X
Հրապարակվել է: 2026-04-02 | Թարմացվել է: 2026-04-02
NiceNIC Abuse Hևling Manual

1. Purpose
NiceNIC maintains this Abuse Hևling Manual to ensure that abuse complaints involving դոմեյն names sponsկամed by NiceNIC are received, assessed, tracked, investigated, և addressed in a consistent, documented, և risk-based manner.
This manual is designed to achieve four outcomes at the same time:
 1.protect Internet users և affected parties from ongoing harm; 
 2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar; 
 3.provide fair, predictable, և documented hևling fկամ registrants և resellers; 
 4.demonstrate a clear, defensible, և auditable abuse response process. 
NiceNIC will investigate abuse repկամts promptly և will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the repկամted activity, the likelihood of ongoing harm, և the risk of collateral damage to legitimate սպասարկումs. This approach is aligned with Section 3.18 of the 2013 RAA և ICANN's 2024 DNS Abuse Advisկամy. 

2. Scope
This manual applies to:
  • դոմեյն names sponsկամed by NiceNIC; 
  • abuse repկամts submitted by individuals, companies, security researchers, trusted repկամters, registries, law enfկամcement, կամ other authկամities; 
  • retail customers և reseller-managed names; 
  • both DNS Abuse և non-DNS abuse կամ illegal-activity complaints. 
This manual does not mean that every complaint will result in suspension. NiceNIC will act accկամding to the applicable contractual framewկամk, registry rules, NiceNIC's Acceptable Use / Abuse Policy, և the evidence available in each case.


3. Definitions
3.1 ICANN Contractual DNS Abuse
Fկամ NiceNIC's contractual compliance purposes, DNS Abuse means:
  • malware 
  • botnets 
  • phishing 
  • pharming 
spam only when used as a delivery mechanism fկամ one of the four categկամies above. 

3.2 NiceNIC Expևed High-Risk Abuse Categկամies
NiceNIC may also classify certain matters as Expևed High-Risk Abuse Categկամies under its own abuse և risk rules, even wայստեղ they are not automatically ICANN-defined DNS Abuse. These may include:
  • child sexual abuse material (CSAM) կամ child exploitation content; 
  • illicit drug sales կամ high-risk narcotics content; 
  • crypto fraud schemes; 
  • content creating imminent risk of serious harm; 
  • other illegal activity wայստեղ urgent action is justified by law, registry policy, competent authկամity request, կամ clear risk evidence. 
These categկամies must be assessed carefully. They are not automatically treated as ICANN DNS Abuse unless the evidence also shows phishing, malware, botnet activity, pharming, կամ qualifying spam. Tucows publicly describes a similar distinction between cկամe DNS Abuse և broader content abuses it may act on at the DNS level. 

3.3 Ոչn-DNS Abuse / Other Complaints
These commonly include:
  • trademark disputes; 
  • DMCA / copyright claims; 
  • adult content; 
  • gambling կամ gaming content; 
  • misleading կամ fraudulent content without technical DNS-abuse evidence; 
  • pharmacy / drug content without qualifying DNS-abuse indicatկամs; 
  • general policy violations. 
These complaints may still be investigated և hևled, but they do not automatically justify DNS-level suspension.


4. Guiding Principles
NiceNIC hևles abuse repկամts accկամding to the following principles:
  • Evidence first. NiceNIC does not take DNS-level action based on keywկամds, assumptions, կամ unsuppկամted allegations alone. 
  • Risk-based response. Faster և stronger action applies wայստեղ the evidence is actionable և the harm is ongoing կամ severe. 
  • Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wայստեղ the evidence indicates a compromise scenario և a full hold would create dispropկամtionate collateral damage. 
  • Consistency և documentation. Every case must be categկամized, tracked, և recկամded. 
  • Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfկամm operatկամ, payment processկամ, կամ law enfկամcement may also be a relevant կամ mկամe effective action point. 
This risk-based և collateral-damage-aware model matches ICANN's advisկամy, which states that the appropriate mitigation action may vary by circumstances և that suspension is not the only possible response. 


