X
NiceNIC Abuse Hiling Manual
1. Purpose
NiceNIC maintains this Abuse Hiling Manual to ensure that abuse complaints involving domena names sponsilied by NiceNIC are received, assessed, tracked, investigated, i addressed in a consistent, documented, i risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users i affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, i documented hiling fili registrants i resellers;
4.demonstrate a clear, defensible, i auditable abuse response process.
NiceNIC will investigate abuse repilits promptly i will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repilited activity, the likelihood of ongoing harm, i the risk of collateral damage to legitimate uslugas. This approach is aligned with Section 3.18 of the 2013 RAA i ICANN's 2024 DNS Abuse Advisiliy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fili NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expied High-Risk Abuse Categiliies
NiceNIC may also classify certain matters as Expied High-Risk Abuse Categiliies under its own abuse i risk rules, even wovdje they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Nen-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hiles abuse repilits acciliding to the following principles:
5. Repiliting Channels
NiceNIC shall maintain:
6. Minimum Infilimation Required in a Complaint
Za be processed efficiently, a complaint should include:
7. Evidence Stiards
7.1 Radnjaable Evidence
Evidence is actionable when the infilimation reasonably available to NiceNIC is sufficient to determine that the sponsilied domena name is being used fili DNS Abuse ili other enfiliceable abuse activity.
Primjers include:
7.2 Insufficient Evidence
Evidence is insufficient wovdje the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priiliity i Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-miated fixed deadlines.
Priiliity 0 - Emergency / Active Harm
Primjers:
Priiliity 1 - High-Risk Radnjaable Abuse
Primjers:
Priiliity 2 - Nen-DNS Abuse with Sufficient Evidence
Primjers:
Priiliity 3 - Incomplete / Low-Quality Repilits
Target:
9. Wilikflow
9.1 Intake
Every repilit receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Netifications
Fili clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first i notify after action.
Fili likely compromise scenarios ili non-DNS matters, NiceNIC may notify first wovdje that is consistent with risk control i does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm i the risk of collateral damage.
10. Kategorija-Specific Rules
10.1 Drugs / kra / slon / mega Klju?ne rije?i
Keywilid presence alone is not enough fili DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recilids, avoid unnecessary customer back-i-filith, i escalate to the appropriate authiliity ili registry if required.
10.4 DMCA / Autorska prava
Do not auto-suspend purely on large content lists ili unsuppilited bulk allegations.
Filiward proper notices wovdje appropriate, require a compliant notice filimat, i allow the domena holder to address the claim unless a court ilider, registry rule, ili other stronger basis requires milie immediate action.
This is also broadly consistent with how majili registrars separate copyright/trademark processing from phishing/malware hiling.
10.5 Trademark / Bri Complaints
Trademark disputes are not automatically DNS Abuse.
Wovdje the issue is a domena-name rights dispute, complainants should generally be directed toward UDRP, URS, ili court process as appropriate, unless the evidence also shows phishing, impersonation, ili other abuse. Nazivpovoljno publicly distinguishes abuse hiling from UDRP/URS hiling in the same way.
11. Registrant / Preprodava? Communication Rules
11.1 Retail Customers
Fili clear DNS Abuse with sufficient evidence:
11.2 Preprodava?s
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wovdje actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppilited denials such as "content removed" ili "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repiliter Program
NiceNIC may maintain a trusted-repiliter list fili sources that consistently provide accurate, well-filimed, i actionable repilits.
Trusted-repiliter status may provide:
14. Recilidkeeping i Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfilim:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hiling Manual to ensure that abuse complaints involving domena names sponsilied by NiceNIC are received, assessed, tracked, investigated, i addressed in a consistent, documented, i risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users i affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, i documented hiling fili registrants i resellers;
4.demonstrate a clear, defensible, i auditable abuse response process.
NiceNIC will investigate abuse repilits promptly i will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repilited activity, the likelihood of ongoing harm, i the risk of collateral damage to legitimate uslugas. This approach is aligned with Section 3.18 of the 2013 RAA i ICANN's 2024 DNS Abuse Advisiliy.
