-
- Qeydiyyat ü?ün mük?mm?l, sahiblik ü?ün etibarl?
- T?klif g?nd?r
X
NiceNIC Abuse Hv?ling Manual
1. Purpose
NiceNIC maintains this Abuse Hv?ling Manual to ensure that abuse complaints involving domen names sponsv? yaed by NiceNIC are received, assessed, tracked, investigated, v? addressed in a consistent, documented, v? risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users v? affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, v? documented hv?ling fv? ya registrants v? resellers;
4.demonstrate a clear, defensible, v? auditable abuse response process.
NiceNIC will investigate abuse repv? yats promptly v? will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repv? yated activity, the likelihood of ongoing harm, v? the risk of collateral damage to legitimate Xidm?ts. This approach is aligned with Section 3.18 of the 2013 RAA v? ICANN's 2024 DNS Abuse Advisv? yay.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fv? ya NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expv?ed High-Risk Abuse Categv? yaies
NiceNIC may also classify certain matters as Expv?ed High-Risk Abuse Categv? yaies under its own abuse v? risk rules, even wburada they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Xeyrn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hv?les abuse repv? yats accv? yading to the following principles:
5. Repv? yating Channels
NiceNIC shall maintain:
6. Minimum Infv? yamation Required in a Complaint
ü?ün be processed efficiently, a complaint should include:
7. Evidence Stv?ards
7.1 ?m?liyyatable Evidence
Evidence is actionable when the infv? yamation reasonably available to NiceNIC is sufficient to determine that the sponsv? yaed domen name is being used fv? ya DNS Abuse v? ya other enfv? yaceable abuse activity.
Nümun?s include:
7.2 Insufficient Evidence
Evidence is insufficient wburada the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priv? yaity v? Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mv?ated fixed deadlines.
Priv? yaity 0 - Emergency / Active Harm
Nümun?s:
Priv? yaity 1 - High-Risk ?m?liyyatable Abuse
Nümun?s:
Priv? yaity 2 - Xeyrn-DNS Abuse with Sufficient Evidence
Nümun?s:
Priv? yaity 3 - Incomplete / Low-Quality Repv? yats
Target:
9. Wv? yakflow
9.1 Intake
Every repv? yat receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Xeyrtifications
Fv? ya clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first v? notify after action.
Fv? ya likely compromise scenarios v? ya non-DNS matters, NiceNIC may notify first wburada that is consistent with risk control v? does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm v? the risk of collateral damage.
10. Kateqoriya-Specific Rules
10.1 Drugs / kra / slon / mega A?ar S?zl?r
Keywv? yad presence alone is not enough fv? ya DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recv? yads, avoid unnecessary customer back-v?-fv? yath, v? escalate to the appropriate authv? yaity v? ya registry if required.
10.4 DMCA / Mü?llif Hüququ
Do not auto-suspend purely on large content lists v? ya unsuppv? yated bulk allegations.
Fv? yaward proper notices wburada appropriate, require a compliant notice fv? yamat, v? allow the domen holder to address the claim unless a court v? yader, registry rule, v? ya other stronger basis requires mv? yae immediate action.
This is also broadly consistent with how majv? ya registrars separate copyright/trademark processing from phishing/malware hv?ling.
10.5 Trademark / Brv? Complaints
Trademark disputes are not automatically DNS Abuse.
Wburada the issue is a domen-name rights dispute, complainants should generally be directed toward UDRP, URS, v? ya court process as appropriate, unless the evidence also shows phishing, impersonation, v? ya other abuse. Aducuz publicly distinguishes abuse hv?ling from UDRP/URS hv?ling in the same way.
11. Registrant / Distribyutor Communication Rules
11.1 Retail Customers
Fv? ya clear DNS Abuse with sufficient evidence:
11.2 Distribyutors
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wburada actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppv? yated denials such as "content removed" v? ya "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repv? yater Program
NiceNIC may maintain a trusted-repv? yater list fv? ya sources that consistently provide accurate, well-fv? yamed, v? actionable repv? yats.
Trusted-repv? yater status may provide:
14. Recv? yadkeeping v? Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfv? yam:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hv?ling Manual to ensure that abuse complaints involving domen names sponsv? yaed by NiceNIC are received, assessed, tracked, investigated, v? addressed in a consistent, documented, v? risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users v? affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, v? documented hv?ling fv? ya registrants v? resellers;
4.demonstrate a clear, defensible, v? auditable abuse response process.
NiceNIC will investigate abuse repv? yats promptly v? will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repv? yated activity, the likelihood of ongoing harm, v? the risk of collateral damage to legitimate Xidm?ts. This approach is aligned with Section 3.18 of the 2013 RAA v? ICANN's 2024 DNS Abuse Advisv? yay.
