In November 2015, accredited registrars received 102 requests to terminate the delegation of domain names from the Group-IB cybersecurity company,, one-fourth of October’s level. An investigation led to 98 domains taken off delegation, of which 11 were later restored after their owners removed the reasons for their termination. The domain names were restored upon requests from CERT-GIB. Four domains names avoided being shut down in the first place because their owners quickly rid themselves of the issues leading to their removal, or the resources were shut down by their hosting providers. As of today, 87 domain names remain shutdown, while 15 are going through the delegation process. Most of the violations exposed had to do with phishing (71%) and only a few involved botnet controllers (5%); 99% of the violator domains are under the .RU TLD.
Group-IB tracks violations on the Internet under an agreement with the Coordination Center on fighting unsanctioned use of the .RU and .РФ TLDs. Group-IB’s job is to control illegal use of the .RU and .РФ TLDs, activities such as phishing, unsanctioned access to information systems, proliferation of malware and managing networks of infected computers.
