logoalt Hacker News

sandeepkdyesterday at 10:42 PM1 replyview on HN

My guess is that they ran selective search on the domains which get registered with any registrar, thats the trigger to start the search. .gov domains are not managed by your typical registrar which is selling the domain registration information to all these downstream partners/scavengers (for lack of better word)


Replies

jadamsonyesterday at 10:56 PM

The OP says it's using CT logs, not new domain registrations. The approach you have in mind would not include subdomains and would be less likely to coincide with a new server being configured.

show 1 reply