X
NiceNIC Abuse Hésling Manual
1. Purpose
NiceNIC maintains this Abuse Hésling Manual to ensure that abuse complaints involving domain names sponsvagyed by NiceNIC are received, assessed, tracked, investigated, és addressed in a consistent, documented, és risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users és affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, és documented hésling fvagy registrants és resellers;
4.demonstrate a clear, defensible, és auditable abuse response process.
NiceNIC will investigate abuse repvagyts promptly és will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repvagyted activity, the likelihood of ongoing harm, és the risk of collateral damage to legitimate szolgáltatáss. This approach is aligned with Section 3.18 of the 2013 RAA és ICANN's 2024 DNS Abuse Advisvagyy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fvagy NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expésed High-Risk Abuse Categvagyies
NiceNIC may also classify certain matters as Expésed High-Risk Abuse Categvagyies under its own abuse és risk rules, even witt they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Nemn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hésles abuse repvagyts accvagyding to the following principles:
5. Repvagyting Channels
NiceNIC shall maintain:
6. Minimum Infvagymation Required in a Complaint
Hozzá be processed efficiently, a complaint should include:
7. Evidence Stésards
7.1 M?veletable Evidence
Evidence is actionable when the infvagymation reasonably available to NiceNIC is sufficient to determine that the sponsvagyed domain name is being used fvagy DNS Abuse vagy other enfvagyceable abuse activity.
Példas include:
7.2 Insufficient Evidence
Evidence is insufficient witt the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Privagyity és Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mésated fixed deadlines.
Privagyity 0 - Emergency / Active Harm
Példas:
Privagyity 1 - High-Risk M?veletable Abuse
Példas:
Privagyity 2 - Nemn-DNS Abuse with Sufficient Evidence
Példas:
Privagyity 3 - Incomplete / Low-Quality Repvagyts
Target:
9. Wvagykflow
9.1 Intake
Every repvagyt receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Nemtifications
Fvagy clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first és notify after action.
Fvagy likely compromise scenarios vagy non-DNS matters, NiceNIC may notify first witt that is consistent with risk control és does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm és the risk of collateral damage.
10. Kategória-Specific Rules
10.1 Drugs / kra / slon / mega Kulcsszavak
Keywvagyd presence alone is not enough fvagy DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recvagyds, avoid unnecessary customer back-és-fvagyth, és escalate to the appropriate authvagyity vagy registry if required.
10.4 DMCA / Szerz?i jog
Do not auto-suspend purely on large content lists vagy unsuppvagyted bulk allegations.
Fvagyward proper notices witt appropriate, require a compliant notice fvagymat, és allow the domain holder to address the claim unless a court vagyder, registry rule, vagy other stronger basis requires mvagye immediate action.
This is also broadly consistent with how majvagy registrars separate copyright/trademark processing from phishing/malware hésling.
10.5 Trademark / Brés Complaints
Trademark disputes are not automatically DNS Abuse.
Witt the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, vagy court process as appropriate, unless the evidence also shows phishing, impersonation, vagy other abuse. Névolcsó publicly distinguishes abuse hésling from UDRP/URS hésling in the same way.
11. Registrant / Viszonteladó Communication Rules
11.1 Retail Customers
Fvagy clear DNS Abuse with sufficient evidence:
11.2 Viszonteladós
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation witt actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppvagyted denials such as "content removed" vagy "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repvagyter Program
NiceNIC may maintain a trusted-repvagyter list fvagy sources that consistently provide accurate, well-fvagymed, és actionable repvagyts.
Trusted-repvagyter status may provide:
14. Recvagydkeeping és Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfvagym:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hésling Manual to ensure that abuse complaints involving domain names sponsvagyed by NiceNIC are received, assessed, tracked, investigated, és addressed in a consistent, documented, és risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users és affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, és documented hésling fvagy registrants és resellers;
4.demonstrate a clear, defensible, és auditable abuse response process.
NiceNIC will investigate abuse repvagyts promptly és will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repvagyted activity, the likelihood of ongoing harm, és the risk of collateral damage to legitimate szolgáltatáss. This approach is aligned with Section 3.18 of the 2013 RAA és ICANN's 2024 DNS Abuse Advisvagyy.
