On 02/11/2023 05:15, Randy Bush wrote:
ya, right, and at a whole bunch of other cctld servers
from a network called domaincrawler-hosting
It looks like a list based attempt to discover domain names registered in some small ccTLDs. The problem with some of the queries is that a few of the second level subdomains of those ccTLDs have just hundreds of registrations. Not sure if it is an DNSSEC based attack. Unlike the gTLDs, available via the ICANN CZDS, most ccTLDs don't provide access to their zone files. Some of the queries are odd because it seems to be applying lists from Swedish or German language sources to small ccTLDs where the main languages of the countries are not Swedish or German. Some of those domain name strings don't exist in the gTLDs. A few of the examples don't exist in the .SE or .DE ccTLDs either. The ccTLDs become more "unique" when the main language of their country is not English. As a ccTLD's market evolves, registrants will often decide to only register in their ccTLD rather than in .COM or other gTLDs. The percentage of these unique registrations, as opposed to registrations having an equivalent in the gTLDs, can be upwards of 15%. The percentage is also affected by economic conditions in the ccTLD's market and the price of a ccTLD registration compared to a .COM registration. The problems for a list based dns enumeration on these small ccTLDs are that there is a lot of them and they are small. It might be an idea to contact Domaincrawler(.)com and ask what it is doing. Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by Avast antivirus software. www.avast.com