Don't be silly. You're simply getting everything that starts with microsoft.com.
So for the first microsoft example that's itrebal.com, they can issue subdomains as many as they want or publish records for subdomains which in turn will cause the whois commands to cough up that information. It assumes that you are searching for some info and helpfully includes everything that it thinks might be applicable.
This trick will give you results for almost any well known domain name and is not indicative of a hack, merely of a slight shortcoming in the way whois records are displayed / queries, the default is a non-exact match.
> Here's what I get for whois google.com
> GOOGLE.COM.ZZZZZZZZZZZZZZZZZZZZZZZZZZ.HAVENDATA.COM
> ...
> GOOGLE.COM.AFRICANBATS.ORG GOOGLE.COM
> And Microsoft
> MICROSOFT.COM.ZZZZZZZZZZZZZZZZZZZZZZ.IS.A.GREAT.COMPANY.ITREBAL.COM
> ...
> MICROSOFT.COM.ARE.GODDAMN.PIGFUCKERS.NET.NS-NOT-IN-SERVICE.COM MICROSOFT.COM
Don't be silly. You're simply getting everything that starts with microsoft.com.
So for the first microsoft example that's itrebal.com, they can issue subdomains as many as they want or publish records for subdomains which in turn will cause the whois commands to cough up that information. It assumes that you are searching for some info and helpfully includes everything that it thinks might be applicable.
This trick will give you results for almost any well known domain name and is not indicative of a hack, merely of a slight shortcoming in the way whois records are displayed / queries, the default is a non-exact match.
They're not hacks, they are pranks.
Try this:
whois -h whois.tucows.com microsoft.com
If you're not convinced by the above.