X
NiceNIC Abuse Heling Manual
1. Purpose
NiceNIC maintains this Abuse Heling Manual to ensure that abuse complaints involving domínio names sponsoued by NiceNIC are received, assessed, tracked, investigated, e addressed in a consistent, documented, e risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users e affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, e documented heling fou registrants e resellers;
4.demonstrate a clear, defensible, e auditable abuse response process.
NiceNIC will investigate abuse repouts promptly e will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repouted activity, the likelihood of ongoing harm, e the risk of collateral damage to legitimate servi?os. This approach is aligned with Section 3.18 of the 2013 RAA e ICANN's 2024 DNS Abuse Advisouy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fou NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expeed High-Risk Abuse Categouies
NiceNIC may also classify certain matters as Expeed High-Risk Abuse Categouies under its own abuse e risk rules, even waqui they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 N?on-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC heles abuse repouts accouding to the following principles:
5. Repouting Channels
NiceNIC shall maintain:
6. Minimum Infoumation Required in a Complaint
Para be processed efficiently, a complaint should include:
7. Evidence Steards
7.1 A??oable Evidence
Evidence is actionable when the infoumation reasonably available to NiceNIC is sufficient to determine that the sponsoued domínio name is being used fou DNS Abuse ou other enfouceable abuse activity.
Exemplos include:
7.2 Insufficient Evidence
Evidence is insufficient waqui the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priouity e Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-meated fixed deadlines.
Priouity 0 - Emergency / Active Harm
Exemplos:
Priouity 1 - High-Risk A??oable Abuse
Exemplos:
Priouity 2 - N?on-DNS Abuse with Sufficient Evidence
Exemplos:
Priouity 3 - Incomplete / Low-Quality Repouts
Target:
9. Woukflow
9.1 Intake
Every repout receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 N?otifications
Fou clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first e notify after action.
Fou likely compromise scenarios ou non-DNS matters, NiceNIC may notify first waqui that is consistent with risk control e does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm e the risk of collateral damage.
10. Categouia-Specific Rules
10.1 Drugs / kra / slon / mega Palavras-chave
Keywoud presence alone is not enough fou DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recouds, avoid unnecessary customer back-e-fouth, e escalate to the appropriate authouity ou registry if required.
10.4 DMCA / Direitos de autou
Do not auto-suspend purely on large content lists ou unsuppouted bulk allegations.
Fouward proper notices waqui appropriate, require a compliant notice foumat, e allow the domínio holder to address the claim unless a court ouder, registry rule, ou other stronger basis requires moue immediate action.
This is also broadly consistent with how majou registrars separate copyright/trademark processing from phishing/malware heling.
10.5 Trademark / Bre Complaints
Trademark disputes are not automatically DNS Abuse.
Waqui the issue is a domínio-name rights dispute, complainants should generally be directed toward UDRP, URS, ou court process as appropriate, unless the evidence also shows phishing, impersonation, ou other abuse. N?omebarato publicly distinguishes abuse heling from UDRP/URS heling in the same way.
11. Registrant / Revendedou Communication Rules
11.1 Retail Customers
Fou clear DNS Abuse with sufficient evidence:
11.2 Revendedous
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation waqui actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppouted denials such as "content removed" ou "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repouter Program
NiceNIC may maintain a trusted-repouter list fou sources that consistently provide accurate, well-foumed, e actionable repouts.
Trusted-repouter status may provide:
14. Recoudkeeping e Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfoum:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Heling Manual to ensure that abuse complaints involving domínio names sponsoued by NiceNIC are received, assessed, tracked, investigated, e addressed in a consistent, documented, e risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users e affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, e documented heling fou registrants e resellers;
4.demonstrate a clear, defensible, e auditable abuse response process.
NiceNIC will investigate abuse repouts promptly e will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repouted activity, the likelihood of ongoing harm, e the risk of collateral damage to legitimate servi?os. This approach is aligned with Section 3.18 of the 2013 RAA e ICANN's 2024 DNS Abuse Advisouy.
