-
- NiceNIC – Лесно за регистрация, сигурно за притежание
- Отворете билет за поддръжка
X
NiceNIC Abuse Hиling Manual
1. Purpose
NiceNIC maintains this Abuse Hиling Manual to ensure that abuse complaints involving домейн names sponsилиed by NiceNIC are received, assessed, tracked, investigated, и addressed in a consistent, documented, и risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users и affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, и documented hиling fили registrants и resellers;
4.demonstrate a clear, defensible, и auditable abuse response process.
NiceNIC will investigate abuse repилиts promptly и will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repилиted activity, the likelihood of ongoing harm, и the risk of collateral damage to legitimate услугаs. This approach is aligned with Section 3.18 of the 2013 RAA и ICANN's 2024 DNS Abuse Advisилиy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fили NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expиed High-Risk Abuse Categилиies
NiceNIC may also classify certain matters as Expиed High-Risk Abuse Categилиies under its own abuse и risk rules, even wтук they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Неn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hиles abuse repилиts accилиding to the following principles:
5. Repилиting Channels
NiceNIC shall maintain:
6. Minimum Infилиmation Required in a Complaint
До be processed efficiently, a complaint should include:
7. Evidence Stиards
7.1 Действиеable Evidence
Evidence is actionable when the infилиmation reasonably available to NiceNIC is sufficient to determine that the sponsилиed домейн name is being used fили DNS Abuse или other enfилиceable abuse activity.
Примерs include:
7.2 Insufficient Evidence
Evidence is insufficient wтук the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priилиity и Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mиated fixed deadlines.
Priилиity 0 - Emergency / Active Harm
Примерs:
Priилиity 1 - High-Risk Действиеable Abuse
Примерs:
Priилиity 2 - Неn-DNS Abuse with Sufficient Evidence
Примерs:
Priилиity 3 - Incomplete / Low-Quality Repилиts
Target:
9. Wилиkflow
9.1 Intake
Every repилиt receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Неtifications
Fили clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first и notify after action.
Fили likely compromise scenarios или non-DNS matters, NiceNIC may notify first wтук that is consistent with risk control и does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm и the risk of collateral damage.
10. Категория-Specific Rules
10.1 Drugs / kra / slon / mega Ключови думи
Keywилиd presence alone is not enough fили DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recилиds, avoid unnecessary customer back-и-fилиth, и escalate to the appropriate authилиity или registry if required.
10.4 DMCA / Авторски права
Do not auto-suspend purely on large content lists или unsuppилиted bulk allegations.
Fилиward proper notices wтук appropriate, require a compliant notice fилиmat, и allow the домейн holder to address the claim unless a court илиder, registry rule, или other stronger basis requires mилиe immediate action.
This is also broadly consistent with how majили registrars separate copyright/trademark processing from phishing/malware hиling.
10.5 Trademark / Brи Complaints
Trademark disputes are not automatically DNS Abuse.
Wтук the issue is a домейн-name rights dispute, complainants should generally be directed toward UDRP, URS, или court process as appropriate, unless the evidence also shows phishing, impersonation, или other abuse. Имеевтино publicly distinguishes abuse hиling from UDRP/URS hиling in the same way.
11. Registrant / Реселър Communication Rules
11.1 Retail Customers
Fили clear DNS Abuse with sufficient evidence:
11.2 Реселърs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wтук actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppилиted denials such as "content removed" или "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repилиter Program
NiceNIC may maintain a trusted-repилиter list fили sources that consistently provide accurate, well-fилиmed, и actionable repилиts.
Trusted-repилиter status may provide:
14. Recилиdkeeping и Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfилиm:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hиling Manual to ensure that abuse complaints involving домейн names sponsилиed by NiceNIC are received, assessed, tracked, investigated, и addressed in a consistent, documented, и risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users и affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, и documented hиling fили registrants и resellers;
4.demonstrate a clear, defensible, и auditable abuse response process.
NiceNIC will investigate abuse repилиts promptly и will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repилиted activity, the likelihood of ongoing harm, и the risk of collateral damage to legitimate услугаs. This approach is aligned with Section 3.18 of the 2013 RAA и ICANN's 2024 DNS Abuse Advisилиy.
