Acceptable Use Policy

This Acceptable Use Policy (the “AUP”) governs use of the network, transit, IP, DDoS-mitigation, and related services (collectively, the “Services”) provided by Wirescope, Inc. (“Wirescope,” “we,” “us,” or “our”). It is incorporated by reference into the Wirescope Terms of Service and into every customer agreement (including the Network Services Agreement and any Order, Schedule, or addendum thereto). If you have entered into a written Network Services Agreement (“NSA”) with Wirescope, the AUP supplements that NSA. In the event of conflict between this AUP and the NSA, the NSA controls with respect to the subject matter of the conflict.

For convenience, references in this AUP to “Customer” mean the person, organization, or other entity that has contracted for the Services and includes that person's or organization's users, employees, contractors, agents, downstream customers, end users, and any other person who accesses the Services through Customer or with Customer's permission.

This is a public-facing operational document. Wirescope may update it from time to time as set forth in Section 11. Prior versions of this AUP are available on request to legal@wirescope.net.

1. Customer responsibility

Customer is solely responsible for all use of the Services made by Customer, by anyone using Customer's account or credentials (whether authorized or unauthorized), and by Customer's downstream customers, end users, employees, contractors, and agents. A violation of this AUP by any such person is deemed a violation by Customer.

Customer will (a) ensure that everyone using the Services through Customer complies with this AUP, (b) maintain a published “abuse” contact (typically of the form abuse@<customer-domain>) reachable by both email and telephone, (c) acknowledge abuse, security, and law-enforcement complaints within twenty-four (24) hours and provide a substantive response within seventy-two (72) hours, and (d) cooperate in good faith with Wirescope's reasonable investigation of any suspected violation.

Customer's failure to take prompt action on abuse, takedown, or law-enforcement notices forwarded by Wirescope is itself a violation of this AUP and may, at Wirescope's discretion, give rise to direct action by Wirescope under Section 6 below.

In addition, Customer will implement and continuously enforce BCP 38 / source-address validation on every interface of Customer's own network that is capable of originating source-spoofed traffic; this is a baseline obligation of every customer of the Services and is not optional. Customer will also maintain accurate, current, and publicly resolvable WHOIS, RIR, IRR, and (where applicable) PeeringDB records for every ASN and every prefix Customer announces through the Services.

2. Prohibited uses

The following uses of the Services are prohibited. The categories below are illustrative, not exhaustive; Wirescope retains discretion to address any use that, in its reasonable determination, is harmful to Wirescope, to Wirescope's network, to Wirescope's upstream or peering partners, to Wirescope's other customers, to any third party, or to the operation of the internet generally.

2.1 Network attacks and disruption

You will not use the Services to launch, facilitate, support, sustain, amplify, reflect, or in any way participate in:

• denial-of-service attacks of any kind (volumetric, protocol, application-layer, slowloris-class, fragmentation, SSL/TLS exhaustion, DNS-cache poisoning, or otherwise);
• mail-bombing, packet flooding, SYN floods, UDP floods, ICMP floods, or HTTP/HTTPS request floods;
• amplification or reflection attacks (including DNS, NTP, SSDP, SNMP, mDNS, NetBIOS, Chargen, rpcbind, LDAP, memcached, or QUIC reflection);
• BGP route hijacks, route leaks, AS-path manipulation, or RPKI-invalid announcements;
• ARP spoofing, MAC flooding, VLAN hopping, or other Layer-2 attacks against any network;
• intentional traffic patterns designed to cause sustained, anomalous, or disproportionate load on any third-party network, system, account, computing facility, website, equipment, or service;
• exhaustion attacks against shared resources (including cryptographic-handshake exhaustion, slow-HTTP attacks, connection-table exhaustion, and CAPTCHA-bypass campaigns); or
• any other activity that, by design or in effect, interferes with, disrupts, degrades, compromises, or impairs the normal functioning of any network, system, or service.

2.2 Spoofing, forgery, and identity misrepresentation

You will not (a) transmit packets with forged or spoofed source IP addresses or source MAC addresses (this includes failing to implement BCP 38 / source-address validation on your own ingress), (b) impersonate any other network, organization, service, person, or process, (c) falsify, alter, or omit IP-layer, TCP-layer, application-layer, or routing-layer headers, (d) falsify caller-ID, SIP-identity, or similar voice or messaging signaling, or (e) operate any infrastructure designed primarily to enable impersonation or identity-misrepresentation by others.

