.ru domains & RU-Center

Hello everyone! Our team has noticed a slightly annoying behaviour coming from the team of RU-Center that deals with abuse complaints. Complaints coming to RU-Center concerning .ru and .РФ domains are being ignored.

Dear Sir/Madam,

According to The Terms and Conditions of Domain Names Registration in domains .RU and .РФ", the Registrar may take actions against domain name by the request from law enforcement of the Russian Federation and upon the receipt of a substantiated petition from an organization indicated by the Coordinator as a competent one to determine violations on the Internet:

Domain patrol

We highly recommend that you report this issue to the competent organizations.

Best regards,

Our team has received the same answer and we have confirmed that this issue cannot be resolved by filing a complaint with ICANN Contractual Complaint. ICANN does not have the right to manage this TLD, as they have stated during a call with one of our team members. We recommend that RU-Centre should have a flag indicating that .ru domains will not be checked.

Our team would also like to recommend that you submit abuse complaints to this organisation instead, as they are considered competent in this matter: Internet League but they do not have an English website.

If you have any more information, please post it as a comment and share the knowledge with fellow phish.report users.

Unrelated to this topic, BUT have a shit post

1 Like

ICANN can’t deal with regional TLD (ccTLD). Do (or force to) as some guys from DE-CIX - just stop peering with russia ASN’s.
This terrorist state should be isolated.

reg-ru sometimes works, but in 3, 5 or even 10 days. Their policy - up to 14 days.

Offtop: if you will see news about Zaporizhzhia Nuclear Power Station in next few days - it’s all russians.

Our team has had some really great experiences with reg.ru as indicated in the meme which I sent.
They typically take down the domains after the 14 days have passed, however RU-center is another story.

RU-Center was one of our “fame and shame” targets in one of our posts here: Unresponsive Domain Provider (RU-Center) - #6 by System27_Security

They were not responding our abuse complaints regarding .com domains, They do not have the best track record in handling abuse complaints. It seems they are trying to be “AbuseResisitant” domain registarars, which is unfortunate. RU-Center is going to follow Cloudflare’s footsteps regarding handling abuse complaints as from our team’s perspective.

If you want to translate the page easily on Internet League then I recommend using this tool: Chrome Extension

How to use it:

Click on the extension (make sure you have it pinned!)
Press “translate this page”
If it didn’t translate to english, theres a bar on top, and there you can choose the language you want to translate to.

But ofcourse it’s not a GOD extension, there may be errors in the translation.

[System27_Security] I’m seeing phishing sites from hosted by zerohost[.]io with REG[.]RU domain name block both phish report and urlscan io live screenshot functions with 404 page but open and are seen with in a web browser.

n/m maybe its just my browser cache.

ZeroHost.io is notorious for ignoring abuse complaints. Our team is still sending the abuse complaints but they are not responding to them.

If you have any ideas on how to get in touch with ZeroHost, please let us know. They are a VPS provider, and thus they are not subjected to the usual ICANN contractual compliance team. Our team submits a ticket to ICANN Contractual Compliance in cases where the Domain registrar does not reply or doesn’t take action however, as ZeroHost is a server provider. They are not subject to ICANN.

reg.ru is actually pretty nice when it comes to taking domains offline. They are polite, I won’t say fast since sometimes they are not fast. The average turn around time, we measured is 14 days.

Once again, Sorry for writing this holy bible as a response.

1 Like

[System27_Security] Hi, np I’m still noticing sites that are blocking your site and other screenshot function.

https://my-gifts[.]space/season-gifts=043d8f1723 example this site in question has be up since May as first noticed by Netcraft. Also the screenshot is blocked with 404 there. So they assume the site is not a threat.
Can you please confirm your results with the above url? I bracketed [.] the dot above. remove those.

Any recommendations on what to do with sites like these that are reported as obvious threats, but are not showing in screenshots, and are assumed 404 and not threats?

upon inspect element F12 in FireFox the page goes 404 too.