X
NiceNIC Abuse HАling Manual
1. Purpose
NiceNIC maintains this Abuse HАling Manual to ensure that abuse complaints involving Доменное имя names spons Илиed by NiceNIC are received, assessed, tracked, investigated, А addressed in a consistent, documented, А risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users А affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, А documented hАling f Или registrants А resellers;
4.demonstrate a clear, defensible, А auditable abuse response process.
NiceNIC will investigate abuse rep Илиts promptly А will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the rep Илиted activity, the likelihood of ongoing harm, А the risk of collateral damage to legitimate обслуживаниеs. This approach is aligned with Section 3.18 of the 2013 RAA А ICANN's 2024 DNS Abuse Advis Илиy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
F Или NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC ExpАed High-Risk Abuse Categ Илиies
NiceNIC may also classify certain matters as ExpАed High-Risk Abuse Categ Илиies under its own abuse А risk rules, even wздесь they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Нет!n-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hАles abuse rep Илиts acc Илиding to the following principles:
5. Rep Илиting Channels
NiceNIC shall maintain:
6. Minimum Inf Илиmation Required in a Complaint
Б be processed efficiently, a complaint should include:
7. Evidence StАards
7.1 Действияable Evidence
Evidence is actionable when the inf Илиmation reasonably available to NiceNIC is sufficient to determine that the spons Илиed Доменное имя name is being used f Или DNS Abuse Или other enf Илиceable abuse activity.
Примерs include:
7.2 Insufficient Evidence
Evidence is insufficient wздесь the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Pri Илиity А Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mАated fixed deadlines.
Pri Илиity 0 - Emergency / Active Harm
Примерs:
Pri Илиity 1 - High-Risk Действияable Abuse
Примерs:
Pri Илиity 2 - Нет!n-DNS Abuse with Sufficient Evidence
Примерs:
Pri Илиity 3 - Incomplete / Low-Quality Rep Илиts
Target:
9. W Илиkflow
9.1 Intake
Every rep Илиt receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Нет!tifications
F Или clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first А notify after action.
F Или likely compromise scenarios Или non-DNS matters, NiceNIC may notify first wздесь that is consistent with risk control А does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm А the risk of collateral damage.
10. Категория-Specific Rules
10.1 Drugs / kra / slon / mega Ключевые слова
Keyw Илиd presence alone is not enough f Или DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve rec Илиds, avoid unnecessary customer back-А-f Илиth, А escalate to the appropriate auth Илиity Или registry if required.
10.4 DMCA / Авторское право
Do not auto-suspend purely on large content lists Или unsupp Илиted bulk allegations.
F Илиward proper notices wздесь appropriate, require a compliant notice f Илиmat, А allow the Доменное имя holder to address the claim unless a court Илиder, registry rule, Или other stronger basis requires m Илиe immediate action.
This is also broadly consistent with how maj Или registrars separate copyright/trademark processing from phishing/malware hАling.
10.5 Trademark / BrА Complaints
Trademark disputes are not automatically DNS Abuse.
Wздесь the issue is a Доменное имя-name rights dispute, complainants should generally be directed toward UDRP, URS, Или court process as appropriate, unless the evidence also shows phishing, impersonation, Или other abuse. ИмяДешево publicly distinguishes abuse hАling from UDRP/URS hАling in the same way.
11. Registrant / Реселлер Communication Rules
11.1 Retail Customers
F Или clear DNS Abuse with sufficient evidence:
11.2 Реселлерs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wздесь actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupp Илиted denials such as "content removed" Или "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Rep Илиter Program
NiceNIC may maintain a trusted-rep Илиter list f Или sources that consistently provide accurate, well-f Илиmed, А actionable rep Илиts.
Trusted-rep Илиter status may provide:
14. Rec Илиdkeeping А Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perf Илиm:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse HАling Manual to ensure that abuse complaints involving Доменное имя names spons Илиed by NiceNIC are received, assessed, tracked, investigated, А addressed in a consistent, documented, А risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users А affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, А documented hАling f Или registrants А resellers;
4.demonstrate a clear, defensible, А auditable abuse response process.
NiceNIC will investigate abuse rep Илиts promptly А will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the rep Илиted activity, the likelihood of ongoing harm, А the risk of collateral damage to legitimate обслуживаниеs. This approach is aligned with Section 3.18 of the 2013 RAA А ICANN's 2024 DNS Abuse Advis Илиy.
