X
Đã đăng: 2026-04-02 | Đã cập nhật: 2026-04-02
NiceNIC Abuse Hvàling Manual

1. Purpose
NiceNIC maintains this Abuse Hvàling Manual to ensure that abuse complaints involving tên miền names sponshoặced by NiceNIC are received, assessed, tracked, investigated, và addressed in a consistent, documented, và risk-based manner.
This manual is designed to achieve four outcomes at the same time:
 1.protect Internet users và affected parties from ongoing harm; 
 2.meet NiceNIC's contractual obligations as an ICANN-accredited registrar; 
 3.provide fair, predictable, và documented hvàling fhoặc registrants và resellers; 
 4.demonstrate a clear, defensible, và auditable abuse response process. 
NiceNIC will investigate abuse rephoặcts promptly và will take mitigation actions that are reasonably necessary based on the quality of the evidence, the nature of the rephoặcted activity, the likelihood of ongoing harm, và the risk of collateral damage to legitimate Dịch vụs. This approach is aligned with Section 3.18 of the 2013 RAA và ICANN's 2024 DNS Abuse Advishoặcy. 

2. Scope
This manual applies to:
  • tên miền names sponshoặced by NiceNIC; 
  • abuse rephoặcts submitted by individuals, companies, security researchers, trusted rephoặcters, registries, law enfhoặccement, hoặc other authhoặcities; 
  • retail customers và reseller-managed names; 
  • both DNS Abuse và non-DNS abuse hoặc illegal-activity complaints. 
This manual does not mean that every complaint will result in suspension. NiceNIC will act acchoặcding to the applicable contractual framewhoặck, registry rules, NiceNIC's Acceptable Use / Abuse Policy, và the evidence available in each case.


3. Definitions
3.1 ICANN Contractual DNS Abuse
Fhoặc NiceNIC's contractual compliance purposes, DNS Abuse means:
  • malware 
  • botnets 
  • phishing 
  • pharming 
spam only when used as a delivery mechanism fhoặc one of the four categhoặcies above. 

3.2 NiceNIC Expvàed High-Risk Abuse Categhoặcies
NiceNIC may also classify certain matters as Expvàed High-Risk Abuse Categhoặcies under its own abuse và risk rules, even wtại đây they are not automatically ICANN-defined DNS Abuse. These may include:
  • child sexual abuse material (CSAM) hoặc child exploitation content; 
  • illicit drug sales hoặc high-risk narcotics content; 
  • crypto fraud schemes; 
  • content creating imminent risk of serious harm; 
  • other illegal activity wtại đây urgent action is justified by law, registry policy, competent authhoặcity request, hoặc clear risk evidence. 
These categhoặcies must be assessed carefully. They are not automatically treated as ICANN DNS Abuse unless the evidence also shows phishing, malware, botnet activity, pharming, hoặc qualifying spam. Tucows publicly describes a similar distinction between choặce DNS Abuse và broader content abuses it may act on at the DNS level. 

3.3 Khôngn-DNS Abuse / Other Complaints
These commonly include:
  • trademark disputes; 
  • DMCA / copyright claims; 
  • adult content; 
  • gambling hoặc gaming content; 
  • misleading hoặc fraudulent content without technical DNS-abuse evidence; 
  • pharmacy / drug content without qualifying DNS-abuse indicathoặcs; 
  • general policy violations. 
These complaints may still be investigated và hvàled, but they do not automatically justify DNS-level suspension.


4. Guiding Principles
NiceNIC hvàles abuse rephoặcts acchoặcding to the following principles:
  • Evidence first. NiceNIC does not take DNS-level action based on keywhoặcds, assumptions, hoặc unsupphoặcted allegations alone. 
  • Risk-based response. Faster và stronger action applies wtại đây the evidence is actionable và the harm is ongoing hoặc severe. 
  • Least necessary disruption. NiceNIC may choose a mitigation method other than immediate suspension wtại đây the evidence indicates a compromise scenario và a full hold would create disprophoặctionate collateral damage. 
  • Consistency và documentation. Every case must be categhoặcized, tracked, và rechoặcded. 
  • Clear separation of roles. NiceNIC is a registrar. In many cases, the hosting provider, platfhoặcm operathoặc, payment processhoặc, hoặc law enfhoặccement may also be a relevant hoặc mhoặce effective action point. 
This risk-based và collateral-damage-aware model matches ICANN's advishoặcy, which states that the appropriate mitigation action may vary by circumstances và that suspension is not the only possible response. 


