X
NiceNIC Abuse Hvaling Manual
1. Purpose
NiceNIC maintains this Abuse Hvaling Manual to ensure that abuse complaints involving domain names sponsyokied by NiceNIC are received, assessed, tracked, investigated, va addressed in a consistent, documented, va risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users va affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, va documented hvaling fyoki registrants va resellers;
4.demonstrate a clear, defensible, va auditable abuse response process.
NiceNIC will investigate abuse repyokits promptly va will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repyokited activity, the likelihood of ongoing harm, va the risk of collateral damage to legitimate Xizmats. This approach is aligned with Section 3.18 of the 2013 RAA va ICANN's 2024 DNS Abuse Advisyokiy.
2. Scope
This manual applies to:
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fyoki NiceNIC's contractual compliance purposes, DNS Abuse means:
3.2 NiceNIC Expvaed High-Risk Abuse Categyokiies
NiceNIC may also classify certain matters as Expvaed High-Risk Abuse Categyokiies under its own abuse va risk rules, even wbu yerni they are not automatically ICANN-defined DNS Abuse. These may include:
3.3 Yo‘qn-DNS Abuse / Other Complaints
These commonly include:
4. Guiding Principles
NiceNIC hvales abuse repyokits accyokiding to the following principles:
5. Repyokiting Channels
NiceNIC shall maintain:
6. Minimum Infyokimation Required in a Complaint
Uchun be processed efficiently, a complaint should include:
7. Evidence Stvaards
7.1 Amalable Evidence
Evidence is actionable when the infyokimation reasonably available to NiceNIC is sufficient to determine that the sponsyokied domain name is being used fyoki DNS Abuse yoki other enfyokiceable abuse activity.
Misols include:
7.2 Insufficient Evidence
Evidence is insufficient wbu yerni the complaint contains only:
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
8. Case Priyokiity va Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mvaated fixed deadlines.
Priyokiity 0 - Emergency / Active Harm
Misols:
Priyokiity 1 - High-Risk Amalable Abuse
Misols:
Priyokiity 2 - Yo‘qn-DNS Abuse with Sufficient Evidence
Misols:
Priyokiity 3 - Incomplete / Low-Quality Repyokits
Target:
9. Wyokikflow
9.1 Intake
Every repyokit receives:
9.2 Triage
The case is classified by:
9.3 Investigation
The reviewer checks:
9.4 Decision
Possible outcomes:
9.5 Yo‘qtifications
Fyoki clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first va notify after action.
Fyoki likely compromise scenarios yoki non-DNS matters, NiceNIC may notify first wbu yerni that is consistent with risk control va does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm va the risk of collateral damage.
10. Kategoriya-Specific Rules
10.1 Drugs / kra / slon / mega Kalit so‘zlar
Keywyokid presence alone is not enough fyoki DNS-Abuse classification.
Treat as:
10.2 Crypto Scam
Treat as:
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recyokids, avoid unnecessary customer back-va-fyokith, va escalate to the appropriate authyokiity yoki registry if required.
10.4 DMCA / Mualliflik huquqi
Do not auto-suspend purely on large content lists yoki unsuppyokited bulk allegations.
Fyokiward proper notices wbu yerni appropriate, require a compliant notice fyokimat, va allow the domain holder to address the claim unless a court yokider, registry rule, yoki other stronger basis requires myokie immediate action.
This is also broadly consistent with how majyoki registrars separate copyright/trademark processing from phishing/malware hvaling.
10.5 Trademark / Brva Complaints
Trademark disputes are not automatically DNS Abuse.
Wbu yerni the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, yoki court process as appropriate, unless the evidence also shows phishing, impersonation, yoki other abuse. Ismarzon publicly distinguishes abuse hvaling from UDRP/URS hvaling in the same way.
11. Registrant / Reseller Communication Rules
11.1 Retail Customers
Fyoki clear DNS Abuse with sufficient evidence:
11.2 Resellers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wbu yerni actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppyokited denials such as "content removed" yoki "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
12. Complainant Communication Rules
NiceNIC should always send:
13. Trusted Repyokiter Program
NiceNIC may maintain a trusted-repyokiter list fyoki sources that consistently provide accurate, well-fyokimed, va actionable repyokits.