2.3 Attack infrastructure and “as-a-service” abuse tooling

You will not operate, host, manage, sell, resell, distribute, or knowingly facilitate any of the following on the Services:

• “booter,” “stresser,” “IP stresser,” “load-testing-as-a-service” (LaaS), “DDoS-for-hire,” “denial-of-service-as-a-service,” or similar services whose primary functional capability is the generation of denial-of-service traffic against arbitrary third-party targets;
• remote-access trojans (RATs), command-and-control (C2) infrastructure for malware, ransomware, or botnets, exploit kits, phishing kits, credential-stuffing infrastructure, brute-force infrastructure, or carding / fraud infrastructure;
• stalkerware, spousal-monitoring software, surveillance-as-a-service against non-consenting targets, or covert-tracking services;
• ransomware-payment processing, mixer / tumbler services for proceeds of crime, or other infrastructure whose primary use is the laundering or anonymization of illicit funds; or
• any service that primarily exists to circumvent the security, abuse-protection, anti-fraud, or rate-limiting mechanisms of any other network or service.

Legitimate commercial penetration-testing, red-team, vulnerability-assessment, and capacity-testing services are permitted only when they operate (i) against infrastructure owned by you (or, for enterprise customers with an NSA, only against infrastructure owned by Customer as required by Section 7.11(g) of the NSA), (ii) at volumes, times, and source-address ranges that have been disclosed to Wirescope at least ten (10) business days in advance, and (iii) with Wirescope's prior written approval. Testing against infrastructure owned by third parties (even where the third party has authorized the testing) is not permitted on or through the Services without Wirescope's separate written approval. Unannounced or unauthorized testing into, out of, or transiting the Services may, at Wirescope's discretion, be treated as attack traffic.

2.4 Open, misconfigured, or “attractant” services

You will not, and will not permit your downstream customers to, operate any of the following without controls in place to prevent abuse:

• open recursive DNS resolvers (without per-source rate-limiting and ACLs);
• open SMTP relays or unauthenticated relays of any messaging protocol;
• open NTP, chargen, SSDP, SNMP, mDNS, NetBIOS, rpcbind, LDAP, or memcached endpoints exposed to the public internet (with or without rate-limiting);
• intentionally vulnerable services hosted on production prefixes;
• honeypot or research infrastructure that generates outbound traffic toward third parties without those third parties' consent;
• services that are repeatedly identified, after notice from Wirescope, as the source of inbound abuse complaints from third parties; or
• any other service whose configuration, by design or by ongoing neglect, materially attracts attack, scanning, or abuse traffic that disproportionately affects Wirescope's network or other customers.

2.5 Routing and registry abuse

You will not (a) announce any prefix that you are not authorized to announce, (b) announce any prefix with an invalid or missing RPKI Route Origin Authorization (ROA), (c) leak prefixes between providers in violation of routing best practice, (d) maintain inaccurate or misleading entries in WHOIS, in any Regional Internet Registry (RIR), in any Internet Routing Registry (IRR), or in PeeringDB for any ASN or prefix you operate, (e) operate any ASN or address space that you have hijacked, that has been reported as hijacked, or whose registration you obtained by misrepresentation, or (f) fail to maintain BCP 38 / source-address-validation ingress filtering on your own network for any interface capable of originating spoofed source addresses.

Wirescope follows and expects its customers to follow the principles of the MANRS (Mutually Agreed Norms for Routing Security) initiative.

2.6 Unsolicited communications and spam

You will not use the Services to send, distribute, deliver, or knowingly facilitate (a) unsolicited bulk email, unsolicited commercial email, “spam,” or messages in violation of the CAN-SPAM Act, the EU ePrivacy Directive, the Canadian Anti-Spam Legislation (CASL), or any analogous law; (b) chain letters, pyramid schemes, or unsolicited commercial messages of any kind across any messaging protocol; (c) unsolicited SMS, RCS, MMS, or other text-messaging campaigns; (d) unsolicited automated voice calls, robocalls, or autodialed calls in violation of the Telephone Consumer Protection Act or analogous laws; (e) email with forged TCP/IP headers, forged SMTP envelope information, or falsified DKIM / SPF / DMARC alignment; or (f) any messaging activity whose primary purpose is to evade list-hygiene, spam-trap, or anti-abuse mechanisms operated by third parties; or (g) email whose DKIM, SPF, or DMARC authentication signals are intentionally forged, broken, or configured in a manner designed to defeat receiver-side anti-spam and anti-spoofing controls.