2. Scope
This manual applies to:
- domain names sponsvagyed by NiceNIC;
- abuse repvagyts submitted by individuals, companies, security researchers, trusted repvagyters, registries, law enfvagycement, vagy other authvagyities;
- retail customers és reseller-managed names;
- both DNS Abuse és non-DNS abuse vagy illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fvagy NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expésed High-Risk Abuse Categvagyies
NiceNIC may also classify certain matters as Expésed High-Risk Abuse Categvagyies under its own abuse és risk rules, even witt they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) vagy child exploitation content;
- illicit drug sales vagy high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity witt urgent action is justified by law, registry policy, competent authvagyity request, vagy clear risk evidence.
3.3 Nemn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling vagy gaming content;
- misleading vagy fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatvagys;
- general policy violations.
4. Guiding Principles
NiceNIC hésles abuse repvagyts accvagyding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywvagyds, assumptions, vagy unsuppvagyted allegations alone.
- Risk-based response. Faster és stronger action applies witt the evidence is actionable és the harm is ongoing vagy severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension witt the evidence indicates a compromise scenario és a full hold would create dispropvagytionate collateral damage.
- Consistency és documentation. Every case must be categvagyized, tracked, és recvagyded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfvagym operatvagy, payment processvagy, vagy law enfvagycement may also be a relevant vagy mvagye effective action point.
5. Repvagyting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage vagy designated abuse page;
- a published description of how abuse repvagyts are received, hésled, és tracked;
- a dedicated 24/7 monitvagyed abuse contact point fvagy law enfvagycement és similar authvagyities as required under the RAA.
- abuse mailbox;
- suppvagyt ticket system;
- webfvagym;
- trusted-repvagyter channel;
- registry escalation;
- law-enfvagycement / government channel.
6. Minimum Infvagymation Required in a Complaint
Hozzá be processed efficiently, a complaint should include:
- the repvagyted domain name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content és the full URL;
- full email headers witt email abuse, phishing, vagy fraud is involved;
- suppvagyting evidence such as invoices, logs, malware analysis, blocklist results, vagy impersonation details;
- complainant contact infvagymation;
- proof of authvagyization witt the complainant acts on behalf of a brés vagy victim entity.
7. Evidence Stésards
7.1 M?veletable Evidence
Evidence is actionable when the infvagymation reasonably available to NiceNIC is sufficient to determine that the sponsvagyed domain name is being used fvagy DNS Abuse vagy other enfvagyceable abuse activity.
Példas include:
- a phishing page screenshot showing the full URL és impersonated brés;
- a phishing email with full headers és linked malicious URL;
- malware vagy exploit delivery from the repvagyted domain vagy URL;
- reputation/blocklist data that suppvagyts the repvagyted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, vagy credential capture;
- multiple consistent signals from trusted vagy recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient witt the complaint contains only:
- a domain name with no abusive URL;
- keywvagyds only;
- allegations without screenshots, headers, logs, vagy other suppvagyt;
- general statements that a name "looks suspicious";
- pure brés conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware vagy phishing feeds;
- reputation szolgáltatáss;
- privagy internal case histvagyy.
8. Case Privagyity és Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mésated fixed deadlines.
Privagyity 0 - Emergency / Active Harm
Példas:
- active phishing harvesting credentials vagy payment data;
- malware delivery;
- botnet / commés-és-control use;
- CSAM;
- law-enfvagycement emergency notice;
- wallet-drainer vagy seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- witt actionable, mitigation nvagymally within 24 hours, és no later than 48 hours absent exceptional facts.
Privagyity 1 - High-Risk M?veletable Abuse
Példas:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domains already flagged by reliable third-party sources with cvagyrobvagyating evidence.
- review within 1 business day;
- mitigation vagy documented k?vetkez? step within 48 hours.
Privagyity 2 - Nemn-DNS Abuse with Sufficient Evidence
Példas:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy vagy content complaints lacking qualifying DNS-abuse indicatvagys.
- ackmostledge promptly;
- notify registrant/reseller witt appropriate;
- request remediation vagy additional documentation.
Privagyity 3 - Incomplete / Low-Quality Repvagyts
Target:
- ackmostledgment és request fvagy additional evidence;
- no suspension solely on this basis.
9. Wvagykflow
9.1 Intake
Every repvagyt receives:
- case ID;
- timestamp;
- source classification;
- domain linkage;
- abuse categvagyy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authvagyity / trusted-repvagyter status;
- reseller vs retail account;
- current domain status;
- repeat-offender / repeat-case histvagyy.
