X
Yayımlanıb: 2026-04-02 | Yeniləndi: 2026-04-02
NiceNIC Abuse Hvəling Manual

1. Purpose
NiceNIC maintains this Abuse Hvəling Manual to ensure that abuse complaints involving domen names sponsvə yaed by NiceNIC are received, assessed, tracked, investigated, və addressed in a consistent, documented, və risk-based manner.
This manual is designed to achieve four outcomes at the same time:
 1.protect Internet users və affected parties from ongoing harm; 
 2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar; 
 3.provide fair, predictable, və documented hvəling fvə ya registrants və resellers; 
 4.demonstrate a clear, defensible, və auditable abuse response process. 
NiceNIC will investigate abuse repvə yats promptly və will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repvə yated activity, the likelihood of ongoing harm, və the risk of collateral damage to legitimate Xidməts. This approach is aligned with Section 3.18 of the 2013 RAA və ICANN's 2024 DNS Abuse Advisvə yay. 

2. Scope
This manual applies to:
  • domen names sponsvə yaed by NiceNIC; 
  • abuse repvə yats submitted by individuals, companies, security researchers, trusted repvə yaters, registries, law enfvə yacement, və ya other authvə yaities; 
  • retail customers və reseller-managed names; 
  • both DNS Abuse və non-DNS abuse və ya illegal-activity complaints. 
This manual does not mean that every complaint will result in suspension. NiceNIC will act accvə yading to the applicable contractual framewvə yak, registry rules, NiceNIC's Acceptable Use / Abuse Policy, və the evidence available in each case.


3. Definitions
3.1 ICANN Contractual DNS Abuse
Fvə ya NiceNIC's contractual compliance purposes, DNS Abuse means:
  • malware 
  • botnets 
  • phishing 
  • pharming 
spam only when used as a delivery mechanism fvə ya one of the four categvə yaies above. 

3.2 NiceNIC Expvəed High-Risk Abuse Categvə yaies
NiceNIC may also classify certain matters as Expvəed High-Risk Abuse Categvə yaies under its own abuse və risk rules, even wburada they are not automatically ICANN-defined DNS Abuse. These may include:
  • child sexual abuse material (CSAM) və ya child exploitation content; 
  • illicit drug sales və ya high-risk narcotics content; 
  • crypto fraud schemes; 
  • content creating imminent risk of serious harm; 
  • other illegal activity wburada urgent action is justified by law, registry policy, competent authvə yaity request, və ya clear risk evidence. 
These categvə yaies must be assessed carefully. They are not automatically treated as ICANN DNS Abuse unless the evidence also shows phishing, malware, botnet activity, pharming, və ya qualifying spam. Tucows publicly describes a similar distinction between cvə yae DNS Abuse və broader content abuses it may act on at the DNS level. 

3.3 Xeyrn-DNS Abuse / Other Complaints
These commonly include:
  • trademark disputes; 
  • DMCA / copyright claims; 
  • adult content; 
  • gambling və ya gaming content; 
  • misleading və ya fraudulent content without technical DNS-abuse evidence; 
  • pharmacy / drug content without qualifying DNS-abuse indicatvə yas; 
  • general policy violations. 
These complaints may still be investigated və hvəled, but they do not automatically justify DNS-level suspension.


4. Guiding Principles
NiceNIC hvəles abuse repvə yats accvə yading to the following principles:
  • Evidence first. NiceNIC does not take DNS-level action based on keywvə yads, assumptions, və ya unsuppvə yated allegations alone. 
  • Risk-based response. Faster və stronger action applies wburada the evidence is actionable və the harm is ongoing və ya severe. 
  • Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wburada the evidence indicates a compromise scenario və a full hold would create dispropvə yationate collateral damage. 
  • Consistency və documentation. Every case must be categvə yaized, tracked, və recvə yaded. 
  • Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfvə yam operatvə ya, payment processvə ya, və ya law enfvə yacement may also be a relevant və ya mvə yae effective action point. 
This risk-based və collateral-damage-aware model matches ICANN's advisvə yay, which states that the appropriate mitigation action may vary by circumstances və that suspension is not the only possible response. 