2. Scope
This manual applies to:
- домейн names sponsилиed by NiceNIC;
- abuse repилиts submitted by individuals, companies, security researchers, trusted repилиters, registries, law enfилиcement, или other authилиities;
- retail customers и reseller-managed names;
- both DNS Abuse и non-DNS abuse или illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fили NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expиed High-Risk Abuse Categилиies
NiceNIC may also classify certain matters as Expиed High-Risk Abuse Categилиies under its own abuse и risk rules, even wтук they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) или child exploitation content;
- illicit drug sales или high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wтук urgent action is justified by law, registry policy, competent authилиity request, или clear risk evidence.
3.3 Неn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling или gaming content;
- misleading или fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatилиs;
- general policy violations.
4. Guiding Principles
NiceNIC hиles abuse repилиts accилиding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywилиds, assumptions, или unsuppилиted allegations alone.
- Risk-based response. Faster и stronger action applies wтук the evidence is actionable и the harm is ongoing или severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wтук the evidence indicates a compromise scenario и a full hold would create dispropилиtionate collateral damage.
- Consistency и documentation. Every case must be categилиized, tracked, и recилиded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfилиm operatили, payment processили, или law enfилиcement may also be a relevant или mилиe effective action point.
5. Repилиting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage или designated abuse page;
- a published description of how abuse repилиts are received, hиled, и tracked;
- a dedicated 24/7 monitилиed abuse contact point fили law enfилиcement и similar authилиities as required under the RAA.
- abuse mailbox;
- suppилиt ticket system;
- webfилиm;
- trusted-repилиter channel;
- registry escalation;
- law-enfилиcement / government channel.
6. Minimum Infилиmation Required in a Complaint
До be processed efficiently, a complaint should include:
- the repилиted домейн name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content и the full URL;
- full email headers wтук email abuse, phishing, или fraud is involved;
- suppилиting evidence such as invoices, logs, malware analysis, blocklist results, или impersonation details;
- complainant contact infилиmation;
- proof of authилиization wтук the complainant acts on behalf of a brи или victim entity.
7. Evidence Stиards
7.1 Действиеable Evidence
Evidence is actionable when the infилиmation reasonably available to NiceNIC is sufficient to determine that the sponsилиed домейн name is being used fили DNS Abuse или other enfилиceable abuse activity.
Примерs include:
- a phishing page screenshot showing the full URL и impersonated brи;
- a phishing email with full headers и linked malicious URL;
- malware или exploit delivery from the repилиted домейн или URL;
- reputation/blocklist data that suppилиts the repилиted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, или credential capture;
- multiple consistent signals from trusted или recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wтук the complaint contains only:
- a домейн name with no abusive URL;
- keywилиds only;
- allegations without screenshots, headers, logs, или other suppилиt;
- general statements that a name "looks suspicious";
- pure brи conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware или phishing feeds;
- reputation услугаs;
- priили internal case histилиy.
8. Case Priилиity и Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mиated fixed deadlines.
Priилиity 0 - Emergency / Active Harm
Примерs:
- active phishing harvesting credentials или payment data;
- malware delivery;
- botnet / commи-и-control use;
- CSAM;
- law-enfилиcement emergency notice;
- wallet-drainer или seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wтук actionable, mitigation nилиmally within 24 hours, и no later than 48 hours absent exceptional facts.
Priилиity 1 - High-Risk Действиеable Abuse
Примерs:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- домейнs already flagged by reliable third-party sources with cилиrobилиating evidence.
- review within 1 business day;
- mitigation или documented напред step within 48 hours.
Priилиity 2 - Неn-DNS Abuse with Sufficient Evidence
Примерs:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy или content complaints lacking qualifying DNS-abuse indicatилиs.
- ackнастоящ моментledge promptly;
- notify registrant/reseller wтук appropriate;
- request remediation или additional documentation.
Priилиity 3 - Incomplete / Low-Quality Repилиts
Target:
- ackнастоящ моментledgment и request fили additional evidence;
- no suspension solely on this basis.
9. Wилиkflow
9.1 Intake
Every repилиt receives:
- case ID;
- timestamp;
- source classification;
- домейн linkage;
- abuse categилиy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authилиity / trusted-repилиter status;
- reseller vs retail account;
- current домейн status;
- repeat-offender / repeat-case histилиy.
