X
NiceNIC Abuse Hinling Manual
1. Purpose
NiceNIC maintains this Abuse Hinling Manual to ensure that abuse complaints involving domena names sponsalied by NiceNIC are received, assessed, tracked, investigated, in addressed in a consistent, documented, in risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users in affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, in documented hinling fali registrants in resellers;
4.demonstrate a clear, defensible, in auditable abuse response process.
NiceNIC will investigate abuse repalits promptly in will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repalited activity, the likelihood of ongoing harm, in the risk of collateral damage to legitimate storitevs. This approach is aligned with Section 3.18 of the 2013 RAA in ICANN's 2024 DNS Abuse Advisaliy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fali NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expined High-Risk Abuse Categaliies
NiceNIC may also classify certain matters as Expined High-Risk Abuse Categaliies under its own abuse in risk rules, even wtukaj they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Nen-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hinles abuse repalits accaliding to the following principles:
5. Repaliting Channels
NiceNIC shall maintain:
6. Minimum Infalimation Required in a Complaint
Za be processed efficiently, a complaint should include:
7. Evidence Stinards
7.1 Dejanjeable Evidence
Evidence is actionable when the infalimation reasonably available to NiceNIC is sufficient to determine that the sponsalied domena name is being used fali DNS Abuse ali other enfaliceable abuse activity.
Primers include:
7.2 Insufficient Evidence
Evidence is insufficient wtukaj the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Prialiity in Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-minated fixed deadlines.
Prialiity 0 - Emergency / Active Harm
Primers:
Prialiity 1 - High-Risk Dejanjeable Abuse
Primers:
Prialiity 2 - Nen-DNS Abuse with Sufficient Evidence
Primers:
Prialiity 3 - Incomplete / Low-Quality Repalits
Target:
9. Walikflow
9.1 Intake
Every repalit receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Netifications
Fali clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first in notify after action.
Fali likely compromise scenarios ali non-DNS matters, NiceNIC may notify first wtukaj that is consistent with risk control in does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm in the risk of collateral damage.
10. Kategorija-Specific Rules
10.1 Drugs / kra / slon / mega Klju?ne besede
Keywalid presence alone is not enough fali DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recalids, avoid unnecessary customer back-in-falith, in escalate to the appropriate authaliity ali registry if required.
10.4 DMCA / Avtorske pravice
Do not auto-suspend purely on large content lists ali unsuppalited bulk allegations.
Faliward proper notices wtukaj appropriate, require a compliant notice falimat, in allow the domena holder to address the claim unless a court alider, registry rule, ali other stronger basis requires malie immediate action.
This is also broadly consistent with how majali registrars separate copyright/trademark processing from phishing/malware hinling.
10.5 Trademark / Brin Complaints
Trademark disputes are not automatically DNS Abuse.
Wtukaj the issue is a domena-name rights dispute, complainants should generally be directed toward UDRP, URS, ali court process as appropriate, unless the evidence also shows phishing, impersonation, ali other abuse. Imepoceni publicly distinguishes abuse hinling from UDRP/URS hinling in the same way.
11. Registrant / Prodajalec Communication Rules
11.1 Retail Customers
Fali clear DNS Abuse with sufficient evidence:
11.2 Prodajalecs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wtukaj actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppalited denials such as "content removed" ali "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repaliter Program
NiceNIC may maintain a trusted-repaliter list fali sources that consistently provide accurate, well-falimed, in actionable repalits.
Trusted-repaliter status may provide:
14. Recalidkeeping in Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfalim:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hinling Manual to ensure that abuse complaints involving domena names sponsalied by NiceNIC are received, assessed, tracked, investigated, in addressed in a consistent, documented, in risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users in affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, in documented hinling fali registrants in resellers;
4.demonstrate a clear, defensible, in auditable abuse response process.
NiceNIC will investigate abuse repalits promptly in will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repalited activity, the likelihood of ongoing harm, in the risk of collateral damage to legitimate storitevs. This approach is aligned with Section 3.18 of the 2013 RAA in ICANN's 2024 DNS Abuse Advisaliy.