5. Rephoặcting Channels
NiceNIC shall maintain:
  • a public abuse contact email on its website homepage hoặc designated abuse page; 
  • a published description of how abuse rephoặcts are received, hvàled, và tracked; 
  • a dedicated 24/7 monithoặced abuse contact point fhoặc law enfhoặccement và similar authhoặcities as required under the RAA. 
NiceNIC may accept abuse rephoặcts through:
  • abuse mailbox; 
  • supphoặct ticket system; 
  • webfhoặcm; 
  • trusted-rephoặcter channel; 
  • registry escalation; 
  • law-enfhoặccement / government channel. 


6. Minimum Infhoặcmation Required in a Complaint
Đến be processed efficiently, a complaint should include:
  • the rephoặcted tên miền name; 
  • the specific abusive URL, if any; 
  • a clear description of the alleged abuse; 
  • screenshots showing the content và the full URL; 
  • full email headers wtại đây email abuse, phishing, hoặc fraud is involved; 
  • supphoặcting evidence such as invoices, logs, malware analysis, blocklist results, hoặc impersonation details; 
  • complainant contact infhoặcmation; 
  • proof of authhoặcization wtại đây the complainant acts on behalf of a brvà hoặc victim entity. 
This matches both ICANN's recent complaint guidance và market practice published by registrars such as Têngiá rẻ. 


7. Evidence Stvàards
7.1 Hành độngable Evidence
Evidence is actionable when the infhoặcmation reasonably available to NiceNIC is sufficient to determine that the sponshoặced tên miền name is being used fhoặc DNS Abuse hoặc other enfhoặcceable abuse activity.
Ví dụs include:
  • a phishing page screenshot showing the full URL và impersonated brvà; 
  • a phishing email with full headers và linked malicious URL; 
  • malware hoặc exploit delivery from the rephoặcted tên miền hoặc URL; 
  • reputation/blocklist data that supphoặcts the rephoặcted conduct; 
  • evidence of wallet-drainer code, seed-phrase theft, fake login harvesting, hoặc credential capture; 
  • multiple consistent signals from trusted hoặc recognized sources. 
ICANN's current guidance uses this same "actionable evidence" stvàard và makes clear that registrars may also consider infhoặcmation they can reasonably access themselves. 

7.2 Insufficient Evidence
Evidence is insufficient wtại đây the complaint contains only:
  • a tên miền name with no abusive URL; 
  • keywhoặcds only; 
  • allegations without screenshots, headers, logs, hoặc other supphoặct; 
  • general statements that a name "looks suspicious"; 
  • pure brvà conflict allegations without abuse evidence. 
When evidence is insufficient, NiceNIC will request mhoặce infhoặcmation rather than taking immediate DNS-level action, unless independent internal review hoặc trusted-source data supplies the missing basis.

7.3 Third-Party Intelligence
NiceNIC may consider third-party signals such as:
  • reputable blocklists / RBLs; 
  • malware hoặc phishing feeds; 
  • reputation Dịch vụs; 
  • prihoặc internal case histhoặcy. 
Such signals are supphoặcting facthoặcs, not a substitute fhoặc judgment. ICANN's enfhoặccement materials expressly note that screenshots, RBL infhoặcmation, prihoặc case histhoặcy, EPP status changes, MX rechoặcds, và the registrar's own investigation can all be relevant to compliance review. 


8. Case Prihoặcity và Internal SLA
NiceNIC adopts the following internal operating targets. These are NiceNIC internal SLAs, not statements of ICANN-mvàated fixed deadlines.
Prihoặcity 0 - Emergency / Active Harm
Ví dụs:
  • active phishing harvesting credentials hoặc payment data; 
  • malware delivery; 
  • botnet / commvà-và-control use; 
  • CSAM; 
  • law-enfhoặccement emergency notice; 
  • wallet-drainer hoặc seed-phrase theft infrastructure. 
Target:
  • first review immediately; 
  • decision as fast as reasonably possible; 
  • wtại đây actionable, mitigation nhoặcmally within 24 hours, và no later than 48 hours absent exceptional facts. 

Prihoặcity 1 - High-Risk Hành độngable Abuse
Ví dụs:
  • clear impersonation fraud; 
  • repeat abuse linked to the same registrant/account; 
  • tên miềns already flagged by reliable third-party sources with choặcrobhoặcating evidence. 
Target:
  • review within 1 business day; 
  • mitigation hoặc documented tiếp theo step within 48 hours. 

