X
NiceNIC Abuse Hdanling Manual
1. Purpose
NiceNIC maintains this Abuse Hdanling Manual to ensure that abuse complaints involving domain names sponsataued by NiceNIC are received, assessed, tracked, investigated, dan addressed in a consistent, documented, dan risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users dan affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, dan documented hdanling fatau registrants dan resellers;
4.demonstrate a clear, defensible, dan auditable abuse response process.
NiceNIC will investigate abuse repatauts promptly dan will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repatauted activity, the likelihood of ongoing harm, dan the risk of collateral damage to legitimate layanans. This approach is aligned with Section 3.18 of the 2013 RAA dan ICANN's 2024 DNS Abuse Advisatauy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fatau NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expdaned High-Risk Abuse Categatauies
NiceNIC may also classify certain matters as Expdaned High-Risk Abuse Categatauies under its own abuse dan risk rules, even wdi sini they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Tidakn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hdanles abuse repatauts accatauding to the following principles:
5. Repatauting Channels
NiceNIC shall maintain:
6. Minimum Infataumation Required in a Complaint
Untuk be processed efficiently, a complaint should include:
7. Evidence Stdanards
7.1 Aksiable Evidence
Evidence is actionable when the infataumation reasonably available to NiceNIC is sufficient to determine that the sponsataued domain name is being used fatau DNS Abuse atau other enfatauceable abuse activity.
Contohs include:
7.2 Insufficient Evidence
Evidence is insufficient wdi sini the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priatauity dan Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mdanated fixed deadlines.
Priatauity 0 - Emergency / Active Harm
Contohs:
Priatauity 1 - High-Risk Aksiable Abuse
Contohs:
Priatauity 2 - Tidakn-DNS Abuse with Sufficient Evidence
Contohs:
Priatauity 3 - Incomplete / Low-Quality Repatauts
Target:
9. Wataukflow
9.1 Intake
Every repataut receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Tidaktifications
Fatau clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first dan notify after action.
Fatau likely compromise scenarios atau non-DNS matters, NiceNIC may notify first wdi sini that is consistent with risk control dan does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm dan the risk of collateral damage.
10. Kategataui-Specific Rules
10.1 Drugs / kra / slon / mega Kata Kunci
Keywataud presence alone is not enough fatau DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recatauds, avoid unnecessary customer back-dan-fatauth, dan escalate to the appropriate authatauity atau registry if required.
10.4 DMCA / Hak Cipta
Do not auto-suspend purely on large content lists atau unsuppatauted bulk allegations.
Fatauward proper notices wdi sini appropriate, require a compliant notice fataumat, dan allow the domain holder to address the claim unless a court atauder, registry rule, atau other stronger basis requires mataue immediate action.
This is also broadly consistent with how majatau registrars separate copyright/trademark processing from phishing/malware hdanling.
10.5 Trademark / Brdan Complaints
Trademark disputes are not automatically DNS Abuse.
Wdi sini the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, atau court process as appropriate, unless the evidence also shows phishing, impersonation, atau other abuse. Namamurah publicly distinguishes abuse hdanling from UDRP/URS hdanling in the same way.
11. Registrant / Reseller Communication Rules
11.1 Retail Customers
Fatau clear DNS Abuse with sufficient evidence:
11.2 Resellers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wdi sini actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppatauted denials such as "content removed" atau "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repatauter Program
NiceNIC may maintain a trusted-repatauter list fatau sources that consistently provide accurate, well-fataumed, dan actionable repatauts.
Trusted-repatauter status may provide:
14. Recataudkeeping dan Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfataum:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hdanling Manual to ensure that abuse complaints involving domain names sponsataued by NiceNIC are received, assessed, tracked, investigated, dan addressed in a consistent, documented, dan risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users dan affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, dan documented hdanling fatau registrants dan resellers;
4.demonstrate a clear, defensible, dan auditable abuse response process.
NiceNIC will investigate abuse repatauts promptly dan will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repatauted activity, the likelihood of ongoing harm, dan the risk of collateral damage to legitimate layanans. This approach is aligned with Section 3.18 of the 2013 RAA dan ICANN's 2024 DNS Abuse Advisatauy.
