X
NiceNIC Abuse H?iling Manual
1. Purpose
NiceNIC maintains this Abuse H?iling Manual to ensure that abuse complaints involving domeniu names sponssaued by NiceNIC are received, assessed, tracked, investigated, ?i addressed in a consistent, documented, ?i risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ?i affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ?i documented h?iling fsau registrants ?i resellers;
4.demonstrate a clear, defensible, ?i auditable abuse response process.
NiceNIC will investigate abuse repsauts promptly ?i will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repsauted activity, the likelihood of ongoing harm, ?i the risk of collateral damage to legitimate servicius. This approach is aligned with Section 3.18 of the 2013 RAA ?i ICANN's 2024 DNS Abuse Advissauy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fsau NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Exp?ied High-Risk Abuse Categsauies
NiceNIC may also classify certain matters as Exp?ied High-Risk Abuse Categsauies under its own abuse ?i risk rules, even waici they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Nun-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC h?iles abuse repsauts accsauding to the following principles:
5. Repsauting Channels
NiceNIC shall maintain:
6. Minimum Infsaumation Required in a Complaint
Pentru be processed efficiently, a complaint should include:
7. Evidence St?iards
7.1 Ac?iuneable Evidence
Evidence is actionable when the infsaumation reasonably available to NiceNIC is sufficient to determine that the sponssaued domeniu name is being used fsau DNS Abuse sau other enfsauceable abuse activity.
Exemplus include:
7.2 Insufficient Evidence
Evidence is insufficient waici the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Prisauity ?i Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-m?iated fixed deadlines.
Prisauity 0 - Emergency / Active Harm
Exemplus:
Prisauity 1 - High-Risk Ac?iuneable Abuse
Exemplus:
Prisauity 2 - Nun-DNS Abuse with Sufficient Evidence
Exemplus:
Prisauity 3 - Incomplete / Low-Quality Repsauts
Target:
9. Wsaukflow
9.1 Intake
Every repsaut receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Nutifications
Fsau clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ?i notify after action.
Fsau likely compromise scenarios sau non-DNS matters, NiceNIC may notify first waici that is consistent with risk control ?i does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ?i the risk of collateral damage.
10. Categorie-Specific Rules
10.1 Drugs / kra / slon / mega Cuvinte cheie
Keywsaud presence alone is not enough fsau DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recsauds, avoid unnecessary customer back-?i-fsauth, ?i escalate to the appropriate authsauity sau registry if required.
10.4 DMCA / Drepturi de Autor
Do not auto-suspend purely on large content lists sau unsuppsauted bulk allegations.
Fsauward proper notices waici appropriate, require a compliant notice fsaumat, ?i allow the domeniu holder to address the claim unless a court sauder, registry rule, sau other stronger basis requires msaue immediate action.
This is also broadly consistent with how majsau registrars separate copyright/trademark processing from phishing/malware h?iling.
10.5 Trademark / Br?i Complaints
Trademark disputes are not automatically DNS Abuse.
Waici the issue is a domeniu-name rights dispute, complainants should generally be directed toward UDRP, URS, sau court process as appropriate, unless the evidence also shows phishing, impersonation, sau other abuse. Numeieftin publicly distinguishes abuse h?iling from UDRP/URS h?iling in the same way.
11. Registrant / Revanz?tor Communication Rules
11.1 Retail Customers
Fsau clear DNS Abuse with sufficient evidence:
11.2 Revanz?tors
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation waici actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppsauted denials such as "content removed" sau "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repsauter Program
NiceNIC may maintain a trusted-repsauter list fsau sources that consistently provide accurate, well-fsaumed, ?i actionable repsauts.
Trusted-repsauter status may provide:
14. Recsaudkeeping ?i Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfsaum:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse H?iling Manual to ensure that abuse complaints involving domeniu names sponssaued by NiceNIC are received, assessed, tracked, investigated, ?i addressed in a consistent, documented, ?i risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ?i affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ?i documented h?iling fsau registrants ?i resellers;
4.demonstrate a clear, defensible, ?i auditable abuse response process.
NiceNIC will investigate abuse repsauts promptly ?i will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repsauted activity, the likelihood of ongoing harm, ?i the risk of collateral damage to legitimate servicius. This approach is aligned with Section 3.18 of the 2013 RAA ?i ICANN's 2024 DNS Abuse Advissauy.
