X
NiceNIC Abuse Hж?неling Manual
1. Purpose
NiceNIC maintains this Abuse Hж?неling Manual to ensure that abuse complaints involving домен names sponsнемесеed by NiceNIC are received, assessed, tracked, investigated, ж?не addressed in a consistent, documented, ж?не risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ж?не affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ж?не documented hж?неling fнемесе registrants ж?не resellers;
4.demonstrate a clear, defensible, ж?не auditable abuse response process.
NiceNIC will investigate abuse repнемесеts promptly ж?не will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repнемесеted activity, the likelihood of ongoing harm, ж?не the risk of collateral damage to legitimate ?ызметs. This approach is aligned with Section 3.18 of the 2013 RAA ж?не ICANN's 2024 DNS Abuse Advisнемесеy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fнемесе NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expж?неed High-Risk Abuse Categнемесеies
NiceNIC may also classify certain matters as Expж?неed High-Risk Abuse Categнемесеies under its own abuse ж?не risk rules, even wм?нда they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Жо?n-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hж?неles abuse repнемесеts accнемесеding to the following principles:
5. Repнемесеting Channels
NiceNIC shall maintain:
6. Minimum Infнемесеmation Required in a Complaint
Сатып алу ?ш?н be processed efficiently, a complaint should include:
7. Evidence Stж?неards
7.1 ?рекетable Evidence
Evidence is actionable when the infнемесеmation reasonably available to NiceNIC is sufficient to determine that the sponsнемесеed домен name is being used fнемесе DNS Abuse немесе other enfнемесеceable abuse activity.
Мысалs include:
7.2 Insufficient Evidence
Evidence is insufficient wм?нда the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priнемесеity ж?не Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mж?неated fixed deadlines.
Priнемесеity 0 - Emergency / Active Harm
Мысалs:
Priнемесеity 1 - High-Risk ?рекетable Abuse
Мысалs:
Priнемесеity 2 - Жо?n-DNS Abuse with Sufficient Evidence
Мысалs:
Priнемесеity 3 - Incomplete / Low-Quality Repнемесеts
Target:
9. Wнемесеkflow
9.1 Intake
Every repнемесеt receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Жо?tifications
Fнемесе clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ж?не notify after action.
Fнемесе likely compromise scenarios немесе non-DNS matters, NiceNIC may notify first wм?нда that is consistent with risk control ж?не does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ж?не the risk of collateral damage.
10. Категория-Specific Rules
10.1 Drugs / kra / slon / mega ?здеу с?здер?
Keywнемесеd presence alone is not enough fнемесе DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recнемесеds, avoid unnecessary customer back-ж?не-fнемесеth, ж?не escalate to the appropriate authнемесеity немесе registry if required.
10.4 DMCA / Авторлы? ???ы?
Do not auto-suspend purely on large content lists немесе unsuppнемесеted bulk allegations.
Fнемесеward proper notices wм?нда appropriate, require a compliant notice fнемесеmat, ж?не allow the домен holder to address the claim unless a court немесеder, registry rule, немесе other stronger basis requires mнемесеe immediate action.
This is also broadly consistent with how majнемесе registrars separate copyright/trademark processing from phishing/malware hж?неling.
10.5 Trademark / Brж?не Complaints
Trademark disputes are not automatically DNS Abuse.
Wм?нда the issue is a домен-name rights dispute, complainants should generally be directed toward UDRP, URS, немесе court process as appropriate, unless the evidence also shows phishing, impersonation, немесе other abuse. Атыарзан publicly distinguishes abuse hж?неling from UDRP/URS hж?неling in the same way.
11. Registrant / ?к?л Communication Rules
11.1 Retail Customers
Fнемесе clear DNS Abuse with sufficient evidence:
11.2 ?к?лs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wм?нда actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppнемесеted denials such as "content removed" немесе "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repнемесеter Program
NiceNIC may maintain a trusted-repнемесеter list fнемесе sources that consistently provide accurate, well-fнемесеmed, ж?не actionable repнемесеts.
Trusted-repнемесеter status may provide:
14. Recнемесеdkeeping ж?не Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfнемесеm:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hж?неling Manual to ensure that abuse complaints involving домен names sponsнемесеed by NiceNIC are received, assessed, tracked, investigated, ж?не addressed in a consistent, documented, ж?не risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ж?не affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ж?не documented hж?неling fнемесе registrants ж?не resellers;
4.demonstrate a clear, defensible, ж?не auditable abuse response process.
NiceNIC will investigate abuse repнемесеts promptly ж?не will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repнемесеted activity, the likelihood of ongoing harm, ж?не the risk of collateral damage to legitimate ?ызметs. This approach is aligned with Section 3.18 of the 2013 RAA ж?не ICANN's 2024 DNS Abuse Advisнемесеy.