2.7 Illegal content

You will not transmit, store, host, link to, distribute, or otherwise make available through the Services any content the distribution or possession of which is illegal under the laws of the United States or under any law applicable to the place from or to which the content is transmitted, including without limitation:

• child sexual abuse material (CSAM), Wirescope is required by law to report such material to the National Center for Missing & Exploited Children (NCMEC) under 18 U.S.C. § 2258A, and will do so;
• material that promotes or facilitates terrorism, mass violence, or violent extremism;
• material that constitutes non-consensual intimate imagery, voyeurism, or other privacy-invasive content prohibited by applicable law;
• material that violates U.S. sanctions, export-control laws, or analogous laws of any jurisdiction in which the Services are received or used;
• material that constitutes the unlawful sale or trade of controlled substances, firearms, human-trafficking services, or other contraband; or
• material that a court of competent jurisdiction has ordered to be taken down.

2.8 Intellectual-property infringement

You will not use the Services to infringe any copyright, patent, trademark, trade-secret, right of publicity, or other proprietary right of any person. Wirescope responds to copyright-infringement notices that satisfy the requirements of 17 U.S.C. § 512 (“the DMCA”) as set forth in Section 7 below. Wirescope maintains and enforces a published policy for terminating, in appropriate circumstances, customers who are repeat infringers.

2.9 Privacy, doxxing, and surveillance

You will not (a) collect, expose, sell, or trade personal information of any person without that person's lawful consent or another lawful basis, (b) publish (“dox”) any person's home address, phone number, government identifier, or other personally identifying information for the purpose of intimidation, harassment, retaliation, or facilitation of harm, (c) operate stalkerware or covert-monitoring services against non-consenting targets, or (d) bulk-scrape, harvest, or sell data from third-party services in violation of those services' terms or applicable law.

2.10 Fraud, phishing, and account-abuse infrastructure

You will not operate or facilitate (a) phishing, smishing, vishing, or social-engineering infrastructure of any kind, (b) credential-stuffing, account-takeover, or password-spraying infrastructure, (c) card-testing, card-checking, or carding infrastructure, (d) click-fraud, ad-fraud, impression-fraud, or affiliate-fraud infrastructure, (e) SEO-spam, link-farming, or content-spam infrastructure, or (f) review-manipulation or rating-manipulation infrastructure.

2.11 Unauthorized access and security intrusion

You will not attempt to access without authorization, probe at scale, scan at scale, penetration-test without authorization, exploit vulnerabilities in, brute-force credentials against, enumerate accounts on, fingerprint, or otherwise interfere with the security of any network, system, account, computing facility, website, application, equipment, or service. This includes any activity that violates 18 U.S.C. § 1030 (the Computer Fraud and Abuse Act), 18 U.S.C. § 2701 (the Stored Communications Act), 47 U.S.C. § 605, or any analogous law of any jurisdiction.

Coordinated and clearly-scoped vulnerability research conducted under a published security-research safe harbor of the target system, or under express written authorization of the system's operator, is permitted; the burden is on you to demonstrate the authorization on request.

2.12 Eavesdropping and traffic interception

You will not intercept, monitor, mirror, or capture data, communications, or traffic on any network, system, account, computing facility, website, or equipment without the authorization of the operator of that resource and the consent of any person whose communications are being intercepted, to the extent required by law.

2.13 Cryptocurrency abuse

You will not use the Services to (a) operate “cryptojacking” infrastructure that consumes computing resources of non-consenting third parties, (b) host or facilitate ransomware-payment processing, (c) operate mixer, tumbler, or other anonymization services for proceeds of crime, (d) operate or knowingly facilitate any “money-laundering-as-a-service” platform, or (e) operate cryptocurrency-mining infrastructure that materially violates the terms of service of the underlying compute provider or that has been undisclosed to the energy or cooling supplier whose capacity is being consumed. Lawful cryptocurrency-mining, hosting of legitimate exchanges, and operation of validator infrastructure on customer-owned hardware are permitted subject to the rest of this AUP.

2.14 Sanctions and export control

You will not use the Services in violation of U.S. economic sanctions administered by the Office of Foreign Assets Control (OFAC), in violation of U.S. export-control laws (including the Export Administration Regulations and the International Traffic in Arms Regulations), or in violation of analogous laws of any other jurisdiction. You will not provide the Services, or any portion thereof, to any person or in any country that is the subject of comprehensive U.S. sanctions.

2.15 Catch-all

You will not use the Services in any other manner that, in Wirescope's reasonable determination, is harmful to Wirescope, to Wirescope's network, to Wirescope's upstream or peering partners, to Wirescope's other customers, to any third party, or to the operation of the internet generally.