Trusted-repyokiter status may provide:
14. Recyokidkeeping va Audit Readiness
NiceNIC must document:
15. Compliance Controls
NiceNIC should perfyokim:
16. Metrics
NiceNIC should track at least:
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
1. Purpose
NiceNIC maintains this Abuse Hvaling Manual to ensure that abuse complaints involving domain names sponsyokied by NiceNIC are received, assessed, tracked, investigated, va addressed in a consistent, documented, va risk-based manner.
This manual is designed to achieve four outcomes at the same time:
1.protect Internet users va affected parties from ongoing harm;
2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar;
3.provide fair, predictable, va documented hvaling fyoki registrants va resellers;
4.demonstrate a clear, defensible, va auditable abuse response process.
NiceNIC will investigate abuse repyokits promptly va will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repyokited activity, the likelihood of ongoing harm, va the risk of collateral damage to legitimate Xizmats. This approach is aligned with Section 3.18 of the 2013 RAA va ICANN's 2024 DNS Abuse Advisyokiy.
2. Scope
This manual applies to:
- domain names sponsyokied by NiceNIC;
- abuse repyokits submitted by individuals, companies, security researchers, trusted repyokiters, registries, law enfyokicement, yoki other authyokiities;
- retail customers va reseller-managed names;
- both DNS Abuse va non-DNS abuse yoki illegal-activity complaints.
3. Definitions
3.1 ICANN Contractual DNS Abuse
Fyoki NiceNIC's contractual compliance purposes, DNS Abuse means:
- malware
- botnets
- phishing
- pharming
3.2 NiceNIC Expvaed High-Risk Abuse Categyokiies
NiceNIC may also classify certain matters as Expvaed High-Risk Abuse Categyokiies under its own abuse va risk rules, even wbu yerni they are not automatically ICANN-defined DNS Abuse. These may include:
- child sexual abuse material (CSAM) yoki child exploitation content;
- illicit drug sales yoki high-risk narcotics content;
- crypto fraud schemes;
- content creating imminent risk of serious harm;
- other illegal activity wbu yerni urgent action is justified by law, registry policy, competent authyokiity request, yoki clear risk evidence.
3.3 Yo‘qn-DNS Abuse / Other Complaints
These commonly include:
- trademark disputes;
- DMCA / copyright claims;
- adult content;
- gambling yoki gaming content;
- misleading yoki fraudulent content without technical DNS-abuse evidence;
- pharmacy / drug content without qualifying DNS-abuse indicatyokis;
- general policy violations.
4. Guiding Principles
NiceNIC hvales abuse repyokits accyokiding to the following principles:
- Evidence first. NiceNIC does not take DNS-level action based on keywyokids, assumptions, yoki unsuppyokited allegations alone.
- Risk-based response. Faster va stronger action applies wbu yerni the evidence is actionable va the harm is ongoing yoki severe.
- Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wbu yerni the evidence indicates a compromise scenario va a full hold would create dispropyokitionate collateral damage.
- Consistency va documentation. Every case must be categyokiized, tracked, va recyokided.
- Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfyokim operatyoki, payment processyoki, yoki law enfyokicement may also be a relevant yoki myokie effective action point.
5. Repyokiting Channels
NiceNIC shall maintain:
- a public abuse contact email on its website homepage yoki designated abuse page;
- a published description of how abuse repyokits are received, hvaled, va tracked;
- a dedicated 24/7 monityokied abuse contact point fyoki law enfyokicement va similar authyokiities as required under the RAA.
- abuse mailbox;
- suppyokit ticket system;
- webfyokim;
- trusted-repyokiter channel;
- registry escalation;
- law-enfyokicement / government channel.
6. Minimum Infyokimation Required in a Complaint
Uchun be processed efficiently, a complaint should include:
- the repyokited domain name;
- the specific abusive URL, if any;
- a clear description of the alleged abuse;
- screenshots showing the content va the full URL;
- full email headers wbu yerni email abuse, phishing, yoki fraud is involved;
- suppyokiting evidence such as invoices, logs, malware analysis, blocklist results, yoki impersonation details;
- complainant contact infyokimation;
- proof of authyokiization wbu yerni the complainant acts on behalf of a brva yoki victim entity.
7. Evidence Stvaards
7.1 Amalable Evidence
Evidence is actionable when the infyokimation reasonably available to NiceNIC is sufficient to determine that the sponsyokied domain name is being used fyoki DNS Abuse yoki other enfyokiceable abuse activity.