2. Scope
This manual applies to:
- domain names sponsataued by NiceNIC;
- abuse repatauts submitted by individuals, companies, security researchers, trusted repatauters, registries, law enfataucement, atau other authatauities;
- retail customers dan reseller-managed names;
- both DNS Abuse dan non-DNS abuse atau illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fatau NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expdaned High-Risk Abuse Categatauies
NiceNIC may also classify certain matters as Expdaned High-Risk Abuse Categatauies under its own abuse dan risk rules, even wdi sini they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) atau child exploitation content;
- illicit drug sales atau high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wdi sini urgent action is justified by law, registry policy, competent authatauity request, atau clear risk evidence.
3.3 Tidakn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling atau gaming content;
- misleading atau fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatataus;
- general policy violations.
4. Guiding Principles
NiceNIC hdanles abuse repatauts accatauding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywatauds, assumptions, atau unsuppatauted allegations alone.
- Risk-based response. Faster dan stronger action applies wdi sini the evidence is actionable dan the harm is ongoing atau severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wdi sini the evidence indicates a compromise scenario dan a full hold would create dispropatautionate collateral damage.
- Consistency dan documentation. Every case must be categatauized, tracked, dan recatauded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfataum operatatau, payment processatau, atau law enfataucement may also be a relevant atau mataue effective action point.
5. Repatauting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage atau designated abuse page;
- a published description of how abuse repatauts are received, hdanled, dan tracked;
- a dedicated 24/7 monitataued abuse contact point fatau law enfataucement dan similar authatauities as required under the RAA.
- abuse mailbox;
- suppataut ticket system;
- webfataum;
- trusted-repatauter channel;
- registry escalation;
- law-enfataucement / government channel.
6. Minimum Infataumation Required in a Complaint
Untuk be processed efficiently, a complaint should include:
- the repatauted domain name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content dan the full URL;
- full email headers wdi sini email abuse, phishing, atau fraud is involved;
- suppatauting evidence such as invoices, logs, malware analysis, blocklist results, atau impersonation details;
- complainant contact infataumation;
- proof of authatauization wdi sini the complainant acts on behalf of a brdan atau victim entity.
7. Evidence Stdanards
7.1 Aksiable Evidence
Evidence is actionable when the infataumation reasonably available to NiceNIC is sufficient to determine that the sponsataued domain name is being used fatau DNS Abuse atau other enfatauceable abuse activity.
Contohs include:
- a phishing page screenshot showing the full URL dan impersonated brdan;
- a phishing email with full headers dan linked malicious URL;
- malware atau exploit delivery from the repatauted domain atau URL;
- reputation/blocklist data that suppatauts the repatauted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, atau credential capture;
- multiple consistent signals from trusted atau recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wdi sini the complaint contains only:
- a domain name with no abusive URL;
- keywatauds only;
- allegations without screenshots, headers, logs, atau other suppataut;
- general statements that a name "looks suspicious";
- pure brdan conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware atau phishing feeds;
- reputation layanans;
- priatau internal case histatauy.
8. Case Priatauity dan Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mdanated fixed deadlines.
Priatauity 0 - Emergency / Active Harm
Contohs:
- active phishing harvesting credentials atau payment data;
- malware delivery;
- botnet / commdan-dan-control use;
- CSAM;
- law-enfataucement emergency notice;
- wallet-drainer atau seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wdi sini actionable, mitigation nataumally within 24 hours, dan no later than 48 hours absent exceptional facts.
Priatauity 1 - High-Risk Aksiable Abuse
Contohs:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domains already flagged by reliable third-party sources with cataurobatauating evidence.
- review within 1 business day;
- mitigation atau documented berikutnya step within 48 hours.
Priatauity 2 - Tidakn-DNS Abuse with Sufficient Evidence
Contohs:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy atau content complaints lacking qualifying DNS-abuse indicatataus.
- acksekarangledge promptly;
- notify registrant/reseller wdi sini appropriate;
- request remediation atau additional documentation.
Priatauity 3 - Incomplete / Low-Quality Repatauts
Target:
- acksekarangledgment dan request fatau additional evidence;
- no suspension solely on this basis.
9. Wataukflow
9.1 Intake
Every repataut receives:
- case ID;
- timestamp;
- source classification;
- domain linkage;
- abuse categatauy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authatauity / trusted-repatauter status;
- reseller vs retail account;
- current domain status;
- repeat-offender / repeat-case histatauy.
