Reporting Spam, Phishing, and Virus Abuse

Cox Abuse can only take action against abuse that originates from its network.

• Spam complaints that do not originate from a Cox customer can be sent as an attachment to spamreport@cox.net. The receiver may also forward the complaint with full headers to the ISP where the spam originated.
• Abuse contact for the ISP can be found by doing a Whois lookup with the originating IP at https://www.arin.net/.

See Forwarding Spam, Phishing, or Virus as an Attachment.

Phishing scams are basically spam. The headers must be checked to see if it originated from a Cox customer or from another ISP.

If the phish originated from a Cox customer (a Cox IP), it should be sent to abuse@cox.com following the Abuse Submission Guidelines below.

It should also be sent to phishingreport@cox.net as an attachment.

See Forward Spam, Phishing, or Virus as an Attachment and About Fake Cox Emails.

abuse@cox.com

Important: Refer to the Abuse Submission Guidelines prior to submitting an email to abuse@cox.com.

Usenet abuse reports should contain the following information:

• Section of charter or FAQ showing how this post is in violation (when available)
• Full Usenet header showing the offending Cox IP as NNTP posting host
• Full body of post showing commercial advertisement or other abusive content

Refer to Abuse Submission Guidelines.

Firewall logs of malicious system probes (port scans) should contain the following information in plain text - no screen shots, spreadsheets, or other binary attachments:

• Cox-owned source IP address
• Destination IP address
• Source port of attempted connection (when applicable)
• Destination port of attempted connection (when applicable)
• Protocol of intended connection

Logs of unauthorized access should contain the following information in plain text:

• Evidence of intrusion by a Cox-owned IP
• Methods used to gain access to secure systems (if available)
• Accurate time stamped logs (firewalls, various servers, IDS, honeypots)
• Systems that were compromised by user at this address

Web-server logs should contain the following information in plain text:

• Explanation of how your web-server is being affected by a Cox-owned IP
• URL being requested by the IP
• Program being reported as requesting data (browser)

Mail-server logs should contain the following information in plain text:

• Cox-owned IP address attempting to relay through mail server
• All email addresses involved
• Subject and body of emails when available
• Attempted (successful or unsuccessful) authentication

• All copyright infringement notifications should be reported following the protocols and procedures set forth in the Digital Millennium Copyright Act. Other reports of copyright infringement may result in action being taken only if/when the material is still accessible using standard protocols at the time the report is processed. Copyright holders who wish to submit reports regarding intellectual property infringements should research and conform to the DMCA practices.
• To be effective under the DMCA, the notification must (i) be in writing, and (ii) provided to Cox's registered DMCA agent at dmca@cox.com.
• For such a report to be effective under the DMCA, the notification must include the following:
  1. A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
  2. Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single Notification, a representative list of such works at that site.
  3. Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the Service Provider to locate the material.
  4. Information reasonably sufficient to permit the Service Provider to contact the complaining party, such as an address, telephone number, and if available, an electronic mail address at which the complaining party may be contacted.
  5. A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
  6. A statement that the information in the Notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

If you believe a Cox residential user has placed a server of any kind on the network through their cable modem, we would like to hear about it.

Logs should contain the following information in plain text:

• Type of servers and services (including gaming servers)
• Services / materials being offered (with logs when applicable)
• Any available visitor/anonymous passwords necessary to access the servers

Logs should contain the following information in plain text:

• Full description of incident
• Output of the “/whois” command on the nickname of the offender (if available)
• All known handles/nicks of this user
• Full transcripts of any chat sessions including threats/harassment
• Other relevant information supported with evidence