Technical Information

Enforcement Service (Notifications)

Axur offers client notification services for the purpose of correcting, adjusting or removing unauthorized content, whether it’s improper or illegal. You may choose between the OneShot option and the traditional Takedown service.

OneShot

OneShot is a totally automated process of large-scale notifications that enables the client to request that Axur carry out thousands of notifications with an excellent cost/benefit ratio. This service is recommended for removing content from platforms that are notorious for customarily dealing with incidents in batches.Some examples of locations where using OneShot can be extremely effective:

  • Facebook
  • Instagram
  • Mercado Libre
  • 4Shared
  • Pastebin
  • Free websites - Wix, Webnode, etc.

Once a month, Axur checks to make sure that any occurrences sent to OneShot over the previous 30 days have been fully resolved. The client’s team can also check at any time.

Please note that the minimum interval between notifications regarding a single URL is 15 days. And Axur will not reactivate accounts/pages/URLs when the client requests OneShot.

Assisted Takedown

If the client contracts the Assisted Takedown service, the entire flow of notifications is monitored and tracked by the Axur team to verify that the request for removal or adjustment was carried out. New notifications are sent through privileged channels, when necessary. In addition, for cases related to fraud (phishing, malware and pharming), notifications are issued to the global security community (“fraudcasting”), reporting the URL so that browsers can post fraud alerts.

This service is recommended in cases such as:

  • Removal of fake pages that collect data from your clients (phishing, smishing, malware and pharming);
  • Correction or adjustments regarding the use of your brand, or other elements related to your company, on authorized or unauthorized partners’ websites;
  • Correction of your products’ sales information on third-party sites;
  • Adjustments for compliance to regulatory policies affecting the use of your brand.

Takedown Accounting Rules
Incidents accountable for billing purposes:

Every URL that is subject to action will be considered an accountable item;

  • On social media: profiles, fanpages, posts or photos are considered accounting items. Takedown may be requested for a profile or fanpage when it presents more than one post or photo that qualifies as a threat. If that action is unsuccessful, it will be necessary to take direct action on each post or photo.
  • In online marketplaces: each advertisement is considered an accountable item.
  • On websites or webshops: each advertisement is considered an accountable item

Each domain name subject to registration blocking and/or cancellation will be considered an accountable item;

Domain names with an illegitimate registrant and/or that have been hosting fraudulent content will be subject to having their registration blocked or cancelled. Each domain name will be subject to two distinct actions: (i) content removal action and (ii) blocking/cancellation of the domain name to prevent its future use in new frauds. In such situations, two items will be considered for invoicing:

The client may opt for only one of the two actions, when applicable.

Each single email address subject to blocking and/or cancellation will be considered as one accountable item and will be invoiced regardless of the action’s success.

In cases where the fraud is being perpetrated in one or more subdomains, and the domain itself has been hacked or does not exhibit clear infringement of the monitored brand (in nomenclature or content), the accounting will be according to the number of takedowns of each authorized subdomain. Multiple authorizations will result in multiple charges.

Incident reopening (re-ups). Incidents that resume activity after their takedown has been confirmed will be registered as a new item to be handled, and may be considered as re-ups. To qualify as a re-up, an incident must meet the following criteria:

  • activity is resumed within a period of 15 days from the initial takedown of the incident;
  • the URL must be identical to that of the original incident;
  • the hosting provider must be identical to that of the original incident;

Incident reopening (new incidents)

Incidents that resume activity after their takedown has been confirmed and that do not meet any of the re-up criteria will be invoiced as new incidents, and will be subject to charges.

  • Axur carries out extrajudicial (takedown) notifications for a period of 90 days. If after 90 days we have not been successful with the (takedown) notifications, the ticket will be closed as unresolved, and will not be deducted from the client’s package.
  • Axur may take action in the client’s name to reactivate pages for which takedown was mistakenly requested by the client. It is important to stress that we cannot guarantee the success of this type of operation. Whenever a situation such as this occurs, the client must provide a scanned letter stating that the request for removal was mistaken, thus exempting Axur. In situations where the client requests support in reactivating pages, Axur will charge the equivalent of ten takedowns. Clients whose packages include unlimited takedowns will be charged the amount equivalent to ten extra takedowns.

It must be emphasized that Axur will attempt to reactivate the page for 30 days; after this period, the case will be closed. Regardless of whether or not the page is successfully reactivated, the amount due will be assessed to the client.

Service Level Agreement - Customer Success

Kick-off and Training

Onboarding will include three primary stages, all of which will be conducted via conference call.

(i) Kick-off and Training on the platform: Conference call for aligning the scope, requesting initial information and training in the ONE platform’s features.

(ii) Alignment: Alignment conference call held two weeks after the Kick-off meeting.