9.3 Investigation
The reviewer checks:
- repatauted URL atau content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histatauy;
- priatau complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional atau caused by compromise;
- whether the abuse is occurring at second-level domain, subdomain, web content, atau email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mataue evidence from complainant;
- notify registrant atau reseller fatau remediation;
- clientHold;
- transfer lock in conjunction with mitigation wdi sini appropriate;
- referral to registry, host, law enfataucement, payment provider, atau other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Tidaktifications
Fatau clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first dan notify after action.
Fatau likely compromise scenarios atau non-DNS matters, NiceNIC may notify first wdi sini that is consistent with risk control dan does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm dan the risk of collateral damage.
10. Kategataui-Specific Rules
10.1 Drugs / kra / slon / mega Kata Kunci
Keywataud presence alone is not enough fatau DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywatauds atau product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, atau other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wdi sini the site is only a dubious investment atau false-profit promotion;
- DNS Abuse / urgent abuse wdi sini the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, atau malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recatauds, avoid unnecessary customer back-dan-fatauth, dan escalate to the appropriate authatauity atau registry if required.
10.4 DMCA / Hak Cipta
Do not auto-suspend purely on large content lists atau unsuppatauted bulk allegations.
Fatauward proper notices wdi sini appropriate, require a compliant notice fataumat, dan allow the domain holder to address the claim unless a court atauder, registry rule, atau other stronger basis requires mataue immediate action.
This is also broadly consistent with how majatau registrars separate copyright/trademark processing from phishing/malware hdanling.
10.5 Trademark / Brdan Complaints
Trademark disputes are not automatically DNS Abuse.
Wdi sini the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, atau court process as appropriate, unless the evidence also shows phishing, impersonation, atau other abuse. Namamurah publicly distinguishes abuse hdanling from UDRP/URS hdanling in the same way.
11. Registrant / Reseller Communication Rules
11.1 Retail Customers
Fatau clear DNS Abuse with sufficient evidence:
- domain may be suspended immediately;
- the first customer-facing reply should state the basis, the self-layanan path to view the case summary, dan the evidence stdanard required fatau reconsideration.
11.2 Resellers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wdi sini actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppatauted denials such as "content removed" atau "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise dan remediation;
- clean current review results;
- third-party reputation recovery wdi sini applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- acksekarangledgment of receipt;
- case ID atau equivalent reference;
- request fatau mataue evidence if needed;
- status update when action is taken atau declined;
- no unnecessary substantive discussion wdi sini the domain is already suspended atau pending suspension dan the key outcome is final.
13. Trusted Repatauter Program
NiceNIC may maintain a trusted-repatauter list fatau sources that consistently provide accurate, well-fataumed, dan actionable repatauts.
Trusted-repatauter status may provide:
- priatauity intake;
- structured data submission;
- simplified evidence fataumatting;
- API atau fast-lane hdanling.
14. Recataudkeeping dan Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up dan final disposition.
15. Compliance Controls
NiceNIC should perfataum:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions dan evidence thresholds;
- testing of abuse mailbox dan webfataum operability;
- review of template accuracy;
- monitatauing of repeat errataus dan reopened cases;
- monthly review of domains with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first acksekarangledgment;
- time to first human review;
- time to mitigation fatau actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted atau denied;
- repeat-abuse domains;
- repeat-abuse accounts;
- trusted-repatauter accuracy rate;
- complaints already resolved befataue manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repatauts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse dan other types of complaints.
- NiceNIC acts based on evidence, risk, dan applicable policy.
- NiceNIC may suspend immediately wdi sini tdi sini is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mataue infataumation atau direct the complainant to a mataue appropriate action point wdi sini the registrar is not the sole effective responder.
- NiceNIC keeps case recatauds dan can demonstrate its hdanling process if reviewed by ICANN atau registry partners.
Butuh bantuan? Kami selalu siap membantu Anda.
Kirim Tiket
- Domain Names
- Daftaring Domain
- Reseller Domain
- Harga Domain
- Pencarian WHOIS
- Produk Kami
- Server Dedicated
- Server Cloud
- Sertifikat SSL
- Email Bisnis
- Profil Perusahaan
- Tentang NiceNIC
- Berita Domain
- Metode Pembayaran
- Perjanjian
- Dukungan Pelanggan
- Pusat Bantuan
- Kirim Tiket
- Hubungi Kami
- Laporkan Penyalahgunaan
Hak Cipta ? 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Seluruh Hak Dilindungi