ICANN Contractual Compliance’s enforcement of DNS Abuse requirements for August 2024

DNS Abuse Complaints Received Against Registrars

Monthly Average of Complaints Received by DNS Abuse Type

One single complaint can refer to one or multiple domain names and report multiple types of DNS Abuse associated with the reported domain name(s). Therefore, the sum of the DNS Abuse types in these reports will not equal the total of individual DNS Abuse complaints received within the month, or the total of reported domain names used for DNS Abuse.

This includes all complaints received where the complainants selected one or more DNS Abuse type(s) in the Contractual Compliance webform. These do not equal the number of complaints received with validated and actionable allegations of DNS Abuse. Details about actionable complaints are in the relevant reports below.

Due to rounding, percentages may not always appear to add up to 100%.

Monthly Trend of Complaints Received by DNS Abuse Type

Monthly Detail of Complaints Received by DNS Abuse Type

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Phishing608287235245295334
DNS Abuse RAA: Malware3543824363798
DNS Abuse RAA: Botnets324188121876
DNS Abuse RAA: Pharming36072334231108
DNS Abuse RAA: Spam (vector)46599788991164
Total2,111514378424472780

DNS Abuse RAA: Phishing

DNS Abuse RAA: Botnets

DNS Abuse RAA: Spam (vector)

DNS Abuse RAA: Malware

DNS Abuse RAA: Pharming

Number of Compliance Notifications Sent to Registrars Under DNS Abuse Requirements by DNS Abuse Type

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Phishing
1st Inquiry/Notice183323262424.8
2nd Inquiry/Notice-75644.4
3rd Inquiry/Notice-11311.2
Escalated Notice11---0.4
Breach Notice------
Suspension Notice------
Termination Notice------
DNS Abuse RAA: Malware
1st Inquiry/Notice21-331.8
2nd Inquiry/Notice---120.6
3rd Inquiry/Notice------
Escalated Notice----10.2
Breach Notice------
Suspension Notice------
Termination Notice------
DNS Abuse RAA: Botnets
1st Inquiry/Notice1--110.6
2nd Inquiry/Notice---1-0.2
3rd Inquiry/Notice------
Escalated Notice------
Breach Notice------
Suspension Notice------
Termination Notice------
DNS Abuse RAA: Pharming
1st Inquiry/Notice262212.6
2nd Inquiry/Notice-1-110.6
3rd Inquiry/Notice--1--0.2
Escalated Notice------
Breach Notice------
Suspension Notice------
Termination Notice------
DNS Abuse RAA: Spam (vector)
1st Inquiry/Notice737475.6
2nd Inquiry/Notice-2-110.8
3rd Inquiry/Notice--1--0.2
Escalated Notice1----0.2
Breach Notice------
Suspension Notice------
Termination Notice------

One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual DNS Abuse notifications sent within the month. One single complaint can also report one or multiple domain names used for DNS Abuse.

Number of Compliance Notifications Sent to Registrars under 3.18.3 of the RAA
Complaints were submitted by Law Enforcement Agencies (LEA) or other authorities within the Registrar’s jurisdiction

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
Abuse Report RAA provision: under 3.18.3 RAA
1st Inquiry/Notice------
2nd Inquiry/Notice------
3rd Inquiry/Notice------
Escalated Notice------
Breach Notice------
Suspension Notice------
Termination Notice------

