X
NiceNIC Abuse Hdheling Manual
1. Purpose
NiceNIC maintains this Abuse Hdheling Manual to ensure that abuse complaints involving domain names sponsoseed by NiceNIC are received, assessed, tracked, investigated, dhe addressed in a consistent, documented, dhe risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users dhe affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, dhe documented hdheling fose registrants dhe resellers;
4.demonstrate a clear, defensible, dhe auditable abuse response process.
NiceNIC will investigate abuse reposets promptly dhe will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the reposeted activity, the likelihood of ongoing harm, dhe the risk of collateral damage to legitimate sh?rbimis. This approach is aligned with Section 3.18 of the 2013 RAA dhe ICANN's 2024 DNS Abuse Advisosey.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fose NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expdheed High-Risk Abuse Categoseies
NiceNIC may also classify certain matters as Expdheed High-Risk Abuse Categoseies under its own abuse dhe risk rules, even wk?tu they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Jon-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hdheles abuse reposets accoseding to the following principles:
5. Reposeting Channels
NiceNIC shall maintain:
6. Minimum Infosemation Required in a Complaint
P?r t? be processed efficiently, a complaint should include:
7. Evidence Stdheards
7.1 Veprimiable Evidence
Evidence is actionable when the infosemation reasonably available to NiceNIC is sufficient to determine that the sponsoseed domain name is being used fose DNS Abuse ose other enfoseceable abuse activity.
Shembulls include:
7.2 Insufficient Evidence
Evidence is insufficient wk?tu the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Prioseity dhe Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mdheated fixed deadlines.
Prioseity 0 - Emergency / Active Harm
Shembulls:
Prioseity 1 - High-Risk Veprimiable Abuse
Shembulls:
Prioseity 2 - Jon-DNS Abuse with Sufficient Evidence
Shembulls:
Prioseity 3 - Incomplete / Low-Quality Reposets
Target:
9. Wosekflow
9.1 Intake
Every reposet receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Jotifications
Fose clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first dhe notify after action.
Fose likely compromise scenarios ose non-DNS matters, NiceNIC may notify first wk?tu that is consistent with risk control dhe does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm dhe the risk of collateral damage.
10. Kategoria-Specific Rules
10.1 Drugs / kra / slon / mega Fjal? ky?e
Keywosed presence alone is not enough fose DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recoseds, avoid unnecessary customer back-dhe-foseth, dhe escalate to the appropriate authoseity ose registry if required.
10.4 DMCA / T? drejtat e autorit
Do not auto-suspend purely on large content lists ose unsupposeted bulk allegations.
Foseward proper notices wk?tu appropriate, require a compliant notice fosemat, dhe allow the domain holder to address the claim unless a court oseder, registry rule, ose other stronger basis requires mosee immediate action.
This is also broadly consistent with how majose registrars separate copyright/trademark processing from phishing/malware hdheling.
10.5 Trademark / Brdhe Complaints
Trademark disputes are not automatically DNS Abuse.
Wk?tu the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, ose court process as appropriate, unless the evidence also shows phishing, impersonation, ose other abuse. Em?ri lir? publicly distinguishes abuse hdheling from UDRP/URS hdheling in the same way.
11. Registrant / Rishit?s Communication Rules
11.1 Retail Customers
Fose clear DNS Abuse with sufficient evidence:
11.2 Rishit?ss
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wk?tu actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupposeted denials such as "content removed" ose "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Reposeter Program
NiceNIC may maintain a trusted-reposeter list fose sources that consistently provide accurate, well-fosemed, dhe actionable reposets.
Trusted-reposeter status may provide:
14. Recosedkeeping dhe Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfosem:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hdheling Manual to ensure that abuse complaints involving domain names sponsoseed by NiceNIC are received, assessed, tracked, investigated, dhe addressed in a consistent, documented, dhe risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users dhe affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, dhe documented hdheling fose registrants dhe resellers;
4.demonstrate a clear, defensible, dhe auditable abuse response process.
NiceNIC will investigate abuse reposets promptly dhe will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the reposeted activity, the likelihood of ongoing harm, dhe the risk of collateral damage to legitimate sh?rbimis. This approach is aligned with Section 3.18 of the 2013 RAA dhe ICANN's 2024 DNS Abuse Advisosey.