2.16 Anonymization, proxy, and anti-detection services

Customer will not, and will not permit any downstream customer to, operate the following without first providing Wirescope with at least ten (10) business days' prior written notice (or, where Customer is a Service-Provider Customer that resells the Services, without obtaining Wirescope's prior written approval): (a) Tor exit relays, I2P exit nodes, or other anonymization-network exit infrastructure; (b) public open-proxy, open-VPN, or open-relay services that permit unauthenticated third-party use; (c) traffic-anonymization, IP-rotation, residential-proxy, or origin-hiding services marketed (whether explicitly or operationally) to enable evasion of IP-based abuse-blocking, rate-limiting, fraud-detection, or geographic-restriction systems of third parties; or (d) domain-fronting, SNI-cloaking, hostname-spoofing, or similar services designed primarily to circumvent network-level abuse-blocking, security controls, or censorship. Operation of services in any of categories (a) through (d) is permitted only on terms Wirescope reasonably specifies, which may include (without limitation) additional security deposit under any applicable NSA, accelerated abuse-response commitments from Customer, traffic-monitoring obligations, prefix segregation, pricing reflecting the elevated operational and abuse-handling burden, or refusal of support. Wirescope may suspend, restrict, or terminate the Services as to any Customer or downstream customer whose anonymization, proxy, or origin-hiding use materially attracts abuse complaints, attack traffic, or law-enforcement requests disproportionate to Customer's committed bandwidth pool, and is not obligated to continue providing the Services to such Customer or downstream customer on the existing commercial terms.

2.17 Cryptocurrency mining and high-density compute workloads

Customer will provide Wirescope with at least ten (10) business days' prior written notice before initiating or materially scaling any cryptocurrency-mining operation, distributed-computing operation, AI-model-training or inference operation, high-frequency-trading colocation operation, or other workload that is reasonably expected to materially consume Wirescope-side resources (including bandwidth, mitigation capacity, peering capacity, BGP-session capacity, RIB slots, abuse-handling capacity, or shared monitoring and telemetry infrastructure) at a level disproportionate to Customer's stated use case or to the underlying data-center facility's published terms. Wirescope may, in response, require commercially reasonable precautions (including additional bandwidth commitment, dedicated capacity allocation, prefix segregation, specific operational arrangements, or pricing reflecting the actual resource consumption). Cryptocurrency-mining or compute workloads that violate the underlying compute, electricity, cooling, or co-location provider's terms are independently prohibited under Section 2.13 and Section 2.15.

2.18 Anti-circumvention; multi-account abuse; retaliation

Customer will not (a) use technical, legal, contractual, or operational means primarily intended to circumvent this AUP, any Wirescope Policy, or any enforcement action taken by Wirescope; (b) create, maintain, or operate multiple Wirescope accounts, multiple Wirescope-allocated prefixes or ASNs, or multiple downstream-customer entities for the primary purpose of evading any AUP limit, capacity-allocation rule, threshold under Section 3, suspension, termination, or other enforcement action under any Wirescope agreement; (c) misrepresent the nature, purpose, scope, downstream-customer mix, or ultimate beneficial user of any traffic, prefix, ASN, or service in order to evade AUP application or to mischaracterize Customer's resource profile; (d) take any action primarily designed to evade or impair Wirescope's ability to monitor, measure, classify, or attribute traffic for AUP-compliance, billing, or security purposes; or (e) retaliate against, threaten, harass, attempt to identify, attempt to deanonymize, or take any adverse action against any person who has submitted an abuse complaint regarding Customer or who is otherwise cooperating with Wirescope, with another customer, or with law enforcement regarding any suspected AUP violation. Any breach of this Section is a material violation of this AUP and is not subject to cure.

3. Operational thresholds

Wirescope's network is shared infrastructure. The following operational thresholds apply automatically to every customer; exceeding them gives Wirescope the right (but not the obligation) to take the protective actions described in Section 6. These thresholds are protective measures for the network as a whole. For enterprise customers with an NSA, any action Wirescope takes pursuant to this Section 3, and any period during which traffic exceeds a threshold in this Section 3, is an Excluded Condition under the SLA Addendum and does not give rise to any service credit; the service-level commitments, credit regime, and measurement methodology of the SLA Addendum continue to apply in all other respects.

3.1 Attack-volume threshold

If denial-of-service activity directed at Customer's prefixes or destinations served through the Services exceeds, in the aggregate over any rolling thirty (30) day period, ten (10) times Customer's committed bandwidth pool (or, where Customer has no committed bandwidth pool, ten (10) times Customer's then-current 95th-percentile billable utilization), Wirescope may, at its discretion:

• continue mitigation;
• require, on commercially reasonable notice, that Customer upgrade to a higher service tier or to dedicated mitigation capacity (with corresponding pricing);
• apply per-prefix, per-destination, per-protocol, or per-port rate limits, filters, or BGP-flowspec rules;
• selectively suspend, blackhole, null-route, or withdraw announcements of the targeted prefix or destination;
• temporarily suspend the Services as to Customer pending resolution; or
• exercise any other right available to Wirescope under Customer's agreement, the AUP, or applicable law.