2. Scope
This manual applies to:
- домен names sponsнемесеed by NiceNIC;
- abuse repнемесеts submitted by individuals, companies, security researchers, trusted repнемесеters, registries, law enfнемесеcement, немесе other authнемесеities;
- retail customers ж?не reseller-managed names;
- both DNS Abuse ж?не non-DNS abuse немесе illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fнемесе NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expж?неed High-Risk Abuse Categнемесеies
NiceNIC may also classify certain matters as Expж?неed High-Risk Abuse Categнемесеies under its own abuse ж?не risk rules, even wм?нда they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) немесе child exploitation content;
- illicit drug sales немесе high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wм?нда urgent action is justified by law, registry policy, competent authнемесеity request, немесе clear risk evidence.
3.3 Жо?n-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling немесе gaming content;
- misleading немесе fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatнемесеs;
- general policy violations.
4. Guiding Principles
NiceNIC hж?неles abuse repнемесеts accнемесеding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywнемесеds, assumptions, немесе unsuppнемесеted allegations alone.
- Risk-based response. Faster ж?не stronger action applies wм?нда the evidence is actionable ж?не the harm is ongoing немесе severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wм?нда the evidence indicates a compromise scenario ж?не a full hold would create dispropнемесеtionate collateral damage.
- Consistency ж?не documentation. Every case must be categнемесеized, tracked, ж?не recнемесеded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfнемесеm operatнемесе, payment processнемесе, немесе law enfнемесеcement may also be a relevant немесе mнемесеe effective action point.
5. Repнемесеting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage немесе designated abuse page;
- a published description of how abuse repнемесеts are received, hж?неled, ж?не tracked;
- a dedicated 24/7 monitнемесеed abuse contact point fнемесе law enfнемесеcement ж?не similar authнемесеities as required under the RAA.
- abuse mailbox;
- suppнемесеt ticket system;
- webfнемесеm;
- trusted-repнемесеter channel;
- registry escalation;
- law-enfнемесеcement / government channel.
6. Minimum Infнемесеmation Required in a Complaint
Сатып алу ?ш?н be processed efficiently, a complaint should include:
- the repнемесеted домен name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content ж?не the full URL;
- full email headers wм?нда email abuse, phishing, немесе fraud is involved;
- suppнемесеting evidence such as invoices, logs, malware analysis, blocklist results, немесе impersonation details;
- complainant contact infнемесеmation;
- proof of authнемесеization wм?нда the complainant acts on behalf of a brж?не немесе victim entity.
7. Evidence Stж?неards
7.1 ?рекетable Evidence
Evidence is actionable when the infнемесеmation reasonably available to NiceNIC is sufficient to determine that the sponsнемесеed домен name is being used fнемесе DNS Abuse немесе other enfнемесеceable abuse activity.
Мысалs include:
- a phishing page screenshot showing the full URL ж?не impersonated brж?не;
- a phishing email with full headers ж?не linked malicious URL;
- malware немесе exploit delivery from the repнемесеted домен немесе URL;
- reputation/blocklist data that suppнемесеts the repнемесеted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, немесе credential capture;
- multiple consistent signals from trusted немесе recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wм?нда the complaint contains only:
- a домен name with no abusive URL;
- keywнемесеds only;
- allegations without screenshots, headers, logs, немесе other suppнемесеt;
- general statements that a name "looks suspicious";
- pure brж?не conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware немесе phishing feeds;
- reputation ?ызметs;
- priнемесе internal case histнемесеy.
8. Case Priнемесеity ж?не Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mж?неated fixed deadlines.
Priнемесеity 0 - Emergency / Active Harm
Мысалs:
- active phishing harvesting credentials немесе payment data;
- malware delivery;
- botnet / commж?не-ж?не-control use;
- CSAM;
- law-enfнемесеcement emergency notice;
- wallet-drainer немесе seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wм?нда actionable, mitigation nнемесеmally within 24 hours, ж?не no later than 48 hours absent exceptional facts.
Priнемесеity 1 - High-Risk ?рекетable Abuse
Мысалs:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- доменs already flagged by reliable third-party sources with cнемесеrobнемесеating evidence.
- review within 1 business day;
- mitigation немесе documented ал?а step within 48 hours.
Priнемесеity 2 - Жо?n-DNS Abuse with Sufficient Evidence
Мысалs:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy немесе content complaints lacking qualifying DNS-abuse indicatнемесеs.
- ack?аз?рledge promptly;
- notify registrant/reseller wм?нда appropriate;
- request remediation немесе additional documentation.
Priнемесеity 3 - Incomplete / Low-Quality Repнемесеts
Target:
- ack?аз?рledgment ж?не request fнемесе additional evidence;
- no suspension solely on this basis.
9. Wнемесеkflow
9.1 Intake
Every repнемесеt receives:
- case ID;
- timestamp;
- source classification;
- домен linkage;
- abuse categнемесеy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authнемесеity / trusted-repнемесеter status;
- reseller vs retail account;
- current домен status;
- repeat-offender / repeat-case histнемесеy.
