X
NiceNIC Abuse Hunling Manual
1. Purpose
NiceNIC maintains this Abuse Hunling Manual to ensure that abuse complaints involving domēns names sponsvaied by NiceNIC are received, assessed, tracked, investigated, un addressed in a consistent, documented, un risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users un affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, un documented hunling fvai registrants un resellers;
4.demonstrate a clear, defensible, un auditable abuse response process.
NiceNIC will investigate abuse repvaits promptly un will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repvaited activity, the likelihood of ongoing harm, un the risk of collateral damage to legitimate pakalpojumss. This approach is aligned with Section 3.18 of the 2013 RAA un ICANN's 2024 DNS Abuse Advisvaiy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fvai NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expuned High-Risk Abuse Categvaiies
NiceNIC may also classify certain matters as Expuned High-Risk Abuse Categvaiies under its own abuse un risk rules, even w?eit they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Nēn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hunles abuse repvaits accvaiding to the following principles:
5. Repvaiting Channels
NiceNIC shall maintain:
6. Minimum Infvaimation Required in a Complaint
Lai be processed efficiently, a complaint should include:
7. Evidence Stunards
7.1 Darbībaable Evidence
Evidence is actionable when the infvaimation reasonably available to NiceNIC is sufficient to determine that the sponsvaied domēns name is being used fvai DNS Abuse vai other enfvaiceable abuse activity.
Piemērss include:
7.2 Insufficient Evidence
Evidence is insufficient w?eit the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Privaiity un Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-munated fixed deadlines.
Privaiity 0 - Emergency / Active Harm
Piemērss:
Privaiity 1 - High-Risk Darbībaable Abuse
Piemērss:
Privaiity 2 - Nēn-DNS Abuse with Sufficient Evidence
Piemērss:
Privaiity 3 - Incomplete / Low-Quality Repvaits
Target:
9. Wvaikflow
9.1 Intake
Every repvait receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Nētifications
Fvai clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first un notify after action.
Fvai likely compromise scenarios vai non-DNS matters, NiceNIC may notify first w?eit that is consistent with risk control un does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm un the risk of collateral damage.
10. Kategorija-Specific Rules
10.1 Drugs / kra / slon / mega Atslēgas vārdi
Keywvaid presence alone is not enough fvai DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recvaids, avoid unnecessary customer back-un-fvaith, un escalate to the appropriate authvaiity vai registry if required.
10.4 DMCA / Autortiesības
Do not auto-suspend purely on large content lists vai unsuppvaited bulk allegations.
Fvaiward proper notices w?eit appropriate, require a compliant notice fvaimat, un allow the domēns holder to address the claim unless a court vaider, registry rule, vai other stronger basis requires mvaie immediate action.
This is also broadly consistent with how majvai registrars separate copyright/trademark processing from phishing/malware hunling.
10.5 Trademark / Brun Complaints
Trademark disputes are not automatically DNS Abuse.
W?eit the issue is a domēns-name rights dispute, complainants should generally be directed toward UDRP, URS, vai court process as appropriate, unless the evidence also shows phishing, impersonation, vai other abuse. Nosaukumslēti publicly distinguishes abuse hunling from UDRP/URS hunling in the same way.
11. Registrant / Izplatītājs Communication Rules
11.1 Retail Customers
Fvai clear DNS Abuse with sufficient evidence:
11.2 Izplatītājss
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation w?eit actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppvaited denials such as "content removed" vai "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repvaiter Program
NiceNIC may maintain a trusted-repvaiter list fvai sources that consistently provide accurate, well-fvaimed, un actionable repvaits.
Trusted-repvaiter status may provide:
14. Recvaidkeeping un Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfvaim:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hunling Manual to ensure that abuse complaints involving domēns names sponsvaied by NiceNIC are received, assessed, tracked, investigated, un addressed in a consistent, documented, un risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users un affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, un documented hunling fvai registrants un resellers;
4.demonstrate a clear, defensible, un auditable abuse response process.
NiceNIC will investigate abuse repvaits promptly un will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repvaited activity, the likelihood of ongoing harm, un the risk of collateral damage to legitimate pakalpojumss. This approach is aligned with Section 3.18 of the 2013 RAA un ICANN's 2024 DNS Abuse Advisvaiy.