Monthly Detail of Reasons for Resolving Cases with Registrars by DNS Abuse Type

DNS Abuse RAA: Phishing Average Closed Per Month

DNS Abuse RAA: Malware Average Closed Per Month

DNS Abuse RAA: Botnets Average Closed Per Month

DNS Abuse RAA: Pharming Average Closed Per Month

DNS Abuse RAA: Spam (vector) Average Closed Per Month

Reasons why cases were resolved - action taken by the registrar or reasons why no action was taken APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Phishing
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse.2171610910.8
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse.--7674.0
The registrar suspended or deactivated the domain name. This is a reasonable response to an abuse report.35---1.6
The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.--43-1.4
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-4---0.8
The registrar took appropriate mitigation action, other than suspension, to stop the use of the domain name for DNS Abuse.--1210.8
The domain is suspended and suspension is a reasonable response to the abuse report.11---0.4
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.-1--10.4
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-1---0.2
DNS Abuse RAA: Phishing Total62928211820.4
DNS Abuse RAA: Malware
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse.-1--10.4
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse.---1-0.2
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.-1---0.2
DNS Abuse RAA: Malware Total-2-110.8
DNS Abuse RAA: Botnets
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.-1---0.2
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse.---1-0.2
DNS Abuse RAA: Botnets Total-1-1-0.4
DNS Abuse RAA: Pharming
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse.1-1--0.4
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse.--11-0.4
The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.--1--0.2
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-1---0.2
The registrar took appropriate mitigation action, other than suspension, to stop the use of the domain name for DNS Abuse.---1-0.2
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-1---0.2
The registrar suspended or deactivated the domain name. This is a reasonable response to an abuse report.1----0.2
DNS Abuse RAA: Pharming Total2232-1.8
DNS Abuse RAA: Spam (Vector)
The registrar suspended/deactivated the domain name. This is an appropriate mitigation action to stop the use of the domain name for DNS Abuse.145-22.4
The registrar does not have actionable evidence to determine the domain name is being used for DNS Abuse.---210.6
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-2---0.4
The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.--11-0.4
The registrar took appropriate mitigation action, other than suspension, to stop the use of the domain name for DNS Abuse.---1-0.2
The registrar requested the registrant and/or reseller to act on an abusive activity. The registrant and/or reseller then took action that resulted in the abusive activity being stopped. The registrar took appropriate mitigation action to disrupt the use of the domain name for DNS Abuse.-1---0.2
The registrar suspended or deactivated the domain name. This is a reasonable response to an abuse report.1----0.2
DNS Abuse RAA: Spam (Vector) Total276434.4
Grand Total104137292227.8

Monthly Detail of Reasons for Resolving Cases with Registrars by DNS Abuse Type
Complaints were submitted by Law Enforcement Agencies (LEA) or other authorities within the Registrar’s jurisdiction

DNS Abuse Type / Resolved Code APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
Abuse Report RAA provision: under 3.18.3 RAA
------
Abuse Report RAA provision: under 3.18.3 RAA Total------

DNS Abuse cases resolved with registrars involving maliciously registered vs. compromised domains

APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Maliciously Registered Domain3161611111
DNS Abuse RAA: Compromised Domain115423
Grand Total41721151314

Invalid or Unactionable Complaints Received Against Registrars by DNS Abuse Type

Reason why complaint was deemed invalid APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RAA: Phishing
The complaint is out of scope because it is a duplicate of an open complaint.2868553868.4
The complaint is out of scope because the complainant did not provide the requested information.134277795954.0
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.272549643239.4
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.112245644737.8
The complaint is out of scope because it is regarding a country-code top-level domain.432232162327.2
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.143---8.8
The domain is suspended and suspension is a reasonable response to the abuse report.635274.6
The complaint is out of scope because the domain is not registered.2235-2.4
The complaint is out of scope because it is a duplicate of a closed complaint.112332.0
The complaint is out of scope because it is incomplete or broad.--45-1.8
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority.---110.4
The complaint is out of scope because it is not about an ICANN contracted party.--11-0.4
The complaint is out of scope because ICANN does not process complaints regarding website content.--1--0.2
The required abuse contact is displayed on the contracted party’s website and/or other designated place.--1--0.2
The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority.-1---0.2
DNS Abuse RAA: Phishing Total390169225245210247.8
DNS Abuse RAA: Malware
The complaint is out of scope because it is a duplicate of an open complaint.286--1-57.4
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.1631314710.6
The complaint is out of scope because the complainant did not provide the requested information.569556.0
The complaint is out of scope because it is regarding a country-code top-level domain.1724325.6
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.437434.2
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-5---1.0
The domain is suspended and suspension is a reasonable response to the abuse report.111-10.8
The complaint is out of scope because it is incomplete or broad.--2--0.4
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority.----10.2
The complaint is out of scope because ICANN does not process complaints regarding website content.--1--0.2
DNS Abuse RAA: Malware Total3292037271986.4
DNS Abuse RAA: Botnets
The complaint is out of scope because it is a duplicate of an open complaint.286--1-57.4
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.1029345.6
The complaint is out of scope because it is regarding a country-code top-level domain.181-114.2
The complaint is out of scope because the complainant did not provide the requested information.1413-1.8
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.2-1311.4
The domain is suspended and suspension is a reasonable response to the abuse report.1-1--0.4
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority.----10.2
The complaint is out of scope because it is incomplete or broad.--1--0.2
DNS Abuse RAA: Botnets Total31871311771.2
DNS Abuse RAA: Pharming
The complaint is out of scope because it is a duplicate of an open complaint.286-41-58.2
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.12417111311.4
The complaint is out of scope because the complainant did not provide the requested information.46161299.4
The complaint is out of scope because it is regarding a country-code top-level domain.2695349.4
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.1151234.4
The domain is suspended and suspension is a reasonable response to the abuse report.-14-11.2
The complaint is out of scope because the domain is not registered.-32--1.0
The complaint is out of scope because it is incomplete or broad.--21-0.6
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority.----10.2
The complaint is out of scope because it is a duplicate of a closed complaint.--1--0.2
The complaint is out of scope because it is not about an ICANN contracted party.---1-0.2
DNS Abuse RAA: Pharming Total3292456413196.2
DNS Abuse RAA: Spam (Vector)
The complaint is out of scope because it is a duplicate of an open complaint.286321258.8
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.161227311119.4
The complaint is out of scope because the complainant did not provide the requested information.92023201918.2
The complaint is out of scope because it is regarding a country-code top-level domain.3371051013.0
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.4712231111.4
The registrar demonstrated having reasonably and promptly investigated and appropriately responded to an abuse report.-47---9.4
The domain is suspended and suspension is a reasonable response to the abuse report.5-1-21.6
The complaint is out of scope because it is a duplicate of a closed complaint.-21111.0
The complaint is out of scope because the domain is not registered.221--1.0
The complaint is out of scope because it is incomplete or broad.--21-0.6
The complaint is out of scope because it is not about an ICANN contracted party.--11-0.4
The required abuse contact is displayed on the contracted party’s website and/or other designated place.--1--0.2
The complaint is out of scope because ICANN does not process complaints regarding website content.--1--0.2
The complaint is out of scope because it is about a private dispute that does not implicate ICANN's contractual authority.-1---0.2
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority.--1--0.2
DNS Abuse RAA: Spam (Vector) Total355101838356135.6
Grand Total1,721321414407323637.2