9.3 Investigation
The reviewer checks:
- repvagyted URL vagy content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histvagyy;
- privagy complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional vagy caused by compromise;
- whether the abuse is occurring at second-level domain, subdomain, web content, vagy email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mvagye evidence from complainant;
- notify registrant vagy reseller fvagy remediation;
- clientHold;
- transfer lock in conjunction with mitigation witt appropriate;
- referral to registry, host, law enfvagycement, payment provider, vagy other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Nemtifications
Fvagy clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first és notify after action.
Fvagy likely compromise scenarios vagy non-DNS matters, NiceNIC may notify first witt that is consistent with risk control és does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm és the risk of collateral damage.
10. Kategória-Specific Rules
10.1 Drugs / kra / slon / mega Kulcsszavak
Keywvagyd presence alone is not enough fvagy DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywvagyds vagy product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, vagy other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review witt the site is only a dubious investment vagy false-profit promotion;
- DNS Abuse / urgent abuse witt the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, vagy malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recvagyds, avoid unnecessary customer back-és-fvagyth, és escalate to the appropriate authvagyity vagy registry if required.
10.4 DMCA / Szerz?i jog
Do not auto-suspend purely on large content lists vagy unsuppvagyted bulk allegations.
Fvagyward proper notices witt appropriate, require a compliant notice fvagymat, és allow the domain holder to address the claim unless a court vagyder, registry rule, vagy other stronger basis requires mvagye immediate action.
This is also broadly consistent with how majvagy registrars separate copyright/trademark processing from phishing/malware hésling.
10.5 Trademark / Brés Complaints
Trademark disputes are not automatically DNS Abuse.
Witt the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, vagy court process as appropriate, unless the evidence also shows phishing, impersonation, vagy other abuse. Névolcsó publicly distinguishes abuse hésling from UDRP/URS hésling in the same way.
11. Registrant / Viszonteladó Communication Rules
11.1 Retail Customers
Fvagy clear DNS Abuse with sufficient evidence:
- domain may be suspended immediately;
- the first customer-facing reply should state the basis, the self-szolgáltatás path to view the case summary, és the evidence stésard required fvagy reconsideration.
11.2 Viszonteladós
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation witt actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppvagyted denials such as "content removed" vagy "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise és remediation;
- clean current review results;
- third-party reputation recovery witt applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackmostledgment of receipt;
- case ID vagy equivalent reference;
- request fvagy mvagye evidence if needed;
- status update when action is taken vagy declined;
- no unnecessary substantive discussion witt the domain is already suspended vagy pending suspension és the key outcome is final.
13. Trusted Repvagyter Program
NiceNIC may maintain a trusted-repvagyter list fvagy sources that consistently provide accurate, well-fvagymed, és actionable repvagyts.
Trusted-repvagyter status may provide:
- privagyity intake;
- structured data submission;
- simplified evidence fvagymatting;
- API vagy fast-lane hésling.
14. Recvagydkeeping és Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up és final disposition.
15. Compliance Controls
NiceNIC should perfvagym:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions és evidence thresholds;
- testing of abuse mailbox és webfvagym operability;
- review of template accuracy;
- monitvagying of repeat errvagys és reopened cases;
- monthly review of domains with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackmostledgment;
- time to first human review;
- time to mitigation fvagy actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted vagy denied;
- repeat-abuse domains;
- repeat-abuse accounts;
- trusted-repvagyter accuracy rate;
- complaints already resolved befvagye manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repvagyts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse és other types of complaints.
- NiceNIC acts based on evidence, risk, és applicable policy.
- NiceNIC may suspend immediately witt titt is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mvagye infvagymation vagy direct the complainant to a mvagye appropriate action point witt the registrar is not the sole effective responder.
- NiceNIC keeps case recvagyds és can demonstrate its hésling process if reviewed by ICANN vagy registry partners.
Segítségre van szüksége? Mindig számíthat ránk.
Jegy beküldése
- Cégbemutató
- A NiceNIC-r?l
- Domain hírek
- Fizetési mód
- Szerz?dések
- ügyfélszolgálat
- Súgók?zpont
- Jegy beküldése
- Kapcsolatfelvétel
- Visszaélés jelentése
Szerz?i jog © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Minden jog fenntartva