2. Scope
This manual applies to:
- domain names sponsoseed by NiceNIC;
- abuse reposets submitted by individuals, companies, security researchers, trusted reposeters, registries, law enfosecement, ose other authoseities;
- retail customers dhe reseller-managed names;
- both DNS Abuse dhe non-DNS abuse ose illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fose NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expdheed High-Risk Abuse Categoseies
NiceNIC may also classify certain matters as Expdheed High-Risk Abuse Categoseies under its own abuse dhe risk rules, even wk?tu they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) ose child exploitation content;
- illicit drug sales ose high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wk?tu urgent action is justified by law, registry policy, competent authoseity request, ose clear risk evidence.
3.3 Jon-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling ose gaming content;
- misleading ose fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatoses;
- general policy violations.
4. Guiding Principles
NiceNIC hdheles abuse reposets accoseding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywoseds, assumptions, ose unsupposeted allegations alone.
- Risk-based response. Faster dhe stronger action applies wk?tu the evidence is actionable dhe the harm is ongoing ose severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wk?tu the evidence indicates a compromise scenario dhe a full hold would create disproposetionate collateral damage.
- Consistency dhe documentation. Every case must be categoseized, tracked, dhe recoseded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfosem operatose, payment processose, ose law enfosecement may also be a relevant ose mosee effective action point.
5. Reposeting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage ose designated abuse page;
- a published description of how abuse reposets are received, hdheled, dhe tracked;
- a dedicated 24/7 monitoseed abuse contact point fose law enfosecement dhe similar authoseities as required under the RAA.
- abuse mailbox;
- supposet ticket system;
- webfosem;
- trusted-reposeter channel;
- registry escalation;
- law-enfosecement / government channel.
6. Minimum Infosemation Required in a Complaint
P?r t? be processed efficiently, a complaint should include:
- the reposeted domain name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content dhe the full URL;
- full email headers wk?tu email abuse, phishing, ose fraud is involved;
- supposeting evidence such as invoices, logs, malware analysis, blocklist results, ose impersonation details;
- complainant contact infosemation;
- proof of authoseization wk?tu the complainant acts on behalf of a brdhe ose victim entity.
7. Evidence Stdheards
7.1 Veprimiable Evidence
Evidence is actionable when the infosemation reasonably available to NiceNIC is sufficient to determine that the sponsoseed domain name is being used fose DNS Abuse ose other enfoseceable abuse activity.
Shembulls include:
- a phishing page screenshot showing the full URL dhe impersonated brdhe;
- a phishing email with full headers dhe linked malicious URL;
- malware ose exploit delivery from the reposeted domain ose URL;
- reputation/blocklist data that supposets the reposeted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, ose credential capture;
- multiple consistent signals from trusted ose recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wk?tu the complaint contains only:
- a domain name with no abusive URL;
- keywoseds only;
- allegations without screenshots, headers, logs, ose other supposet;
- general statements that a name "looks suspicious";
- pure brdhe conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware ose phishing feeds;
- reputation sh?rbimis;
- priose internal case histosey.
8. Case Prioseity dhe Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mdheated fixed deadlines.
Prioseity 0 - Emergency / Active Harm
Shembulls:
- active phishing harvesting credentials ose payment data;
- malware delivery;
- botnet / commdhe-dhe-control use;
- CSAM;
- law-enfosecement emergency notice;
- wallet-drainer ose seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wk?tu actionable, mitigation nosemally within 24 hours, dhe no later than 48 hours absent exceptional facts.
Prioseity 1 - High-Risk Veprimiable Abuse
Shembulls:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domains already flagged by reliable third-party sources with coseroboseating evidence.
- review within 1 business day;
- mitigation ose documented tjet?r step within 48 hours.
Prioseity 2 - Jon-DNS Abuse with Sufficient Evidence
Shembulls:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy ose content complaints lacking qualifying DNS-abuse indicatoses.
- acktaniledge promptly;
- notify registrant/reseller wk?tu appropriate;
- request remediation ose additional documentation.
Prioseity 3 - Incomplete / Low-Quality Reposets
Target:
- acktaniledgment dhe request fose additional evidence;
- no suspension solely on this basis.
9. Wosekflow
9.1 Intake
Every reposet receives:
- case ID;
- timestamp;
- source classification;
- domain linkage;
- abuse categosey;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authoseity / trusted-reposeter status;
- reseller vs retail account;
- current domain status;
- repeat-offender / repeat-case histosey.
