Abuse Reporting & Handling Policy
Last Updated: 10 March 2025
Status: Website‑posted policy (not separately signed)
Contact: [email protected]
This Policy explains how to report abuse related to our network and Services, what evidence to include, how we respond, and potential enforcement actions. It complements our General Terms of Service and Acceptable Use Policy (AUP). If there is a conflict, the General Terms control; where the AUP is more protective or restrictive for security or lawful use, the AUP controls.
1. What Is “Abuse” Under This Policy
Abuse includes, without limitation:
- Security incidents: unauthorized access, exploitation, C2/botnet hosting, credential stuffing, brute‑force, malware distribution.
- Network abuse: DDoS attacks, amplification/reflection, port scanning beyond your own assets, traffic spoofing, open resolvers/relays used for abuse.
- Email/messaging abuse: spam, phishing, spoofing, header forgery, failure to honor opt‑outs.
- Content infringement/illegality: copyright or trademark violations (DMCA‑style), illegal content, court‑ordered takedowns.
- Privacy violations: unlawful collection/processing of personal data, doxxing, illicit data sales or leaks.
Note: We are a neutral infrastructure provider. We do not collect or store Customer Content or personal data processed via the Services, and we do not have routine access to customers’ data or systems. We cannot monitor customer content or grant access to it. Any request for customer data requires valid legal process.
2. How to Report Abuse
Email: [email protected]
Subject line format: ABUSE: <type> – <IP/Host/Domain> – <date UTC>
Include as much of the following as possible:
- Your details: name, organization, role, and contact email/phone. If you are reporting on behalf of a rights holder, include authority/authorization.
- Incident summary: abuse type, brief narrative of what happened and observed impact.
- Event identifiers: source and destination IP addresses, ports, hostnames/domains, URLs.
- Timestamps (UTC): precise start/end times with time zone (UTC preferred) and evidence of recurrence if applicable.
- Logs/evidence: relevant log excerpts, full email headers (for spam/phishing), HTTP logs, NetFlow/PCAP (attach as files), screenshots.
- Samples: for malware/phishing, provide indicators (hashes, URLs). Do not send binaries or archives; if additional evidence is needed, our abuse desk will provide secure submission instructions.
- Volume/scale: number of events, messages, targets, or bandwidth observed.
- Desired outcome: e.g., takedown, contact customer, block port, null‑route, information request.
- Legal basis (if any): court order, copyright notice, regulatory citation, or preservation request.
- Additional details & proofs (optional): any other relevant context, artifacts, correspondence, screenshots, legal notices, or evidence that may help us verify and remediate.
To protect privacy (including GDPR) and reduce malware/IP‑tracking risks, we accept attachments only in .txt (plain text), .pcap (packet captures), or .png/.jpg/.jpeg (screenshots). Do not send archives or binary/document formats (e.g., .zip, .rar, .7z, .exe, .dll, .pdf, .docx/xlsx, .eml, disk images, or cloud links). If other evidence is necessary, our abuse desk will request it and provide instructions.
3. Category‑Specific Requirements
- Spam/Phishing: provide the message full headers and body as .txt (paste into the email or attach a .txt file). Screenshots (.png/.jpg) of the message body may be included as supplementary evidence. Include sending IP, envelope‑from, and SMTP transcript if available.
- Network Attacks (DDoS/Scanning/Exploits): provide NetFlow/PCAP or firewall/IDS logs showing 5‑tuple (src/dst IP/port + protocol), timestamps, and sample packets.
- Malware Hosting/C2: include URLs, file hashes (SHA‑256 preferred), VT links (optional), and server path(s).
- Copyright/Trademark (DMCA‑style): include the allegedly infringing material URL, rights holder identity, a statement of good‑faith belief, and a statement under penalty of perjury that the information is accurate and you are authorized to act for the owner; include an electronic signature.
