Domain Abuse Activity Reporting
ICANN's Domain Abuse Activity Reporting (DAAR) project is a system for studying and reporting on domain name registration and security threats (domain abuse1) across top-level domain (TLD) registries. The overarching purpose of DAAR is to develop a robust, reliable, and reproducible methodology for analyzing security threat activity, which the ICANN community may use to make informed policy decisions.
The system collects TLD zone data and complements these data sets with a large set of high-confidence Reputation Block List (RBL) security threat data feeds. These feeds are provided by 3rd party providers and domains. Each of them is compiled using different methodologies such as crowd sourcing, spam filters, and honeypots, among others. These feeds are gathered from identified phishing, malware, spam and botnet command and control security threats. Note that except for a few feeds where the RBL itself contains tags, neither the DAAR system nor the other feeds make explicit distinctions between maliciously registered domains and those that have been compromised.
The aggregated statistics and anonymized data collected by the DAAR system can serve as a platform for studying, reporting daily, or historically the registration data, or the abuse activity by each registry. This aggregated data is currently pushed to the registries using ICANN's Service Level Agreement Monitoring (SLAM) system. ICANN's Monitoring API (MoSAPI) allows registry operators to retrieve information collected by the SLAM system.
The data collected out of the DAAR system is being used to generate DAAR monthly reports. The reports provide a monthly analysis (a median aggregate over the whole month) of all TLDs for which data was available. They also provide aggregated statistics and time-series analyses about security threats of interest to DAAR, namely, phishing, malware, spam, and botnet command and control.
Please note that DAAR data is neither intended to provide information about security threat mitigation nor to account for how reliably or quickly security threats are mitigated by TLDs. DAAR is intended to inform its users about areas on which security threats are concentrated within the TLD space and how this concentration changes over time.
This webpage provides links to DAAR monthly reports along with a couple of other DAAR-related documents listed below:
- DAAR monthly reports
- A DAAR context document that outlines the context behind the monthly reports and summarizes the methodology behind DAAR
- A DAAR methodology paper that explains in detail how DAAR data is collected and how metrics are defined
- Two independent reviews of the DAAR methodology paper
- A set of anonymized and identified documents that contain public comments on DAAR reviews
- The Office of the Chief Technology Officer's Security, Stability, and Resiliency team's (OCTO-SSR) responses to public input
Country Code Top Level Domains in DAAR
Domain Abuse Activity Reporting FAQ
Domain Abuse Activity (DAAR) gTLD Monthly Reports
Context Document: Understanding the DAAR Monthly Report [PDF, 72 KB]
2024
- February 2024 Updated DAAR Monthly Report [PDF, 618 KB]
- January 2024 Updated DAAR Monthly Report [PDF, 550 KB]
2023
- December 2023 Updated DAAR Monthly Report [PDF, 551 KB]
- November 2023 Updated DAAR Monthly Report [PDF, 552 KB]
- October 2023 Updated DAAR Monthly Report [PDF, 558 KB]
- September 2023 Updated DAAR Monthly Report [PDF, 545 KB]
- August 2023 Updated DAAR Monthly Report [PDF, 544 KB]
- July 2023 Updated DAAR Monthly Report [PDF, 542 KB]
- June 2023 Updated DAAR Monthly Report [PDF, 542 KB]
- May 2023 Updated DAAR Monthly Report [PDF, 566 KB]
- April 2023 Updated DAAR Monthly Report [PDF, 560 KB]
- March 2023 Updated DAAR Monthly Report [PDF, 551 KB]
