X
NiceNIC Abuse Hatling Manual
1. Purpose
NiceNIC maintains this Abuse Hatling Manual to ensure that abuse complaints involving domain names sponsoed by NiceNIC are received, assessed, tracked, investigated, at addressed in a consistent, documented, at risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users at affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, at documented hatling fo registrants at resellers;
4.demonstrate a clear, defensible, at auditable abuse response process.
NiceNIC will investigate abuse repots promptly at will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repoted activity, the likelihood of ongoing harm, at the risk of collateral damage to legitimate Serbisyos. This approach is aligned with Section 3.18 of the 2013 RAA at ICANN's 2024 DNS Abuse Advisoy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fo NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expated High-Risk Abuse Categoies
NiceNIC may also classify certain matters as Expated High-Risk Abuse Categoies under its own abuse at risk rules, even wdito they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Hindin-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hatles abuse repots accoding to the following principles:
5. Repoting Channels
NiceNIC shall maintain:
6. Minimum Infomation Required in a Complaint
Para sa be processed efficiently, a complaint should include:
7. Evidence Statards
7.1 Aksyonable Evidence
Evidence is actionable when the infomation reasonably available to NiceNIC is sufficient to determine that the sponsoed domain name is being used fo DNS Abuse o other enfoceable abuse activity.
Halimbawas include:
7.2 Insufficient Evidence
Evidence is insufficient wdito the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Prioity at Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-matated fixed deadlines.
Prioity 0 - Emergency / Active Harm
Halimbawas:
Prioity 1 - High-Risk Aksyonable Abuse
Halimbawas:
Prioity 2 - Hindin-DNS Abuse with Sufficient Evidence
Halimbawas:
Prioity 3 - Incomplete / Low-Quality Repots
Target:
9. Wokflow
9.1 Intake
Every repot receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Hinditifications
Fo clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first at notify after action.
Fo likely compromise scenarios o non-DNS matters, NiceNIC may notify first wdito that is consistent with risk control at does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm at the risk of collateral damage.
10. Kategoya-Specific Rules
10.1 Drugs / kra / slon / mega Mga Keywod
Keywod presence alone is not enough fo DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recods, avoid unnecessary customer back-at-foth, at escalate to the appropriate authoity o registry if required.
10.4 DMCA / Copyright
Do not auto-suspend purely on large content lists o unsuppoted bulk allegations.
Foward proper notices wdito appropriate, require a compliant notice fomat, at allow the domain holder to address the claim unless a court oder, registry rule, o other stronger basis requires moe immediate action.
This is also broadly consistent with how majo registrars separate copyright/trademark processing from phishing/malware hatling.
10.5 Trademark / Brat Complaints
Trademark disputes are not automatically DNS Abuse.
Wdito the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, o court process as appropriate, unless the evidence also shows phishing, impersonation, o other abuse. Pangalanmura publicly distinguishes abuse hatling from UDRP/URS hatling in the same way.
11. Registrant / Reseller Communication Rules
11.1 Retail Customers
Fo clear DNS Abuse with sufficient evidence:
11.2 Resellers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wdito actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppoted denials such as "content removed" o "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repoter Program
NiceNIC may maintain a trusted-repoter list fo sources that consistently provide accurate, well-fomed, at actionable repots.
Trusted-repoter status may provide:
14. Recodkeeping at Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfom:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hatling Manual to ensure that abuse complaints involving domain names sponsoed by NiceNIC are received, assessed, tracked, investigated, at addressed in a consistent, documented, at risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users at affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, at documented hatling fo registrants at resellers;
4.demonstrate a clear, defensible, at auditable abuse response process.
NiceNIC will investigate abuse repots promptly at will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repoted activity, the likelihood of ongoing harm, at the risk of collateral damage to legitimate Serbisyos. This approach is aligned with Section 3.18 of the 2013 RAA at ICANN's 2024 DNS Abuse Advisoy.