5. Repvə yating Channels
NiceNIC shall maintain:
  • a public abuse contact email on its website homepage və ya designated abuse page; 
  • a published description of how abuse repvə yats are received, hvəled, və tracked; 
  • a dedicated 24/7 monitvə yaed abuse contact point fvə ya law enfvə yacement və similar authvə yaities as required under the RAA. 
NiceNIC may accept abuse repvə yats through:
  • abuse mailbox; 
  • suppvə yat ticket system; 
  • webfvə yam; 
  • trusted-repvə yater channel; 
  • registry escalation; 
  • law-enfvə yacement / government channel. 


6. Minimum Infvə yamation Required in a Complaint
Üçün be processed efficiently, a complaint should include:
  • the repvə yated domen name; 
  • the specific abusive URL, if any; 
  • a clear description of the alleged abuse; 
  • screenshots showing the content və the full URL; 
  • full email headers wburada email abuse, phishing, və ya fraud is involved; 
  • suppvə yating evidence such as invoices, logs, malware analysis, blocklist results, və ya impersonation details; 
  • complainant contact infvə yamation; 
  • proof of authvə yaization wburada the complainant acts on behalf of a brvə və ya victim entity. 
This matches both ICANN's recent complaint guidance və market practice published by registrars such as Aducuz. 


7. Evidence Stvəards
7.1 Əməliyyatable Evidence
Evidence is actionable when the infvə yamation reasonably available to NiceNIC is sufficient to determine that the sponsvə yaed domen name is being used fvə ya DNS Abuse və ya other enfvə yaceable abuse activity.
Nümunəs include:
  • a phishing page screenshot showing the full URL və impersonated brvə; 
  • a phishing email with full headers və linked malicious URL; 
  • malware və ya exploit delivery from the repvə yated domen və ya URL; 
  • reputation/blocklist data that suppvə yats the repvə yated conduct; 
  • evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, və ya credential capture; 
  • multiple consistent signals from trusted və ya recognized sources. 
ICANN's current guidance uses this same "actionable evidence" stvəard və makes clear that registrars may also consider infvə yamation they can reasonably access themselves. 

7.2 Insufficient Evidence
Evidence is insufficient wburada the complaint contains only:
  • a domen name with no abusive URL; 
  • keywvə yads only; 
  • allegations without screenshots, headers, logs, və ya other suppvə yat; 
  • general statements that a name "looks suspicious"; 
  • pure brvə conflict allegations without abuse evidence. 
When evidence is insufficient, NiceNIC will request mvə yae infvə yamation rather than taking immediate DNS-level action, unless independent internal review və ya trusted-source data supplies the missing basis.

7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
  • reputable blocklists / RBLs; 
  • malware və ya phishing feeds; 
  • reputation Xidməts; 
  • privə ya internal case histvə yay. 
Such signals are suppvə yating factvə yas, not a substitute fvə ya judgment. ICANN's enfvə yacement materials expressly note that screenshots, RBL infvə yamation, privə ya case histvə yay, EPP status changes, MX recvə yads, və the registrar's own investigation can all be relevant to compliance review. 


8. Case Privə yaity və Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mvəated fixed deadlines.
Privə yaity 0 - Emergency / Active Harm
Nümunəs:
  • active phishing harvesting credentials və ya payment data; 
  • malware delivery; 
  • botnet / commvə-və-control use; 
  • CSAM; 
  • law-enfvə yacement emergency notice; 
  • wallet-drainer və ya seed-phrase theft infrastructure. 
Target:
  • first review immediately; 
  • decision as fast as reasonably possible; 
  • wburada actionable, mitigation nvə yamally within 24 hours, və no later than 48 hours absent exceptional facts. 

Privə yaity 1 - High-Risk Əməliyyatable Abuse
Nümunəs:
  • clear impersonation fraud; 
  • repeat abuse linked to the same registrant/account; 
  • domens already flagged by reliable third-party sources with cvə yarobvə yaating evidence. 
Target:
  • review within 1 business day; 
  • mitigation və ya documented Növbəti step within 48 hours. 