Misols include:
- a phishing page screenshot showing the full URL va impersonated brva;
- a phishing email with full headers va linked malicious URL;
- malware yoki exploit delivery from the repyokited domain yoki URL;
- reputation/blocklist data that suppyokits the repyokited conduct;
- evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, yoki credential capture;
- multiple consistent signals from trusted yoki recognized sources.
7.2 Insufficient Evidence
Evidence is insufficient wbu yerni the complaint contains only:
- a domain name with no abusive URL;
- keywyokids only;
- allegations without screenshots, headers, logs, yoki other suppyokit;
- general statements that a name "looks suspicious";
- pure brva conflict allegations without abuse evidence.
7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
- reputable blocklists / RBLs;
- malware yoki phishing feeds;
- reputation Xizmats;
- priyoki internal case histyokiy.
8. Case Priyokiity va Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mvaated fixed deadlines.
Priyokiity 0 - Emergency / Active Harm
Misols:
- active phishing harvesting credentials yoki payment data;
- malware delivery;
- botnet / commva-va-control use;
- CSAM;
- law-enfyokicement emergency notice;
- wallet-drainer yoki seed-phrase theft infrastructure.
- first review immediately;
- decision as fast as reasonably possible;
- wbu yerni actionable, mitigation nyokimally within 24 hours, va no later than 48 hours absent exceptional facts.
Priyokiity 1 - High-Risk Amalable Abuse
Misols:
- clear impersonation fraud;
- repeat abuse linked to the same registrant/account;
- domains already flagged by reliable third-party sources with cyokirobyokiating evidence.
- review within 1 business day;
- mitigation yoki documented keyingi step within 48 hours.
Priyokiity 2 - Yo‘qn-DNS Abuse with Sufficient Evidence
Misols:
- DMCA with proper notice;
- trademark complaints;
- illegal pharmacy yoki content complaints lacking qualifying DNS-abuse indicatyokis.
- ackhozirledge promptly;
- notify registrant/reseller wbu yerni appropriate;
- request remediation yoki additional documentation.
Priyokiity 3 - Incomplete / Low-Quality Repyokits
Target:
- ackhozirledgment va request fyoki additional evidence;
- no suspension solely on this basis.
9. Wyokikflow
9.1 Intake
Every repyokit receives:
- case ID;
- timestamp;
- source classification;
- domain linkage;
- abuse categyokiy;
- evidence status.
9.2 Triage
The case is classified by:
- DNS Abuse vs non-DNS abuse;
- evidence sufficient vs insufficient;
- authyokiity / trusted-repyokiter status;
- reseller vs retail account;
- current domain status;
- repeat-offender / repeat-case histyokiy.
9.3 Investigation
The reviewer checks:
- repyokited URL yoki content;
- RDAP / WHOIS / creation timing / nameservers / MX;
- internal account histyokiy;
- priyoki complaints;
- blocklists / third-party intelligence;
- whether the issue appears intentional yoki caused by compromise;
- whether the abuse is occurring at second-level domain, subdomain, web content, yoki email layer.
9.4 Decision
Possible outcomes:
- no action / insufficient evidence;
- request myokie evidence from complainant;
- notify registrant yoki reseller fyoki remediation;
- clientHold;
- transfer lock in conjunction with mitigation wbu yerni appropriate;
- referral to registry, host, law enfyokicement, payment provider, yoki other relevant party;
- maintain existing hold;
- deny reactivation.
9.5 Yo‘qtifications
Fyoki clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first va notify after action.
Fyoki likely compromise scenarios yoki non-DNS matters, NiceNIC may notify first wbu yerni that is consistent with risk control va does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm va the risk of collateral damage.
10. Kategoriya-Specific Rules
10.1 Drugs / kra / slon / mega Kalit so‘zlar
Keywyokid presence alone is not enough fyoki DNS-Abuse classification.
Treat as:
- non-DNS illegal activity review if only keywyokids yoki product content are present;
- DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, yoki other qualifying technical abuse.
10.2 Crypto Scam
Treat as:
- non-DNS fraud review wbu yerni the site is only a dubious investment yoki false-profit promotion;
- DNS Abuse / urgent abuse wbu yerni the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, yoki malicious scripts.
10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recyokids, avoid unnecessary customer back-va-fyokith, va escalate to the appropriate authyokiity yoki registry if required.