Wirescope will use commercially reasonable efforts to notify Customer in advance of any such action where circumstances permit. The attack-volume threshold is a protective baseline; Wirescope may also act before the threshold is reached where, in Wirescope's reasonable determination, the activity presents a material risk to the network or to other customers.

3.2 Per-destination concentration

If Customer's traffic to or from any single Autonomous System (ASN), prefix, destination address, port, or protocol exceeds twenty-five percent (25%) of the aggregate monthly utilization of Customer's committed bandwidth pool on a sustained basis, Wirescope makes no representations as to packet delivery, latency, or other performance characteristics of traffic to or from that ASN, prefix, destination, port, or protocol, and Wirescope may, at its discretion, implement traffic-shaping, rate-limiting, or filtering with respect to the concentration. This Section is informed by, and consistent with, similar concentration-based provisions used by major Tier 1 transit providers.

3.3 Resource-share and operational impact

If Customer's use of the Services is materially disproportionate to Customer's committed pool, materially degrades Wirescope's ability to deliver the Services to other customers, materially consumes a shared resource (mitigation capacity, peering capacity, IP transit budget, exchange-fabric port capacity, BGP-session capacity, RIB slots, or otherwise), or materially exceeds the operational assumptions underlying Customer's pricing tier, Wirescope may require Customer to reduce or restructure the use, upgrade to a higher service tier, or, where the impact cannot be reasonably managed, accept a suspension, restriction, or termination of the affected Services.

3.4 Customer-attributable attack activity

Where, in Wirescope's reasonable determination, denial-of-service activity is attributable to Customer (including under the attribution framework in any applicable Wirescope NSA), Wirescope may immediately suspend, restrict, blackhole, or terminate the Services as to Customer, may invoke any applicable indemnity or mitigation-cost-recovery provision, and may pursue any other remedy.

3.5 Connection-rate, session-rate, and request-rate patterns

In addition to Sections 3.1 through 3.4, Wirescope may apply commercially reasonable rate-limiting, traffic-shaping, BGP-flowspec rules, or filtering in response to anomalous patterns of connection establishment, session establishment, request volume, query volume, or per-source-IP traffic distribution that are materially inconsistent with normal traffic patterns for Customer's stated use case (including, without limitation, scan-like connection patterns to many destinations, sustained per-second connection or query rates that disproportionately consume infrastructure-monitoring or session-tracking resources, rapid IP-rotation patterns that suggest abuse of dynamic-IP allocation to evade third-party blocks, or sustained outbound patterns matching the signature of credential-stuffing, card-testing, content-spam, or scraping campaigns).

3.6 Multi-account, multi-prefix, multi-ASN evasion

Where Customer or its affiliates, beneficial owners, or common-control entities operate multiple Wirescope accounts, multiple Wirescope-allocated prefixes, or multiple ASNs, Wirescope may, at its discretion, aggregate the use, attribute traffic, apply the operational thresholds in this Section 3, and exercise enforcement actions under Section 6 across the entire set of related accounts as if they were a single Customer. The operational thresholds in this Section 3 are not avoidable by subdivision of traffic across multiple accounts, prefixes, or ASNs.

4. Service-Provider Customers and downstream liability

Wirescope's customers who operate as service providers, hosting providers, transit providers, content-delivery networks, or otherwise resell or extend the Services to their own customers or end users (each, a “Service-Provider Customer”) are solely responsible for the conduct of those downstream customers and end users. Violations of this AUP by a Service-Provider Customer's downstream customer or end user are violations by the Service-Provider Customer.

Wirescope expects every Service-Provider Customer to:

• maintain its own published AUP that prohibits, at a minimum, the conduct prohibited under Section 2 of this AUP;
• maintain its own published abuse contact reachable within the response times in Section 1;
• have a documented process for receiving, investigating, and acting on abuse complaints;
• maintain a documented process for terminating repeat infringers and repeat-abuse offenders;
• pass through Wirescope's anti-attack-infrastructure, anti-attractant, and anti-routing-abuse requirements to its own downstream customers; and
• cooperate with Wirescope's investigation of any abuse complaint forwarded by Wirescope.