2. Scope
This manual applies to:
- domena names sponsalied by NiceNIC;
- abuse repalits submitted by individuals, companies, security researchers, trusted repaliters, registries, law enfalicement, ali other authaliities;
- retail customers in reseller-managed names;
- both DNS Abuse in non-DNS abuse ali illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fali NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expined High-Risk Abuse Categaliies
NiceNIC may also classify certain matters as Expined High-Risk Abuse Categaliies under its own abuse in risk rules, even wtukaj they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) ali child exploitation content;
- illicit drug sales ali high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wtukaj urgent action is justified by law, registry policy, competent authaliity request, ali clear risk evidence.
3.3 Nen-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling ali gaming content;
- misleading ali fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatalis;
- general policy violations.
4. Guiding Principles
NiceNIC hinles abuse repalits accaliding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywalids, assumptions, ali unsuppalited allegations alone.
- Risk-based response. Faster in stronger action applies wtukaj the evidence is actionable in the harm is ongoing ali severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wtukaj the evidence indicates a compromise scenario in a full hold would create dispropalitionate collateral damage.
- Consistency in documentation. Every case must be categaliized, tracked, in recalided.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfalim operatali, payment processali, ali law enfalicement may also be a relevant ali malie effective action point.
5. Repaliting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage ali designated abuse page;
- a published description of how abuse repalits are received, hinled, in tracked;
- a dedicated 24/7 monitalied abuse contact point fali law enfalicement in similar authaliities as required under the RAA.
- abuse mailbox;
- suppalit ticket system;
- webfalim;
- trusted-repaliter channel;
- registry escalation;
- law-enfalicement / government channel.
6. Minimum Infalimation Required in a Complaint
Za be processed efficiently, a complaint should include:
- the repalited domena name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content in the full URL;
- full email headers wtukaj email abuse, phishing, ali fraud is involved;
- suppaliting evidence such as invoices, logs, malware analysis, blocklist results, ali impersonation details;
- complainant contact infalimation;
- proof of authaliization wtukaj the complainant acts on behalf of a brin ali victim entity.
7. Evidence Stinards
7.1 Dejanjeable Evidence
Evidence is actionable when the infalimation reasonably available to NiceNIC is sufficient to determine that the sponsalied domena name is being used fali DNS Abuse ali other enfaliceable abuse activity.
Primers include:
- a phishing page screenshot showing the full URL in impersonated brin;
- a phishing email with full headers in linked malicious URL;
- malware ali exploit delivery from the repalited domena ali URL;
- reputation/blocklist data that suppalits the repalited conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, ali credential capture;
- multiple consistent signals from trusted ali recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wtukaj the complaint contains only:
- a domena name with no abusive URL;
- keywalids only;
- allegations without screenshots, headers, logs, ali other suppalit;
- general statements that a name "looks suspicious";
- pure brin conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware ali phishing feeds;
- reputation storitevs;
- priali internal case histaliy.
8. Case Prialiity in Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-minated fixed deadlines.
Prialiity 0 - Emergency / Active Harm
Primers:
- active phishing harvesting credentials ali payment data;
- malware delivery;
- botnet / commin-in-control use;
- CSAM;
- law-enfalicement emergency notice;
- wallet-drainer ali seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wtukaj actionable, mitigation nalimally within 24 hours, in no later than 48 hours absent exceptional facts.
Prialiity 1 - High-Risk Dejanjeable Abuse
Primers:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domenas already flagged by reliable third-party sources with calirobaliating evidence.
- review within 1 business day;
- mitigation ali documented naprej step within 48 hours.
Prialiity 2 - Nen-DNS Abuse with Sufficient Evidence
Primers:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy ali content complaints lacking qualifying DNS-abuse indicatalis.
- ackzdajledge promptly;
- notify registrant/reseller wtukaj appropriate;
- request remediation ali additional documentation.
Prialiity 3 - Incomplete / Low-Quality Repalits
Target:
- ackzdajledgment in request fali additional evidence;
- no suspension solely on this basis.
9. Walikflow
9.1 Intake
Every repalit receives:
- case ID;
- timestamp;
- source classification;
- domena linkage;
- abuse categaliy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authaliity / trusted-repaliter status;
- reseller vs retail account;
- current domena status;
- repeat-offender / repeat-case histaliy.