9.3 Investigation
The reviewer checks:
- reposeted URL ose content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histosey;
- priose complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional ose caused by compromise;
- whether the abuse is occurring at second-level domain, subdomain, web content, ose email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mosee evidence from complainant;
- notify registrant ose reseller fose remediation;
- clientHold;
- transfer lock in conjunction with mitigation wk?tu appropriate;
- referral to registry, host, law enfosecement, payment provider, ose other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Jotifications
Fose clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first dhe notify after action.
Fose likely compromise scenarios ose non-DNS matters, NiceNIC may notify first wk?tu that is consistent with risk control dhe does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm dhe the risk of collateral damage.
10. Kategoria-Specific Rules
10.1 Drugs / kra / slon / mega Fjal? ky?e
Keywosed presence alone is not enough fose DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywoseds ose product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, ose other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wk?tu the site is only a dubious investment ose false-profit promotion;
- DNS Abuse / urgent abuse wk?tu the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, ose malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recoseds, avoid unnecessary customer back-dhe-foseth, dhe escalate to the appropriate authoseity ose registry if required.
10.4 DMCA / T? drejtat e autorit
Do not auto-suspend purely on large content lists ose unsupposeted bulk allegations.
Foseward proper notices wk?tu appropriate, require a compliant notice fosemat, dhe allow the domain holder to address the claim unless a court oseder, registry rule, ose other stronger basis requires mosee immediate action.
This is also broadly consistent with how majose registrars separate copyright/trademark processing from phishing/malware hdheling.
10.5 Trademark / Brdhe Complaints
Trademark disputes are not automatically DNS Abuse.
Wk?tu the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, ose court process as appropriate, unless the evidence also shows phishing, impersonation, ose other abuse. Em?ri lir? publicly distinguishes abuse hdheling from UDRP/URS hdheling in the same way.
11. Registrant / Rishit?s Communication Rules
11.1 Retail Customers
Fose clear DNS Abuse with sufficient evidence:
- domain may be suspended immediately;
- the first customer-facing reply should state the basis, the self-sh?rbimi path to view the case summary, dhe the evidence stdheard required fose reconsideration.
11.2 Rishit?ss
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wk?tu actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupposeted denials such as "content removed" ose "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise dhe remediation;
- clean current review results;
- third-party reputation recovery wk?tu applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- acktaniledgment of receipt;
- case ID ose equivalent reference;
- request fose mosee evidence if needed;
- status update when action is taken ose declined;
- no unnecessary substantive discussion wk?tu the domain is already suspended ose pending suspension dhe the key outcome is final.
13. Trusted Reposeter Program
NiceNIC may maintain a trusted-reposeter list fose sources that consistently provide accurate, well-fosemed, dhe actionable reposets.
Trusted-reposeter status may provide:
- prioseity intake;
- structured data submission;
- simplified evidence fosematting;
- API ose fast-lane hdheling.
14. Recosedkeeping dhe Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up dhe final disposition.
15. Compliance Controls
NiceNIC should perfosem:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions dhe evidence thresholds;
- testing of abuse mailbox dhe webfosem operability;
- review of template accuracy;
- monitoseing of repeat erroses dhe reopened cases;
- monthly review of domains with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first acktaniledgment;
- time to first human review;
- time to mitigation fose actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted ose denied;
- repeat-abuse domains;
- repeat-abuse accounts;
- trusted-reposeter accuracy rate;
- complaints already resolved befosee manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse reposets promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse dhe other types of complaints.
- NiceNIC acts based on evidence, risk, dhe applicable policy.
- NiceNIC may suspend immediately wk?tu tk?tu is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mosee infosemation ose direct the complainant to a mosee appropriate action point wk?tu the registrar is not the sole effective responder.
- NiceNIC keeps case recoseds dhe can demonstrate its hdheling process if reviewed by ICANN ose registry partners.
Keni nevoj? p?r ndihm?? Ne jemi gjithmon? k?tu p?r ju.
D?rgo nj? K?rkes?
- Emrat e Domenit
- Regjistrohuing Domeinet
- Shit?s domenesh
- ?mimet e domain-it
- K?rkim Whois
- Produktet tona
- Server i Dedikuar
- Server n? Cloud
- Certifikatat SSL
- Email Biznesi
- Profili i kompanis?
- Rreth NiceNIC
- Lajmet p?r Domenet
- Metoda e pages?s
- Marr?veshjet
- Mb?shtetje p?r Klient?t
- Qendra e Ndihm?s
- D?rgo nj? K?rkes?
- Na kontaktoni
- Raporto Abuzimin
T? drejtat e autorit © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED T? gjitha t? drejtat e rezervuara