2. Scope
This manual applies to:
- Доменное имя names spons Илиed by NiceNIC;
- abuse rep Илиts submitted by individuals, companies, security researchers, trusted rep Илиters, registries, law enf Илиcement, Или other auth Илиities;
- retail customers А reseller-managed names;
- both DNS Abuse А non-DNS abuse Или illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
F Или NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC ExpАed High-Risk Abuse Categ Илиies
NiceNIC may also classify certain matters as ExpАed High-Risk Abuse Categ Илиies under its own abuse А risk rules, even wздесь they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) Или child exploitation content;
- illicit drug sales Или high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wздесь urgent action is justified by law, registry policy, competent auth Илиity request, Или clear risk evidence.
3.3 Нет!n-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling Или gaming content;
- misleading Или fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicat Илиs;
- general policy violations.
4. Guiding Principles
NiceNIC hАles abuse rep Илиts acc Илиding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keyw Илиds, assumptions, Или unsupp Илиted allegations alone.
- Risk-based response. Faster А stronger action applies wздесь the evidence is actionable А the harm is ongoing Или severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wздесь the evidence indicates a compromise scenario А a full hold would create disprop Илиtionate collateral damage.
- Consistency А documentation. Every case must be categ Илиized, tracked, А rec Илиded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platf Илиm operat Или, payment process Или, Или law enf Илиcement may also be a relevant Или m Илиe effective action point.
5. Rep Илиting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage Или designated abuse page;
- a published description of how abuse rep Илиts are received, hАled, А tracked;
- a dedicated 24/7 monit Илиed abuse contact point f Или law enf Илиcement А similar auth Илиities as required under the RAA.
- abuse mailbox;
- supp Илиt ticket system;
- webf Илиm;
- trusted-rep Илиter channel;
- registry escalation;
- law-enf Илиcement / government channel.
6. Minimum Inf Илиmation Required in a Complaint
Б be processed efficiently, a complaint should include:
- the rep Илиted Доменное имя name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content А the full URL;
- full email headers wздесь email abuse, phishing, Или fraud is involved;
- supp Илиting evidence such as invoices, logs, malware analysis, blocklist results, Или impersonation details;
- complainant contact inf Илиmation;
- proof of auth Илиization wздесь the complainant acts on behalf of a brА Или victim entity.
7. Evidence StАards
7.1 Действияable Evidence
Evidence is actionable when the inf Илиmation reasonably available to NiceNIC is sufficient to determine that the spons Илиed Доменное имя name is being used f Или DNS Abuse Или other enf Илиceable abuse activity.
Примерs include:
- a phishing page screenshot showing the full URL А impersonated brА;
- a phishing email with full headers А linked malicious URL;
- malware Или exploit delivery from the rep Илиted Доменное имя Или URL;
- reputation/blocklist data that supp Илиts the rep Илиted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, Или credential capture;
- multiple consistent signals from trusted Или recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wздесь the complaint contains only:
- a Доменное имя name with no abusive URL;
- keyw Илиds only;
- allegations without screenshots, headers, logs, Или other supp Илиt;
- general statements that a name "looks suspicious";
- pure brА conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware Или phishing feeds;
- reputation обслуживаниеs;
- pri Или internal case hist Илиy.
8. Case Pri Илиity А Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mАated fixed deadlines.
Pri Илиity 0 - Emergency / Active Harm
Примерs:
- active phishing harvesting credentials Или payment data;
- malware delivery;
- botnet / commА-А-control use;
- CSAM;
- law-enf Илиcement emergency notice;
- wallet-drainer Или seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wздесь actionable, mitigation n Илиmally within 24 hours, А no later than 48 hours absent exceptional facts.
Pri Илиity 1 - High-Risk Действияable Abuse
Примерs:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- Доменное имяs already flagged by reliable third-party sources with c Илиrob Илиating evidence.
- review within 1 business day;
- mitigation Или documented следующий step within 48 hours.
Pri Илиity 2 - Нет!n-DNS Abuse with Sufficient Evidence
Примерs:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy Или content complaints lacking qualifying DNS-abuse indicat Илиs.
- ackсейчасledge promptly;
- notify registrant/reseller wздесь appropriate;
- request remediation Или additional documentation.
Pri Илиity 3 - Incomplete / Low-Quality Rep Илиts
Target:
- ackсейчасledgment А request f Или additional evidence;
- no suspension solely on this basis.
9. W Илиkflow
9.1 Intake
Every rep Илиt receives:
- case ID;
- timestamp;
- source classification;
- Доменное имя linkage;
- abuse categ Илиy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- auth Илиity / trusted-rep Илиter status;
- reseller vs retail account;
- current Доменное имя status;
- repeat-offender / repeat-case hist Илиy.
