or some misconfiguration... if you do a whois for microsoft.com.net or google.com.net you'll see these same results...
http://www.whois.net/whois_new.cgi?d=microsoft.com&tld=net
http://www.whois.net/whois_new.cgi?d=google.com&tld=net
This is because com.net is Sogo and for some reason whois is searching com.net... weird...
-rich

LVL 7

killbradCommented: 2006-11-21

To put this simply, if you own a domain name, you can have as many subdomains with whichever names you please. For example:

If I owned SUCK.COM, I could make YOU.SUCK.COM, POLITICIANS.SUCK.COM, or even THOSE.COOKIES.YOU.BAKED.LAST.NIGHT.SUCK.COM.

There is no way to stop people from doing this with a domain they own.

Cheers!