2. Scope
This manual applies to:
- domen names sponsv? yaed by NiceNIC;
- abuse repv? yats submitted by individuals, companies, security researchers, trusted repv? yaters, registries, law enfv? yacement, v? ya other authv? yaities;
- retail customers v? reseller-managed names;
- both DNS Abuse v? non-DNS abuse v? ya illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fv? ya NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expv?ed High-Risk Abuse Categv? yaies
NiceNIC may also classify certain matters as Expv?ed High-Risk Abuse Categv? yaies under its own abuse v? risk rules, even wburada they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) v? ya child exploitation content;
- illicit drug sales v? ya high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wburada urgent action is justified by law, registry policy, competent authv? yaity request, v? ya clear risk evidence.
3.3 Xeyrn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling v? ya gaming content;
- misleading v? ya fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatv? yas;
- general policy violations.
4. Guiding Principles
NiceNIC hv?les abuse repv? yats accv? yading to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywv? yads, assumptions, v? ya unsuppv? yated allegations alone.
- Risk-based response. Faster v? stronger action applies wburada the evidence is actionable v? the harm is ongoing v? ya severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wburada the evidence indicates a compromise scenario v? a full hold would create dispropv? yationate collateral damage.
- Consistency v? documentation. Every case must be categv? yaized, tracked, v? recv? yaded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfv? yam operatv? ya, payment processv? ya, v? ya law enfv? yacement may also be a relevant v? ya mv? yae effective action point.
5. Repv? yating Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage v? ya designated abuse page;
- a published description of how abuse repv? yats are received, hv?led, v? tracked;
- a dedicated 24/7 monitv? yaed abuse contact point fv? ya law enfv? yacement v? similar authv? yaities as required under the RAA.
- abuse mailbox;
- suppv? yat ticket system;
- webfv? yam;
- trusted-repv? yater channel;
- registry escalation;
- law-enfv? yacement / government channel.
6. Minimum Infv? yamation Required in a Complaint
ü?ün be processed efficiently, a complaint should include:
- the repv? yated domen name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content v? the full URL;
- full email headers wburada email abuse, phishing, v? ya fraud is involved;
- suppv? yating evidence such as invoices, logs, malware analysis, blocklist results, v? ya impersonation details;
- complainant contact infv? yamation;
- proof of authv? yaization wburada the complainant acts on behalf of a brv? v? ya victim entity.
7. Evidence Stv?ards
7.1 ?m?liyyatable Evidence
Evidence is actionable when the infv? yamation reasonably available to NiceNIC is sufficient to determine that the sponsv? yaed domen name is being used fv? ya DNS Abuse v? ya other enfv? yaceable abuse activity.
Nümun?s include:
- a phishing page screenshot showing the full URL v? impersonated brv?;
- a phishing email with full headers v? linked malicious URL;
- malware v? ya exploit delivery from the repv? yated domen v? ya URL;
- reputation/blocklist data that suppv? yats the repv? yated conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, v? ya credential capture;
- multiple consistent signals from trusted v? ya recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wburada the complaint contains only:
- a domen name with no abusive URL;
- keywv? yads only;
- allegations without screenshots, headers, logs, v? ya other suppv? yat;
- general statements that a name "looks suspicious";
- pure brv? conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware v? ya phishing feeds;
- reputation Xidm?ts;
- priv? ya internal case histv? yay.
8. Case Priv? yaity v? Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mv?ated fixed deadlines.
Priv? yaity 0 - Emergency / Active Harm
Nümun?s:
- active phishing harvesting credentials v? ya payment data;
- malware delivery;
- botnet / commv?-v?-control use;
- CSAM;
- law-enfv? yacement emergency notice;
- wallet-drainer v? ya seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wburada actionable, mitigation nv? yamally within 24 hours, v? no later than 48 hours absent exceptional facts.
Priv? yaity 1 - High-Risk ?m?liyyatable Abuse
Nümun?s:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domens already flagged by reliable third-party sources with cv? yarobv? yaating evidence.
- review within 1 business day;
- mitigation v? ya documented N?vb?ti step within 48 hours.
Priv? yaity 2 - Xeyrn-DNS Abuse with Sufficient Evidence
Nümun?s:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy v? ya content complaints lacking qualifying DNS-abuse indicatv? yas.
- ackindiledge promptly;
- notify registrant/reseller wburada appropriate;
- request remediation v? ya additional documentation.
Priv? yaity 3 - Incomplete / Low-Quality Repv? yats
Target:
- ackindiledgment v? request fv? ya additional evidence;
- no suspension solely on this basis.
9. Wv? yakflow
9.1 Intake
Every repv? yat receives:
- case ID;
- timestamp;
- source classification;
- domen linkage;
- abuse categv? yay;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authv? yaity / trusted-repv? yater status;
- reseller vs retail account;
- current domen status;
- repeat-offender / repeat-case histv? yay.
