?
Solved

Weird domain name entries for microsoft.com

Posted on 2006-11-20
5
Medium Priority
?
367 Views
Last Modified: 2011-09-20
When I go to this link and search for google.com or microsoft.com:

http://www.whois.net/whois_new.cgi?d=microsoft&tld=com

I get a lot of strange entries like:

MICROSOFT.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
MICROSOFT.COM.ZZZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
MICROSOFT.COM.ZZZ.IS.0WNED.AND.HAX0RED.BY.SUB7.NET
MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
MICROSOFT.COM.WILL.BE.SLAPPED.IN.THE.FACE.BY.MY.BLUE.VEINED.SPANNER.NET
MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM

How is this done? And how can I prevent my domain from having the same type of problem?
0
Comment
Question by:eggster34
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 1

Expert Comment

by:data_grrr
ID: 17984559
you can't.

MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM

'com' is the top level domain
and somebody has taken the 'gulli ' second level domain.

then this person probably has taken the control of his domain from the domain name seller.

than at his dns server he created the
toplist subdomain
at subdomain
warez subdomain
com subdomain
microsoft subdomain

the second 'com' isn't the top-level domain 'com'.

if its been created in the records of the domain seller's server, maybe you have a chance to warn the company.
0
 
LVL 1

Expert Comment

by:data_grrr
ID: 17984706
also these subdomains shouldn't be listed with whois.. but whois doesn't search your exact term.. and any registrar (there are a lot of registrars now) gives these 'funny' whois information then it must be listed.

actually it isn't the problem of internic.net. if you go to their site

www.internic.net and look the whois info. there
you will see the actual whois records of microsoft.com

now the gulli.com has given extra whois information and this is the problem.

maybe you could warn the 'false'(literally) registrar not to use that information
but this is again not a solution..cos there is actually a
MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM on the Internet.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 17985035
I've seen this too, my whois runs against crsnic.net (verisign) and returns those same results, but another PC hit's OpenSRS/TuCows for the actual record. I think it might have something to do with a DNS poison, or some misconfiguration... if you do a whois for microsoft.com.net or google.com.net you'll see these same results...
http://www.whois.net/whois_new.cgi?d=microsoft.com&tld=net
http://www.whois.net/whois_new.cgi?d=google.com&tld=net
This is because com.net is Sogo and for some reason whois is searching com.net... weird...
-rich
0
 
LVL 1

Accepted Solution

by:
data_grrr earned 1500 total points
ID: 17985151
no it's not a dns poisoning.. like i said above it's just stupid :)

Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at a.root-servers.net [198.41.0.4]: Got referral to F.GTLD-SERVERS.NET. (zone: com.) [took 7 ms]
Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at F.GTLD-SERVERS.NET. [192.35.51.30]: Got referral to ns1.gulli.com. (zone: gulli.com.) [took 101 ms]
Searching for MICROSOFT.COM.WAREZ.AT.TOPLIST.GULLI.COM A record at ns1.gulli.com. [80.190.192.41]: Reports microsoft.com.warez.at.toplist.gulli.com. [took 200 ms]
microsoft.com.warez.at.toplist.gulli.com.      A      IN      3600      80.190.192.33

ns1.gulli.com just gives its A record for the address.

and both of the addresses are in the same class: A:80.190.192.33 and ns1: 80.190.192.41
which tells me dns zone controlled by the person who put this record in dns.



0
 
LVL 7

Expert Comment

by:killbrad
ID: 17988954
To put this simply, if you own a domain name, you can have as many subdomains with whichever names you please.  For example:

If I owned SUCK.COM, I could make YOU.SUCK.COM, POLITICIANS.SUCK.COM, or even THOSE.COOKIES.YOU.BAKED.LAST.NIGHT.SUCK.COM.

There is no way to stop people from doing this with a domain they own.  

Cheers!
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question