One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual unactionable DNS Abuse complaints closed within the month.

DNS Abuse Complaints Received Against Registry Operators

Monthly Average of Complaints Received by DNS Abuse Type

One single complaint can refer to one or multiple domain names and report multiple types of DNS Abuse associated with the reported domain name(s). Therefore, the sum of the DNS Abuse types in these reports will not equal the total of individual DNS Abuse complaints received within the month, or the total of reported domain names used for DNS Abuse.

This includes all complaints received where the complainants selected one or more DNS Abuse type(s) in the Contractual Compliance webform. These do not equal the number of complaints received with validated and actionable allegations of DNS Abuse. Details about actionable complaints are in the relevant reports below.

Due to rounding, percentages may not always appear to add up to 100%.

Monthly Trend of Complaints Received by DNS Abuse Type

Monthly Detail of Complaints Received by DNS Abuse Type

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RA: Phishing161713171516
DNS Abuse RA: Malware782876
DNS Abuse RA: Botnets33-212
DNS Abuse RA: Pharming742424
DNS Abuse RA: Spam (vector)91913111012
Total425130423540

DNS Abuse RA: Phishing

DNS Abuse RA: Botnets

DNS Abuse RA: Spam (vector)

DNS Abuse RA: Malware

DNS Abuse RA: Pharming

Number of Compliance Notifications Sent to Registry Operators Under DNS Abuse Requirements by DNS Abuse Type

DNS Abuse Type APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RA: Phishing
1st Inquiry/Notice2--2-0.8
2nd Inquiry/Notice------
3rd Inquiry/Notice------
Escalated Notice-1---0.2
Breach Notice---1-0.2
Termination Notice------
DNS Abuse RA: Malware
1st Inquiry/Notice1----0.2
2nd Inquiry/Notice------
3rd Inquiry/Notice------
Escalated Notice------
Breach Notice------
Termination Notice------
DNS Abuse RA: Botnets
1st Inquiry/Notice------
2nd Inquiry/Notice------
3rd Inquiry/Notice------
Escalated Notice------
Breach Notice------
Termination Notice------
DNS Abuse RA: Pharming
1st Inquiry/Notice------
2nd Inquiry/Notice------
3rd Inquiry/Notice------
Escalated Notice------
Breach Notice------
Termination Notice------
DNS Abuse RA: Spam (vector)
1st Inquiry/Notice------
2nd Inquiry/Notice------
3rd Inquiry/Notice------
Escalated Notice------
Breach Notice------
Termination Notice------

One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual DNS Abuse notifications sent within the month. One single complaint can also report one or multiple domain names used for DNS Abuse.

