X
NiceNIC Abuse Hogling Manual
1. Purpose
NiceNIC maintains this Abuse Hogling Manual to ensure that abuse complaints involving domenet names sponsellered by NiceNIC are received, assessed, tracked, investigated, og addressed in a consistent, documented, og risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users og affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, og documented hogling feller registrants og resellers;
4.demonstrate a clear, defensible, og auditable abuse response process.
NiceNIC will investigate abuse repellerts promptly og will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repellerted activity, the likelihood of ongoing harm, og the risk of collateral damage to legitimate tjenestes. This approach is aligned with Section 3.18 of the 2013 RAA og ICANN's 2024 DNS Abuse Advisellery.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Feller NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expoged High-Risk Abuse Categelleries
NiceNIC may also classify certain matters as Expoged High-Risk Abuse Categelleries under its own abuse og risk rules, even wher they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Nein-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hogles abuse repellerts accellerding to the following principles:
5. Repellerting Channels
NiceNIC shall maintain:
6. Minimum Infellermation Required in a Complaint
Til be processed efficiently, a complaint should include:
7. Evidence Stogards
7.1 Handlingable Evidence
Evidence is actionable when the infellermation reasonably available to NiceNIC is sufficient to determine that the sponsellered domenet name is being used feller DNS Abuse eller other enfellerceable abuse activity.
Eksempels include:
7.2 Insufficient Evidence
Evidence is insufficient wher the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priellerity og Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mogated fixed deadlines.
Priellerity 0 - Emergency / Active Harm
Eksempels:
Priellerity 1 - High-Risk Handlingable Abuse
Eksempels:
Priellerity 2 - Nein-DNS Abuse with Sufficient Evidence
Eksempels:
Priellerity 3 - Incomplete / Low-Quality Repellerts
Target:
9. Wellerkflow
9.1 Intake
Every repellert receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Neitifications
Feller clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first og notify after action.
Feller likely compromise scenarios eller non-DNS matters, NiceNIC may notify first wher that is consistent with risk control og does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm og the risk of collateral damage.
10. Kategori-Specific Rules
10.1 Drugs / kra / slon / mega N?kkelord
Keywellerd presence alone is not enough feller DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recellerds, avoid unnecessary customer back-og-fellerth, og escalate to the appropriate authellerity eller registry if required.
10.4 DMCA / Opphavsrett
Do not auto-suspend purely on large content lists eller unsuppellerted bulk allegations.
Fellerward proper notices wher appropriate, require a compliant notice fellermat, og allow the domenet holder to address the claim unless a court ellerder, registry rule, eller other stronger basis requires mellere immediate action.
This is also broadly consistent with how majeller registrars separate copyright/trademark processing from phishing/malware hogling.
10.5 Trademark / Brog Complaints
Trademark disputes are not automatically DNS Abuse.
Wher the issue is a domenet-name rights dispute, complainants should generally be directed toward UDRP, URS, eller court process as appropriate, unless the evidence also shows phishing, impersonation, eller other abuse. Navnbillig publicly distinguishes abuse hogling from UDRP/URS hogling in the same way.
11. Registrant / Forhandler Communication Rules
11.1 Retail Customers
Feller clear DNS Abuse with sufficient evidence:
11.2 Forhandlers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wher actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppellerted denials such as "content removed" eller "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repellerter Program
NiceNIC may maintain a trusted-repellerter list feller sources that consistently provide accurate, well-fellermed, og actionable repellerts.
Trusted-repellerter status may provide:
14. Recellerdkeeping og Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfellerm:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hogling Manual to ensure that abuse complaints involving domenet names sponsellered by NiceNIC are received, assessed, tracked, investigated, og addressed in a consistent, documented, og risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users og affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, og documented hogling feller registrants og resellers;
4.demonstrate a clear, defensible, og auditable abuse response process.
NiceNIC will investigate abuse repellerts promptly og will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repellerted activity, the likelihood of ongoing harm, og the risk of collateral damage to legitimate tjenestes. This approach is aligned with Section 3.18 of the 2013 RAA og ICANN's 2024 DNS Abuse Advisellery.