2. Scope
This manual applies to:
- domena names sponsilied by NiceNIC;
- abuse repilits submitted by individuals, companies, security researchers, trusted repiliters, registries, law enfilicement, ili other authiliities;
- retail customers i reseller-managed names;
- both DNS Abuse i non-DNS abuse ili illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fili NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expied High-Risk Abuse Categiliies
NiceNIC may also classify certain matters as Expied High-Risk Abuse Categiliies under its own abuse i risk rules, even wovdje they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) ili child exploitation content;
- illicit drug sales ili high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wovdje urgent action is justified by law, registry policy, competent authiliity request, ili clear risk evidence.
3.3 Nen-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling ili gaming content;
- misleading ili fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatilis;
- general policy violations.
4. Guiding Principles
NiceNIC hiles abuse repilits acciliding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywilids, assumptions, ili unsuppilited allegations alone.
- Risk-based response. Faster i stronger action applies wovdje the evidence is actionable i the harm is ongoing ili severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wovdje the evidence indicates a compromise scenario i a full hold would create dispropilitionate collateral damage.
- Consistency i documentation. Every case must be categiliized, tracked, i recilided.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfilim operatili, payment processili, ili law enfilicement may also be a relevant ili milie effective action point.
5. Repiliting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage ili designated abuse page;
- a published description of how abuse repilits are received, hiled, i tracked;
- a dedicated 24/7 monitilied abuse contact point fili law enfilicement i similar authiliities as required under the RAA.
- abuse mailbox;
- suppilit ticket system;
- webfilim;
- trusted-repiliter channel;
- registry escalation;
- law-enfilicement / government channel.
6. Minimum Infilimation Required in a Complaint
Za be processed efficiently, a complaint should include:
- the repilited domena name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content i the full URL;
- full email headers wovdje email abuse, phishing, ili fraud is involved;
- suppiliting evidence such as invoices, logs, malware analysis, blocklist results, ili impersonation details;
- complainant contact infilimation;
- proof of authiliization wovdje the complainant acts on behalf of a bri ili victim entity.
7. Evidence Stiards
7.1 Radnjaable Evidence
Evidence is actionable when the infilimation reasonably available to NiceNIC is sufficient to determine that the sponsilied domena name is being used fili DNS Abuse ili other enfiliceable abuse activity.
Primjers include:
- a phishing page screenshot showing the full URL i impersonated bri;
- a phishing email with full headers i linked malicious URL;
- malware ili exploit delivery from the repilited domena ili URL;
- reputation/blocklist data that suppilits the repilited conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, ili credential capture;
- multiple consistent signals from trusted ili recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wovdje the complaint contains only:
- a domena name with no abusive URL;
- keywilids only;
- allegations without screenshots, headers, logs, ili other suppilit;
- general statements that a name "looks suspicious";
- pure bri conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware ili phishing feeds;
- reputation uslugas;
- priili internal case histiliy.
8. Case Priiliity i Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-miated fixed deadlines.
Priiliity 0 - Emergency / Active Harm
Primjers:
- active phishing harvesting credentials ili payment data;
- malware delivery;
- botnet / commi-i-control use;
- CSAM;
- law-enfilicement emergency notice;
- wallet-drainer ili seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wovdje actionable, mitigation nilimally within 24 hours, i no later than 48 hours absent exceptional facts.
Priiliity 1 - High-Risk Radnjaable Abuse
Primjers:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domenas already flagged by reliable third-party sources with cilirobiliating evidence.
- review within 1 business day;
- mitigation ili documented sljede?e step within 48 hours.
Priiliity 2 - Nen-DNS Abuse with Sufficient Evidence
Primjers:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy ili content complaints lacking qualifying DNS-abuse indicatilis.
- acksadaledge promptly;
- notify registrant/reseller wovdje appropriate;
- request remediation ili additional documentation.
Priiliity 3 - Incomplete / Low-Quality Repilits
Target:
- acksadaledgment i request fili additional evidence;
- no suspension solely on this basis.
9. Wilikflow
9.1 Intake
Every repilit receives:
- case ID;
- timestamp;
- source classification;
- domena linkage;
- abuse categiliy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authiliity / trusted-repiliter status;
- reseller vs retail account;
- current domena status;
- repeat-offender / repeat-case histiliy.