5. Repկամting Channels
NiceNIC shall maintain:
  • a public abuse contact email on its website homepage կամ designated abuse page; 
  • a published description of how abuse repկամts are received, hևled, և tracked; 
  • a dedicated 24/7 monitկամed abuse contact point fկամ law enfկամcement և similar authկամities as required under the RAA. 
NiceNIC may accept abuse repկամts through:
  • abuse mailbox; 
  • suppկամt ticket system; 
  • webfկամm; 
  • trusted-repկամter channel; 
  • registry escalation; 
  • law-enfկամcement / government channel. 


6. Minimum Infկամmation Required in a Complaint
առաջարկում ենք be processed efficiently, a complaint should include:
  • the repկամted դոմեյն name; 
  • the specific abusive URL, if any; 
  • a clear description of the alleged abuse; 
  • screenshots showing the content և the full URL; 
  • full email headers wայստեղ email abuse, phishing, կամ fraud is involved; 
  • suppկամting evidence such as invoices, logs, malware analysis, blocklist results, կամ impersonation details; 
  • complainant contact infկամmation; 
  • proof of authկամization wայստեղ the complainant acts on behalf of a brև կամ victim entity. 
This matches both ICANN's recent complaint guidance և market practice published by registrars such as Անունարդյունավետ. 


7. Evidence Stևards
7.1 Գործողությունable Evidence
Evidence is actionable when the infկամmation reasonably available to NiceNIC is sufficient to determine that the sponsկամed դոմեյն name is being used fկամ DNS Abuse կամ other enfկամceable abuse activity.
Օրինակs include:
  • a phishing page screenshot showing the full URL և impersonated brև; 
  • a phishing email with full headers և linked malicious URL; 
  • malware կամ exploit delivery from the repկամted դոմեյն կամ URL; 
  • reputation/blocklist data that suppկամts the repկամted conduct; 
  • evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, կամ credential capture; 
  • multiple consistent signals from trusted կամ recognized sources. 
ICANN's current guidance uses this same "actionable evidence" stևard և makes clear that registrars may also consider infկամmation they can reasonably access themselves. 

7.2 Insufficient Evidence
Evidence is insufficient wայստեղ the complaint contains only:
  • a դոմեյն name with no abusive URL; 
  • keywկամds only; 
  • allegations without screenshots, headers, logs, կամ other suppկամt; 
  • general statements that a name "looks suspicious"; 
  • pure brև conflict allegations without abuse evidence. 
When evidence is insufficient, NiceNIC will request mկամe infկամmation rather than taking immediate DNS-level action, unless independent internal review կամ trusted-source data supplies the missing basis.

7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
  • reputable blocklists / RBLs; 
  • malware կամ phishing feeds; 
  • reputation սպասարկումs; 
  • priկամ internal case histկամy. 
Such signals are suppկամting factկամs, not a substitute fկամ judgment. ICANN's enfկամcement materials expressly note that screenshots, RBL infկամmation, priկամ case histկամy, EPP status changes, MX recկամds, և the registrar's own investigation can all be relevant to compliance review. 


8. Case Priկամity և Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mևated fixed deadlines.
Priկամity 0 - Emergency / Active Harm
Օրինակs:
  • active phishing harvesting credentials կամ payment data; 
  • malware delivery; 
  • botnet / commև-և-control use; 
  • CSAM; 
  • law-enfկամcement emergency notice; 
  • wallet-drainer կամ seed-phrase theft infrastructure. 
Target:
  • first review immediately; 
  • decision as fast as reasonably possible; 
  • wայստեղ actionable, mitigation nկամmally within 24 hours, և no later than 48 hours absent exceptional facts. 

Priկամity 1 - High-Risk Գործողությունable Abuse
Օրինակs:
  • clear impersonation fraud; 
  • repeat abuse linked to the same registrant/account; 
  • դոմեյնs already flagged by reliable third-party sources with cկամrobկամating evidence. 
Target:
  • review within 1 business day; 
  • mitigation կամ documented հաջորդ step within 48 hours. 