Monthly Detail of Reasons for Resolving Cases with Registry Operators by DNS Abuse Type

DNS Abuse RA: Phishing Average Closed Per Month

DNS Abuse RA: Malware Average Closed Per Month

DNS Abuse RA: Botnets Average Closed Per Month

DNS Abuse RA: Pharming Average Closed Per Month

DNS Abuse RA: Spam (vector) Average Closed Per Month

Reasons why cases were resolved - action taken by the registry or reasons why no action was taken APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RA: Phishing
The registry suspended/deactivated the domain name. This is an appropriate mitigation action to contribute to stopping the use of the domain name for DNS Abuse.---110.4
DNS Abuse RA: Phishing Total---110.4
DNS Abuse RA: Malware
The registry suspended/deactivated the domain name. This is an appropriate mitigation action to contribute to stopping the use of the domain name for DNS Abuse.----10.2
DNS Abuse RA: Malware Total----10.2
DNS Abuse RA: Botnets
------
DNS Abuse RA: Botnets Total------
DNS Abuse RA: Pharming
------
DNS Abuse RA: Pharming Total------
DNS Abuse RA: Spam (Vector)
------
DNS Abuse RA: Spam (vector) Total------
Grand Total---120.6

DNS Abuse cases resolved with registry operators involving maliciously registered vs. compromised domains

APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RA: Maliciously Registered Domain---110.4
DNS Abuse RA: Compromised Domain------
Grand Total---110.4

Invalid or Unactionable Complaints Received Against Registry Operators by DNS Abuse Type

Reason why complaint was deemed invalid APR 2024 MAY 2024 JUN 2024 JUL 2024 AUG 2024 SEP 2024 OCT 2024 NOV 2024 DEC 2024 JAN 2025 FEB 2025 MAR 2025 Average
DNS Abuse RA: Phishing
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.410611128.6
The complaint is out of scope because it is regarding a country-code top-level domain.-413-1.6
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-1-221.0
The complaint is out of scope because it is a duplicate of an open complaint.4----0.8
The complaint is out of scope because it is incomplete or broad.--11-0.4
The reported TLD does not have Specification 6 in its registry agreement; therefore, DNS Abuse requirements are not applicable.-1---0.2
The registry operator is not the best-equipped party to review and take appropriate, proportionate, mitigation action in the particular case.---1-0.2
The complaint is out of scope because the domain is not registered.---1-0.2
The complaint is out of scope because the complainant did not provide the requested information.--1--0.2
DNS Abuse RA: Phishing Total8169191413.2
DNS Abuse RA: Malware
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.17-533.2
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-1-110.6
The complaint is out of scope because it is a duplicate of an open complaint.3----0.6
The complaint is out of scope because it is regarding a country-code top-level domain.-1-2-0.6
The reported TLD does not have Specification 6 in its registry agreement; therefore, DNS Abuse requirements are not applicable.--1--0.2
The registry operator is not the best-equipped party to review and take appropriate, proportionate, mitigation action in the particular case.----10.2
The complaint is out of scope because the complainant did not provide the requested information.1----0.2
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority.----10.2
DNS Abuse RA: Malware Total591865.8
DNS Abuse RA: Botnets
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.12-111.0
The complaint is out of scope because it is regarding a country-code top-level domain.-1-1-0.4
The complaint is out of scope because the complainant did not provide the requested information.1----0.2
The complaint is out of scope because it is a duplicate of an open complaint.1----0.2
DNS Abuse RA: Botnets Total33-211.8
DNS Abuse RA: Pharming
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.242212.2
The complaint is out of scope because the domain is not registered.---1-0.2
The complaint is out of scope because the complainant did not provide the requested information.-1---0.2
The complaint is out of scope because it is a duplicate of an open complaint.1----0.2
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.1----0.2
The complaint is out of scope because it is incomplete or broad.---1-0.2
The complaint is out of scope because it is regarding a country-code top-level domain.---1-0.2
DNS Abuse RA: Pharming Total452513.4
DNS Abuse RA: Spam (Vector)
The complaint is invalid or not actionable because there is no evidence of an abuse report filed with a registrar or registry.2158968.0
The complaint is out of scope because it is regarding a country-code top-level domain.-11221.2
The domain name is suspended or disabled and suspension is a mitigation action to stop DNS Abuse.-1-210.8
The complaint is out of scope because customer service issues are outside of ICANN's contractual authority.1---10.4
The complaint is out of scope because it is a duplicate of an open complaint.2----0.4
The complaint is out of scope because ICANN is not a registrar.1----0.2
The complaint is out of scope because it is incomplete or broad.--1--0.2
The complaint is out of scope because the complainant did not provide the requested information.1----0.2
DNS Abuse RA: Spam (Vector) Total71710131011.4
Grand Total275022473235.6

One single complaint can report multiple types of DNS Abuse associated with the reported domain name(s); therefore, the sum of the DNS Abuse types in these reports will be greater than the total of individual unactionable DNS Abuse complaints closed within the month.