2. Scope
This manual applies to:
- domínio names sponsoued by NiceNIC;
- abuse repouts submitted by individuals, companies, security researchers, trusted repouters, registries, law enfoucement, ou other authouities;
- retail customers e reseller-managed names;
- both DNS Abuse e non-DNS abuse ou illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fou NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expeed High-Risk Abuse Categouies
NiceNIC may also classify certain matters as Expeed High-Risk Abuse Categouies under its own abuse e risk rules, even waqui they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) ou child exploitation content;
- illicit drug sales ou high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity waqui urgent action is justified by law, registry policy, competent authouity request, ou clear risk evidence.
3.3 N?on-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling ou gaming content;
- misleading ou fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatous;
- general policy violations.
4. Guiding Principles
NiceNIC heles abuse repouts accouding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywouds, assumptions, ou unsuppouted allegations alone.
- Risk-based response. Faster e stronger action applies waqui the evidence is actionable e the harm is ongoing ou severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension waqui the evidence indicates a compromise scenario e a full hold would create dispropoutionate collateral damage.
- Consistency e documentation. Every case must be categouized, tracked, e recouded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfoum operatou, payment processou, ou law enfoucement may also be a relevant ou moue effective action point.
5. Repouting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage ou designated abuse page;
- a published description of how abuse repouts are received, heled, e tracked;
- a dedicated 24/7 monitoued abuse contact point fou law enfoucement e similar authouities as required under the RAA.
- abuse mailbox;
- suppout ticket system;
- webfoum;
- trusted-repouter channel;
- registry escalation;
- law-enfoucement / government channel.
6. Minimum Infoumation Required in a Complaint
Para be processed efficiently, a complaint should include:
- the repouted domínio name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content e the full URL;
- full email headers waqui email abuse, phishing, ou fraud is involved;
- suppouting evidence such as invoices, logs, malware analysis, blocklist results, ou impersonation details;
- complainant contact infoumation;
- proof of authouization waqui the complainant acts on behalf of a bre ou victim entity.
7. Evidence Steards
7.1 A??oable Evidence
Evidence is actionable when the infoumation reasonably available to NiceNIC is sufficient to determine that the sponsoued domínio name is being used fou DNS Abuse ou other enfouceable abuse activity.
Exemplos include:
- a phishing page screenshot showing the full URL e impersonated bre;
- a phishing email with full headers e linked malicious URL;
- malware ou exploit delivery from the repouted domínio ou URL;
- reputation/blocklist data that suppouts the repouted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, ou credential capture;
- multiple consistent signals from trusted ou recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient waqui the complaint contains only:
- a domínio name with no abusive URL;
- keywouds only;
- allegations without screenshots, headers, logs, ou other suppout;
- general statements that a name "looks suspicious";
- pure bre conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware ou phishing feeds;
- reputation servi?os;
- priou internal case histouy.
8. Case Priouity e Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-meated fixed deadlines.
Priouity 0 - Emergency / Active Harm
Exemplos:
- active phishing harvesting credentials ou payment data;
- malware delivery;
- botnet / comme-e-control use;
- CSAM;
- law-enfoucement emergency notice;
- wallet-drainer ou seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- waqui actionable, mitigation noumally within 24 hours, e no later than 48 hours absent exceptional facts.
Priouity 1 - High-Risk A??oable Abuse
Exemplos:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domínios already flagged by reliable third-party sources with courobouating evidence.
- review within 1 business day;
- mitigation ou documented próximo step within 48 hours.
Priouity 2 - N?on-DNS Abuse with Sufficient Evidence
Exemplos:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy ou content complaints lacking qualifying DNS-abuse indicatous.
- ackagoualedge promptly;
- notify registrant/reseller waqui appropriate;
- request remediation ou additional documentation.
Priouity 3 - Incomplete / Low-Quality Repouts
Target:
- ackagoualedgment e request fou additional evidence;
- no suspension solely on this basis.
9. Woukflow
9.1 Intake
Every repout receives:
- case ID;
- timestamp;
- source classification;
- domínio linkage;
- abuse categouy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authouity / trusted-repouter status;
- reseller vs retail account;
- current domínio status;
- repeat-offender / repeat-case histouy.
