Most scanners just started going through ip number and port sequences at an extremely fast rate which is more efficient then scraping a forum for a domain. Even with a home connection and no visible ports I get thousands per day and it has been this way for at least 15 years since I had the capability of seeing this info. Anyone who has ever gotten an email from me knows my domain but all scans and login attempts do not even come from the same countries as people I ever emailed nor are pointed at my domain, it’s purely IP scanning and finding an open port for a given service then trying to log into that service.
On my PBX, none of the crack attempts are even pointed at the domain, they scan, they find sip ports and try to get free voip by the IP, never the domain. I usually get these attacks three or more times per week with a few hundred various attempts at a time. VOIP fraud is really big now. They never have been able to get a route for their attempted usage thus no calls are ever successful. All numbers, no domains.