Icann Logo

DAAR TLD Threat Report – October 2020

It’s been a few months since we have commented on the DAAR TLD monthly threat report. It’s interesting to note that since our last update, there has been a significant increase in both overall known threats tracked by DARR, as well as the percent of threats in newer gTLDs.

The Domain Abuse Activity Reporting System just released its October report on Generic Top Level Domains. In it we see that security threats were reported in 400 out of the 1172 generic top level domains that DAAR received data on. There were a little over 208 Million domains within these 1172 gTLDs as of October 31st. This compares to 391 out of 1183 gTLDs in September.

Here are the key stats as of October 31st:

  • 86% of all resolving domains are in Legacy (pre 2010) gTLDs
  • 400 of 1172 gTLDs contained a total of 925,801 known domain threats
  • 61.66% of identified domain threats were in Legacy gTLDs
  • 38.34% of identified domain threats were in New gTLDs
  • 90% of New gTLD domain threats were identified in just 22 of these gTLDs
  • 90% of Legacy gTLD domain threats were identified  in just 2 of these gTLDs

This report only concerns data DAAR receives on 1172 gTLDs with 208 million domains while there are in fact now over 1588 TLDs with 360 million registered today.

Keep in mind the organizations that share data with DAAR are unable to see all domain threats and as such network admins can significantly reduce their exposure to known and unknown threats by limiting availability of gTLDs to only those required by business use case.

The full report can be found here: https://www.icann.org/en/system/files/files/daar-monthly-report-31oct20-en.pdf

More To Explore

Custom Block Pages

We are happy to announce that custom block pages are here and available for all ScoutDNS accounts. Along with our improved block page service, operators

New Relay Caching Feature v1.3.1

Excited to announce we have added caching to the ScoutDNS relays. This allows the fastest possible queries to users and devices on network with sub-millisecond

Have any questions? Just Ask