Domain Abuse Activity Reporting System September 2024

This report is a technical document that presents the findings of the Domain Abuse Activity Reporting (DAAR) System for September 2024. It provides an analysis of security threat concentrations across generic Top-Level Domains (gTLDs) and other TLDs that have shared their zone files for examination. The report includes aggregated statistics and time series analysis of security threats, specifically focusing on spam, phishing, malware distribution, and botnet command-and-control activities. The data indicates that in September 2024, there were 219,414,122 domains across 1099 gTLDs, with 515 of these domains identified as having at least one security threat. The report also discusses the distribution of security threats between legacy and new gTLDs, highlighting that new gTLDs are more frequently associated with spam, while legacy gTLDs show a broader distribution of threats. Additionally, the report introduces a normalized metric for comparing security threats across TLDs, which aids in understanding the effectiveness of anti-abuse measures and informs policy discussions within the ICANN community.