Reporting Spam, Phishing, and Virus Abuse

Cox Abuse can only take action against abuse that originates from its network.

• Spam/Phishing emails complaints that do not originate from a Cox customer can be sent to the ISP where the spam originated.
• Abuse contact for the ISP can be found by doing a Whois lookup with the originating IP at https://www.arin.net/.

Firewall logs of malicious system probes (port scans) should contain the following information in plain text - no screen shots, spreadsheets, or other binary attachments:

• Cox-owned source IP address
• Destination IP address
• Source port of attempted connection (when applicable)
• Destination port of attempted connection (when applicable)
• Protocol of intended connection

Logs of unauthorized access should contain the following information in plain text:

• Evidence of intrusion by a Cox-owned IP
• Methods used to gain access to secure systems (if available)
• Accurate time stamped logs (firewalls, various servers, IDS, honeypots)
• Systems that were compromised by user at this address

Web-server logs should contain the following information in plain text:

• Explanation of how your web-server is being affected by a Cox-owned IP
• URL being requested by the IP
• Program being reported as requesting data (browser)

Mail-server logs should contain the following information in plain text:

• Cox-owned IP address attempting to relay through mail server
• All email addresses involved
• Subject and body of emails when available
• Attempted (successful or unsuccessful) authentication

All copyright infringement notifications should be reported following the protocols and procedures set forth in the Digital Millennium Copyright Act. Other reports of copyright infringement may result in action being taken only if/when the material is still accessible using standard protocols at the time the report is processed. Copyright holders who wish to submit reports regarding intellectual property infringements should research and conform to the DMCA practices.

• To be effective under the DMCA, the notification must (i) be in writing, and (ii) provided to Cox's registered DMCA agent at dmca@cox.com.
• For such a report to be effective under the DMCA, the notification must include the following:
  1. A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
  2. Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single Notification, a representative list of such works at that site.
  3. Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the Service Provider to locate the material.
  4. Information reasonably sufficient to permit the Service Provider to contact the complaining party, such as an address, telephone number, and if available, an electronic mail address at which the complaining party may be contacted.
  5. A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
  6. A statement that the information in the Notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

If you believe a Cox residential user has placed a server of any kind on the network through their cable modem, we would like to hear about it.

Logs should contain the following information in plain text:

• Type of servers and services (including gaming servers)
• Services / materials being offered (with logs when applicable)
• Any available visitor/anonymous passwords necessary to access the servers