Skip to main content

Press Release: ICANN Develops Tool to Monitor and Combat Malicious Online Activities

Domain Name System coordinator responds to the Internet Security Threats COVID and the Russia-Ukraine war pose for all users

Los Angeles – 5 May 2022 – In the midst of global crises, such as a pandemic or a war, malicious online activities typically increase. Bad actors seek new ways to install malware on devices without the user's consent to gather sensitive information or gain access to private computer systems. They also trick users into revealing sensitive personal, corporate or financial information – this is known as phishing.

To combat Internet malware and phishing, the Internet Corporation for Assigned Names and Numbers organization (ICANN) developed an evidence-based approach that identifies domain names that appear to have been used for malicious purposes and are related to the COVID-19 pandemic and the Russia-Ukraine war.

The Domain Name Security Threat Information Collection and Reporting (DNSTICR) is an innovative, robust, and linguistically comprehensive tool that searches for and reports potentially malicious activities of domain names and their background information to registrars, the entities that offer domain name registration services. DNSTICR provides another layer of defense in the ICANN's fight to protect Internet users from Domain Name System (DNS) security threats.

Since the beginning of the pandemic, ICANN has analyzed 579 separate terms, which resulted in 438,819 domain names being examined. From these, 23,452 domain names were seen to be potentially active and malicious. After ICANN analyzes these domain names and reports the phishing attacks, the registrar has all the evidence needed to decide on the best course of action to remove the threat.

"ICANN is committed to doing its part in the collective efforts to mitigate these threats, especially when criminals attempt to leverage the Domain Name System to take advantage of unsuspecting Internet users," said John Crain, ICANN's Chief Technology Officer.

ICANN's response to DNS security threats is an example of the organization's efforts to provide verifiable data, unbiased research, and expertise to facilitate fact-based discussions on the technical operations of the Internet.

The DNSTICR initiative is just one of many ICANN efforts that aligns with the organization's purpose and commitment to promote a broad participation of public and private actors to make the Internet safer, more secure, and interoperable. ICANN's DNS Security Threat Mitigation Program recently published a report on DNS abuse trends relying on four years of data (read The Last Four years in Retrospect: A Brief Review of DNS Abuse Trends).

For more information on this tool, visit our DNSTICR dedicated webpage:

Find out about ICANN org-wide efforts to mitigate DNS security threats:


ICANN's mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a nonprofit public benefit corporation with a community of participants from all over the world.

Media Contact

Alexandra Dans
Communications Director, The Americas
Montevideo, Uruguay
+598 95 831 442

Domain Name System
Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as"""" is not an IDN."