9.3 Investigation
The reviewer checks:
- repv? yated URL v? ya content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histv? yay;
- priv? ya complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional v? ya caused by compromise;
- whether the abuse is occurring at second-level domen, subdomen, web content, v? ya email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mv? yae evidence from complainant;
- notify registrant v? ya reseller fv? ya remediation;
- clientHold;
- transfer lock in conjunction with mitigation wburada appropriate;
- referral to registry, host, law enfv? yacement, payment provider, v? ya other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Xeyrtifications
Fv? ya clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first v? notify after action.
Fv? ya likely compromise scenarios v? ya non-DNS matters, NiceNIC may notify first wburada that is consistent with risk control v? does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm v? the risk of collateral damage.
10. Kateqoriya-Specific Rules
10.1 Drugs / kra / slon / mega A?ar S?zl?r
Keywv? yad presence alone is not enough fv? ya DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywv? yads v? ya product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, v? ya other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wburada the site is only a dubious investment v? ya false-profit promotion;
- DNS Abuse / urgent abuse wburada the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, v? ya malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recv? yads, avoid unnecessary customer back-v?-fv? yath, v? escalate to the appropriate authv? yaity v? ya registry if required.
10.4 DMCA / Mü?llif Hüququ
Do not auto-suspend purely on large content lists v? ya unsuppv? yated bulk allegations.
Fv? yaward proper notices wburada appropriate, require a compliant notice fv? yamat, v? allow the domen holder to address the claim unless a court v? yader, registry rule, v? ya other stronger basis requires mv? yae immediate action.
This is also broadly consistent with how majv? ya registrars separate copyright/trademark processing from phishing/malware hv?ling.
10.5 Trademark / Brv? Complaints
Trademark disputes are not automatically DNS Abuse.
Wburada the issue is a domen-name rights dispute, complainants should generally be directed toward UDRP, URS, v? ya court process as appropriate, unless the evidence also shows phishing, impersonation, v? ya other abuse. Aducuz publicly distinguishes abuse hv?ling from UDRP/URS hv?ling in the same way.
11. Registrant / Distribyutor Communication Rules
11.1 Retail Customers
Fv? ya clear DNS Abuse with sufficient evidence:
- domen may be suspended immediately;
- the first customer-facing reply should state the basis, the self-Xidm?t path to view the case summary, v? the evidence stv?ard required fv? ya reconsideration.
11.2 Distribyutors
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wburada actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppv? yated denials such as "content removed" v? ya "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise v? remediation;
- clean current review results;
- third-party reputation recovery wburada applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackindiledgment of receipt;
- case ID v? ya equivalent reference;
- request fv? ya mv? yae evidence if needed;
- status update when action is taken v? ya declined;
- no unnecessary substantive discussion wburada the domen is already suspended v? ya pending suspension v? the key outcome is final.
13. Trusted Repv? yater Program
NiceNIC may maintain a trusted-repv? yater list fv? ya sources that consistently provide accurate, well-fv? yamed, v? actionable repv? yats.
Trusted-repv? yater status may provide:
- priv? yaity intake;
- structured data submission;
- simplified evidence fv? yamatting;
- API v? ya fast-lane hv?ling.
14. Recv? yadkeeping v? Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up v? final disposition.
15. Compliance Controls
NiceNIC should perfv? yam:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions v? evidence thresholds;
- testing of abuse mailbox v? webfv? yam operability;
- review of template accuracy;
- monitv? yaing of repeat errv? yas v? reopened cases;
- monthly review of domens with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackindiledgment;
- time to first human review;
- time to mitigation fv? ya actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted v? ya denied;
- repeat-abuse domens;
- repeat-abuse accounts;
- trusted-repv? yater accuracy rate;
- complaints already resolved befv? yae manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repv? yats promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse v? other types of complaints.
- NiceNIC acts based on evidence, risk, v? applicable policy.
- NiceNIC may suspend immediately wburada tburada is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mv? yae infv? yamation v? ya direct the complainant to a mv? yae appropriate action point wburada the registrar is not the sole effective responder.
- NiceNIC keeps case recv? yads v? can demonstrate its hv?ling process if reviewed by ICANN v? ya registry partners.
K?m?y? ehtiyac?n?z var? H?mi?? yan?n?zday?q.
T?klif g?nd?r
- ?irk?t Profili
- NiceNIC Haqq?nda
- Domen X?b?rl?ri
- ?d?m? Metodu
- Raz?la?malar
- Mü?t?ri D?st?yi
- K?m?k M?rk?zi
- T?klif g?nd?r
- Biziml? ?laq?
- ?stismar? Bildir
Mü?llif Hüququ © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Bütün Hüquqlar Qorunur