Describe the bug
During a routine subdomain enumeration using Subfinder, I encountered an unusual behavior where some of the enumerated subdomains were prefixed with http:// and one with http, which deviates from the expected format. This issue was observed in a small subset of the results (6 out of 4826 subdomains). Typically, Subfinder outputs subdomains in a plain text format without any protocol prefixes. The unexpected inclusion of http:// and http in the subdomain names could potentially affect downstream processing or analysis of the enumeration data.

Subfinder version
v2.6.5

Complete command you used to reproduce this

subfinder -d pages.services -all -o bugs.txt

Expected behavior
Subdomains should be listed without any HTTP/HTTPS prefixes, adhering to the format subdomain.domain.com.pages.services,[source]. For instance:

• info.saubermfg.com.pages.services,[netlas,zoomeyeapi]
• care.weltyhome.org.pages.services,[netlas,zoomeyeapi]

Actual Results
A few subdomains were listed with an unexpected http:// prefix and one with an incorrect http prefix:

• http://info.saubermfg.com.pages.services,[netlas,zoomeyeapi]
• http://care.weltyhome.org.pages.services,[netlas,zoomeyeapi]
• httpsubdomain.domain.com.pages.services,[rapiddns,zoomeyeapi]

Additional context
This is the first time I've encountered this issue despite using Subfinder for an extended period. The bug only appeared on 6 subdomains out of 4826 in the results, which suggests it might be a rare or conditional occurrence.

Screenshots

I can only assume that is because one of those APIs is returning that - but then I also looked into it and it turns out there are DNS records with that http:// as part of the DNS name:

That is technically outside of the RFC for DNS I think but 🤷