In April 2021, competent organizations sent 1,159 requests to registrars to terminate the delegation of domain names, which is 377 requests or 48.2 percent more than in March. These data are published in the report on competent organizations’ performance in April 2021.
The analysis of offending domains by the type of detected malicious activity in the reporting period showed that the leading place belongs to domain names associated with phishing, with 1,097 requests. In March, 1.5 times fewer domains associated with phishing were identified – registrars received 732 requests related to this category of violations. At the same time, the bulk of websites which suffered from phishing attacks belong to the banking sector. This is probably due to the beginning of the vacation season, when people actively book tickets and hotels, which causes a sharp increase in the number of online banking transactions. In addition, in April, it was announced that flights to Turkey were suspended, and cyber criminals immediately took advantage of the situation, offering non-existent airline tickets, for example, from Moscow to Istanbul, which is one of the world's largest aviation hubs.
Next are websites used to distribute malicious software (27 requests). In April, not a single malicious resource associated with botnet controllers or the distribution of pornographic images of minors was identified. The competent organizations also sent 35 requests to initiate verification of a registrant's identification information.
In April, the delegation of 1,055 domain names was terminated at the request of competent organizations. Thirty-nine domain names managed to avoid the termination of delegation after the domain registrant promptly eliminated the reasons for blocking (or a website was blocked by a hosting provider) or after the domain registrant timely confirmed the identification data. In 34 cases, the registrar did not see sufficient grounds to terminate delegation or initiate a registrant check. In seven cases, delegation was restored at the request of the relevant competent organization after the reason for blocking was eliminated.
The practice of interacting with organizations competent in identifying violations on the internet was introduced by the Coordination Center for TLD .RU/.РФ in 2012. These companies provide the Coordination Center and accredited domain name registrars with information about websites with illegal content, cases of phishing, unauthorized access to information systems and the spread of malware using domain names in the .РФ and .RU zones. Registrars have the right to terminate the delegation of domain names for such websites.
Today, 10 competent organizations cooperate with the Coordination Center: the National Coordination Center for Computer Incidents, the Safe Internet League, Group-IB, Kaspersky Lab, RU-CERT, ROCIT, Roskomnadzor, BIZon, Bank of Russia and Doctor Web. Any internet user can report a case of inappropriate use of a domain name to the hotline of one of these organizations, and they will take immediate action. Information about the competent organizations, their hotlines, and interaction with competent organizations is available on the Domain Patrol website доменныйпатруль.рф.
