[Dshield] Strange DNS Lookup
Tom Le
dottom at gmail.com
Fri Jun 6 00:01:39 GMT 2008
On Thu, Jun 5, 2008 at 3:47 PM, Mar Matthias Darin <BDarin at tanaya.net>
wrote:
> address lookup toool. The URL is
> http://dns.tanaya.net/cgi-bin/dns.cgi?whois+66.94.237.10
>
> This is part of what I get from the lookup:
>
> YAHOO.COM.ZZZZZZ.MORE.INFO.AT.WWW.BEYONDWHOIS.COM<http://yahoo.com.zzzzzz.more.info.at.www.beyondwhois.com/>
> YAHOO.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM<http://yahoo.com.zzzzz.get.laid.at.www.swingingcommunity.com/>
> YAHOO.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM<http://yahoo.com.zombied.and.hacked.by.www.web-hack.com/>
> [snip]
Your query is returning all registered domains (for .com, .net, .edu),
including sub domains, beginning with YAHOO.COM.
What version of Whois Server are you querying? You can force it to give you
the domain only with "=yahoo.com" such as:
echo "=yahoo.com" | nc whois.internic.net 43 (whois server v2.0)
echo "=yahoo.com" | nc rs.internet.net 43 (whois server v1.3
Remove the "=" and you'll get all the subdomains:
echo "yahoo.com" | nc whois.internic.net 43
echo "yahoo.com" | nc rs.internet.net 43
Tom
More information about the list
mailing list