On November 25, 2025, the Coordination Center for TLD .RU/.РФ and Positive Technologies signed an agreement on cooperation in countering and preventing violations on the internet. The agreement was concluded during the annual meeting of experts from the Coordination Center with representatives of competent organizations and accredited registrars.
Under the agreement, the Coordination Center recognizes Positive Technologies’ expertise in identifying violations committed using national domain names. As an authorized organization, Positive Technologies will monitor internet resources used for phishing, malware distribution, and botnet command and control, as well as submit requests to accredited registrars to terminate the delegation of identified malicious domains.
“We are pleased to welcome a new participant to the ranks of authorized organizations. I am confident that combining our tools with Positive Technologies’ deep expertise will enhance our ability to promptly detect and suppress illegal activities in Runet,” said Andrey Vorobyev, Director of the Coordination Center for TLD .RU/.РФ.
“Over the past year, the use of phishing domains in the .RU zone has decreased by approximately 25%. At the same time, the number of domains used by malicious actors as command-and-control servers for malware distribution has increased nearly fourfold. We track such domains and share information about them through Positive Technologies’ products, as well as publish them as separate feeds of indicators of compromise. Thanks to this agreement, we will also be able to promptly forward cyber intelligence data on phishing domains and domains used as command servers for malware directly to registrars for de-delegation. This will help remove such domains from circulation faster and reduce the risk of mass infections among Runet companies and users,” emphasized Denis Kuvshinov, Head of the Threat Intelligence Department at Positive Technologies’ Security Expert Center.
Since 2012, the Coordination Center for TLD .RU/.РФ has cooperated with organizations authorized to identify internet violations. These organizations are authorized to submit reports to the Coordination Center and accredited registrars regarding resources with illegal content, phishing cases, unauthorized access to information systems, and malware distribution using domain names in the .RU and .РФ zones. Registrars, after reviewing such reports, may terminate the delegation of these domains.
Currently, the Coordination Center collaborates with 12 organizations: the National Computer Incident Coordination Center, the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), the Central Bank of the Russian Federation, the Integral R&D Institute, BI.ZON, Doctor Web, Rostelecom-Solar, F6, Kaspersky Lab, RU-CERT, ROCIT, and the Safe Internet League. Positive Technologies has become the 13th authorized organization.
Details about authorized organizations, their hotlines, and the cooperation framework are available on доменныйпатруль.рф.
