Not sure where this data got injected into the system (or who knows, perhaps it's a DNS injection attack or something), but this certainly is not right. :-( Erics-MacBook-Pro-2:~ erosenbe$ whois -h whois.internic.net facebook.com Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM FACEBOOK.COM.LOVED.BY.WWW.SHQIPHOST.COM FACEBOOK.COM.KNOWS.THAT.THE.BEST.WEB.HOSTING.IS.NASHHOST.NET FACEBOOK.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM FACEBOOK.COM To single out one record, look it up with "xxx", where xxx is one of the of the records displayed above. If the records are the same, look them up with "=xxx" to receive a full display for each record.
Last update of whois database: Tue, 26 Jun 2012 21:42:13 UTC <<<
NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Erics-MacBook-Pro-2:~ erosenbe$ -- *Eric Rosenberry* Sr. Infrastructure Architect // Chief Bit Plumber Direct: 503.943.6763 Mobile: 503.348.3625 // XMPP: eric.rosenberry@iovation.com *www.iovation.com* <http://www.iovation.com>
In message <CADfGf67aMjhr+bSDo4kLpfzcyZJZw5bx0uscW_9sgrQ7rz6nsQ@mail.gmail.com> , Eric Rosenberry writes:
Not sure where this data got injected into the system (or who knows, perhaps it's a DNS injection attack or something), but this certainly is not right. :-(
It's perfectly NORMAL. Just the owners of SWINGINGCOMMUNITY.COM, BEYONDWHOIS.COM, SHQIPHOST.COM, NASHHOST.NET and UNIMUNDI.COM playing games. It would just be nice if "single out" actually worked. :-) Mark % whois -h whois.internic.net =facebook.com Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Server Name: FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM IP Address: 69.41.185.229 Registrar: TUCOWS.COM CO. Whois Server: whois.tucows.com Referral URL: http://domainhelp.opensrs.net Server Name: FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM IP Address: 203.36.226.2 Registrar: INSTRA CORPORATION PTY, LTD. Whois Server: whois.instra.net Referral URL: http://www.instra.com Server Name: FACEBOOK.COM.LOVED.BY.WWW.SHQIPHOST.COM IP Address: 46.4.210.254 Registrar: ONLINENIC, INC. Whois Server: whois.onlinenic.com Referral URL: http://www.OnlineNIC.com Server Name: FACEBOOK.COM.KNOWS.THAT.THE.BEST.WEB.HOSTING.IS.NASHHOST.NET IP Address: 78.47.16.44 Registrar: HETZNER ONLINE AG Whois Server: whois.your-server.de Referral URL: http://www.hetzner.de Server Name: FACEBOOK.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM IP Address: 209.126.190.70 Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: http://www.PublicDomainRegistry.com Domain Name: FACEBOOK.COM Registrar: MARKMONITOR INC. Whois Server: whois.markmonitor.com Referral URL: http://www.markmonitor.com Name Server: NS3.FACEBOOK.COM Name Server: NS4.FACEBOOK.COM Name Server: NS5.FACEBOOK.COM Status: clientDeleteProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Status: serverDeleteProhibited Status: serverTransferProhibited Status: serverUpdateProhibited Updated Date: 25-apr-2012 Creation Date: 29-mar-1997
Last update of whois database: Tue, 26 Jun 2012 21:48:03 UTC <<<
[notice snipped] %
Erics-MacBook-Pro-2:~ erosenbe$ whois -h whois.internic.net facebook.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information.
FACEBOOK.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM FACEBOOK.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM FACEBOOK.COM.LOVED.BY.WWW.SHQIPHOST.COM FACEBOOK.COM.KNOWS.THAT.THE.BEST.WEB.HOSTING.IS.NASHHOST.NET FACEBOOK.COM.GET.ONE.MILLION.DOLLARS.AT.WWW.UNIMUNDI.COM FACEBOOK.COM
To single out one record, look it up with "xxx", where xxx is one of the of the records displayed above. If the records are the same, look them up with "=xxx" to receive a full display for each record.