2. Scope
This manual applies to:
- domēns names sponsvaied by NiceNIC;
- abuse repvaits submitted by individuals, companies, security researchers, trusted repvaiters, registries, law enfvaicement, vai other authvaiities;
- retail customers un reseller-managed names;
- both DNS Abuse un non-DNS abuse vai illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fvai NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expuned High-Risk Abuse Categvaiies
NiceNIC may also classify certain matters as Expuned High-Risk Abuse Categvaiies under its own abuse un risk rules, even w?eit they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) vai child exploitation content;
- illicit drug sales vai high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity w?eit urgent action is justified by law, registry policy, competent authvaiity request, vai clear risk evidence.
3.3 Nēn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling vai gaming content;
- misleading vai fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatvais;
- general policy violations.
4. Guiding Principles
NiceNIC hunles abuse repvaits accvaiding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywvaids, assumptions, vai unsuppvaited allegations alone.
- Risk-based response. Faster un stronger action applies w?eit the evidence is actionable un the harm is ongoing vai severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension w?eit the evidence indicates a compromise scenario un a full hold would create dispropvaitionate collateral damage.
- Consistency un documentation. Every case must be categvaiized, tracked, un recvaided.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfvaim operatvai, payment processvai, vai law enfvaicement may also be a relevant vai mvaie effective action point.
5. Repvaiting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage vai designated abuse page;
- a published description of how abuse repvaits are received, hunled, un tracked;
- a dedicated 24/7 monitvaied abuse contact point fvai law enfvaicement un similar authvaiities as required under the RAA.
- abuse mailbox;
- suppvait ticket system;
- webfvaim;
- trusted-repvaiter channel;
- registry escalation;
- law-enfvaicement / government channel.
6. Minimum Infvaimation Required in a Complaint
Lai be processed efficiently, a complaint should include:
- the repvaited domēns name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content un the full URL;
- full email headers w?eit email abuse, phishing, vai fraud is involved;
- suppvaiting evidence such as invoices, logs, malware analysis, blocklist results, vai impersonation details;
- complainant contact infvaimation;
- proof of authvaiization w?eit the complainant acts on behalf of a brun vai victim entity.
7. Evidence Stunards
7.1 Darbībaable Evidence
Evidence is actionable when the infvaimation reasonably available to NiceNIC is sufficient to determine that the sponsvaied domēns name is being used fvai DNS Abuse vai other enfvaiceable abuse activity.
Piemērss include:
- a phishing page screenshot showing the full URL un impersonated brun;
- a phishing email with full headers un linked malicious URL;
- malware vai exploit delivery from the repvaited domēns vai URL;
- reputation/blocklist data that suppvaits the repvaited conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, vai credential capture;
- multiple consistent signals from trusted vai recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient w?eit the complaint contains only:
- a domēns name with no abusive URL;
- keywvaids only;
- allegations without screenshots, headers, logs, vai other suppvait;
- general statements that a name "looks suspicious";
- pure brun conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware vai phishing feeds;
- reputation pakalpojumss;
- privai internal case histvaiy.
8. Case Privaiity un Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-munated fixed deadlines.
Privaiity 0 - Emergency / Active Harm
Piemērss:
- active phishing harvesting credentials vai payment data;
- malware delivery;
- botnet / commun-un-control use;
- CSAM;
- law-enfvaicement emergency notice;
- wallet-drainer vai seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- w?eit actionable, mitigation nvaimally within 24 hours, un no later than 48 hours absent exceptional facts.
Privaiity 1 - High-Risk Darbībaable Abuse
Piemērss:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domēnss already flagged by reliable third-party sources with cvairobvaiating evidence.
- review within 1 business day;
- mitigation vai documented Nākamais step within 48 hours.
Privaiity 2 - Nēn-DNS Abuse with Sufficient Evidence
Piemērss:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy vai content complaints lacking qualifying DNS-abuse indicatvais.
- acktagadledge promptly;
- notify registrant/reseller w?eit appropriate;
- request remediation vai additional documentation.
Privaiity 3 - Incomplete / Low-Quality Repvaits
Target:
- acktagadledgment un request fvai additional evidence;
- no suspension solely on this basis.
9. Wvaikflow
9.1 Intake
Every repvait receives:
- case ID;
- timestamp;
- source classification;
- domēns linkage;
- abuse categvaiy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authvaiity / trusted-repvaiter status;
- reseller vs retail account;
- current domēns status;
- repeat-offender / repeat-case histvaiy.
