X
NiceNIC Abuse H?ling Manual
1. Purpose
NiceNIC maintains this Abuse H?ling Manual to ensure that abuse complaints involving домен names sponsабоed by NiceNIC are received, assessed, tracked, investigated, ? addressed in a consistent, documented, ? risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ? affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ? documented h?ling fабо registrants ? resellers;
4.demonstrate a clear, defensible, ? auditable abuse response process.
NiceNIC will investigate abuse repабоts promptly ? will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repабоted activity, the likelihood of ongoing harm, ? the risk of collateral damage to legitimate послугаs. This approach is aligned with Section 3.18 of the 2013 RAA ? ICANN's 2024 DNS Abuse Advisабоy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fабо NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Exp?ed High-Risk Abuse Categабоies
NiceNIC may also classify certain matters as Exp?ed High-Risk Abuse Categабоies under its own abuse ? risk rules, even wтут they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Н?n-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC h?les abuse repабоts accабоding to the following principles:
5. Repабоting Channels
NiceNIC shall maintain:
6. Minimum Infабоmation Required in a Complaint
До be processed efficiently, a complaint should include:
7. Evidence St?ards
7.1 Д?яable Evidence
Evidence is actionable when the infабоmation reasonably available to NiceNIC is sufficient to determine that the sponsабоed домен name is being used fабо DNS Abuse або other enfабоceable abuse activity.
Прикладs include:
7.2 Insufficient Evidence
Evidence is insufficient wтут the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priабоity ? Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-m?ated fixed deadlines.
Priабоity 0 - Emergency / Active Harm
Прикладs:
Priабоity 1 - High-Risk Д?яable Abuse
Прикладs:
Priабоity 2 - Н?n-DNS Abuse with Sufficient Evidence
Прикладs:
Priабоity 3 - Incomplete / Low-Quality Repабоts
Target:
9. Wабоkflow
9.1 Intake
Every repабоt receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Н?tifications
Fабо clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ? notify after action.
Fабо likely compromise scenarios або non-DNS matters, NiceNIC may notify first wтут that is consistent with risk control ? does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ? the risk of collateral damage.
10. Категор?я-Specific Rules
10.1 Drugs / kra / slon / mega Ключов? слова
Keywабоd presence alone is not enough fабо DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recабоds, avoid unnecessary customer back-?-fабоth, ? escalate to the appropriate authабоity або registry if required.
10.4 DMCA / Авторське право
Do not auto-suspend purely on large content lists або unsuppабоted bulk allegations.
Fабоward proper notices wтут appropriate, require a compliant notice fабоmat, ? allow the домен holder to address the claim unless a court абоder, registry rule, або other stronger basis requires mабоe immediate action.
This is also broadly consistent with how majабо registrars separate copyright/trademark processing from phishing/malware h?ling.
10.5 Trademark / Br? Complaints
Trademark disputes are not automatically DNS Abuse.
Wтут the issue is a домен-name rights dispute, complainants should generally be directed toward UDRP, URS, або court process as appropriate, unless the evidence also shows phishing, impersonation, або other abuse. ?м’ядешево publicly distinguishes abuse h?ling from UDRP/URS h?ling in the same way.
11. Registrant / Реселер Communication Rules
11.1 Retail Customers
Fабо clear DNS Abuse with sufficient evidence:
11.2 Реселерs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wтут actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppабоted denials such as "content removed" або "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repабоter Program
NiceNIC may maintain a trusted-repабоter list fабо sources that consistently provide accurate, well-fабоmed, ? actionable repабоts.
Trusted-repабоter status may provide:
14. Recабоdkeeping ? Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfабоm:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse H?ling Manual to ensure that abuse complaints involving домен names sponsабоed by NiceNIC are received, assessed, tracked, investigated, ? addressed in a consistent, documented, ? risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users ? affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, ? documented h?ling fабо registrants ? resellers;
4.demonstrate a clear, defensible, ? auditable abuse response process.
NiceNIC will investigate abuse repабоts promptly ? will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repабоted activity, the likelihood of ongoing harm, ? the risk of collateral damage to legitimate послугаs. This approach is aligned with Section 3.18 of the 2013 RAA ? ICANN's 2024 DNS Abuse Advisабоy.
