Domain Abuse Activity Reporting
ICANN's Domain Abuse Activity Reporting (DAAR) project is a system for studying and reporting on domain name registration and security threat (domain abuse) behavior across top-level domain (TLD) registries and registrars. The overarching purpose of DAAR is to report security threat activity to the ICANN community, which can then use the data to facilitate informed policy decisions.
DAAR was designed to provide the ICANN community with a reliable, persistent, and reproducible set of data from which security threat (abuse) analyses could be performed. The system collects TLD zone data, a very large body of registration data, and complements these data sets with a large set of high-confidence reputation (security threat) data feeds. The data collected by the DAAR system can serve as a platform for studying or reporting daily or historical registration or abuse activity.
Domain Abuse Activity (DAAR) Monthly Reports
January 2019 DAAR Monthly Report [PDF, 514 KB]
- Domain Abuse Activity Project Report ICANN 59, June 2017 [PDF, 590 KB]
- Domain Abuse Activity Project Report ICANN 60, October 2017 [PDF, 1.21 MB]
- ICANN org's DAAR methodology paper [PDF, 876 KB]
- Review by Marcus Ranum [PDF, 459 KB]
- Review by John Bambenek [PDF, 377 KB]
- Public input by Paul Vixie [PDF, 34 KB]
- Public input by RySG [PDF, 450 KB]
- Public input by Derek Smythe [PDF, 70 KB]
- Redacted anonymous public input [PDF, 152 KB]
- OCTO-SSR responses to public input on DAAR [PDF, 279 KB]