9.3 Investigation
The reviewer checks:
- repvaited URL vai content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histvaiy;
- privai complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional vai caused by compromise;
- whether the abuse is occurring at second-level domēns, subdomēns, web content, vai email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mvaie evidence from complainant;
- notify registrant vai reseller fvai remediation;
- clientHold;
- transfer lock in conjunction with mitigation w?eit appropriate;
- referral to registry, host, law enfvaicement, payment provider, vai other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Nētifications
Fvai clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first un notify after action.
Fvai likely compromise scenarios vai non-DNS matters, NiceNIC may notify first w?eit that is consistent with risk control un does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm un the risk of collateral damage.
10. Kategorija-Specific Rules
10.1 Drugs / kra / slon / mega Atslēgas vārdi
Keywvaid presence alone is not enough fvai DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywvaids vai product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, vai other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review w?eit the site is only a dubious investment vai false-profit promotion;
- DNS Abuse / urgent abuse w?eit the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, vai malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recvaids, avoid unnecessary customer back-un-fvaith, un escalate to the appropriate authvaiity vai registry if required.
10.4 DMCA / Autortiesības
Do not auto-suspend purely on large content lists vai unsuppvaited bulk allegations.
Fvaiward proper notices w?eit appropriate, require a compliant notice fvaimat, un allow the domēns holder to address the claim unless a court vaider, registry rule, vai other stronger basis requires mvaie immediate action.
This is also broadly consistent with how majvai registrars separate copyright/trademark processing from phishing/malware hunling.
10.5 Trademark / Brun Complaints
Trademark disputes are not automatically DNS Abuse.
W?eit the issue is a domēns-name rights dispute, complainants should generally be directed toward UDRP, URS, vai court process as appropriate, unless the evidence also shows phishing, impersonation, vai other abuse. Nosaukumslēti publicly distinguishes abuse hunling from UDRP/URS hunling in the same way.
11. Registrant / Izplatītājs Communication Rules
11.1 Retail Customers
Fvai clear DNS Abuse with sufficient evidence:
- domēns may be suspended immediately;
- the first customer-facing reply should state the basis, the self-pakalpojums path to view the case summary, un the evidence stunard required fvai reconsideration.
11.2 Izplatītājss
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation w?eit actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppvaited denials such as "content removed" vai "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise un remediation;
- clean current review results;
- third-party reputation recovery w?eit applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- acktagadledgment of receipt;
- case ID vai equivalent reference;
- request fvai mvaie evidence if needed;
- status update when action is taken vai declined;
- no unnecessary substantive discussion w?eit the domēns is already suspended vai pending suspension un the key outcome is final.
13. Trusted Repvaiter Program
NiceNIC may maintain a trusted-repvaiter list fvai sources that consistently provide accurate, well-fvaimed, un actionable repvaits.
Trusted-repvaiter status may provide:
- privaiity intake;
- structured data submission;
- simplified evidence fvaimatting;
- API vai fast-lane hunling.
14. Recvaidkeeping un Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up un final disposition.
15. Compliance Controls
NiceNIC should perfvaim:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions un evidence thresholds;
- testing of abuse mailbox un webfvaim operability;
- review of template accuracy;
- monitvaiing of repeat errvais un reopened cases;
- monthly review of domēnss with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first acktagadledgment;
- time to first human review;
- time to mitigation fvai actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted vai denied;
- repeat-abuse domēnss;
- repeat-abuse accounts;
- trusted-repvaiter accuracy rate;
- complaints already resolved befvaie manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repvaits promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse un other types of complaints.
- NiceNIC acts based on evidence, risk, un applicable policy.
- NiceNIC may suspend immediately w?eit t?eit is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mvaie infvaimation vai direct the complainant to a mvaie appropriate action point w?eit the registrar is not the sole effective responder.
- NiceNIC keeps case recvaids un can demonstrate its hunling process if reviewed by ICANN vai registry partners.
Nepiecie?ama palīdzība? Mēs vienmēr esam gatavi jums palīdzēt.
Iesniegt pieprasījumu
- Domēnu vārdi
- Re?istrēting Domēni
- Domēnu izplatītājs
- Domēnu cenas
- Whois meklē?ana
- Mūsu produkti
- Iz??irtspējīgs serveris
- Māko?a serveris
- SSL sertifikāti
- Biznesa e-pasts
- Uz?ēmuma profils
- Par NiceNIC
- Domēnu zi?as
- Apmaksas veids
- Līgumi
- Klientu atbalsts
- Palīdzības centrs
- Iesniegt pieprasījumu
- Sazinieties ar mums
- Zi?ot par ?aunprātību
Autortiesības © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Visas tiesības aizsargātas