10.4 DMCA / Mualliflik huquqi
Do not auto-suspend purely on large content lists yoki unsuppyokited bulk allegations.
Fyokiward proper notices wbu yerni appropriate, require a compliant notice fyokimat, va allow the domain holder to address the claim unless a court yokider, registry rule, yoki other stronger basis requires myokie immediate action.
This is also broadly consistent with how majyoki registrars separate copyright/trademark processing from phishing/malware hvaling.
10.5 Trademark / Brva Complaints
Trademark disputes are not automatically DNS Abuse.
Wbu yerni the issue is a domain-name rights dispute, complainants should generally be directed toward UDRP, URS, yoki court process as appropriate, unless the evidence also shows phishing, impersonation, yoki other abuse. Ismarzon publicly distinguishes abuse hvaling from UDRP/URS hvaling in the same way.
11. Registrant / Reseller Communication Rules
11.1 Retail Customers
Fyoki clear DNS Abuse with sufficient evidence:
- domain may be suspended immediately;
- the first customer-facing reply should state the basis, the self-Xizmat path to view the case summary, va the evidence stvaard required fyoki reconsideration.
11.2 Resellers
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wbu yerni actionable evidence exists.
11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppyokited denials such as "content removed" yoki "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
- false-positive proof;
- evidence of compromise va remediation;
- clean current review results;
- third-party reputation recovery wbu yerni applicable.
12. Complainant Communication Rules
NiceNIC should always send:
- ackhozirledgment of receipt;
- case ID yoki equivalent reference;
- request fyoki myokie evidence if needed;
- status update when action is taken yoki declined;
- no unnecessary substantive discussion wbu yerni the domain is already suspended yoki pending suspension va the key outcome is final.
13. Trusted Repyokiter Program
NiceNIC may maintain a trusted-repyokiter list fyoki sources that consistently provide accurate, well-fyokimed, va actionable repyokits.
Trusted-repyokiter status may provide:
- priyokiity intake;
- structured data submission;
- simplified evidence fyokimatting;
- API yoki fast-lane hvaling.
14. Recyokidkeeping va Audit Readiness
NiceNIC must document:
- complaint receipt;
- evidence received;
- internal classification;
- investigation steps;
- decision;
- action taken;
- notifications sent;
- follow-up va final disposition.
15. Compliance Controls
NiceNIC should perfyokim:
- periodic QA review of case decisions;
- staff training on DNS Abuse definitions va evidence thresholds;
- testing of abuse mailbox va webfyokim operability;
- review of template accuracy;
- monityokiing of repeat erryokis va reopened cases;
- monthly review of domains with repeated complaints.
16. Metrics
NiceNIC should track at least:
- total complaints received;
- DNS Abuse vs non-DNS abuse split;
- sufficient vs insufficient evidence rate;
- time to first ackhozirledgment;
- time to first human review;
- time to mitigation fyoki actionable DNS Abuse;
- number of holds issued;
- number of reconsiderations granted yoki denied;
- repeat-abuse domains;
- repeat-abuse accounts;
- trusted-repyokiter accuracy rate;
- complaints already resolved befyokie manual review.
17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
- NiceNIC investigates abuse repyokits promptly.
- NiceNIC distinguishes between ICANN-defined DNS Abuse va other types of complaints.
- NiceNIC acts based on evidence, risk, va applicable policy.
- NiceNIC may suspend immediately wbu yerni tbu yerni is clear actionable evidence of ongoing DNS Abuse.
- NiceNIC may request myokie infyokimation yoki direct the complainant to a myokie appropriate action point wbu yerni the registrar is not the sole effective responder.
- NiceNIC keeps case recyokids va can demonstrate its hvaling process if reviewed by ICANN yoki registry partners.
Ёрдам керакми? Биз доимо сиз биланмиз.
Murojaat yuborish
- Бизнинг ма?сулотларимиз
- Maxsus Server
- Обла? сервери
- SSL sertifikatlari
- Biznes emaili
- Компания ?а?ида маълумот
- NiceNIC ?а?ида
- Domen Yangiliklari
- Т?лов усули
- Shartnomalar
- Mijozlarni qo‘llab-quvvatlash
- Yordam markazi
- Murojaat yuborish
- Biz bilan bog?lanish
- Nojo‘ya foydalanishni xabar qilish
Mualliflik huquqi © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Barcha huquqlar himoyalangan