Abuse & Removal

BoarNet operates passive honeypots and scans neveroriginate from our sensor fleet by design. If you're seeing traffic from a BoarNet-affiliated IP hitting your infrastructure, the quick triage below may save you a report; if it doesn't, the contact details are at the bottom of this page.

Is this traffic actually from BoarNet?

BoarNet sensors listen. They do not initiate outbound probes, port scans, or requests to third-party services. If you're seeing inbound connections, those are not BoarNet traffic — they're the internet scanning you.

The only outbound traffic a BoarNet sensor generates is HTTPS to our ingest API at www.boarnet.io/api/ingest/v1/events. If your network sees one of our sensors reaching out elsewhere, that is abuse of the BoarNet software or an impersonation — please report it (details below).

Requesting IP removal from our dataset

If your IP appears in a BoarNet verdict and you believe it's there in error, email boarthreatintelligence@proton.me with:

• The IP address and the approximate time the behavior occurred.
• A short explanation — e.g., "this was a pentest I was authorized to conduct against target X", or"this was legitimate vulnerability research with coordinated disclosure", or "this was a compromised device, now remediated".
• Enough contact detail (domain you control, ASN WHOIS email, etc.) to let us verify the request came from someone with authority over the IP or its network.

We review every request. Typical responses:

• Remove & suppress: the IP was seen once, the behavior is credibly explained, and future events from it will be auto-flagged so the record stays clean.
• Decline:the IP has an ongoing abuse pattern and the explanation doesn't account for it. We document the decision and you get an appeal path.
• Partial: specific fields (commands, payload samples) redacted while keeping the verdict-grade summary.

Reporting abuse of BoarNet itself

If you believe someone is using BoarNet data or the sensor software abusively — submitting fake telemetry, using the API to target individuals, operating sensors in networks they don't control — email boarthreatintelligence@proton.me. We will suspend accounts pending investigation.

Security disclosure

Found a vulnerability in the web app, the API, or the sensor agent? Please disclose responsibly:

1. Email boarthreatintelligence@proton.me with the details.
2. Do not publicly share the issue for at least 30 days or until we've released a fix, whichever comes first.
3. Do not test on other people's sensors. Test against your own or our canary host; email us first if in doubt.

We don't currently run a paid bug bounty, but we acknowledge researchers in the release notes with permission.

Contact

• Abuse & IP removal — boarthreatintelligence@proton.me
• Security disclosure — boarthreatintelligence@proton.me
• Everything else — boarthreatintelligence@proton.me