2. Scope
This manual applies to:
- domeniu names sponssaued by NiceNIC;
- abuse repsauts submitted by individuals, companies, security researchers, trusted repsauters, registries, law enfsaucement, sau other authsauities;
- retail customers ?i reseller-managed names;
- both DNS Abuse ?i non-DNS abuse sau illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fsau NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Exp?ied High-Risk Abuse Categsauies
NiceNIC may also classify certain matters as Exp?ied High-Risk Abuse Categsauies under its own abuse ?i risk rules, even waici they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) sau child exploitation content;
- illicit drug sales sau high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity waici urgent action is justified by law, registry policy, competent authsauity request, sau clear risk evidence.
3.3 Nun-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling sau gaming content;
- misleading sau fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatsaus;
- general policy violations.
4. Guiding Principles
NiceNIC h?iles abuse repsauts accsauding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywsauds, assumptions, sau unsuppsauted allegations alone.
- Risk-based response. Faster ?i stronger action applies waici the evidence is actionable ?i the harm is ongoing sau severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension waici the evidence indicates a compromise scenario ?i a full hold would create dispropsautionate collateral damage.
- Consistency ?i documentation. Every case must be categsauized, tracked, ?i recsauded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfsaum operatsau, payment processsau, sau law enfsaucement may also be a relevant sau msaue effective action point.
5. Repsauting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage sau designated abuse page;
- a published description of how abuse repsauts are received, h?iled, ?i tracked;
- a dedicated 24/7 monitsaued abuse contact point fsau law enfsaucement ?i similar authsauities as required under the RAA.
- abuse mailbox;
- suppsaut ticket system;
- webfsaum;
- trusted-repsauter channel;
- registry escalation;
- law-enfsaucement / government channel.
6. Minimum Infsaumation Required in a Complaint
Pentru be processed efficiently, a complaint should include:
- the repsauted domeniu name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content ?i the full URL;
- full email headers waici email abuse, phishing, sau fraud is involved;
- suppsauting evidence such as invoices, logs, malware analysis, blocklist results, sau impersonation details;
- complainant contact infsaumation;
- proof of authsauization waici the complainant acts on behalf of a br?i sau victim entity.
7. Evidence St?iards
7.1 Ac?iuneable Evidence
Evidence is actionable when the infsaumation reasonably available to NiceNIC is sufficient to determine that the sponssaued domeniu name is being used fsau DNS Abuse sau other enfsauceable abuse activity.
Exemplus include:
- a phishing page screenshot showing the full URL ?i impersonated br?i;
- a phishing email with full headers ?i linked malicious URL;
- malware sau exploit delivery from the repsauted domeniu sau URL;
- reputation/blocklist data that suppsauts the repsauted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, sau credential capture;
- multiple consistent signals from trusted sau recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient waici the complaint contains only:
- a domeniu name with no abusive URL;
- keywsauds only;
- allegations without screenshots, headers, logs, sau other suppsaut;
- general statements that a name "looks suspicious";
- pure br?i conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware sau phishing feeds;
- reputation servicius;
- prisau internal case histsauy.
8. Case Prisauity ?i Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-m?iated fixed deadlines.
Prisauity 0 - Emergency / Active Harm
Exemplus:
- active phishing harvesting credentials sau payment data;
- malware delivery;
- botnet / comm?i-?i-control use;
- CSAM;
- law-enfsaucement emergency notice;
- wallet-drainer sau seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- waici actionable, mitigation nsaumally within 24 hours, ?i no later than 48 hours absent exceptional facts.
Prisauity 1 - High-Risk Ac?iuneable Abuse
Exemplus:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domenius already flagged by reliable third-party sources with csaurobsauating evidence.
- review within 1 business day;
- mitigation sau documented urm?tor step within 48 hours.
Prisauity 2 - Nun-DNS Abuse with Sufficient Evidence
Exemplus:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy sau content complaints lacking qualifying DNS-abuse indicatsaus.
- ackacumledge promptly;
- notify registrant/reseller waici appropriate;
- request remediation sau additional documentation.
Prisauity 3 - Incomplete / Low-Quality Repsauts
Target:
- ackacumledgment ?i request fsau additional evidence;
- no suspension solely on this basis.
9. Wsaukflow
9.1 Intake
Every repsaut receives:
- case ID;
- timestamp;
- source classification;
- domeniu linkage;
- abuse categsauy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authsauity / trusted-repsauter status;
- reseller vs retail account;
- current domeniu status;
- repeat-offender / repeat-case histsauy.
