The Inner Workings of the Russian Business Network | WhoisXML API

Threat Reports

The Inner Workings of the Russian Business Network

VeriSign dubbed the Russian Business Network (RBN) as “the baddest of the bad”1 in a report. And the fact that it played host to sites owned by the most notorious spammers, malware operators, phishers, distributed denial-of-service (DDoS) attackers, and other cybercriminals proved that.2

Has RBN ceased operating or does it remain active? WhoisXML API threat researcher Dancho Danchev sought to find out. His investigation uncovered:

  • 20+ unredacted email addresses used to register the domains identified as indicators of compromise (IoCs)
  • Close to 50 IP addresses to which the domains resolved
  • Nearly 400 possibly connected domains as they shared the IoCs’ registrant email addresses or IP hosts, four of which have been dubbed “malicious” by various malware engines

Download a sample of the threat research materials now or contact us to access the complete set of research materials.

  • [1] http://economist.com/displaystory.cfm?story_id=9723768
  • [2] https://www.itprotoday.com/windows-78/what-russian-business-network
Try our WhoisXML API for free
Get started