- Child Sexual Abuse Material (CSAM); Terrorism & Violent Extremism; Human Trafficking & Exploitation: do not send illegal image/video content. Report immediately to law enforcement and your national hotline (for CSAM) or your national counter‑terrorism/anti‑trafficking authority. We will immediately disable access to the reported material/servers, notify law enforcement as required, and may preserve minimal technical logs as required by law.
4. Our Process & Response Times
- Acknowledgement: We acknowledge receipt by email with a ticket number within 24 hours (sooner for critical reports).
- Triage & Severity: We classify reports:
- S0 – Critical (immediate harm / legal imperative): e.g., CSAM, active DDoS from our network, active malware distribution/C2. Action may be immediate without notice (null‑route, port block, suspension).
- S1 – High: phishing kits, credential harvesting, confirmed compromise with risk to others. We contact the customer and require rapid remediation.
- S2 – Moderate: spam/reputation issues, misconfiguration enabling abuse.
- S3 – Low: policy/content disputes without clear legal basis.
- Customer Contact: For S1–S3, we forward relevant portions of the complaint to the customer (redacting reporter details upon request where feasible) and require a remediation plan.
- Response windows required from customer: S1: acknowledge within 1 Business Day, remediate within 24–48 hours; S2: remediate within 5 Business Days; S3: as agreed.
- Reporter Updates: We will confirm that we have contacted the customer and whether mitigating actions were taken. We may not share sensitive account details or data.
5. Enforcement Actions (Consequences)
If a report is validated or the customer fails to remediate on time, we may take one or more actions, at our discretion:
- Warning and remediation requirements;
- Traffic shaping or rate‑limiting;
- Port blocks or service‑level restrictions;
- IP null‑routing or reassignment;
- Temporary suspension of the affected server/service;
- Account suspension or termination for repeated or egregious violations;
- Referral to law enforcement where required.
We may take immediate protective action without prior notice for S0/S1 cases.
6. Preservation, Data Access & Privacy
- Preservation: Upon receiving a valid legal preservation request, we will preserve minimal technical logs/metadata reasonably necessary to honor that request for up to 90 days (or as required by law).
- No Routine Access: We do not have routine access to customer data or systems and cannot provide content or credentials.
- Sharing of Reports: We may share necessary portions of your report with the impacted customer and, if legally required, with authorities or other network operators for incident response.
- Reporter Privacy: If you request that your identity be withheld from the customer, we will attempt to redact identifying information where feasible, but compliance may limit our ability to act on the report.
7. Law‑Enforcement & Legal Requests
Law‑enforcement and regulatory bodies may use [email protected]. Please include: agency name, case number, legal authority, specific identifiers (IP/host/domain), and time range (UTC). We require valid legal process for any disclosure. Emergency requests should be clearly labeled EMERGENCY in the subject line.
8. Bad‑Faith or Incomplete Reports
We may close or deprioritize reports that lack sufficient evidence, are frivolous, or appear to be in bad faith. Repeat abusive reporting may be blocked.
9. Relationship to Other Documents
This Policy complements our General Terms, AUP, and Privacy Policy. By using the Services, customers agree to comply with those documents. Where this Policy is silent, those documents apply.
10. Abuse Report Email Template
You can copy/paste the following and email it to [email protected]:
Subject: ABUSE: <type> – <IP/Host/Domain> – <date UTC>
Your name & organization:
Contact email & phone:
Authority (if reporting for a rights holder / LE):
Type of abuse (pick one): Security / Network / Email / Phishing / Malware / Infringement / Privacy / Other
Incident summary (2–5 sentences):
Affected IP/Host/Domain:
Timestamps (UTC) and time zone:
Evidence (attach .txt/.pcap/.png/.jpg):
Volume/scale (messages, bandwidth, targets):
Desired action (takedown, block, notify customer, other):
Legal basis (if any):
I certify that the information provided is accurate and that I am authorized to submit this report.
Signature (type your name):
Date (UTC):
11. Updates to This Policy
We may update this Policy from time to time. Each version is dated on this page. Material changes will be highlighted. Continued use of the Services after an update constitutes acceptance.