9.3 Investigation
The reviewer checks:
- repнемесеted URL немесе content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histнемесеy;
- priнемесе complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional немесе caused by compromise;
- whether the abuse is occurring at second-level домен, subдомен, web content, немесе email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mнемесеe evidence from complainant;
- notify registrant немесе reseller fнемесе remediation;
- clientHold;
- transfer lock in conjunction with mitigation wм?нда appropriate;
- referral to registry, host, law enfнемесеcement, payment provider, немесе other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Жо?tifications
Fнемесе clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ж?не notify after action.
Fнемесе likely compromise scenarios немесе non-DNS matters, NiceNIC may notify first wм?нда that is consistent with risk control ж?не does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ж?не the risk of collateral damage.
10. Категория-Specific Rules
10.1 Drugs / kra / slon / mega ?здеу с?здер?
Keywнемесеd presence alone is not enough fнемесе DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywнемесеds немесе product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, немесе other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wм?нда the site is only a dubious investment немесе false-profit promotion;
- DNS Abuse / urgent abuse wм?нда the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, немесе malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recнемесеds, avoid unnecessary customer back-ж?не-fнемесеth, ж?не escalate to the appropriate authнемесеity немесе registry if required.
10.4 DMCA / Авторлы? ???ы?
Do not auto-suspend purely on large content lists немесе unsuppнемесеted bulk allegations.
Fнемесеward proper notices wм?нда appropriate, require a compliant notice fнемесеmat, ж?не allow the домен holder to address the claim unless a court немесеder, registry rule, немесе other stronger basis requires mнемесеe immediate action.
This is also broadly consistent with how majнемесе registrars separate copyright/trademark processing from phishing/malware hж?неling.
10.5 Trademark / Brж?не Complaints
Trademark disputes are not automatically DNS Abuse.
Wм?нда the issue is a домен-name rights dispute, complainants should generally be directed toward UDRP, URS, немесе court process as appropriate, unless the evidence also shows phishing, impersonation, немесе other abuse. Атыарзан publicly distinguishes abuse hж?неling from UDRP/URS hж?неling in the same way.
11. Registrant / ?к?л Communication Rules
11.1 Retail Customers
Fнемесе clear DNS Abuse with sufficient evidence:
- домен may be suspended immediately;
- the first customer-facing reply should state the basis, the self-?ызмет path to view the case summary, ж?не the evidence stж?неard required fнемесе reconsideration.
11.2 ?к?лs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wм?нда actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppнемесеted denials such as "content removed" немесе "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise ж?не remediation;
- clean current review results;
- third-party reputation recovery wм?нда applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ack?аз?рledgment of receipt;
- case ID немесе equivalent reference;
- request fнемесе mнемесеe evidence if needed;
- status update when action is taken немесе declined;
- no unnecessary substantive discussion wм?нда the домен is already suspended немесе pending suspension ж?не the key outcome is final.
13. Trusted Repнемесеter Program
NiceNIC may maintain a trusted-repнемесеter list fнемесе sources that consistently provide accurate, well-fнемесеmed, ж?не actionable repнемесеts.
Trusted-repнемесеter status may provide:
- priнемесеity intake;
- structured data submission;
- simplified evidence fнемесеmatting;
- API немесе fast-lane hж?неling.
14. Recнемесеdkeeping ж?не Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up ж?не final disposition.
15. Compliance Controls
NiceNIC should perfнемесеm:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions ж?не evidence thresholds;
- testing of abuse mailbox ж?не webfнемесеm operability;
- review of template accuracy;
- monitнемесеing of repeat errнемесеs ж?не reopened cases;
- monthly review of доменs with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ack?аз?рledgment;
- time to first human review;
- time to mitigation fнемесе actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted немесе denied;
- repeat-abuse доменs;
- repeat-abuse accounts;
- trusted-repнемесеter accuracy rate;
- complaints already resolved befнемесеe manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repнемесеts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse ж?не other types of complaints.
- NiceNIC acts based on evidence, risk, ж?не applicable policy.
- NiceNIC may suspend immediately wм?нда tм?нда is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mнемесеe infнемесеmation немесе direct the complainant to a mнемесеe appropriate action point wм?нда the registrar is not the sole effective responder.
- NiceNIC keeps case recнемесеds ж?не can demonstrate its hж?неling process if reviewed by ICANN немесе registry partners.
К?мек керек пе? Б?з ?р?ашан с?зд?? ?ызмет???здем?з.
Тапсырма ж?беру
- Домен атаулары
- Т?ркелуing Домендер
- Домен ?айта сатушысы
- Домен ба?алары
- Whois ?здеу
- Б?зд?? ?н?мдер
- Арнал?ан сервер
- Б?лтты сервер
- SSL сертификаттары
- К?с?би электронды? пошта
- Компания туралы
- NiceNIC туралы
- Домен жа?алы?тары
- Т?лем ?д?с?
- Кел?с?мшарттар
- Клиенттерге ?олдау
- К?мек орталы?ы
- Тапсырма ж?беру
- Б?збен байланысу
- ?ана?аттанбаушылы?ты хабарлау
Авторлы? ???ы? © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Барлы? ???ы?тар ?ор?ал?ан