Whois on apple.com, paypal.com, amazon.com, bing.com spam

[simonw]

$ whois paypal.com PAYPAL.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM

$ whois apple.com APPLE.COM.WWW.BEYONDWHOIS.COM APPLE.COM.WAS.PWNED.BY.M1CROSOFT.COM APPLE.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM APPLE.COM.IS.OWN3D.BY.NAKEDJER.COM APPLE.COM.IS.0WN3D.BY.GULLI.COM APPLE.COM.BEYONDWHOIS.COM APPLE.COM.AT.WWW.BEYONDWHOIS.COM

etc...

[simonw]

So is this actually a problem, or is "whois apple.com" meant to return subdomains of other sites that have apple.com as a prefix?

[infinity]

I cannot reproduce your findings, I see a lot more information in the results for the whois queries, for example a list of "domain servers" for amazon.com:

PDNS1.ULTRADNS.NET

PDNS2.ULTRADNS.NET

PDNS3.ULTRADNS.ORG

... and so on ...

Or "domain servers" for paypal.com:

ns3.isc-sns.info

ns2.isc-sns.com

ns1.isc-sns.net

So maybe the answer to your question is yes, a whois query can return results with subdomains of other domains having the query domain as a prefix, if this subdomain is listed as a "domain server". But the result you have posted above really looks quite different from what I see, there seems to be (or have been) a problem.

[ddol]

I'm seeing two different WHOIS records (from AS6473 and AS1213), both look compromised. http://pastebin.com/UDWfZuTF http://pastebin.com/jEgvHt8j

[thamer]

This is an old spamming technique. See this ServerFault answer: http://serverfault.com/questions/122228/how-do-i-do-an-exact...

[infinity]

I don't see any of these spammy results for the domains mentioned in the title at this minute, everything looks quite normal to me. Maybe the problem has been fixed?