0

I did an IP lookup this morning to trace its origins based on an email I received. Within a section labeled 'Whois Domain Info', it reads the following:

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information.

COMCAST.NET.EXAMPLE.COM

COMCAST.NET

...

Now I realize this is one of Comcast's IPs and I have replaced the actual text with 'EXAMPLE.COM'. My question is related to what 'COMCAST.NET.EXAMPLE.COM' is supposed to represent. How does the IP I looked up relate to example.com in this case?

Thanks.

  • 1
    Though not your question, Suma is right about SpamCop. That makes me wonder *what* you actually did. You got some IP, then got the name `comcast.net` out of that (maybe just a `ping`?), and then did a `whois comcast.net`? That explains you're seeing the thing that I believe is Whois Spam. No need to protect southridgelacrosse.com -- they are abusing the internet alright. Or did you do something else? – Arjan Jan 19 '10 at 16:23
  • 4
    Possible duplicate of [Strange whois results](http://superuser.com/questions/30388/strange-whois-results) –  Feb 05 '17 at 12:35

2 Answers2

2

I guess it's just Whois Spam by example.com.

See How to use command line whois for “spam infected” domains like apple.com? here at Super User.

Community
  • 1
Arjan
  • 30,974
  • 14
  • 75
  • 112
2

For the purpose of tracking source of email I would highly recommend http://www.spamcop.net/ - it can parse mail headers in a lot more reliable way than most of us can.

As for addresses like COMCAST.NET.EXAMPLE.COM, this is actually NOT a comcast IP. It is just an IP which attempts to look like a comcast one. If tracking the real owner, you always need to process the address from the end.

Suma
  • 1,445
  • 2
  • 19
  • 36