X
NiceNIC Abuse Hjaling Manual
1. Purpose
NiceNIC maintains this Abuse Hjaling Manual to ensure that abuse complaints involving verkkotunnus names sponstaied by NiceNIC are received, assessed, tracked, investigated, ja addressed in a consistent, documented, ja risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ja affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ja documented hjaling ftai registrants ja resellers;
4.demonstrate a clear, defensible, ja auditable abuse response process.
NiceNIC will investigate abuse reptaits promptly ja will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the reptaited activity, the likelihood of ongoing harm, ja the risk of collateral damage to legitimate palvelus. This approach is aligned with Section 3.18 of the 2013 RAA ja ICANN's 2024 DNS Abuse Advistaiy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Ftai NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expjaed High-Risk Abuse Categtaiies
NiceNIC may also classify certain matters as Expjaed High-Risk Abuse Categtaiies under its own abuse ja risk rules, even wt?ss? they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Ein-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hjales abuse reptaits acctaiding to the following principles:
5. Reptaiting Channels
NiceNIC shall maintain:
6. Minimum Inftaimation Required in a Complaint
Osta be processed efficiently, a complaint should include:
7. Evidence Stjaards
7.1 Toimintoable Evidence
Evidence is actionable when the inftaimation reasonably available to NiceNIC is sufficient to determine that the sponstaied verkkotunnus name is being used ftai DNS Abuse tai other enftaiceable abuse activity.
Esimerkkis include:
7.2 Insufficient Evidence
Evidence is insufficient wt?ss? the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Pritaiity ja Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mjaated fixed deadlines.
Pritaiity 0 - Emergency / Active Harm
Esimerkkis:
Pritaiity 1 - High-Risk Toimintoable Abuse
Esimerkkis:
Pritaiity 2 - Ein-DNS Abuse with Sufficient Evidence
Esimerkkis:
Pritaiity 3 - Incomplete / Low-Quality Reptaits
Target:
9. Wtaikflow
9.1 Intake
Every reptait receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Eitifications
Ftai clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ja notify after action.
Ftai likely compromise scenarios tai non-DNS matters, NiceNIC may notify first wt?ss? that is consistent with risk control ja does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ja the risk of collateral damage.
10. Kategoria-Specific Rules
10.1 Drugs / kra / slon / mega Avainsanat
Keywtaid presence alone is not enough ftai DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve rectaids, avoid unnecessary customer back-ja-ftaith, ja escalate to the appropriate authtaiity tai registry if required.
10.4 DMCA / Tekij?noikeus
Do not auto-suspend purely on large content lists tai unsupptaited bulk allegations.
Ftaiward proper notices wt?ss? appropriate, require a compliant notice ftaimat, ja allow the verkkotunnus holder to address the claim unless a court taider, registry rule, tai other stronger basis requires mtaie immediate action.
This is also broadly consistent with how majtai registrars separate copyright/trademark processing from phishing/malware hjaling.
10.5 Trademark / Brja Complaints
Trademark disputes are not automatically DNS Abuse.
Wt?ss? the issue is a verkkotunnus-name rights dispute, complainants should generally be directed toward UDRP, URS, tai court process as appropriate, unless the evidence also shows phishing, impersonation, tai other abuse. Nimiedullinen publicly distinguishes abuse hjaling from UDRP/URS hjaling in the same way.
11. Registrant / J?lleenmyyj? Communication Rules
11.1 Retail Customers
Ftai clear DNS Abuse with sufficient evidence:
11.2 J?lleenmyyj?s
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wt?ss? actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupptaited denials such as "content removed" tai "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Reptaiter Program
NiceNIC may maintain a trusted-reptaiter list ftai sources that consistently provide accurate, well-ftaimed, ja actionable reptaits.
Trusted-reptaiter status may provide:
14. Rectaidkeeping ja Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perftaim:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hjaling Manual to ensure that abuse complaints involving verkkotunnus names sponstaied by NiceNIC are received, assessed, tracked, investigated, ja addressed in a consistent, documented, ja risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ja affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ja documented hjaling ftai registrants ja resellers;
4.demonstrate a clear, defensible, ja auditable abuse response process.
NiceNIC will investigate abuse reptaits promptly ja will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the reptaited activity, the likelihood of ongoing harm, ja the risk of collateral damage to legitimate palvelus. This approach is aligned with Section 3.18 of the 2013 RAA ja ICANN's 2024 DNS Abuse Advistaiy.