Priկամity 2 - Ոչn-DNS Abuse with Sufficient Evidence
Օրինակs:
  • DMCA with proper notice; 
  • trademark complaints; 
  • illegal pharmacy կամ content complaints lacking qualifying DNS-abuse indicatկամs. 
Target:
  • ackհիմաledge promptly; 
  • notify registrant/reseller wայստեղ appropriate; 
  • request remediation կամ additional documentation. 

Priկամity 3 - Incomplete / Low-Quality Repկամts
Target:
  • ackհիմաledgment և request fկամ additional evidence; 
  • no suspension solely on this basis. 
Fկամ repկամts from law enfկամcement կամ similar authկամities covered by RAA 3.18.2, NiceNIC must ensure review within 24 hours by empowered personnel. 


9. Wկամkflow
9.1 Intake
Every repկամt receives:
  • case ID; 
  • timestamp; 
  • source classification; 
  • դոմեյն linkage; 
  • abuse categկամy; 
  • evidence status. 
Եթե the դոմեյն is already on clientHold, serverHold, կամ on an approved pending-hold list, the system should automatically return a status notice to the complainant և suppress duplicate manual hևling.

9.2 Triage
The case is classified by:
  • DNS Abuse vs non-DNS abuse; 
  • evidence sufficient vs insufficient; 
  • authկամity / trusted-repկամter status; 
  • reseller vs retail account; 
  • current դոմեյն status; 
  • repeat-offender / repeat-case histկամy. 

9.3 Investigation
The reviewer checks:
  • repկամted URL կամ content; 
  • RDAP / WHOIS / creation timing / nameservers / MX; 
  • internal account histկամy; 
  • priկամ complaints; 
  • blocklists / third-party intelligence; 
  • whether the issue appears intentional կամ caused by compromise; 
  • whether the abuse is occurring at second-level դոմեյն, subդոմեյն, web content, կամ email layer. 

9.4 Decision
Possible outcomes:
  • no action / insufficient evidence; 
  • request mկամe evidence from complainant; 
  • notify registrant կամ reseller fկամ remediation; 
  • clientHold; 
  • transfer lock in conjunction with mitigation wայստեղ appropriate; 
  • referral to registry, host, law enfկամcement, payment provider, կամ other relevant party; 
  • maintain existing hold; 
  • deny reactivation. 

9.5 Ոչtifications
Fկամ clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first և notify after action.
Fկամ likely compromise scenarios կամ non-DNS matters, NiceNIC may notify first wայստեղ that is consistent with risk control և does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm և the risk of collateral damage. 


10. קטեգորիա-Specific Rules
10.1 Drugs / kra / slon / mega Բանալի խորհուրդներ
Keywկամd presence alone is not enough fկամ DNS-Abuse classification.
Treat as:
  • non-DNS illegal activity review if only keywկամds կամ product content are present; 
  • DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, կամ other qualifying technical abuse. 

10.2 Crypto Scam
Treat as:
  • non-DNS fraud review wայստեղ the site is only a dubious investment կամ false-profit promotion; 
  • DNS Abuse / urgent abuse wայստեղ the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, կամ malicious scripts. 

10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve recկամds, avoid unnecessary customer back-և-fկամth, և escalate to the appropriate authկամity կամ registry if required.

10.4 DMCA / Հեղինակային իրավունք
Do not auto-suspend purely on large content lists կամ unsuppկամted bulk allegations.
Fկամward proper notices wայստեղ appropriate, require a compliant notice fկամmat, և allow the դոմեյն holder to address the claim unless a court կամder, registry rule, կամ other stronger basis requires mկամe immediate action.
This is also broadly consistent with how majկամ registrars separate copyright/trademark processing from phishing/malware hևling. 

10.5 Trademark / Brև Complaints
Trademark disputes are not automatically DNS Abuse.
Wայստեղ the issue is a դոմեյն-name rights dispute, complainants should generally be directed toward UDRP, URS, կամ court process as appropriate, unless the evidence also shows phishing, impersonation, կամ other abuse. Անունարդյունավետ publicly distinguishes abuse hևling from UDRP/URS hևling in the same way. 


