This Blog Has Been Noticed

Nicenic has noticed this blog but refuses to change or address this problem.
If you mention it in their support contact form, they will ban your account for 'engaging in copyright and trademark infringement and defamation'.
Other companies have also noticed and referenced this site, including: potato.tf

How Nicenic is Helping Cyber Criminals

Offering bulletproof services, sharing emails with bad actors, refusing to take down phishing sites.

Nicenic has always had a shady history when it comes to its business practices - specifically around registering fraudulent domains and “helping” bad actors through weak abuse procedures and questionable email marketing campaigns. What might appear to be a legitimate ICANN-accredited registrar on the surface is, in reality, a company repeatedly tied to cybercriminal activity and deliberate negligence.

Instead of protecting internet users, Nicenic has become a tool for scammers, phishers, and other online criminals to hide behind. Its ongoing refusal to act on abuse complaints, its willingness to share reporter information with the very people being reported, and its marketing directed toward shady clients all reveal a pattern of behavior that is not just negligent - it’s complicit.

This article is part of a multi-part investigation exposing how Nicenic operates, the damage it enables across the internet, and why its continued accreditation poses a direct threat to online safety.

Part 1: A Registrar with a History of Negligence

Nicenic is an ICANN-accredited domain registrar based in San Po Kong, Hong Kong. On paper, it looks legitimate - yet behind that facade lies a track record of fraudulent activity and refusal to cooperate with abuse investigators.

According to numerous independent reports and firsthand accounts, Nicenic has:

  • Offered “bulletproof” domain services to known cybercriminals.
  • Shared reporters’ and whistleblowers’ personal contact information with attackers.
  • Refused to remove confirmed phishing and scam domains even after overwhelming evidence.
  • Allowed harassment and threats against individuals who reported its abusive clients.

Under ICANN’s Registrar Accreditation Agreement (RAA), registrars must act against DNS abuse such as phishing and malware. Nicenic’s consistent refusal to enforce these rules suggests not incompetence - but deliberate disregard for safety and compliance.

Part 2: Exposing Reporters and Aiding Phishers

One of the most dangerous aspects of Nicenic’s operation is its abuse reporting process. When someone submits a complaint about a phishing domain, Nicenic automatically forwards that report - including the complainant’s email address - directly to the domain’s owner.

In other words, Nicenic hands personal contact information straight to the cybercriminal being reported. This reckless behavior has resulted in victims, researchers, and journalists being harassed and threatened.

Nicenic’s abuse process directly exposes reporters to the criminals they report.

Many who tried to report phishing activity through Nicenic later received threatening emails from the same actors - clear proof that their personal data had been shared. This is not only unethical but also a violation of GDPR and CCPA privacy laws.

Nicenic even admits to this on its own abuse page (nicenic.net/reportabuse.php), where it states that reporter details are shared with registrants. For a company dealing with phishing and fraud daily, this is not just negligent - it’s actively dangerous.

Part 3: Violating ICANN Rules

ICANN’s Registrar Accreditation Agreement requires registrars to maintain functioning WHOIS/RDAP services and to respond quickly to abuse reports. Nicenic has repeatedly ignored these obligations.

  • Its RDAP/WHOIS services have frequently been broken, blocking investigators from accessing domain data.
  • Phishing and scam domains remain online for weeks or months after being reported.
  • Complainant data is shared without consent, violating privacy laws.
  • Nicenic has even ignored official legal orders and takedown requests.
Nicenic’s RDAP service repeatedly fails - a breach of ICANN’s technical requirements.

Part 4: Marketing to Criminals

Nicenic’s behavior goes beyond negligence - it appears to actively market to criminals. The company has sent out promotional emails boasting of “fewer abuse reports” and “bulletproof services,” a phrase commonly used among cybercrime communities to mean “hard to take down.”

Nicenic’s promotional email blatantly appeals to cybercriminals seeking impunity.

These campaigns are not one-offs - they form a pattern. In another email, Nicenic encourages people to register with them for domains that supposedly receive “fewer abuse complaints,” an implicit nod to the criminal underground.

I asked them on Telegram if they offer bulletproof domains

This image was sent to me by another security researcher I was working with, who contacted Nicenic on a new Telegram account (@NiceNIC_NET) and asked them if they sold bulletproof domains. Nicenic responded with something similar to their marketing email; however, they also admitted that they would turn off WHOIS if possible on domains and that they helped who they believed was a cybercriminal using their services.

Even more concerning, Nicenic maintains an active account on BlackHatWorld - a forum infamous for discussions around hacking, spamming, and black-hat SEO tactics. This alone should raise red flags about who Nicenic considers its “community.”

Part 5: Examples of Nicenic’s Horrible Abuse System

Currently, there abuse system is currently 'broken' meaning that complaints you send to abuse@nicenic.net or create via their ticket system website will be automatically closed and never reviewed. I have tried to tell them about this multiple times however they just ignore it meaning that the only reason behind this is that it's intentional and they dont care about it?


Firstly, I'd like to mention security researchers like @IllegalFawn and how their experience is very similar to others. The below screenshot shows the case of one domain by @IllegalFawn illustrating how Nicenic’s abuse system loops endlessly, sending automated, meaningless replies to legitimate reports—a convenient way to ignore responsibility while pretending to “respond.”

Below you can find multiple examples from different domains of Nicenic's abuse process.

Case 1: Steam phishing domain

In this example, the domain was very obviously intentionally made for phishing against the gaming service Steam however instead of suspending the domain like any other registrar who cares. Nicenic decided it would be their mission to protect this domain name from getting taken down by constantly stating that there was insufficient evidence and parsing the complaint along to the owner of this phishing domain who just moved the phishing content to a different path causing Nicenic to close the complaint and the security researcher having to reply constantly just for no action to be taken.

Conclusion

Nicenic’s track record speaks for itself: a registrar that aids criminals, ignores victims, and undermines trust on the internet. By refusing to enforce abuse policies and openly marketing to bad actors, Nicenic has chosen to side with profit and secrecy over ethics and accountability.

Every minute this registrar continues operating unchecked, more phishing attacks, scams, and data breaches will occur under its umbrella. ICANN and global regulators must act - Nicenic’s accreditation should be suspended until it can prove it is no longer a haven for cybercriminals.

If you are a registry or are providing services to this criminal registrar, please contact us at contact@nicenic.blog.