Last update of whois database: Tue, 26 Jun 2012 21:42:13 UTC <<<
NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Erics-MacBook-Pro-2:~ erosenbe$
-- *Eric Rosenberry* Sr. Infrastructure Architect // Chief Bit Plumber
Direct: 503.943.6763 Mobile: 503.348.3625 // XMPP: eric.rosenberry@iovation.com *www.iovation.com* <http://www.iovation.com> -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
On 6/26/12, Mark Andrews <marka@isc.org> wrote: [snip]
It's perfectly NORMAL. Just the owners of SWINGINGCOMMUNITY.COM, BEYONDWHOIS.COM, SHQIPHOST.COM, NASHHOST.NET and UNIMUNDI.COM playing games.
It's "expected" behavior of the WHOIS implementation, the "games" involving creating WHOIS lookup ambiguity are not very amusing. Using <Other existing Domain Name>.<Global TLD name>.<Your Domain> as the name of a nameserver with the registry should be considered abuse. I would like to see the registry refuse future registrations of <Global TLD>.<Domain> as a nameserver, for 3-letter TLD names. In addition, no new global TLD names should be created.
It would just be nice if "single out" actually worked. :-) Mark -- -JH
On 06/26/2012 11:53 AM, Mark Andrews wrote:
In message <CADfGf67aMjhr+bSDo4kLpfzcyZJZw5bx0uscW_9sgrQ7rz6nsQ@mail.gmail.com> , Eric Rosenberry writes:
Not sure where this data got injected into the system (or who knows, perhaps it's a DNS injection attack or something), but this certainly is not right. :-( It's perfectly NORMAL. Just the owners of SWINGINGCOMMUNITY.COM, BEYONDWHOIS.COM, SHQIPHOST.COM, NASHHOST.NET and UNIMUNDI.COM playing games.
Probably a stupid question, but what do they gain by doing such? Paul
On Tue, 26 Jun 2012, Paul Graydon wrote:
On 06/26/2012 11:53 AM, Mark Andrews wrote:
In message <CADfGf67aMjhr+bSDo4kLpfzcyZJZw5bx0uscW_9sgrQ7rz6nsQ@mail.gmail.com> , Eric Rosenberry writes:
Not sure where this data got injected into the system (or who knows, perhaps it's a DNS injection attack or something), but this certainly is not right. :-( It's perfectly NORMAL. Just the owners of SWINGINGCOMMUNITY.COM, BEYONDWHOIS.COM, SHQIPHOST.COM, NASHHOST.NET and UNIMUNDI.COM playing games.
Probably a stupid question, but what do they gain by doing such?
Vanity. Poking fun at the domains in question. People have been doing it at least 10 years, probably longer. http://attrition.org/news/content/00-01-26.001.html That's a page about it from 2000. So, obviously, it has been going on more than 10 years. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Eric Rosenberry (eric.rosenberry) writes:
Not sure where this data got injected into the system (or who knows, perhaps it's a DNS injection attack or something), but this certainly is not right. :-(
lol, nice. I should have actually read the output before posting. That's funny. Disregard... -Eric On Tue, Jun 26, 2012 at 2:53 PM, Phil Regnauld <regnauld@nsrc.org> wrote:
Eric Rosenberry (eric.rosenberry) writes:
Not sure where this data got injected into the system (or who knows, perhaps it's a DNS injection attack or something), but this certainly is not right. :-(
-- *Eric Rosenberry* Sr. Infrastructure Architect // Chief Bit Plumber Direct: 503.943.6763 Mobile: 503.348.3625 // XMPP: eric.rosenberry@iovation.com *www.iovation.com* <http://www.iovation.com>
On Jun 26, 2012, at 2:44 PM, Eric Rosenberry wrote:
Not sure where this data got injected into the system (or who knows, perhaps it's a DNS injection attack or something), but this certainly is
It's an old trick, been around forever. You just register some random A record with a registrar. Same thing happens for google.com, microsoft.com, probably every big company. Cheers, -j
participants (7)
-
Eric Rosenberry
-
James Downs
-
Jimmy Hess
-
Jon Lewis
-
Mark Andrews
-
Paul Graydon
-
Phil Regnauld