

Ask HN: Why does whois on Facebook.com return spam web addresses? - schappim

I was just playing around with a friend&#x27;s app http:&#x2F;&#x2F;netcomber.com&#x2F; and I noticed the whois information for Facebook returns:<p><i>FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM</i>
<i>FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM</i>
<i>FACEBOOK.COM.LOVED.BY.WWW.SHQIPHOST.COM</i>
<i>FACEBOOK.COM.KNOWS.THAT.THE.BEST.WEB.HOSTING.IS.NASHHOST.NET</i>
<i>FACEBOOK.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM</i>
<i>FACEBOOK.COM.DISABLE.YOUR.TIMELINE.NOW.WITH.THE.ORIGINAL.TIMELINE-REMOVE.NET</i>
<i>FACEBOOK.COM</i><p>It is the same on my local machine and on my various VPS boxes. Why is this the case? How does an attack&#x2F;hijacking like this occur?
======
erichurkman
Those are all name servers published by the top level domain, like
`SWINGINGCOMMUNITY.COM`. When you do a whois search for `facebook.com` it
searches for any name server records beginning with `facebook.com`.

