Number of violating domains decreases in October


In October 2018, registrars received a total of 393 reports from competent organizations requesting cancellation of domain name delegation. This is 174 domain names less than in September.

The analysis of violating domains by type of malicious activity over the reporting period revealed that the majority of violating domains were involved in phishing (348 reports). The second-largest threat was distribution of malware (44 reports). One report came in regarding bot network controllers.

Delegation of 382 domain names was cancelled over the reporting period. Four domain names avoided cancellation by promptly rectifying the cause of blocking by the domain administrator or the website was blocked by its hosting provider. In seven cases, registrars did not find enough grounds to cancel delegation or initiate an inspection of the domain administrator.

Currently, 366 domain names remain blocked. In 16 cases, delegation was reinstated upon petition from a respective competent organization after the problem was resolved.

The Coordination Center for TLD .RU/.РФ began working with organizations competent in identifying wrongdoings in the internet in 2012. These are the companies that provide the Coordination Center and accredited registrars with information on websites containing illegal content. They also report phishing, unauthorized access to information systems, and distribution of malware using domain names in .РФ and .RU. The registrars have the right to cancel delegation of domain names for such websites.

Nine competent organizations currently cooperate with the Coordination Center: the Safe Internet League, Group-IB, Kaspersky Lab, RU-CERT, the Regional Public Center of Internet Technology (ROCIT), the Federal Supervision Service for Communications, Information Technology and Mass Media, BIZon, the Central Bank of Russia and Dr.Web. Any user can report the inappropriate use of domain names to a hotline of any of these organizations and an immediate response will follow. More details on the response procedure can be found in the 2017 report from competent organizations posted at the CCTLD website.