On November 25, the Coordination Center for TLD .RU/.РФ hosted its annual working meeting with representatives of organizations designated by the Center as authorized to identify internet violations and accredited domain registrars. Preliminary results of the Domain Patrol project for 2025 were reviewed during the session.
Andrey Vorobyev, Director of the Coordination Center, delivered opening remarks, emphasizing that combating illegal DNS use remains a pressing issue – growing more urgent not only in Russia but globally.
“At the ICANN conference in Dublin, discussions highlighted that the launch of the new gTLD program’s second phase will soon become the primary driver of DNS Abuse. Clearly, once the first new top-level domains emerge, we will face a significant surge in cyber fraud – and we must all be prepared,” Andrey Vorobyev stated.
He noted that while ICANN has issued guidance on combating DNS Abuse, including a Russian-language version, the document underscores that national legislation takes precedence for country-code top-level domains.
“We have unique initiatives like Domain Patrol and Netoscope, which play a major role in securing Russia’s domain space. It’s our responsibility to develop best practices and share them with ICANN at community forums. Our work is far from over,” he concluded.
Data analyst Yevgeny Pankov presented the 2025 results of Domain Patrol, revealing that authorized organizations submitted 45,826 complaints to registrars over 10 months. Phishing accounted for 69% of cases, while malware distribution made up 16% . The National Computer Incident Coordination Center (NCICC), F6, and the Integral R&D Institute led in complaint volume. Registrars’ average response time was 14.8 hours.
Olga Baskakova, Project Manager at the Coordination Center, detailed upgrades to the information system facilitating collaboration between authorized entities and registrars. These updates provide users with more options for individual customization, further enhancing the efficiency of collaboration between authorized entities and registrars.
The meeting also saw the signing of an agreement admitting Positive Technologies to the authorized organizations framework. Asker Dzhamirze, Head of Threat Research, showcased the company’s cyberthreat detection and mitigation solutions. With over 20 years in the domestic market, Positive Technologies has developed a robust portfolio of products, including security solutions.
Anton Voronkin (NCICC) shared statistics on malicious domain takedowns in Russian ccTLDs. He reported a 125% rise in malicious domains within Russian zones and a 308% increase in foreign zones in 2025. Voronkin also outlined legislative updates concerning critical information infrastructure security and incident reporting protocols.
The session concluded with discussions on questions raised by authorized organizations and registrars.