Prihoặcity 2 - Khôngn-DNS Abuse with Sufficient Evidence
Ví dụs:
  • DMCA with proper notice; 
  • trademark complaints; 
  • illegal pharmacy hoặc content complaints lacking qualifying DNS-abuse indicathoặcs. 
Target:
  • ackngayledge promptly; 
  • notify registrant/reseller wtại đây appropriate; 
  • request remediation hoặc additional documentation. 

Prihoặcity 3 - Incomplete / Low-Quality Rephoặcts
Target:
  • ackngayledgment và request fhoặc additional evidence; 
  • no suspension solely on this basis. 
Fhoặc rephoặcts from law enfhoặccement hoặc similar authhoặcities covered by RAA 3.18.2, NiceNIC must ensure review within 24 hours by empowered personnel. 


9. Whoặckflow
9.1 Intake
Every rephoặct receives:
  • case ID; 
  • timestamp; 
  • source classification; 
  • tên miền linkage; 
  • abuse categhoặcy; 
  • evidence status. 
Nếu the tên miền is already on clientHold, serverHold, hoặc on an approved pending-hold list, the system should automatically return a status notice to the complainant và suppress duplicate manual hvàling.

9.2 Triage
The case is classified by:
  • DNS Abuse vs non-DNS abuse; 
  • evidence sufficient vs insufficient; 
  • authhoặcity / trusted-rephoặcter status; 
  • reseller vs retail account; 
  • current tên miền status; 
  • repeat-offender / repeat-case histhoặcy. 

9.3 Investigation
The reviewer checks:
  • rephoặcted URL hoặc content; 
  • RDAP / WHOIS / creation timing / nameservers / MX; 
  • internal account histhoặcy; 
  • prihoặc complaints; 
  • blocklists / third-party intelligence; 
  • whether the issue appears intentional hoặc caused by compromise; 
  • whether the abuse is occurring at second-level tên miền, subtên miền, web content, hoặc email layer. 

9.4 Decision
Possible outcomes:
  • no action / insufficient evidence; 
  • request mhoặce evidence from complainant; 
  • notify registrant hoặc reseller fhoặc remediation; 
  • clientHold; 
  • transfer lock in conjunction with mitigation wtại đây appropriate; 
  • referral to registry, host, law enfhoặccement, payment provider, hoặc other relevant party; 
  • maintain existing hold; 
  • deny reactivation. 

9.5 Khôngtifications
Fhoặc clear, actionable, ongoing DNS Abuse, NiceNIC may suspend first và notify after action.
Fhoặc likely compromise scenarios hoặc non-DNS matters, NiceNIC may notify first wtại đây that is consistent with risk control và does not materially increase harm.
This distinction is consistent with ICANN's position that mitigation may vary depending on the harm và the risk of collateral damage. 


10. Danh mục-Specific Rules
10.1 Drugs / kra / slon / mega Từ khóa
Keywhoặcd presence alone is not enough fhoặc DNS-Abuse classification.
Treat as:
  • non-DNS illegal activity review if only keywhoặcds hoặc product content are present; 
  • DNS Abuse / urgent abuse if the evidence shows fake login, fake payment collection, credential theft, malicious redirection, malware, hoặc other qualifying technical abuse. 

10.2 Crypto Scam
Treat as:
  • non-DNS fraud review wtại đây the site is only a dubious investment hoặc false-profit promotion; 
  • DNS Abuse / urgent abuse wtại đây the evidence shows wallet connection theft, seed phrase collection, private key theft, drainer code, impersonated exchange login, hoặc malicious scripts. 

10.3 CSAM / Child Exploitation
Treat as immediate high-risk abuse. Escalate internally without delay. Preserve rechoặcds, avoid unnecessary customer back-và-fhoặcth, và escalate to the appropriate authhoặcity hoặc registry if required.

10.4 DMCA / Bản quyền
Do not auto-suspend purely on large content lists hoặc unsupphoặcted bulk allegations.
Fhoặcward proper notices wtại đây appropriate, require a compliant notice fhoặcmat, và allow the tên miền holder to address the claim unless a court hoặcder, registry rule, hoặc other stronger basis requires mhoặce immediate action.
This is also broadly consistent with how majhoặc registrars separate copyright/trademark processing from phishing/malware hvàling. 

10.5 Trademark / Brvà Complaints
Trademark disputes are not automatically DNS Abuse.
Wtại đây the issue is a tên miền-name rights dispute, complainants should generally be directed toward UDRP, URS, hoặc court process as appropriate, unless the evidence also shows phishing, impersonation, hoặc other abuse. Têngiá rẻ publicly distinguishes abuse hvàling from UDRP/URS hvàling in the same way. 


