Domain Abuse Activity Reporting
ICANN's Domain Abuse Activity Reporting (DAAR) project is a system for studying and reporting on domain name registration and security threat (domain abuse) behavior across top-level domain (TLD) registries and registrars. The overarching purpose of DAAR is to report security threat activity to the ICANN community, which can then use the data to facilitate informed policy decisions.
DAAR was designed to provide the ICANN community with a reliable, persistent, and reproducible set of data from which security threat (abuse) analyses could be performed. The system collects TLD zone data, a very large body of registration data, and complements these data sets with a large set of high-confidence reputation (security threat) data feeds. The data collected by the DAAR system can serve as a platform for studying or reporting daily or historical registration or abuse activity.
- Domain Abuse Activity Project Report ICANN 59, June 2017 [PDF, 590 KB]
- Domain Abuse Activity Project Report ICANN 60, October 2017 [PDF, 1.21 MB]
- ICANN org's DAAR methodology paper [PDF, 876 KB]
- Marcus Ranum's review [PDF, 459 KB]
- John Bambenek's review [PDF, 377 KB]