- February 2023 Updated DAAR Monthly Report [PDF, 558 KB]
- January 2023 Updated DAAR Monthly Report [PDF, 566 KB]
2022
- December 2022 Updated DAAR Monthly Report [PDF, 558 KB]
- November 2022 Updated DAAR Monthly Report [PDF, 567 KB]
- October 2022 Updated DAAR Monthly Report [PDF, 535 KB]
- September 2022 Updated DAAR Monthly Report [PDF, 544 KB]
- August 2022 Updated DAAR Monthly Report [PDF, 521 KB]
- July 2022 Updated DAAR Monthly Report [PDF, 553 KB]
- June 2022 Updated DAAR Monthly Report [PDF, 526 KB]
- May 2022 Updated DAAR Monthly Report [PDF, 543 KB]
- April 2022 Updated DAAR Monthly Report [PDF, 500 KB]
- March 2022 Updated DAAR Monthly Report [PDF, 500 KB]
- February 2022 Updated DAAR Monthly Report [PDF, 493 KB]
- January 2022 Updated DAAR Monthly Report [PDF, 505 KB]
2021
- December 2021 DAAR Monthly Report [PDF, 530 KB]
- November 2021 Updated DAAR Monthly Report [PDF, 532 KB]
- October 2021 Updated DAAR Monthly Report [PDF, 560 KB]
- September 2021 Updated DAAR Monthly Report [PDF, 555 KB]
- August 2021 Updated DAAR Monthly Report [PDF, 554 KB]
- July 2021 Updated DAAR Monthly Report [PDF, 504 KB]
- June 2021 Updated DAAR Monthly Report [PDF, 556 KB]
- May 2021 Updated DAAR Monthly Report [PDF, 556 KB]
- April 2021 Updated DAAR Monthly Report [PDF, 559 KB]
- March 2021 Updated DAAR Monthly Report [PDF, 554 KB]
- February 2021 Updated DAAR Monthly Report [PDF, 553 KB]
- January 2021 Updated DAAR Monthly Report [PDF, 551 KB]
2020
- December 2020 DAAR Monthly Report [PDF, 550 KB]
- November 2020 DAAR Monthly Report [PDF, 532 KB]
- October 2020 DAAR Monthly Report [PDF, 550 KB]
- September 2020 DAAR Monthly Report [PDF, 545 KB]
- August 2020 DAAR Monthly Report [PDF, 512 KB]
- July 2020 DAAR Monthly Report [PDF, 504 KB]
- June 2020 DAAR Monthly Report [PDF, 511 KB]
- May 2020 DAAR Monthly Report [PDF, 514 KB]
- April 2020 DAAR Monthly Report [PDF, 532 KB]
- March 2020 DAAR Monthly Report [PDF, 540 KB]
- February 2020 DAAR Monthly Report [PDF, 531 KB]
- January 2020 DAAR Monthly Report [PDF, 526 KB]
2019
- December 2019 DAAR Monthly Report [PDF, 524 KB]
- November 2019 DAAR Monthly Report [PDF, 533 KB]
- October 2019 DAAR Monthly Report [PDF, 530 KB]
- September 2019 DAAR Monthly Report [PDF, 533 KB]
- August 2019 DAAR Monthly Report [PDF, 523 KB]
- July 2019 DAAR Monthly Report [PDF, 523 KB]
- June 2019 DAAR Monthly Report [PDF, 532 KB]
- May 2019 DAAR Monthly Report [PDF, 542 KB]
- April 2019 DAAR Monthly Report [PDF, 536 KB]
- March 2019 DAAR Monthly Report [PDF, 540 KB]
- February 2019 DAAR Monthly Report [PDF, 540 KB]
- January 2019 DAAR Monthly Report [PDF, 514 KB]
2018
- December 2018 DAAR Monthly Report [PDF, 521 KB]
- November 2018 DAAR Monthly Report [PDF, 521 KB]
- October 2018 DAAR Monthly Report [PDF, 523 KB]
- September 2018 DAAR Monthly Report [PDF, 522 KB]
- August 2018 DAAR Monthly Report [PDF, 527 KB]
- July 2018 DAAR Monthly Report [PDF, 529 KB]
- June 2018 DAAR Monthly Report [PDF, 527 KB]
- May 2018 DAAR Monthly Report [PDF, 517 KB]
- April 2018 DAAR Monthly Report [PDF, 526 KB]
- March 2018 DAAR Monthly Report [PDF, 526 KB]
- February 2018 DAAR Monthly Report [PDF, 511 KB]
- January 2018 DAAR Monthly Report [PDF, 824 KB]
Other Resources
- OCTO-SSR responses to public input on DAAR [PDF, 279 KB]
- Public input by Derek Smythe [PDF, 70 KB]
- Redacted anonymous public input [PDF, 152 KB]
- Public input by Paul Vixie [PDF, 34 KB]
- Public input by RySG [PDF, 450 KB]
- Review by Marcus Ranum [PDF, 459 KB]
- Review by John Bambenek [PDF, 377 KB]
- ICANN org's DAAR methodology paper [PDF, 876 KB]
- Domain Abuse Activity Project Report ICANN 60, October 2017 [PDF, 1.21 MB]
- Domain Abuse Activity Project Report ICANN 59, June 2017 [PDF, 590 KB]
1 DAAR will use the term "security threat" in place for "abuse" as a part of its updated terminology