Wirescope may, in its reasonable discretion, decline to support, or condition on commercially reasonable additional precautions, a Service-Provider Customer whose downstream-customer mix Wirescope determines presents disproportionate operational, abuse, or legal risk to Wirescope's network or to other customers. Specific high-risk downstream-use categories are identified in the NSA (where applicable) and may, additionally, be identified by Wirescope from time to time.

5. Specific service restrictions

5.1 Self-Service Interface

If Wirescope makes a customer-facing portal, API, or other self-service interface available to Customer for the configuration of mitigation rules, filters, prefix announcements, or other operational parameters (the “Self-Service Interface”), Customer is responsible for the content, scope, and effect of any configuration Customer submits. Use of the Self-Service Interface to disrupt traffic to or from any third party, to interfere with the lawful operation of any third-party network, to suppress lawful communications, or to effect any action that would violate this AUP if taken directly by Customer is itself a violation of this AUP. Wirescope may modify, suspend, override, or remove any Customer-initiated configuration that, in Wirescope's reasonable determination, presents a risk to Wirescope's network, is inconsistent with upstream-provider or peering-partner policy, or reflects an apparent misconfiguration likely to cause harm.

5.2 No unannounced testing

Customer will not generate synthetic load, simulated denial-of-service traffic, stress tests, capacity tests, penetration tests, red-team traffic, replay tests, looped traffic, or any other artificially generated traffic into, out of, or transiting the Services without (a) at least ten (10) business days' prior written notice to Wirescope, and (b) Wirescope's written approval. Unauthorized test traffic may, at Wirescope's discretion, be treated as attack traffic under Section 6.

5.3 No mitigation-rule misuse

Where Wirescope makes mitigation rules available (whether through the Self-Service Interface or by ticket request), Customer will not use those rules to (a) disrupt traffic to or from any third party that is not Customer or a Customer-authorized destination, (b) suppress lawful third-party communications, (c) implement filters that, by design or in effect, target persons or content protected against private retaliation by applicable law, or (d) circumvent the lawful operation of any third-party network or service.

5.4 Wirescope monitoring authority

Customer acknowledges that, for purposes of operating, securing, billing for, and maintaining the integrity of the Services and Wirescope's network, and for purposes of investigating AUP violations or other abuse, Wirescope may collect, process, and retain traffic metadata (including IP-layer headers, NetFlow / sFlow / IPFIX records, BGP state, mitigation-system telemetry, session-rate observations, and other observed traffic patterns) and may share that metadata with sub-processors, threat-intelligence partners, computer-emergency-response teams, upstream providers, peering partners, exchange operators, and law enforcement as set forth in the Privacy Policy and any applicable NSA. The fact that Wirescope is technically able to collect such metadata does not give rise to any obligation on Wirescope's part to do so, to retain it for any particular period, or to make it available to Customer. Wirescope does not access the content of Customer's traffic except as required for technical operation, mitigation, abuse response, security investigation, or legal compliance, or as expressly authorized by Customer in writing. Wirescope has no duty to monitor, collect, retain, classify, or attribute traffic for AUP-compliance, security, or abuse purposes; the fact that Wirescope is technically able to do any of the foregoing does not give rise to any obligation on Wirescope's part to do so. Wirescope's failure (or claimed failure) to detect, investigate, or act on any violation or suspected violation of this AUP is not a waiver of any right or remedy available to Wirescope and does not create any duty of care, warranty, or other obligation running to Customer, to any downstream customer, or to any third party.

6. Enforcement

6.1 Range of remedies

A violation of this AUP, or a credible threat of an imminent violation, entitles Wirescope to take any one or more of the following actions, with or without prior notice depending on the circumstances:

• forward the abuse complaint or law-enforcement notice to Customer and require Customer to investigate, mitigate, terminate, or remove the offending traffic, content, user, or downstream customer within a specified time;
• apply filters, rate limits, ACLs, BGP-flowspec rules, blackhole or null-route directives, withdraw an announcement, or take other network-protective action up to and including disconnection of Customer's port or BGP session;
• suspend or restrict the Services (in whole or in part) for the duration necessary to address the underlying violation;
• charge Customer for any reasonable cost incurred by Wirescope in mitigation, response, or investigation, in accordance with Customer's contract and with Wirescope's published rates (or, where no published rate applies, at Wirescope's then-current written rates provided to Customer on request);
• terminate Customer's agreement under the applicable termination provisions;
• report the conduct to law enforcement, computer-emergency-response teams (CERTs), threat-intelligence sharing communities, sectoral information-sharing organizations (ISAOs), or other appropriate parties; or
• exercise any other right available to Wirescope under Customer's contract, the AUP, or applicable law.

