On 02/11/2023 05:15, Randy Bush wrote:
ya, right, and at a whole bunch of other cctld servers
from a network called domaincrawler-hosting
It looks like a list based attempt to discover domain names registered
in some small ccTLDs. The problem with some of the queries is that a few
of the second level subdomains of those ccTLDs have just hundreds of
registrations. Not sure if it is an DNSSEC based attack.
Unlike the gTLDs, available via the ICANN CZDS, most ccTLDs don't
provide access to their zone files. Some of the queries are odd because
it seems to be applying lists from Swedish or German language sources to
small ccTLDs where the main languages of the countries are not Swedish
or German. Some of those domain name strings don't exist in the gTLDs. A
few of the examples don't exist in the .SE or .DE ccTLDs either.
The ccTLDs become more "unique" when the main language of their country
is not English. As a ccTLD's market evolves, registrants will often
decide to only register in their ccTLD rather than in .COM or other
gTLDs. The percentage of these unique registrations, as opposed to
registrations having an equivalent in the gTLDs, can be upwards of 15%.
The percentage is also affected by economic conditions in the ccTLD's
market and the price of a ccTLD registration compared to a .COM
registration. The problems for a list based dns enumeration on these
small ccTLDs are that there is a lot of them and they are small.
It might be an idea to contact Domaincrawler(.)com and ask what it is
doing.
Regards...jmcc
--
**********************************************************
John McCormac * e-mail: j...@hosterstats.com
MC2 * web: http://www.hosterstats.com/
22 Viewmount * Domain Registrations Statistics
Waterford * Domnomics - the business of domain names
Ireland * https://amzn.to/2OPtEIO
IE * Skype: hosterstats.com
**********************************************************
--
This email has been checked for viruses by Avast antivirus software.
www.avast.com