2. Scope
This manual applies to:
- домен names sponsабоed by NiceNIC;
- abuse repабоts submitted by individuals, companies, security researchers, trusted repабоters, registries, law enfабоcement, або other authабоities;
- retail customers ? reseller-managed names;
- both DNS Abuse ? non-DNS abuse або illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fабо NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Exp?ed High-Risk Abuse Categабоies
NiceNIC may also classify certain matters as Exp?ed High-Risk Abuse Categабоies under its own abuse ? risk rules, even wтут they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) або child exploitation content;
- illicit drug sales або high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wтут urgent action is justified by law, registry policy, competent authабоity request, або clear risk evidence.
3.3 Н?n-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling або gaming content;
- misleading або fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatабоs;
- general policy violations.
4. Guiding Principles
NiceNIC h?les abuse repабоts accабоding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywабоds, assumptions, або unsuppабоted allegations alone.
- Risk-based response. Faster ? stronger action applies wтут the evidence is actionable ? the harm is ongoing або severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wтут the evidence indicates a compromise scenario ? a full hold would create dispropабоtionate collateral damage.
- Consistency ? documentation. Every case must be categабоized, tracked, ? recабоded.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfабоm operatабо, payment processабо, або law enfабоcement may also be a relevant або mабоe effective action point.
5. Repабоting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage або designated abuse page;
- a published description of how abuse repабоts are received, h?led, ? tracked;
- a dedicated 24/7 monitабоed abuse contact point fабо law enfабоcement ? similar authабоities as required under the RAA.
- abuse mailbox;
- suppабоt ticket system;
- webfабоm;
- trusted-repабоter channel;
- registry escalation;
- law-enfабоcement / government channel.
6. Minimum Infабоmation Required in a Complaint
До be processed efficiently, a complaint should include:
- the repабоted домен name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content ? the full URL;
- full email headers wтут email abuse, phishing, або fraud is involved;
- suppабоting evidence such as invoices, logs, malware analysis, blocklist results, або impersonation details;
- complainant contact infабоmation;
- proof of authабоization wтут the complainant acts on behalf of a br? або victim entity.
7. Evidence St?ards
7.1 Д?яable Evidence
Evidence is actionable when the infабоmation reasonably available to NiceNIC is sufficient to determine that the sponsабоed домен name is being used fабо DNS Abuse або other enfабоceable abuse activity.
Прикладs include:
- a phishing page screenshot showing the full URL ? impersonated br?;
- a phishing email with full headers ? linked malicious URL;
- malware або exploit delivery from the repабоted домен або URL;
- reputation/blocklist data that suppабоts the repабоted conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, або credential capture;
- multiple consistent signals from trusted або recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wтут the complaint contains only:
- a домен name with no abusive URL;
- keywабоds only;
- allegations without screenshots, headers, logs, або other suppабоt;
- general statements that a name "looks suspicious";
- pure br? conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware або phishing feeds;
- reputation послугаs;
- priабо internal case histабоy.
8. Case Priабоity ? Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-m?ated fixed deadlines.
Priабоity 0 - Emergency / Active Harm
Прикладs:
- active phishing harvesting credentials або payment data;
- malware delivery;
- botnet / comm?-?-control use;
- CSAM;
- law-enfабоcement emergency notice;
- wallet-drainer або seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wтут actionable, mitigation nабоmally within 24 hours, ? no later than 48 hours absent exceptional facts.
Priабоity 1 - High-Risk Д?яable Abuse
Прикладs:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- доменs already flagged by reliable third-party sources with cабоrobабоating evidence.
- review within 1 business day;
- mitigation або documented вперед step within 48 hours.
Priабоity 2 - Н?n-DNS Abuse with Sufficient Evidence
Прикладs:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy або content complaints lacking qualifying DNS-abuse indicatабоs.
- ackзаразledge promptly;
- notify registrant/reseller wтут appropriate;
- request remediation або additional documentation.
Priабоity 3 - Incomplete / Low-Quality Repабоts
Target:
- ackзаразledgment ? request fабо additional evidence;
- no suspension solely on this basis.
9. Wабоkflow
9.1 Intake
Every repабоt receives:
- case ID;
- timestamp;
- source classification;
- домен linkage;
- abuse categабоy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authабоity / trusted-repабоter status;
- reseller vs retail account;
- current домен status;
- repeat-offender / repeat-case histабоy.