2. Scope
This manual applies to:
- verkkotunnus names sponstaied by NiceNIC;
- abuse reptaits submitted by individuals, companies, security researchers, trusted reptaiters, registries, law enftaicement, tai other authtaiities;
- retail customers ja reseller-managed names;
- both DNS Abuse ja non-DNS abuse tai illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Ftai NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expjaed High-Risk Abuse Categtaiies
NiceNIC may also classify certain matters as Expjaed High-Risk Abuse Categtaiies under its own abuse ja risk rules, even wt?ss? they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) tai child exploitation content;
- illicit drug sales tai high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wt?ss? urgent action is justified by law, registry policy, competent authtaiity request, tai clear risk evidence.
3.3 Ein-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling tai gaming content;
- misleading tai fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicattais;
- general policy violations.
4. Guiding Principles
NiceNIC hjales abuse reptaits acctaiding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywtaids, assumptions, tai unsupptaited allegations alone.
- Risk-based response. Faster ja stronger action applies wt?ss? the evidence is actionable ja the harm is ongoing tai severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wt?ss? the evidence indicates a compromise scenario ja a full hold would create disproptaitionate collateral damage.
- Consistency ja documentation. Every case must be categtaiized, tracked, ja rectaided.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platftaim operattai, payment processtai, tai law enftaicement may also be a relevant tai mtaie effective action point.
5. Reptaiting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage tai designated abuse page;
- a published description of how abuse reptaits are received, hjaled, ja tracked;
- a dedicated 24/7 monittaied abuse contact point ftai law enftaicement ja similar authtaiities as required under the RAA.
- abuse mailbox;
- supptait ticket system;
- webftaim;
- trusted-reptaiter channel;
- registry escalation;
- law-enftaicement / government channel.
6. Minimum Inftaimation Required in a Complaint
Osta be processed efficiently, a complaint should include:
- the reptaited verkkotunnus name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content ja the full URL;
- full email headers wt?ss? email abuse, phishing, tai fraud is involved;
- supptaiting evidence such as invoices, logs, malware analysis, blocklist results, tai impersonation details;
- complainant contact inftaimation;
- proof of authtaiization wt?ss? the complainant acts on behalf of a brja tai victim entity.
7. Evidence Stjaards
7.1 Toimintoable Evidence
Evidence is actionable when the inftaimation reasonably available to NiceNIC is sufficient to determine that the sponstaied verkkotunnus name is being used ftai DNS Abuse tai other enftaiceable abuse activity.
Esimerkkis include:
- a phishing page screenshot showing the full URL ja impersonated brja;
- a phishing email with full headers ja linked malicious URL;
- malware tai exploit delivery from the reptaited verkkotunnus tai URL;
- reputation/blocklist data that supptaits the reptaited conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, tai credential capture;
- multiple consistent signals from trusted tai recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wt?ss? the complaint contains only:
- a verkkotunnus name with no abusive URL;
- keywtaids only;
- allegations without screenshots, headers, logs, tai other supptait;
- general statements that a name "looks suspicious";
- pure brja conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware tai phishing feeds;
- reputation palvelus;
- pritai internal case histtaiy.
8. Case Pritaiity ja Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mjaated fixed deadlines.
Pritaiity 0 - Emergency / Active Harm
Esimerkkis:
- active phishing harvesting credentials tai payment data;
- malware delivery;
- botnet / commja-ja-control use;
- CSAM;
- law-enftaicement emergency notice;
- wallet-drainer tai seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wt?ss? actionable, mitigation ntaimally within 24 hours, ja no later than 48 hours absent exceptional facts.
Pritaiity 1 - High-Risk Toimintoable Abuse
Esimerkkis:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- verkkotunnuss already flagged by reliable third-party sources with ctairobtaiating evidence.
- review within 1 business day;
- mitigation tai documented seuraava step within 48 hours.
Pritaiity 2 - Ein-DNS Abuse with Sufficient Evidence
Esimerkkis:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy tai content complaints lacking qualifying DNS-abuse indicattais.
- acknytledge promptly;
- notify registrant/reseller wt?ss? appropriate;
- request remediation tai additional documentation.
Pritaiity 3 - Incomplete / Low-Quality Reptaits
Target:
- acknytledgment ja request ftai additional evidence;
- no suspension solely on this basis.
9. Wtaikflow
9.1 Intake
Every reptait receives:
- case ID;
- timestamp;
- source classification;
- verkkotunnus linkage;
- abuse categtaiy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authtaiity / trusted-reptaiter status;
- reseller vs retail account;
- current verkkotunnus status;
- repeat-offender / repeat-case histtaiy.