11. Registrant / Đại lý Communication Rules
11.1 Retail Customers
Fhoặc clear DNS Abuse with sufficient evidence:
  • tên miền may be suspended immediately; 
  • the first customer-facing reply should state the basis, the self-Dịch vụ path to view the case summary, và the evidence stvàard required fhoặc reconsideration. 

11.2 Đại lýs
NiceNIC may choose to notify the reseller rather than any downstream sub-user.
However, reseller status does not delay urgent mitigation wtại đây actionable evidence exists.

11.3 Reconsideration / Reactivation
NiceNIC will not lift a hold based on unsupphoặcted denials such as "content removed" hoặc "it was already deleted" alone.
Reconsideration requires new, verifiable evidence such as:
  • false-positive proof; 
  • evidence of compromise và remediation; 
  • clean current review results; 
  • third-party reputation recovery wtại đây applicable. 
Nếu reliable third-party security sources still show the tên miền as actively risky, NiceNIC may keep the hold in place pending further validation.


12. Complainant Communication Rules
NiceNIC should always send:
  • ackngayledgment of receipt; 
  • case ID hoặc equivalent reference; 
  • request fhoặc mhoặce evidence if needed; 
  • status update when action is taken hoặc declined; 
  • no unnecessary substantive discussion wtại đây the tên miền is already suspended hoặc pending suspension và the key outcome is final. 
This reflects common registrar practice. GoDaddy offers fhoặcmal claim submission và status checking, while Tucows explicitly states it responds with a case number và tracks categhoặcy, date, và resolution internally. 


13. Trusted Rephoặcter Program
NiceNIC may maintain a trusted-rephoặcter list fhoặc sources that consistently provide accurate, well-fhoặcmed, và actionable rephoặcts.
Trusted-rephoặcter status may provide:
  • prihoặcity intake; 
  • structured data submission; 
  • simplified evidence fhoặcmatting; 
  • API hoặc fast-lane hvàling. 
Trusted status does not eliminate independent review. Têngiá rẻ publicly operates this kind of trusted-provider phishing API model. 


14. Rechoặcdkeeping và Audit Readiness
NiceNIC must document:
  • complaint receipt; 
  • evidence received; 
  • internal classification; 
  • investigation steps; 
  • decision; 
  • action taken; 
  • notifications sent; 
  • follow-up và final disposition. 
Rechoặcds should be retained fhoặc the shhoặcter of two năm hoặc the longest period allowed by applicable law, và be available fhoặc ICANN upon reasonable notice. 


15. Compliance Controls
NiceNIC should perfhoặcm:
  • periodic QA review of case decisions; 
  • staff training on DNS Abuse definitions và evidence thresholds; 
  • testing of abuse mailbox và webfhoặcm operability; 
  • review of template accuracy; 
  • monithoặcing of repeat errhoặcs và reopened cases; 
  • monthly review of tên miềns with repeated complaints. 
This is practical và imphoặctant because ICANN has already rephoặcted remediation plans tied to broken abuse contacts, weak intake confirmations, và insufficient staff kngayledge, và has noted that repeated failures can trigger expedited compliance action. 


16. Metrics
NiceNIC should track at least:
  • total complaints received; 
  • DNS Abuse vs non-DNS abuse split; 
  • sufficient vs insufficient evidence rate; 
  • time to first ackngayledgment; 
  • time to first human review; 
  • time to mitigation fhoặc actionable DNS Abuse; 
  • number of holds issued; 
  • number of reconsiderations granted hoặc denied; 
  • repeat-abuse tên miềns; 
  • repeat-abuse accounts; 
  • trusted-rephoặcter accuracy rate; 
  • complaints already resolved befhoặce manual review. 


17. External-Facing Positioning
NiceNIC should describe its abuse system publicly in language like this:
  • NiceNIC investigates abuse rephoặcts promptly. 
  • NiceNIC distinguishes between ICANN-defined DNS Abuse và other types of complaints. 
  • NiceNIC acts based on evidence, risk, và applicable policy. 
  • NiceNIC may suspend immediately wtại đây ttại đây is clear actionable evidence of ongoing DNS Abuse. 
  • NiceNIC may request mhoặce infhoặcmation hoặc direct the complainant to a mhoặce appropriate action point wtại đây the registrar is not the sole effective responder. 
  • NiceNIC keeps case rechoặcds và can demonstrate its hvàling process if reviewed by ICANN hoặc registry partners. 

Cần hỗ trợ? Chúng tôi luôn ở đây vì bạn. Gửi yêu cầu hỗ trợ
Bản quyền © 2006-2026 NICENIC INTERNATIONAL GROUP CO., LIMITED Đã đăng ký bản quyền