1. Overview
IntrusionLabs takes seriously the possibility that we may publish attribution, labels, or enrichment that is incorrect, out of date, or that names a party whose traffic has been misclassified. This page describes how to ask us to review, correct, or remove a specific indicator, and how we handle subject-access and erasure requests under applicable privacy law.
2. Types of requests we accept
You can submit any of the following:
- Attribution dispute — you believe an IP, ASN, subnet, or hostname attributed to you or your organization is misclassified, hijacked, spoofed, remediated, or otherwise inaccurately labeled.
- Scanner / researcher allowlist request — you operate a legitimate scanning project and want your source IPs treated as benign going forward.
- Data-subject access request (GDPR Article 15, CCPA equivalent) — you want to know what personal data we hold about you or about an IP you own.
- Data-subject erasure / "right to be forgotten" request (GDPR Article 17) — you want personal data about you removed from our publicly accessible records.
- Network-operator dispute — you manage an autonomous system or a network and believe we are aggregating your traffic unfairly.
3. How to submit
Email takedown@intrusionlabs.com (for attribution / allowlist / operator disputes) or privacy@intrusionlabs.com (for GDPR / CCPA / state-privacy subject-access requests). Either address is fine; we will internally route the request.
Please include:
- Your name and role, and the organization you are representing if applicable;
- The specific indicator(s) at issue — IP address, ASN, CIDR block, hostname, or URL on our site;
- A description of why the indicator is incorrect, along with any supporting evidence (WHOIS ownership, abuse-handling logs, scan schedules, incident response documentation, etc.);
- What outcome you are seeking (reclassification, allowlisting, correction, removal, erasure);
- A contact method for follow-up.
We do not require any specific form or legal framing. A plain-language email is sufficient. However, the more evidence you can provide, the faster we can respond.
4. Our response SLAs
- Acknowledgment: within 5 business days of receipt.
- Substantive response: within 15 business days of receipt, or within the longer period required by applicable law (for GDPR requests we will respond within one month, extendable by two further months for complex requests with notice to you).
If we need additional information to verify your claim or your identity, the clock restarts from the time we receive the information.
5. What we may do in response
Depending on what the evidence supports, we may:
- Reclassify the indicator (e.g., from malicious to benign, or to a different behavioral category);
- Add a contextual note such as a hijacked or remediated flag;
- Reduce the confidence score of the label;
- Add you to our benign-scanner allowlist for legitimate research or commercial scanning;
- Remove the indicator from publicly accessible views while retaining it in our internal records for legitimate-interest purposes (operational security research, historical record-keeping);
- Erase the indicator entirely where applicable law requires;
- Decline the request with documented reasoning — see §7.
6. Audit trail
Every request and every action we take is logged internally with a timestamp, the indicator affected, the evidence received, the decision reached, and the person at IntrusionLabs who made it. These records are retained for at least five years. You may request a copy of the log entry for your own request.
7. When we may decline, and why
Not every request results in removal. Threat intelligence has a legitimate and recognized public-interest role: documenting adversary behavior helps defenders everywhere, helps abuse-handling teams prioritize remediation, and provides an evidentiary record for security research.
We may decline an erasure request, or partially refuse, when:
- The evidence in our data contradicts the claim (we will share the evidence with you);
- Removal would defeat a legitimate interest we have — security research, prevention of criminal activity, network and information security (GDPR Article 6(1)(f) and Recital 49) — that outweighs the privacy interest asserted;
- Removal would interfere with an active investigation by IntrusionLabs or law enforcement;
- The request seeks to suppress attribution of documented ongoing attack activity.
When we decline, we will explain our reasoning in writing. You may escalate a decision by replying to the denial email; we will have a second reviewer evaluate the case. For EU residents, you also have the right to complain to a supervisory authority.
8. Verification
Where a request relates to specific personal data or indicators, we may need to verify your identity or your authority to act on behalf of the indicator's owner. We use the minimum verification necessary and do not require government-issued identification for routine attribution disputes. For GDPR-specific requests, we follow the identity-verification guidance of the European Data Protection Board.
9. Bulk / abusive requests
We reserve the right to decline, defer, or require additional evidence for requests that appear to be automated, mass-generated, clearly frivolous, or issued on behalf of parties attempting to suppress attribution of documented attack activity. We document such refusals.
10. Contact
- Attribution disputes and allowlist requests: takedown@intrusionlabs.com
- Privacy / subject-access / erasure requests: privacy@intrusionlabs.com
- Abuse of IntrusionLabs itself: abuse@intrusionlabs.com
- Legal process (subpoena, court order, etc.): legal@intrusionlabs.com