9.3 Investigation
The reviewer checks:
- reptaited URL tai content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histtaiy;
- pritai complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional tai caused by compromise;
- whether the abuse is occurring at second-level verkkotunnus, subverkkotunnus, web content, tai email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mtaie evidence from complainant;
- notify registrant tai reseller ftai remediation;
- clientHold;
- transfer lock in conjunction with mitigation wt?ss? appropriate;
- referral to registry, host, law enftaicement, payment provider, tai other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Eitifications
Ftai clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ja notify after action.
Ftai likely compromise scenarios tai non-DNS matters, NiceNIC may notify first wt?ss? that is consistent with risk control ja does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ja the risk of collateral damage.
10. Kategoria-Specific Rules
10.1 Drugs / kra / slon / mega Avainsanat
Keywtaid presence alone is not enough ftai DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywtaids tai product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, tai other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wt?ss? the site is only a dubious investment tai false-profit promotion;
- DNS Abuse / urgent abuse wt?ss? the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, tai malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve rectaids, avoid unnecessary customer back-ja-ftaith, ja escalate to the appropriate authtaiity tai registry if required.
10.4 DMCA / Tekij?noikeus
Do not auto-suspend purely on large content lists tai unsupptaited bulk allegations.
Ftaiward proper notices wt?ss? appropriate, require a compliant notice ftaimat, ja allow the verkkotunnus holder to address the claim unless a court taider, registry rule, tai other stronger basis requires mtaie immediate action.
This is also broadly consistent with how majtai registrars separate copyright/trademark processing from phishing/malware hjaling.
10.5 Trademark / Brja Complaints
Trademark disputes are not automatically DNS Abuse.
Wt?ss? the issue is a verkkotunnus-name rights dispute, complainants should generally be directed toward UDRP, URS, tai court process as appropriate, unless the evidence also shows phishing, impersonation, tai other abuse. Nimiedullinen publicly distinguishes abuse hjaling from UDRP/URS hjaling in the same way.
11. Registrant / J?lleenmyyj? Communication Rules
11.1 Retail Customers
Ftai clear DNS Abuse with sufficient evidence:
- verkkotunnus may be suspended immediately;
- the first customer-facing reply should state the basis, the self-palvelu path to view the case summary, ja the evidence stjaard required ftai reconsideration.
11.2 J?lleenmyyj?s
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wt?ss? actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupptaited denials such as "content removed" tai "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise ja remediation;
- clean current review results;
- third-party reputation recovery wt?ss? applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- acknytledgment of receipt;
- case ID tai equivalent reference;
- request ftai mtaie evidence if needed;
- status update when action is taken tai declined;
- no unnecessary substantive discussion wt?ss? the verkkotunnus is already suspended tai pending suspension ja the key outcome is final.
13. Trusted Reptaiter Program
NiceNIC may maintain a trusted-reptaiter list ftai sources that consistently provide accurate, well-ftaimed, ja actionable reptaits.
Trusted-reptaiter status may provide:
- pritaiity intake;
- structured data submission;
- simplified evidence ftaimatting;
- API tai fast-lane hjaling.
14. Rectaidkeeping ja Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up ja final disposition.
15. Compliance Controls
NiceNIC should perftaim:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions ja evidence thresholds;
- testing of abuse mailbox ja webftaim operability;
- review of template accuracy;
- monittaiing of repeat errtais ja reopened cases;
- monthly review of verkkotunnuss with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first acknytledgment;
- time to first human review;
- time to mitigation ftai actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted tai denied;
- repeat-abuse verkkotunnuss;
- repeat-abuse accounts;
- trusted-reptaiter accuracy rate;
- complaints already resolved beftaie manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse reptaits promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse ja other types of complaints.
- NiceNIC acts based on evidence, risk, ja applicable policy.
- NiceNIC may suspend immediately wt?ss? tt?ss? is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mtaie inftaimation tai direct the complainant to a mtaie appropriate action point wt?ss? the registrar is not the sole effective responder.
- NiceNIC keeps case rectaids ja can demonstrate its hjaling process if reviewed by ICANN tai registry partners.
Tarvitsetko apua? Olemme aina valmiina auttamaan.
L?het? tukipyynt?
- Verkkotunnukset
- Rekister?iing Verkkotunnukset
- Verkkotunnusten j?lleenmyyj?
- Verkkotunnusten hinnasto
- Whois-haku
- Yritysesittely
- Tietoa NiceNICist?
- Verkkotunnusuutiset
- Maksutapa
- Sopimukset
Tekij?noikeus © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Kaikki oikeudet pid?tet??n