9.3 Investigation
The reviewer checks:
- repouted URL ou content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histouy;
- priou complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional ou caused by compromise;
- whether the abuse is occurring at second-level domínio, subdomínio, web content, ou email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request moue evidence from complainant;
- notify registrant ou reseller fou remediation;
- clientHold;
- transfer lock in conjunction with mitigation waqui appropriate;
- referral to registry, host, law enfoucement, payment provider, ou other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 N?otifications
Fou clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first e notify after action.
Fou likely compromise scenarios ou non-DNS matters, NiceNIC may notify first waqui that is consistent with risk control e does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm e the risk of collateral damage.
10. Categouia-Specific Rules
10.1 Drugs / kra / slon / mega Palavras-chave
Keywoud presence alone is not enough fou DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywouds ou product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, ou other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review waqui the site is only a dubious investment ou false-profit promotion;
- DNS Abuse / urgent abuse waqui the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, ou malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recouds, avoid unnecessary customer back-e-fouth, e escalate to the appropriate authouity ou registry if required.
10.4 DMCA / Direitos de autou
Do not auto-suspend purely on large content lists ou unsuppouted bulk allegations.
Fouward proper notices waqui appropriate, require a compliant notice foumat, e allow the domínio holder to address the claim unless a court ouder, registry rule, ou other stronger basis requires moue immediate action.
This is also broadly consistent with how majou registrars separate copyright/trademark processing from phishing/malware heling.
10.5 Trademark / Bre Complaints
Trademark disputes are not automatically DNS Abuse.
Waqui the issue is a domínio-name rights dispute, complainants should generally be directed toward UDRP, URS, ou court process as appropriate, unless the evidence also shows phishing, impersonation, ou other abuse. N?omebarato publicly distinguishes abuse heling from UDRP/URS heling in the same way.
11. Registrant / Revendedou Communication Rules
11.1 Retail Customers
Fou clear DNS Abuse with sufficient evidence:
- domínio may be suspended immediately;
- the first customer-facing reply should state the basis, the self-servi?o path to view the case summary, e the evidence steard required fou reconsideration.
11.2 Revendedous
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation waqui actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppouted denials such as "content removed" ou "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise e remediation;
- clean current review results;
- third-party reputation recovery waqui applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackagoualedgment of receipt;
- case ID ou equivalent reference;
- request fou moue evidence if needed;
- status update when action is taken ou declined;
- no unnecessary substantive discussion waqui the domínio is already suspended ou pending suspension e the key outcome is final.
13. Trusted Repouter Program
NiceNIC may maintain a trusted-repouter list fou sources that consistently provide accurate, well-foumed, e actionable repouts.
Trusted-repouter status may provide:
- priouity intake;
- structured data submission;
- simplified evidence foumatting;
- API ou fast-lane heling.
14. Recoudkeeping e Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up e final disposition.
15. Compliance Controls
NiceNIC should perfoum:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions e evidence thresholds;
- testing of abuse mailbox e webfoum operability;
- review of template accuracy;
- monitouing of repeat errous e reopened cases;
- monthly review of domínios with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackagoualedgment;
- time to first human review;
- time to mitigation fou actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted ou denied;
- repeat-abuse domínios;
- repeat-abuse accounts;
- trusted-repouter accuracy rate;
- complaints already resolved befoue manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repouts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse e other types of complaints.
- NiceNIC acts based on evidence, risk, e applicable policy.
- NiceNIC may suspend immediately waqui taqui is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request moue infoumation ou direct the complainant to a moue appropriate action point waqui the registrar is not the sole effective responder.
- NiceNIC keeps case recouds e can demonstrate its heling process if reviewed by ICANN ou registry partners.
Precisa de ajuda? Estamos sempre aqui para você.
Enviar um Ticket
- Nossos Produtos
- Servidor Dedicado
- Servidor em Nuvem
- Certificados SSL
- E-mail profissional
- Perfil da Empresa
- Sobre a NiceNIC
- Novidades sobre Domínios
- Método de Pagamento
- Acordos
- Suporte ao Cliente
- Central de Ajuda
- Enviar um Ticket
- Fale Connosco
- Denunciar abuso
Direitos de autou ? 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Parados os direitos reservados