6.2 Notice and cure for non-emergencies

Where the violation is not an emergency and does not involve illegal activity, Wirescope will, where commercially reasonable, give Customer notice and an opportunity to cure before suspending the Services. The cure period is set by Wirescope based on the nature and severity of the violation and may be as short as one (1) hour for matters involving active denial-of-service activity, active route hijack or leak, active intrusion, active law-enforcement request, or active upstream-mandated takedown.

6.3 No-notice action for emergencies

Wirescope may act without prior notice, and without an opportunity to cure, where Wirescope reasonably determines that (a) immediate action is necessary to protect Wirescope's network, equipment, or other customers; (b) the violation involves illegal activity (including CSAM, terrorism, or trafficking); (c) the violation could expose Wirescope to criminal or civil liability; (d) Customer is unavailable; (e) Wirescope has previously notified Customer of similar conduct that remains unresolved; or (f) an upstream provider, peering partner, exchange operator, law-enforcement agency, court order, or governmental directive requires the action.

6.4 Repeat-infringer / repeat-abuser policy

Wirescope will, in appropriate circumstances, terminate the accounts and Services of customers who are repeat infringers of intellectual-property rights under 17 U.S.C. § 512. Wirescope likewise reserves the right to terminate any customer that engages in a pattern of AUP violations, including a pattern of (a) abuse complaints from third parties, (b) refusals or failures to act on abuse, takedown, or law-enforcement notices, (c) violations of Section 2.1, 2.2, 2.3, or 2.4 of this AUP, or (d) provision of services to downstream customers who engage in any of the foregoing.

6.5 Investigation cooperation

Customer will cooperate in good faith with Wirescope's reasonable investigation of any suspected AUP violation, including by providing logs, traffic captures, routing information, downstream-customer records, payment records, abuse-correspondence records, sworn declarations, and other materials Wirescope reasonably requires, in each case to the extent lawful, reasonably available, and within Customer's possession or control. Customer's failure to cooperate is itself a violation of this AUP.

6.6 No waiver

Wirescope's failure or delay in acting on any particular AUP violation is not a waiver of Wirescope's right to act on that violation, on any other violation, or on any future violation, and does not establish a course of dealing.

6.7 Wirescope's good-faith determinations

Wirescope's good-faith technical and operational determinations under this AUP including the technical scope, attribution, impact, and classification of the activity, the appropriate technical enforcement response, and whether a threshold in Section 3 has been exceeded are made on the basis of Wirescope's monitoring data, network logs, abuse complaints, law-enforcement notices, threat-intelligence inputs, and other reliable information available to Wirescope, and are final and binding on Customer absent manifest error or bad faith. Customer's disagreement with such a determination does not, by itself, establish manifest error or bad faith. Legal conclusions that flow from the underlying facts (including the existence or scope of liability, indemnity, or contractual breach) are not within the scope of this Section and remain for the tribunal or governing-law authority to determine on the merits. For enterprise customers with an NSA, the determinations framework in Section 15.13 of the NSA controls and supplements this Section.

6.8 No retaliation against abuse reporters

Customer will not, and will cause its officers, employees, contractors, agents, affiliates, and downstream customers not to, retaliate against, threaten, harass, attempt to identify, attempt to deanonymize, defame, dox, or take any adverse action against any person who has submitted an abuse complaint regarding Customer, Customer's downstream customers, or traffic transiting Customer's prefixes, or who is otherwise cooperating with Wirescope or with law enforcement in any investigation of a suspected AUP violation. Wirescope may, at its discretion, withhold the identity of complaint submitters and other cooperators where Wirescope reasonably determines that disclosure could subject those persons to retaliation. Any breach of this Section is a material AUP violation not subject to cure.

6.9 Reinstatement conditional on remediation

Where Wirescope has suspended, restricted, filtered, blackholed, null-routed, withdrawn an announcement, disconnected a port or BGP session, or taken any other protective action under this AUP, Wirescope has no obligation to restore normal operation of the Services until Customer has, to Wirescope's reasonable satisfaction: (a) identified and remediated the underlying condition; (b) provided the logs, traffic captures, routing information, downstream-customer records, abuse-correspondence records, and other investigative materials Wirescope reasonably requests; (c) terminated, suspended, blocked, filtered, or otherwise controlled any offending user, downstream customer, service, prefix, destination, host, or configuration; and (d) provided reasonable assurance that the same or substantially similar condition is not likely to recur. Restoration may, at Wirescope's discretion, be conditioned on additional technical controls (including prefix segregation, traffic limits, or rate limits), additional security deposit or other payment assurance, an upgraded service tier, dedicated capacity, revised pricing reflecting the elevated operational risk, or other commercially reasonable protective measures.