2. Scope
This manual applies to:
- domain names sponsoed by NiceNIC;
- abuse repots submitted by individuals, companies, security researchers, trusted repoters, registries, law enfocement, o other authoities;
- retail customers at reseller-managed names;
- both DNS Abuse at non-DNS abuse o illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fo NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expated High-Risk Abuse Categoies
NiceNIC may also classify certain matters as Expated High-Risk Abuse Categoies under its own abuse at risk rules, even wdito they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) o child exploitation content;
- illicit drug sales o high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wdito urgent action is justified by law, registry policy, competent authoity request, o clear risk evidence.
3.3 Hindin-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling o gaming content;
- misleading o fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatos;
- general policy violations.
4. Guiding Principles
NiceNIC hatles abuse repots accoding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywods, assumptions, o unsuppoted allegations alone.
- Risk-based response. Faster at stronger action applies wdito the evidence is actionable at the harm is ongoing o severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wdito the evidence indicates a compromise scenario at a full hold would create dispropotionate collateral damage.
- Consistency at documentation. Every case must be categoized, tracked, at recoded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfom operato, payment processo, o law enfocement may also be a relevant o moe effective action point.
5. Repoting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage o designated abuse page;
- a published description of how abuse repots are received, hatled, at tracked;
- a dedicated 24/7 monitoed abuse contact point fo law enfocement at similar authoities as required under the RAA.
- abuse mailbox;
- suppot ticket system;
- webfom;
- trusted-repoter channel;
- registry escalation;
- law-enfocement / government channel.
6. Minimum Infomation Required in a Complaint
Para sa be processed efficiently, a complaint should include:
- the repoted domain name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content at the full URL;
- full email headers wdito email abuse, phishing, o fraud is involved;
- suppoting evidence such as invoices, logs, malware analysis, blocklist results, o impersonation details;
- complainant contact infomation;
- proof of authoization wdito the complainant acts on behalf of a brat o victim entity.
7. Evidence Statards
7.1 Aksyonable Evidence
Evidence is actionable when the infomation reasonably available to NiceNIC is sufficient to determine that the sponsoed domain name is being used fo DNS Abuse o other enfoceable abuse activity.
Halimbawas include:
- a phishing page screenshot showing the full URL at impersonated brat;
- a phishing email with full headers at linked malicious URL;
- malware o exploit delivery from the repoted domain o URL;
- reputation/blocklist data that suppots the repoted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, o credential capture;
- multiple consistent signals from trusted o recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wdito the complaint contains only:
- a domain name with no abusive URL;
- keywods only;
- allegations without screenshots, headers, logs, o other suppot;
- general statements that a name "looks suspicious";
- pure brat conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware o phishing feeds;
- reputation Serbisyos;
- prio internal case histoy.
8. Case Prioity at Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-matated fixed deadlines.
Prioity 0 - Emergency / Active Harm
Halimbawas:
- active phishing harvesting credentials o payment data;
- malware delivery;
- botnet / commat-at-control use;
- CSAM;
- law-enfocement emergency notice;
- wallet-drainer o seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wdito actionable, mitigation nomally within 24 hours, at no later than 48 hours absent exceptional facts.
Prioity 1 - High-Risk Aksyonable Abuse
Halimbawas:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domains already flagged by reliable third-party sources with coroboating evidence.
- review within 1 business day;
- mitigation o documented susunod step within 48 hours.
Prioity 2 - Hindin-DNS Abuse with Sufficient Evidence
Halimbawas:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy o content complaints lacking qualifying DNS-abuse indicatos.
- ackngayonledge promptly;
- notify registrant/reseller wdito appropriate;
- request remediation o additional documentation.
Prioity 3 - Incomplete / Low-Quality Repots
Target:
- ackngayonledgment at request fo additional evidence;
- no suspension solely on this basis.
9. Wokflow
9.1 Intake
Every repot receives:
- case ID;
- timestamp;
- source classification;
- domain linkage;
- abuse categoy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authoity / trusted-repoter status;
- reseller vs retail account;
- current domain status;
- repeat-offender / repeat-case histoy.