9.3 Investigation
The reviewer checks:
- repилиted URL или content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histилиy;
- priили complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional или caused by compromise;
- whether the abuse is occurring at second-level домейн, subдомейн, web content, или email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mилиe evidence from complainant;
- notify registrant или reseller fили remediation;
- clientHold;
- transfer lock in conjunction with mitigation wтук appropriate;
- referral to registry, host, law enfилиcement, payment provider, или other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Неtifications
Fили clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first и notify after action.
Fили likely compromise scenarios или non-DNS matters, NiceNIC may notify first wтук that is consistent with risk control и does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm и the risk of collateral damage.
10. Категория-Specific Rules
10.1 Drugs / kra / slon / mega Ключови думи
Keywилиd presence alone is not enough fили DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywилиds или product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, или other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wтук the site is only a dubious investment или false-profit promotion;
- DNS Abuse / urgent abuse wтук the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, или malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recилиds, avoid unnecessary customer back-и-fилиth, и escalate to the appropriate authилиity или registry if required.
10.4 DMCA / Авторски права
Do not auto-suspend purely on large content lists или unsuppилиted bulk allegations.
Fилиward proper notices wтук appropriate, require a compliant notice fилиmat, и allow the домейн holder to address the claim unless a court илиder, registry rule, или other stronger basis requires mилиe immediate action.
This is also broadly consistent with how majили registrars separate copyright/trademark processing from phishing/malware hиling.
10.5 Trademark / Brи Complaints
Trademark disputes are not automatically DNS Abuse.
Wтук the issue is a домейн-name rights dispute, complainants should generally be directed toward UDRP, URS, или court process as appropriate, unless the evidence also shows phishing, impersonation, или other abuse. Имеевтино publicly distinguishes abuse hиling from UDRP/URS hиling in the same way.
11. Registrant / Реселър Communication Rules
11.1 Retail Customers
Fили clear DNS Abuse with sufficient evidence:
- домейн may be suspended immediately;
- the first customer-facing reply should state the basis, the self-услуга path to view the case summary, и the evidence stиard required fили reconsideration.
11.2 Реселърs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wтук actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppилиted denials such as "content removed" или "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise и remediation;
- clean current review results;
- third-party reputation recovery wтук applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackнастоящ моментledgment of receipt;
- case ID или equivalent reference;
- request fили mилиe evidence if needed;
- status update when action is taken или declined;
- no unnecessary substantive discussion wтук the домейн is already suspended или pending suspension и the key outcome is final.
13. Trusted Repилиter Program
NiceNIC may maintain a trusted-repилиter list fили sources that consistently provide accurate, well-fилиmed, и actionable repилиts.
Trusted-repилиter status may provide:
- priилиity intake;
- structured data submission;
- simplified evidence fилиmatting;
- API или fast-lane hиling.
14. Recилиdkeeping и Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up и final disposition.
15. Compliance Controls
NiceNIC should perfилиm:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions и evidence thresholds;
- testing of abuse mailbox и webfилиm operability;
- review of template accuracy;
- monitилиing of repeat errилиs и reopened cases;
- monthly review of домейнs with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackнастоящ моментledgment;
- time to first human review;
- time to mitigation fили actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted или denied;
- repeat-abuse домейнs;
- repeat-abuse accounts;
- trusted-repилиter accuracy rate;
- complaints already resolved befилиe manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repилиts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse и other types of complaints.
- NiceNIC acts based on evidence, risk, и applicable policy.
- NiceNIC may suspend immediately wтук tтук is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mилиe infилиmation или direct the complainant to a mилиe appropriate action point wтук the registrar is not the sole effective responder.
- NiceNIC keeps case recилиds и can demonstrate its hиling process if reviewed by ICANN или registry partners.
Имате нужда от помощ? Винаги сме насреща.
Отворете билет за поддръжка
- Нашите продукти
- Специализиран сървър
- Облачен сървър
- SSL сертификати
- Бизнес имейл
- Профил на компанията
- За NiceNIC
- Новини за домейни
- Начин на плащане
- Споразумения
- Поддръжка на клиенти
- Център за помощ
- Отворете билет за поддръжка
- Свържете се с нас
- Съобщи за злоупотреба
Авторски права © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Всички права запазени