BTW.Media
Strategic Internet IntelligenceMay 12, 2026
Sign InRegister

Trends

ICANN invites ccTLD operators to join domain metrica

ICANN has opened its Domain Metrica platform to ccTLD operators, offering access to DNS abuse data, phishing.

icann
AuthorJocelyn Fang
Reading Time2 min
PublishedSeptember 19, 2025
Primary DomainN/A
Content TypeN/A
TopicN/A
EntityN/A
RegionN/A
Time HorizonN/A
ImpactN/A
ConfidenceN/A

Headline

ICANN has opened its Domain Metrica platform to ccTLD operators, offering access to DNS abuse data, phishing.

Context

On 18 September 2025, ICANN announced that its Domain Metrica service is expanding to include ccTLD operators . Before this, Domain Metrica only covered generic top-level domains (gTLDs). Now, ccTLDs can join, get onto the Monitoring System API (MoSAPI), see daily statistics about DNS abuse such as phishing, malware and botnet command-and-control, plus lists of domain names flagged via reputation block lists. If a ccTLD operator was part of the Domain Abuse Activity Reporting (DAAR) project, they are already enrolled automatically. If not, they can begin the onboarding by contacting ICANN via its Global Support, following instructions on the MoSAPI web page.

Evidence

Pending intelligence enrichment.

Analysis

In cases where ccTLD operators cannot share their zone files, participation still is possible. But data will include domains that may be inactive or suspended. Alternatively, ICANN may confirm domain status by querying the authoritative ccTLD servers. This avoids cache problems but increases load on those servers. ICANN notes that it is looking ahead to include ccTLDs in search features of the dashboard. To make comparisons fair, it is also considering ways to normalise data either via self-reported zone sizes or third-party estimates. Also read: Eko-Konnect Research and Education Driving Innovation Also read: University of Education, Winneba: Pioneering Teacher Education and Innovation Many ccTLD operators so far have lacked access to rich, daily-updated metrics on DNS abuse or domain activity. Inclusion in Domain Metrica gives them tools to understand threats inside their own TLDs, to detect phishing, malware or botnets earlier because the frequency and visibility of abuse rise globally.

Key Points

  • ccTLD operators can now sign up for ICANN Domain Metrica and gain access to both dashboard and API data including phishing, malware and botnet reports.
  • Data access differs for ccTLDs and generic TLDs (gTLDs); absence of zone file sharing affects precision and normalisation of statistics.

Actions

Pending intelligence enrichment.

Author

Jocelyn Fang