Privə yaity 2 - Xeyrn-DNS Abuse with Sufficient Evidence
Nümunəs:
  • DMCA with proper notice; 
  • trademark complaints; 
  • illegal pharmacy və ya content complaints lacking qualifying DNS-abuse indicatvə yas. 
Target:
  • ackindiledge promptly; 
  • notify registrant/reseller wburada appropriate; 
  • request remediation və ya additional documentation. 

Privə yaity 3 - Incomplete / Low-Quality Repvə yats
Target:
  • ackindiledgment və request fvə ya additional evidence; 
  • no suspension solely on this basis. 
Fvə ya repvə yats from law enfvə yacement və ya similar authvə yaities covered by RAA 3.18.2, NiceNIC must ensure review within 24 hours by empowered personnel. 


9. Wvə yakflow
9.1 Intake
Every repvə yat receives:
  • case ID; 
  • timestamp; 
  • source classification; 
  • domen linkage; 
  • abuse categvə yay; 
  • evidence status. 
Əgər the domen is already on clientHold, serverHold, və ya on an approved pending-hold list, the system should automatically return a status notice to the complainant və suppress duplicate manual hvəling.

9.2 Triage
The case is classified by:
  • DNS Abuse vs non-DNS abuse; 
  • evidence sufficient vs insufficient; 
  • authvə yaity / trusted-repvə yater status; 
  • reseller vs retail account; 
  • current domen status; 
  • repeat-offender / repeat-case histvə yay. 

9.3 Investigation
The reviewer checks:
  • repvə yated URL və ya content; 
  • RDAP / WHOIS / creation timing / nameservers / MX; 
  • internal account histvə yay; 
  • privə ya complaints; 
  • blocklists / third-party intelligence; 
  • whether the issue appears intentional və ya caused by compromise; 
  • whether the abuse is occurring at second-level domen, subdomen, web content, və ya email layer. 

9.4 Decision
Possible outcomes:
  • no action / insufficient evidence; 
  • request mvə yae evidence from complainant; 
  • notify registrant və ya reseller fvə ya remediation; 
  • clientHold; 
  • transfer lock in conjunction with mitigation wburada appropriate; 
  • referral to registry, host, law enfvə yacement, payment provider, və ya other relevant party; 
  • maintain existing hold; 
  • deny reactivation. 

9.5 Xeyrtifications
Fvə ya clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first və notify after action.
Fvə ya likely compromise scenarios və ya non-DNS matters, NiceNIC may notify first wburada that is consistent with risk control və does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm və the risk of collateral damage. 


10. Kateqoriya-Specific Rules
10.1 Drugs / kra / slon / mega Açar Sözlər
Keywvə yad presence alone is not enough fvə ya DNS-Abuse classification.
Treat as:
  • non-DNS illegal activity review if only keywvə yads və ya product content are present; 
  • DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, və ya other qualifying technical abuse. 

10.2 Crypto Scam
Treat as:
  • non-DNS fraud review wburada the site is only a dubious investment və ya false-profit promotion; 
  • DNS Abuse / urgent abuse wburada the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, və ya malicious scripts. 

10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recvə yads, avoid unnecessary customer back-və-fvə yath, və escalate to the appropriate authvə yaity və ya registry if required.

10.4 DMCA / Müəllif Hüququ
Do not auto-suspend purely on large content lists və ya unsuppvə yated bulk allegations.
Fvə yaward proper notices wburada appropriate, require a compliant notice fvə yamat, və allow the domen holder to address the claim unless a court və yader, registry rule, və ya other stronger basis requires mvə yae immediate action.
This is also broadly consistent with how majvə ya registrars separate copyright/trademark processing from phishing/malware hvəling. 

10.5 Trademark / Brvə Complaints
Trademark disputes are not automatically DNS Abuse.
Wburada the issue is a domen-name rights dispute, complainants should generally be directed toward UDRP, URS, və ya court process as appropriate, unless the evidence also shows phishing, impersonation, və ya other abuse. Aducuz publicly distinguishes abuse hvəling from UDRP/URS hvəling in the same way. 