9.3 Investigation
The reviewer checks:
- repабоted URL або content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histабоy;
- priабо complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional або caused by compromise;
- whether the abuse is occurring at second-level домен, subдомен, web content, або email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request mабоe evidence from complainant;
- notify registrant або reseller fабо remediation;
- clientHold;
- transfer lock in conjunction with mitigation wтут appropriate;
- referral to registry, host, law enfабоcement, payment provider, або other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Н?tifications
Fабо clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first ? notify after action.
Fабо likely compromise scenarios або non-DNS matters, NiceNIC may notify first wтут that is consistent with risk control ? does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm ? the risk of collateral damage.
10. Категор?я-Specific Rules
10.1 Drugs / kra / slon / mega Ключов? слова
Keywабоd presence alone is not enough fабо DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywабоds або product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, або other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wтут the site is only a dubious investment або false-profit promotion;
- DNS Abuse / urgent abuse wтут the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, або malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recабоds, avoid unnecessary customer back-?-fабоth, ? escalate to the appropriate authабоity або registry if required.
10.4 DMCA / Авторське право
Do not auto-suspend purely on large content lists або unsuppабоted bulk allegations.
Fабоward proper notices wтут appropriate, require a compliant notice fабоmat, ? allow the домен holder to address the claim unless a court абоder, registry rule, або other stronger basis requires mабоe immediate action.
This is also broadly consistent with how majабо registrars separate copyright/trademark processing from phishing/malware h?ling.
10.5 Trademark / Br? Complaints
Trademark disputes are not automatically DNS Abuse.
Wтут the issue is a домен-name rights dispute, complainants should generally be directed toward UDRP, URS, або court process as appropriate, unless the evidence also shows phishing, impersonation, або other abuse. ?м’ядешево publicly distinguishes abuse h?ling from UDRP/URS h?ling in the same way.
11. Registrant / Реселер Communication Rules
11.1 Retail Customers
Fабо clear DNS Abuse with sufficient evidence:
- домен may be suspended immediately;
- the first customer-facing reply should state the basis, the self-послуга path to view the case summary, ? the evidence st?ard required fабо reconsideration.
11.2 Реселерs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wтут actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppабоted denials such as "content removed" або "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise ? remediation;
- clean current review results;
- third-party reputation recovery wтут applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackзаразledgment of receipt;
- case ID або equivalent reference;
- request fабо mабоe evidence if needed;
- status update when action is taken або declined;
- no unnecessary substantive discussion wтут the домен is already suspended або pending suspension ? the key outcome is final.
13. Trusted Repабоter Program
NiceNIC may maintain a trusted-repабоter list fабо sources that consistently provide accurate, well-fабоmed, ? actionable repабоts.
Trusted-repабоter status may provide:
- priабоity intake;
- structured data submission;
- simplified evidence fабоmatting;
- API або fast-lane h?ling.
14. Recабоdkeeping ? Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up ? final disposition.
15. Compliance Controls
NiceNIC should perfабоm:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions ? evidence thresholds;
- testing of abuse mailbox ? webfабоm operability;
- review of template accuracy;
- monitабоing of repeat errабоs ? reopened cases;
- monthly review of доменs with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackзаразledgment;
- time to first human review;
- time to mitigation fабо actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted або denied;
- repeat-abuse доменs;
- repeat-abuse accounts;
- trusted-repабоter accuracy rate;
- complaints already resolved befабоe manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repабоts promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse ? other types of complaints.
- NiceNIC acts based on evidence, risk, ? applicable policy.
- NiceNIC may suspend immediately wтут tтут is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request mабоe infабоmation або direct the complainant to a mабоe appropriate action point wтут the registrar is not the sole effective responder.
- NiceNIC keeps case recабоds ? can demonstrate its h?ling process if reviewed by ICANN або registry partners.
Потр?бна допомога? Ми завжди готов? вам допомогти.
В?дправити запит
- Наш? продукти
- Вид?лений сервер
- Хмарний сервер
- SSL-сертиф?кати
- Д?лова електронна пошта
- Проф?ль компан??
- Про NiceNIC
- Новини домен?в
- Спос?б оплати
- Угоди
- П?дтримка кл??нт?в
- Центр допомоги
- В?дправити запит
- Зв’язатися з нами
- Пов?домити про зловживання
Авторське право © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Вс? права захищен?