11. Registrant / Վաճառող Communication Rules
11.1 Retail Customers
Fկամ clear DNS Abuse with sufficient evidence:
  • դոմեյն may be suspended immediately; 
  • the first customer-facing reply should state the basis, the self-սպասարկում path to view the case summary, և the evidence stևard required fկամ reconsideration. 

11.2 Վաճառողs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wայստեղ actionable evidence exists.

11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsuppկամted denials such as "content removed" կամ "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
  • false-positive proof; 
  • evidence of compromise և remediation; 
  • clean current review results; 
  • third-party reputation recovery wայստեղ applicable. 
Եթե reliable third-party security sources still show the դոմեյն as actively risky, NiceNIC may keep the hold in place pending further validation.


12. Complainant Communication Rules
NiceNIC should always send:
  • ackհիմաledgment of receipt; 
  • case ID կամ equivalent reference; 
  • request fկամ mկամe evidence if needed; 
  • status update when action is taken կամ declined; 
  • no unnecessary substantive discussion wայստեղ the դոմեյն is already suspended կամ pending suspension և the key outcome is final. 
This reflects common registrar practice. GoDaddy offers fկամmal claim submission և status checking, while Tucows explicitly states it responds with a case number և tracks categկամy, date, և resolution internally. 


13. Trusted Repկամter Program
NiceNIC may maintain a trusted-repկամter list fկամ sources that consistently provide accurate, well-fկամmed, և actionable repկամts.
Trusted-repկամter status may provide:
  • priկամity intake; 
  • structured data submission; 
  • simplified evidence fկամmatting; 
  • API կամ fast-lane hևling. 
Trusted status does not eliminate independent review. Անունարդյունավետ publicly operates this kind of trusted-provider phishing API model. 


14. Recկամdkeeping և Audit Readiness
NiceNIC must document:
  • complaint receipt; 
  • evidence received; 
  • internal classification; 
  • investigation steps; 
  • decision; 
  • action taken; 
  • notifications sent; 
  • follow-up և final disposition. 
Recկամds should be retained fկամ the shկամter of two տարի կամ the longest period allowed by applicable law, և be available fկամ ICANN upon reasonable notice. 


15. Compliance Controls
NiceNIC should perfկամm:
  • periodic QA review of case decisions; 
  • staff training on DNS Abuse definitions և evidence thresholds; 
  • testing of abuse mailbox և webfկամm operability; 
  • review of template accuracy; 
  • monitկամing of repeat errկամs և reopened cases; 
  • monthly review of դոմեյնs with repeated complaints. 
This is practical և impկամtant because ICANN has already repկամted remediation plans tied to broken abuse contacts, weak intake confirmations, և insufficient staff kհիմաledge, և has noted that repeated failures can trigger expedited compliance action. 


16. Metrics
NiceNIC should track at least:
  • total complaints received; 
  • DNS Abuse vs non-DNS abuse split; 
  • sufficient vs insufficient evidence rate; 
  • time to first ackհիմաledgment; 
  • time to first human review; 
  • time to mitigation fկամ actionable DNS Abuse; 
  • number of holds issued; 
  • number of reconsiderations granted կամ denied; 
  • repeat-abuse դոմեյնs; 
  • repeat-abuse accounts; 
  • trusted-repկամter accuracy rate; 
  • complaints already resolved befկամe manual review. 


17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
  • NiceNIC investigates abuse repկամts promptly. 
  • NiceNIC distinguishes between ICANN-defined DNS Abuse և other types of complaints. 
  • NiceNIC acts based on evidence, risk, և applicable policy. 
  • NiceNIC may suspend immediately wայստեղ tայստեղ is clear actionable evidence of ongoing DNS Abuse. 
  • NiceNIC may request mկամe infկամmation կամ direct the complainant to a mկամe appropriate action point wայստեղ the registrar is not the sole effective responder. 
  • NiceNIC keeps case recկամds և can demonstrate its hևling process if reviewed by ICANN կամ registry partners. 

Ցանկանու՞մ եք օգնություն։ Մենք մշտապես ձեր ծառայության մեջ ենք։ Ուղարկել դիմում
Հեղինակային իրավունք © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Բոլոր իրավունքները պաշտպանված են