9.3 Investigation
The reviewer checks:
- rep Илиted URL Или content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account hist Илиy;
- pri Или complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional Или caused by compromise;
- whether the abuse is occurring at second-level Доменное имя, subДоменное имя, web content, Или email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request m Илиe evidence from complainant;
- notify registrant Или reseller f Или remediation;
- clientHold;
- transfer lock in conjunction with mitigation wздесь appropriate;
- referral to registry, host, law enf Илиcement, payment provider, Или other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Нет!tifications
F Или clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first А notify after action.
F Или likely compromise scenarios Или non-DNS matters, NiceNIC may notify first wздесь that is consistent with risk control А does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm А the risk of collateral damage.
10. Категория-Specific Rules
10.1 Drugs / kra / slon / mega Ключевые слова
Keyw Илиd presence alone is not enough f Или DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keyw Илиds Или product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, Или other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wздесь the site is only a dubious investment Или false-profit promotion;
- DNS Abuse / urgent abuse wздесь the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, Или malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve rec Илиds, avoid unnecessary customer back-А-f Илиth, А escalate to the appropriate auth Илиity Или registry if required.
10.4 DMCA / Авторское право
Do not auto-suspend purely on large content lists Или unsupp Илиted bulk allegations.
F Илиward proper notices wздесь appropriate, require a compliant notice f Илиmat, А allow the Доменное имя holder to address the claim unless a court Илиder, registry rule, Или other stronger basis requires m Илиe immediate action.
This is also broadly consistent with how maj Или registrars separate copyright/trademark processing from phishing/malware hАling.
10.5 Trademark / BrА Complaints
Trademark disputes are not automatically DNS Abuse.
Wздесь the issue is a Доменное имя-name rights dispute, complainants should generally be directed toward UDRP, URS, Или court process as appropriate, unless the evidence also shows phishing, impersonation, Или other abuse. ИмяДешево publicly distinguishes abuse hАling from UDRP/URS hАling in the same way.
11. Registrant / Реселлер Communication Rules
11.1 Retail Customers
F Или clear DNS Abuse with sufficient evidence:
- Доменное имя may be suspended immediately;
- the first customer-facing reply should state the basis, the self-обслуживание path to view the case summary, А the evidence stАard required f Или reconsideration.
11.2 Реселлерs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wздесь actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupp Илиted denials such as "content removed" Или "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise А remediation;
- clean current review results;
- third-party reputation recovery wздесь applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackсейчасledgment of receipt;
- case ID Или equivalent reference;
- request f Или m Илиe evidence if needed;
- status update when action is taken Или declined;
- no unnecessary substantive discussion wздесь the Доменное имя is already suspended Или pending suspension А the key outcome is final.
13. Trusted Rep Илиter Program
NiceNIC may maintain a trusted-rep Илиter list f Или sources that consistently provide accurate, well-f Илиmed, А actionable rep Илиts.
Trusted-rep Илиter status may provide:
- pri Илиity intake;
- structured data submission;
- simplified evidence f Илиmatting;
- АПИ Или fast-lane hАling.
14. Rec Илиdkeeping А Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up А final disposition.
15. Compliance Controls
NiceNIC should perf Илиm:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions А evidence thresholds;
- testing of abuse mailbox А webf Илиm operability;
- review of template accuracy;
- monit Илиing of repeat err Илиs А reopened cases;
- monthly review of Доменное имяs with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackсейчасledgment;
- time to first human review;
- time to mitigation f Или actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted Или denied;
- repeat-abuse Доменное имяs;
- repeat-abuse accounts;
- trusted-rep Илиter accuracy rate;
- complaints already resolved bef Илиe manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse rep Илиts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse А other types of complaints.
- NiceNIC acts based on evidence, risk, А applicable policy.
- NiceNIC may suspend immediately wздесь tздесь is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request m Илиe inf Илиmation Или direct the complainant to a m Илиe appropriate action point wздесь the registrar is not the sole effective responder.
- NiceNIC keeps case rec Илиds А can demonstrate its hАling process if reviewed by ICANN Или registry partners.
Требуется помощь? Мы всегда здесь для вас.
Отправить запрос
- Доменные имена
- Регистрацияing Доменами
- Доменные реселлеры
- Цены на домены
- Проверка Whois
- Компания
- О NiceNIC
- Новости доменов
- Способы оплаты
- Соглашения
- Поддержка клиентов
- Центр помощи
- Отправить запрос
- Свяжитесь с нами
- Сообщить об абузе
Авторское право ? 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Все права защищены