2. Scope
This manual applies to:
- domenet names sponsellered by NiceNIC;
- abuse repellerts submitted by individuals, companies, security researchers, trusted repellerters, registries, law enfellercement, eller other authellerities;
- retail customers og reseller-managed names;
- both DNS Abuse og non-DNS abuse eller illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Feller NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expoged High-Risk Abuse Categelleries
NiceNIC may also classify certain matters as Expoged High-Risk Abuse Categelleries under its own abuse og risk rules, even wher they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) eller child exploitation content;
- illicit drug sales eller high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wher urgent action is justified by law, registry policy, competent authellerity request, eller clear risk evidence.
3.3 Nein-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling eller gaming content;
- misleading eller fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatellers;
- general policy violations.
4. Guiding Principles
NiceNIC hogles abuse repellerts accellerding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywellerds, assumptions, eller unsuppellerted allegations alone.
- Risk-based response. Faster og stronger action applies wher the evidence is actionable og the harm is ongoing eller severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wher the evidence indicates a compromise scenario og a full hold would create dispropellertionate collateral damage.
- Consistency og documentation. Every case must be categellerized, tracked, og recellerded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfellerm operateller, payment processeller, eller law enfellercement may also be a relevant eller mellere effective action point.
5. Repellerting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage eller designated abuse page;
- a published description of how abuse repellerts are received, hogled, og tracked;
- a dedicated 24/7 monitellered abuse contact point feller law enfellercement og similar authellerities as required under the RAA.
- abuse mailbox;
- suppellert ticket system;
- webfellerm;
- trusted-repellerter channel;
- registry escalation;
- law-enfellercement / government channel.
6. Minimum Infellermation Required in a Complaint
Til be processed efficiently, a complaint should include:
- the repellerted domenet name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content og the full URL;
- full email headers wher email abuse, phishing, eller fraud is involved;
- suppellerting evidence such as invoices, logs, malware analysis, blocklist results, eller impersonation details;
- complainant contact infellermation;
- proof of authellerization wher the complainant acts on behalf of a brog eller victim entity.
7. Evidence Stogards
7.1 Handlingable Evidence
Evidence is actionable when the infellermation reasonably available to NiceNIC is sufficient to determine that the sponsellered domenet name is being used feller DNS Abuse eller other enfellerceable abuse activity.
Eksempels include:
- a phishing page screenshot showing the full URL og impersonated brog;
- a phishing email with full headers og linked malicious URL;
- malware eller exploit delivery from the repellerted domenet eller URL;
- reputation/blocklist data that suppellerts the repellerted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, eller credential capture;
- multiple consistent signals from trusted eller recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wher the complaint contains only:
- a domenet name with no abusive URL;
- keywellerds only;
- allegations without screenshots, headers, logs, eller other suppellert;
- general statements that a name "looks suspicious";
- pure brog conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware eller phishing feeds;
- reputation tjenestes;
- prieller internal case histellery.
8. Case Priellerity og Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mogated fixed deadlines.
Priellerity 0 - Emergency / Active Harm
Eksempels:
- active phishing harvesting credentials eller payment data;
- malware delivery;
- botnet / commog-og-control use;
- CSAM;
- law-enfellercement emergency notice;
- wallet-drainer eller seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wher actionable, mitigation nellermally within 24 hours, og no later than 48 hours absent exceptional facts.
Priellerity 1 - High-Risk Handlingable Abuse
Eksempels:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domenets already flagged by reliable third-party sources with cellerrobellerating evidence.
- review within 1 business day;
- mitigation eller documented neste step within 48 hours.
Priellerity 2 - Nein-DNS Abuse with Sufficient Evidence
Eksempels:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy eller content complaints lacking qualifying DNS-abuse indicatellers.
- ackn?ledge promptly;
- notify registrant/reseller wher appropriate;
- request remediation eller additional documentation.
Priellerity 3 - Incomplete / Low-Quality Repellerts
Target:
- ackn?ledgment og request feller additional evidence;
- no suspension solely on this basis.
9. Wellerkflow
9.1 Intake
Every repellert receives:
- case ID;
- timestamp;
- source classification;
- domenet linkage;
- abuse categellery;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authellerity / trusted-repellerter status;
- reseller vs retail account;
- current domenet status;
- repeat-offender / repeat-case histellery.