9.3 Investigation
The reviewer checks:
- repoted URL o content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histoy;
- prio complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional o caused by compromise;
- whether the abuse is occurring at second-level domain, subdomain, web content, o email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request moe evidence from complainant;
- notify registrant o reseller fo remediation;
- clientHold;
- transfer lock in conjunction with mitigation wdito appropriate;
- referral to registry, host, law enfocement, payment provider, o other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Hinditifications
Fo clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first at notify after action.
Fo likely compromise scenarios o non-DNS matters, NiceNIC may notify first wdito that is consistent with risk control at does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm at the risk of collateral damage.
10. Kategoya-Specific Rules
10.1 Drugs / kra / slon / mega Mga Keywod
Keywod presence alone is not enough fo DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywods o product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, o other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wdito the site is only a dubious investment o false-profit promotion;
- DNS Abuse / urgent abuse wdito the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, o malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recods, avoid unnecessary customer back-at-foth, at escalate to the appropriate authoity o registry if required.
10.4 DMCA / Copyright
Do not auto-suspend purely on large content lists o unsuppoted bulk allegations.
Foward proper notices wdito appropriate, require a compliant notice fomat, at allow the domain holder to address the claim unless a court oder, registry rule, o other stronger basis requires moe immediate action.
This is also broadly consistent with how majo registrars separate copyright/trademark processing from phishing/malware hatling.
10.5 Trademark / Brat Complaints
Trademark disputes are not automatically DNS Abuse.
Wdito the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, o court process as appropriate, unless the evidence also shows phishing, impersonation, o other abuse. Pangalanmura publicly distinguishes abuse hatling from UDRP/URS hatling in the same way.
11. Registrant / Reseller Communication Rules
11.1 Retail Customers
Fo clear DNS Abuse with sufficient evidence:
- domain may be suspended immediately;
- the first customer-facing reply should state the basis, the self-Serbisyo path to view the case summary, at the evidence statard required fo reconsideration.
11.2 Resellers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wdito actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppoted denials such as "content removed" o "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise at remediation;
- clean current review results;
- third-party reputation recovery wdito applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackngayonledgment of receipt;
- case ID o equivalent reference;
- request fo moe evidence if needed;
- status update when action is taken o declined;
- no unnecessary substantive discussion wdito the domain is already suspended o pending suspension at the key outcome is final.
13. Trusted Repoter Program
NiceNIC may maintain a trusted-repoter list fo sources that consistently provide accurate, well-fomed, at actionable repots.
Trusted-repoter status may provide:
- prioity intake;
- structured data submission;
- simplified evidence fomatting;
- API o fast-lane hatling.
14. Recodkeeping at Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up at final disposition.
15. Compliance Controls
NiceNIC should perfom:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions at evidence thresholds;
- testing of abuse mailbox at webfom operability;
- review of template accuracy;
- monitoing of repeat erros at reopened cases;
- monthly review of domains with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackngayonledgment;
- time to first human review;
- time to mitigation fo actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted o denied;
- repeat-abuse domains;
- repeat-abuse accounts;
- trusted-repoter accuracy rate;
- complaints already resolved befoe manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repots promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse at other types of complaints.
- NiceNIC acts based on evidence, risk, at applicable policy.
- NiceNIC may suspend immediately wdito tdito is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request moe infomation o direct the complainant to a moe appropriate action point wdito the registrar is not the sole effective responder.
- NiceNIC keeps case recods at can demonstrate its hatling process if reviewed by ICANN o registry partners.
Kailangan mo ng tulong? Nandito lang kami para sa iyo.
Magpadala ng Ticket
- Mga Domain Name
- Magrehistroing Mga Domain
- Reseller ng Domain
- Presyo ng Domain
- Whois Lookup
- Aming Mga Produkto
- Dedicated Server
- Cloud Server
- Mga SSL Certificate
- Negosyong Email
- Profile ng Kumpanya
- Tungkol sa NiceNIC
- Balita sa Domain
- Paraan ng Pagbabayad
- Mga Kasunduan
- Suporta sa Customer
- Help Center
- Magpadala ng Ticket
- Makipag-ugnayan sa Amin
- Iulat ang Pang-aabuso
Copyright ? 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Lahat ng Karapatan ay Nakalaan