11. Registrant / Distribyutor Communication Rules
11.1 Retail Customers
Fvə ya clear DNS Abuse with sufficient evidence:
  • domen may be suspended immediately; 
  • the first customer-facing reply should state the basis, the self-Xidmət path to view the case summary, və the evidence stvəard required fvə ya reconsideration. 

11.2 Distribyutors
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wburada actionable evidence exists.

11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppvə yated denials such as "content removed" və ya "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
  • false-positive proof; 
  • evidence of compromise və remediation; 
  • clean current review results; 
  • third-party reputation recovery wburada applicable. 
Əgər reliable third-party security sources still show the domen as actively risky, NiceNIC may keep the hold in place pending further validation.


12. Complainant Communication Rules
NiceNIC should always send:
  • ackindiledgment of receipt; 
  • case ID və ya equivalent reference; 
  • request fvə ya mvə yae evidence if needed; 
  • status update when action is taken və ya declined; 
  • no unnecessary substantive discussion wburada the domen is already suspended və ya pending suspension və the key outcome is final. 
This reflects common registrar practice. GoDaddy offers fvə yamal claim submission və status checking, while Tucows explicitly states it responds with a case number və tracks categvə yay, date, və resolution internally. 


13. Trusted Repvə yater Program
NiceNIC may maintain a trusted-repvə yater list fvə ya sources that consistently provide accurate, well-fvə yamed, və actionable repvə yats.
Trusted-repvə yater status may provide:
  • privə yaity intake; 
  • structured data submission; 
  • simplified evidence fvə yamatting; 
  • API və ya fast-lane hvəling. 
Trusted status does not eliminate independent review. Aducuz publicly operates this kind of trusted-provider phishing API model. 


14. Recvə yadkeeping və Audit Readiness
NiceNIC must document:
  • complaint receipt; 
  • evidence received; 
  • internal classification; 
  • investigation steps; 
  • decision; 
  • action taken; 
  • notifications sent; 
  • follow-up və final disposition. 
Recvə yads should be retained fvə ya the shvə yater of two il və ya the longest period allowed by applicable law, və be available fvə ya ICANN upon reasonable notice. 


15. Compliance Controls
NiceNIC should perfvə yam:
  • periodic QA review of case decisions; 
  • staff training on DNS Abuse definitions və evidence thresholds; 
  • testing of abuse mailbox və webfvə yam operability; 
  • review of template accuracy; 
  • monitvə yaing of repeat errvə yas və reopened cases; 
  • monthly review of domens with repeated complaints. 
This is practical və impvə yatant because ICANN has already repvə yated remediation plans tied to broken abuse contacts, weak intake confirmations, və insufficient staff kindiledge, və has noted that repeated failures can trigger expedited compliance action. 


16. Metrics
NiceNIC should track at least:
  • total complaints received; 
  • DNS Abuse vs non-DNS abuse split; 
  • sufficient vs insufficient evidence rate; 
  • time to first ackindiledgment; 
  • time to first human review; 
  • time to mitigation fvə ya actionable DNS Abuse; 
  • number of holds issued; 
  • number of reconsiderations granted və ya denied; 
  • repeat-abuse domens; 
  • repeat-abuse accounts; 
  • trusted-repvə yater accuracy rate; 
  • complaints already resolved befvə yae manual review. 


17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
  • NiceNIC investigates abuse repvə yats promptly. 
  • NiceNIC distinguishes between ICANN-defined DNS Abuse və other types of complaints. 
  • NiceNIC acts based on evidence, risk, və applicable policy. 
  • NiceNIC may suspend immediately wburada tburada is clear actionable evidence of ongoing DNS Abuse. 
  • NiceNIC may request mvə yae infvə yamation və ya direct the complainant to a mvə yae appropriate action point wburada the registrar is not the sole effective responder. 
  • NiceNIC keeps case recvə yads və can demonstrate its hvəling process if reviewed by ICANN və ya registry partners. 

Köməyə ehtiyacınız var? Həmişə yanınızdayıq. Təklif göndər
Müəllif Hüququ © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Bütün Hüquqlar Qorunur