7. Copyright (DMCA §512) procedure

Wirescope responds to notices of claimed copyright infringement that satisfy the requirements of 17 U.S.C. § 512(c)(3). A complete notice must include:

• a physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed;
• identification of the copyrighted work claimed to have been infringed (or, for multiple works, a representative list);
• identification of the material that is claimed to be infringing or to be the subject of infringing activity, with sufficient information for Wirescope to locate the material (typically a URL or IP-prefix-plus-port);
• contact information for the complaining party (mailing address, telephone number, and email address);
• a statement that the complaining party has a good-faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law; and
• a statement, made under penalty of perjury, that the information in the notification is accurate and that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Submit notices to Wirescope's designated DMCA agent:

Wirescope's designated agent is registered with the U.S. Copyright Office at https://www.copyright.gov/dmca-directory/.

Counter-notices and other §512 procedures should be sent to the same address. Wirescope forwards notices to the affected customer and complies with takedown and counter-notice procedures consistent with §512(c) and §512(g). Submission of a knowingly false notice or counter-notice subjects the submitting party to liability for damages under §512(f).

8. Reporting abuse

Reports of suspected AUP violations or other abuse on Wirescope's network should be sent to:

Wirescope acknowledges abuse reports within twenty-four (24) hours and provides a substantive response within seventy-two (72) hours, in each case during normal business hours and subject to the urgency of the matter. Critical reports involving active denial-of-service, active intrusion, active CSAM, or active law-enforcement requests are handled with the higher priority their nature requires.

To assist Wirescope's investigation, abuse reports should include (a) the IP address or prefix involved, (b) the date and time of the activity (with timezone), (c) supporting evidence such as logs, packet captures, or screenshots, (d) the reporter's contact information, and (e) whether the reporter requests confidentiality of identity.

9. Law-enforcement cooperation

Wirescope cooperates with law enforcement consistent with applicable law. Wirescope responds to:

• valid subpoenas, court orders, and warrants issued by U.S. federal or state courts;
• valid requests under the Mutual Legal Assistance Treaty (MLAT) and analogous instruments;
• valid requests from law-enforcement and regulatory authorities in jurisdictions in which Wirescope does business; and
• emergency-disclosure requests under 18 U.S.C. § 2702(b)(8) or analogous laws, where Wirescope reasonably determines that an emergency involving danger of death or serious physical injury requires immediate disclosure.

Law-enforcement requests should be directed to legal@wirescope.net.

10. Reservation of rights

Wirescope reserves all rights, remedies, and defenses available to it under any customer contract, this AUP, and applicable law. Nothing in this AUP limits Wirescope's right to take any action it reasonably determines is necessary to comply with applicable law, court order, or regulatory directive, to protect Wirescope's network or systems, to protect Wirescope's other customers or third parties, or to protect Wirescope's reputation or relationships.

11. Modification

Wirescope may amend this AUP from time to time based on Wirescope's reasonable determination, taking into account operational, security, legal, regulatory, threat-landscape, and commercial factors. Wirescope will provide reasonable advance notice of material changes (typically at least thirty (30) days) by posting the updated AUP at wirescope.net/legal/acceptable-use-policy and, where Wirescope has a customer's email address on file, by email. Wirescope may, with shorter notice or with immediate effect, implement changes that Wirescope reasonably determines are necessary or appropriate to (a) comply with applicable law, regulation, or governmental or court order, (b) address an active or imminent security threat, abuse incident, or operational risk, or (c) reflect a change in upstream-provider, peering-partner, or vendor arrangement that affects how the Services are delivered.

Prior versions of this AUP are available on request to legal@wirescope.net. Continued use of the Services following the effective date of an updated AUP constitutes acceptance of the updated AUP. The version of this AUP in effect at the time of the relevant conduct governs that conduct.

12. Order of precedence and definitions

In the event of a conflict between this AUP and Customer's NSA or Order, the NSA or Order controls with respect to the subject matter of the conflict. Capitalized terms used but not defined in this AUP have the meanings given in the NSA, if applicable; otherwise they have the meanings reasonably understood in the context.

This AUP is governed by the laws of the State of Delaware, without regard to its conflict-of-laws principles, and any dispute arising out of or relating to this AUP is subject to the exclusive jurisdiction of the state and federal courts located in New Castle County, Delaware. For customers with an NSA in effect, the governing-law and venue provisions of the NSA control.