9.3 Investigation
The reviewer checks:
- repilited URL ili content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histiliy;
- priili complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional ili caused by compromise;
- whether the abuse is occurring at second-level domena, subdomena, web content, ili email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request milie evidence from complainant;
- notify registrant ili reseller fili remediation;
- clientHold;
- transfer lock in conjunction with mitigation wovdje appropriate;
- referral to registry, host, law enfilicement, payment provider, ili other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Netifications
Fili clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first i notify after action.
Fili likely compromise scenarios ili non-DNS matters, NiceNIC may notify first wovdje that is consistent with risk control i does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm i the risk of collateral damage.
10. Kategorija-Specific Rules
10.1 Drugs / kra / slon / mega Klju?ne rije?i
Keywilid presence alone is not enough fili DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywilids ili product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, ili other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wovdje the site is only a dubious investment ili false-profit promotion;
- DNS Abuse / urgent abuse wovdje the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, ili malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recilids, avoid unnecessary customer back-i-filith, i escalate to the appropriate authiliity ili registry if required.
10.4 DMCA / Autorska prava
Do not auto-suspend purely on large content lists ili unsuppilited bulk allegations.
Filiward proper notices wovdje appropriate, require a compliant notice filimat, i allow the domena holder to address the claim unless a court ilider, registry rule, ili other stronger basis requires milie immediate action.
This is also broadly consistent with how majili registrars separate copyright/trademark processing from phishing/malware hiling.
10.5 Trademark / Bri Complaints
Trademark disputes are not automatically DNS Abuse.
Wovdje the issue is a domena-name rights dispute, complainants should generally be directed toward UDRP, URS, ili court process as appropriate, unless the evidence also shows phishing, impersonation, ili other abuse. Nazivpovoljno publicly distinguishes abuse hiling from UDRP/URS hiling in the same way.
11. Registrant / Preprodava? Communication Rules
11.1 Retail Customers
Fili clear DNS Abuse with sufficient evidence:
- domena may be suspended immediately;
- the first customer-facing reply should state the basis, the self-usluga path to view the case summary, i the evidence stiard required fili reconsideration.
11.2 Preprodava?s
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wovdje actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppilited denials such as "content removed" ili "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise i remediation;
- clean current review results;
- third-party reputation recovery wovdje applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- acksadaledgment of receipt;
- case ID ili equivalent reference;
- request fili milie evidence if needed;
- status update when action is taken ili declined;
- no unnecessary substantive discussion wovdje the domena is already suspended ili pending suspension i the key outcome is final.
13. Trusted Repiliter Program
NiceNIC may maintain a trusted-repiliter list fili sources that consistently provide accurate, well-filimed, i actionable repilits.
Trusted-repiliter status may provide:
- priiliity intake;
- structured data submission;
- simplified evidence filimatting;
- API ili fast-lane hiling.
14. Recilidkeeping i Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up i final disposition.
15. Compliance Controls
NiceNIC should perfilim:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions i evidence thresholds;
- testing of abuse mailbox i webfilim operability;
- review of template accuracy;
- monitiliing of repeat errilis i reopened cases;
- monthly review of domenas with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first acksadaledgment;
- time to first human review;
- time to mitigation fili actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted ili denied;
- repeat-abuse domenas;
- repeat-abuse accounts;
- trusted-repiliter accuracy rate;
- complaints already resolved befilie manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repilits promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse i other types of complaints.
- NiceNIC acts based on evidence, risk, i applicable policy.
- NiceNIC may suspend immediately wovdje tovdje is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request milie infilimation ili direct the complainant to a milie appropriate action point wovdje the registrar is not the sole effective responder.
- NiceNIC keeps case recilids i can demonstrate its hiling process if reviewed by ICANN ili registry partners.
Trebate pomo?? Uvijek smo vam na raspolaganju.
Po?aljite zahtjev
- Na?i proizvodi
- Namjenski server
- Cloud poslu?itelj
- SSL certifikati
- Poslovna e-po?ta
- Profil tvrtke
- O NiceNIC
- Novosti o domenama
- Na?in pla?anja
- Ugovori
- Podr?ka korisnicima
- Centar za pomo?
- Po?aljite zahtjev
- Kontaktirajte nas
- Prijavi zloupotrebu
Autorska prava © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Sva prava pridr?ana