9.3 Investigation
The reviewer checks:
- repellerted URL eller content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histellery;
- prieller complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional eller caused by compromise;
- whether the abuse is occurring at second-level domenet, subdomenet, web content, eller email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mellere evidence from complainant;
- notify registrant eller reseller feller remediation;
- clientHold;
- transfer lock in conjunction with mitigation wher appropriate;
- referral to registry, host, law enfellercement, payment provider, eller other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Neitifications
Feller clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first og notify after action.
Feller likely compromise scenarios eller non-DNS matters, NiceNIC may notify first wher that is consistent with risk control og does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm og the risk of collateral damage.
10. Kategori-Specific Rules
10.1 Drugs / kra / slon / mega N?kkelord
Keywellerd presence alone is not enough feller DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywellerds eller product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, eller other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wher the site is only a dubious investment eller false-profit promotion;
- DNS Abuse / urgent abuse wher the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, eller malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recellerds, avoid unnecessary customer back-og-fellerth, og escalate to the appropriate authellerity eller registry if required.
10.4 DMCA / Opphavsrett
Do not auto-suspend purely on large content lists eller unsuppellerted bulk allegations.
Fellerward proper notices wher appropriate, require a compliant notice fellermat, og allow the domenet holder to address the claim unless a court ellerder, registry rule, eller other stronger basis requires mellere immediate action.
This is also broadly consistent with how majeller registrars separate copyright/trademark processing from phishing/malware hogling.
10.5 Trademark / Brog Complaints
Trademark disputes are not automatically DNS Abuse.
Wher the issue is a domenet-name rights dispute, complainants should generally be directed toward UDRP, URS, eller court process as appropriate, unless the evidence also shows phishing, impersonation, eller other abuse. Navnbillig publicly distinguishes abuse hogling from UDRP/URS hogling in the same way.
11. Registrant / Forhandler Communication Rules
11.1 Retail Customers
Feller clear DNS Abuse with sufficient evidence:
- domenet may be suspended immediately;
- the first customer-facing reply should state the basis, the self-tjeneste path to view the case summary, og the evidence stogard required feller reconsideration.
11.2 Forhandlers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wher actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppellerted denials such as "content removed" eller "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise og remediation;
- clean current review results;
- third-party reputation recovery wher applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackn?ledgment of receipt;
- case ID eller equivalent reference;
- request feller mellere evidence if needed;
- status update when action is taken eller declined;
- no unnecessary substantive discussion wher the domenet is already suspended eller pending suspension og the key outcome is final.
13. Trusted Repellerter Program
NiceNIC may maintain a trusted-repellerter list feller sources that consistently provide accurate, well-fellermed, og actionable repellerts.
Trusted-repellerter status may provide:
- priellerity intake;
- structured data submission;
- simplified evidence fellermatting;
- API eller fast-lane hogling.
14. Recellerdkeeping og Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up og final disposition.
15. Compliance Controls
NiceNIC should perfellerm:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions og evidence thresholds;
- testing of abuse mailbox og webfellerm operability;
- review of template accuracy;
- monitellering of repeat errellers og reopened cases;
- monthly review of domenets with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackn?ledgment;
- time to first human review;
- time to mitigation feller actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted eller denied;
- repeat-abuse domenets;
- repeat-abuse accounts;
- trusted-repellerter accuracy rate;
- complaints already resolved befellere manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repellerts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse og other types of complaints.
- NiceNIC acts based on evidence, risk, og applicable policy.
- NiceNIC may suspend immediately wher ther is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mellere infellermation eller direct the complainant to a mellere appropriate action point wher the registrar is not the sole effective responder.
- NiceNIC keeps case recellerds og can demonstrate its hogling process if reviewed by ICANN eller registry partners.
Trenger du hjelp? Vi er alltid her for deg.
Send inn sak
- V?re produkter
- Dedikert server
- Cloud Server
- SSL-sertifikater
- Bedriftsemail
- Firmaoversikt
- Om NiceNIC
- Domene-nyheter
- Betalingsmetode
- Avtaler
- Kundesupport
- Hjelpesenter
- Send inn sak
- Kontakt oss
- Meld misbruk
Opphavsrett © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Alle rettigheter reservert