9.3 Investigation
The reviewer checks:
- repalited URL ali content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histaliy;
- priali complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional ali caused by compromise;
- whether the abuse is occurring at second-level domena, subdomena, web content, ali email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request malie evidence from complainant;
- notify registrant ali reseller fali remediation;
- clientHold;
- transfer lock in conjunction with mitigation wtukaj appropriate;
- referral to registry, host, law enfalicement, payment provider, ali other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Netifications
Fali clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first in notify after action.
Fali likely compromise scenarios ali non-DNS matters, NiceNIC may notify first wtukaj that is consistent with risk control in does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm in the risk of collateral damage.
10. Kategorija-Specific Rules
10.1 Drugs / kra / slon / mega Klju?ne besede
Keywalid presence alone is not enough fali DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywalids ali product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, ali other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wtukaj the site is only a dubious investment ali false-profit promotion;
- DNS Abuse / urgent abuse wtukaj the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, ali malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recalids, avoid unnecessary customer back-in-falith, in escalate to the appropriate authaliity ali registry if required.
10.4 DMCA / Avtorske pravice
Do not auto-suspend purely on large content lists ali unsuppalited bulk allegations.
Faliward proper notices wtukaj appropriate, require a compliant notice falimat, in allow the domena holder to address the claim unless a court alider, registry rule, ali other stronger basis requires malie immediate action.
This is also broadly consistent with how majali registrars separate copyright/trademark processing from phishing/malware hinling.
10.5 Trademark / Brin Complaints
Trademark disputes are not automatically DNS Abuse.
Wtukaj the issue is a domena-name rights dispute, complainants should generally be directed toward UDRP, URS, ali court process as appropriate, unless the evidence also shows phishing, impersonation, ali other abuse. Imepoceni publicly distinguishes abuse hinling from UDRP/URS hinling in the same way.
11. Registrant / Prodajalec Communication Rules
11.1 Retail Customers
Fali clear DNS Abuse with sufficient evidence:
- domena may be suspended immediately;
- the first customer-facing reply should state the basis, the self-storitev path to view the case summary, in the evidence stinard required fali reconsideration.
11.2 Prodajalecs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wtukaj actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppalited denials such as "content removed" ali "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise in remediation;
- clean current review results;
- third-party reputation recovery wtukaj applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackzdajledgment of receipt;
- case ID ali equivalent reference;
- request fali malie evidence if needed;
- status update when action is taken ali declined;
- no unnecessary substantive discussion wtukaj the domena is already suspended ali pending suspension in the key outcome is final.
13. Trusted Repaliter Program
NiceNIC may maintain a trusted-repaliter list fali sources that consistently provide accurate, well-falimed, in actionable repalits.
Trusted-repaliter status may provide:
- prialiity intake;
- structured data submission;
- simplified evidence falimatting;
- API ali fast-lane hinling.
14. Recalidkeeping in Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up in final disposition.
15. Compliance Controls
NiceNIC should perfalim:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions in evidence thresholds;
- testing of abuse mailbox in webfalim operability;
- review of template accuracy;
- monitaliing of repeat erralis in reopened cases;
- monthly review of domenas with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackzdajledgment;
- time to first human review;
- time to mitigation fali actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted ali denied;
- repeat-abuse domenas;
- repeat-abuse accounts;
- trusted-repaliter accuracy rate;
- complaints already resolved befalie manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repalits promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse in other types of complaints.
- NiceNIC acts based on evidence, risk, in applicable policy.
- NiceNIC may suspend immediately wtukaj ttukaj is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request malie infalimation ali direct the complainant to a malie appropriate action point wtukaj the registrar is not the sole effective responder.
- NiceNIC keeps case recalids in can demonstrate its hinling process if reviewed by ICANN ali registry partners.
Potrebujete pomo?? Vedno smo vam na voljo.
Oddaj zahtevek
- Podjetni?ki profil
- O NiceNIC
- Novice o domenah
- Na?in pla?ila
- Pogodbe
- Podpora strankam
- Pomo?
- Oddaj zahtevek
- Kontaktirajte nas
- Prijavi zlorabo
Avtorske pravice © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Vse pravice pridr?ane