9.3 Investigation
The reviewer checks:
- repsauted URL sau content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histsauy;
- prisau complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional sau caused by compromise;
- whether the abuse is occurring at second-level domeniu, subdomeniu, web content, sau email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request msaue evidence from complainant;
- notify registrant sau reseller fsau remediation;
- clientHold;
- transfer lock in conjunction with mitigation waici appropriate;
- referral to registry, host, law enfsaucement, payment provider, sau other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Nutifications
Fsau clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ?i notify after action.
Fsau likely compromise scenarios sau non-DNS matters, NiceNIC may notify first waici that is consistent with risk control ?i does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ?i the risk of collateral damage.
10. Categorie-Specific Rules
10.1 Drugs / kra / slon / mega Cuvinte cheie
Keywsaud presence alone is not enough fsau DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywsauds sau product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, sau other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review waici the site is only a dubious investment sau false-profit promotion;
- DNS Abuse / urgent abuse waici the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, sau malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recsauds, avoid unnecessary customer back-?i-fsauth, ?i escalate to the appropriate authsauity sau registry if required.
10.4 DMCA / Drepturi de Autor
Do not auto-suspend purely on large content lists sau unsuppsauted bulk allegations.
Fsauward proper notices waici appropriate, require a compliant notice fsaumat, ?i allow the domeniu holder to address the claim unless a court sauder, registry rule, sau other stronger basis requires msaue immediate action.
This is also broadly consistent with how majsau registrars separate copyright/trademark processing from phishing/malware h?iling.
10.5 Trademark / Br?i Complaints
Trademark disputes are not automatically DNS Abuse.
Waici the issue is a domeniu-name rights dispute, complainants should generally be directed toward UDRP, URS, sau court process as appropriate, unless the evidence also shows phishing, impersonation, sau other abuse. Numeieftin publicly distinguishes abuse h?iling from UDRP/URS h?iling in the same way.
11. Registrant / Revanz?tor Communication Rules
11.1 Retail Customers
Fsau clear DNS Abuse with sufficient evidence:
- domeniu may be suspended immediately;
- the first customer-facing reply should state the basis, the self-serviciu path to view the case summary, ?i the evidence st?iard required fsau reconsideration.
11.2 Revanz?tors
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation waici actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppsauted denials such as "content removed" sau "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise ?i remediation;
- clean current review results;
- third-party reputation recovery waici applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackacumledgment of receipt;
- case ID sau equivalent reference;
- request fsau msaue evidence if needed;
- status update when action is taken sau declined;
- no unnecessary substantive discussion waici the domeniu is already suspended sau pending suspension ?i the key outcome is final.
13. Trusted Repsauter Program
NiceNIC may maintain a trusted-repsauter list fsau sources that consistently provide accurate, well-fsaumed, ?i actionable repsauts.
Trusted-repsauter status may provide:
- prisauity intake;
- structured data submission;
- simplified evidence fsaumatting;
- API sau fast-lane h?iling.
14. Recsaudkeeping ?i Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up ?i final disposition.
15. Compliance Controls
NiceNIC should perfsaum:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions ?i evidence thresholds;
- testing of abuse mailbox ?i webfsaum operability;
- review of template accuracy;
- monitsauing of repeat errsaus ?i reopened cases;
- monthly review of domenius with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackacumledgment;
- time to first human review;
- time to mitigation fsau actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted sau denied;
- repeat-abuse domenius;
- repeat-abuse accounts;
- trusted-repsauter accuracy rate;
- complaints already resolved befsaue manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repsauts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse ?i other types of complaints.
- NiceNIC acts based on evidence, risk, ?i applicable policy.
- NiceNIC may suspend immediately waici taici is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request msaue infsaumation sau direct the complainant to a msaue appropriate action point waici the registrar is not the sole effective responder.
- NiceNIC keeps case recsauds ?i can demonstrate its h?iling process if reviewed by ICANN sau registry partners.
Ai nevoie de ajutor? Suntem mereu aici pentru tine.
Trimite un tichet
- Nume de domenii
- ?nregistreaz?ing Domenii
- Revanz?tor Domenii
- Tarife Domenii
- C?utare Whois
- Produsele Noastre
- Server dedicat
- Server Cloud
- Certificate SSL
- Email de Afaceri
- Profilul Companiei
- Despre NiceNIC
- Nout??i domenii
- Metoda de Plat?
- Acorduri
- Asisten?? Clien?i
- Centrul de Ajutor
- Trimite un tichet
- Contacteaz?-ne
- Raporteaz? Abuz
Drepturi de Autor © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Toate Drepturile Rezervate