(iii) Completing the implementation: Final alignment conference call, held 40 days after Onboarding. Subsequent meetings will be held as defined below.

Onboarding follow-up

Follow-up meetings will be available to the client via conference call, in accordance with the previously agreed-upon scope. The objective of the meetings will be to send feedback, address any of the client’s questions, consider suggested improvements, and any other subjects that the client would like to discuss in regard to our products.

Number of meetings:

  • Basic Plan: Four quarterly meetings will be available to the client over a period of 12 months, in accordance with the agreed-upon scope.
  • Pro Plan: Six bimonthly meetings will be available to the client over a period of 12 months, in accordance with the agreed-upon scope.
  • VIP Plan: Twelve monthly meetings will be available to the client over a period of 12 months, in accordance with the agreed-upon scope.

Service Level Agreement - Managed Services

Service level for incident actions

  • Takedown* — 50% of the tickets are notified within 10 minutes, and 90% will have their first notification within 30 minutes.
  • Phishing Takedown — 50% of tickets are notified within 30 minutes, and 90% of tickets will have their first notification within 2 hours.
  • Online Piracy Takedown — 50% of tickets are notified within 30 minutes, and 90% of tickets will have their first notification within 2 hours.
  • Subsequent notifications — will be carried out as necessary in each specific case to verify the requirements of the notified platforms and providers.
  • Verification — We have hundreds of auto-closing patterns to identify and close tickets once the responsible entities have removed the reported content. For cases that do not meet these standards, our team of experts performs regular checks to determine whether the takedown was successful or not.
  • Closing the ticket: if you notice that the reported content has already been removed, you can mark it as resolved, and the platform will automatically collect all evidence of the removal of the ticket.

*Check availability depending on specific configurations in the reported entities. The SLA will not be counted in case of unavailability of contact with the platform. The takedown must follow the correct classification of threat registration, adherence to programs, and other requirements of the reported entities.

Credential protection

Axur monitors credential leakage on the surface web and in the environments known as the deep and dark web.

  • A credential is a paired email+password or email+hash that can be used to access sites, systems, platforms and suchlike.
  • A hash is a password that has passed through an encryption process.
  • For the purposes of protecting credentials, a domain is a URL that has a linked email server.

Hashcast

Hashcast is a corporate credential protection service. Clients contracting Hashcast are alerted every time Axur detects the leakage of any credential belonging to the contracted domain. Axur offers 3 (three) plans:

  • Free Plan: Email reports of up to ten leaked credentials + alerts regarding new leaks (without reporting which credential was compromised) + a monthly report.
  • Corporate Plan: Email reports of all leaked credentials + alerts regarding new leaks (without reporting which credential was compromised) + SMS alerts.
  • Enterprise Plan: Email reports of all leaked credentials + alerts regarding new leaks (without reporting which credential was compromised) + a monthly report + SMS alerts + date and source of leak + access to API and webhooks.

In addition to Axur’s general clauses, the client contracting Hashcast must observe the following:

  • The client is solely responsible for informing the owners of credentials listed as leaked according to reports, alerts or webhook signals sent by Axur.
  • It is the client’s responsibility to prove their authority over the domain to be monitored.

Leakstream

Leakstream is an API that can be used by any company such as e-commerce, marketplaces, platforms and systems, that has an email login area on its Internet service.

Leakstream alerts such companies every time a user tries to log in using a credential that has been leaked on the Internet. Leakstream also makes sanitizing your system’s credential base possible by eliminating the compromised credentials via password reset.

Leakstream’s API meets the guidelines of the General Data Protection Regulation (GDPR) and Brazil’s General Law of Data Protection (LGPD). Therefore, clients contracting the product will receive encrypted passwords and hashes of leaks detected.

Credit card protection

Axur monitors credit card leakage on the surface web and in the environments known as the deep and dark web. 

Contracting products and services for credit card protection in no way compromises the company’s compliance with the PCI DSS (Payment Card Industry Data Security Standards).

Cardcast

Cardcast is a notification service designed for issuers of credit cards—banks, fintechs and airlines, among others. Whenever Axur detects a data leak regarding a credit card issued by a client, that client is immediately informed via email, SMS or webhook signal.

Clients contracting Cardcast will only have access to the leaked cards whose BINs belong to them. The BIN is the six (in some cases, eight) first numbers on the credit card that identify the issuer of the card.

Cardcast does not in any way access the card’s decrypted data, and retains in its database only cards that have already been leaked on the Internet, deep and dark web.

Clients contracting Cardcast must observe the rules and standards applicable to the issuance of credit cards.

Cardstream

Cardstream is an API that can be used by any company that accepts credit cards as a means of payment. The client who contracts Cardstream will be able to check (through encryption) if the credit cards entered by their users have been leaked on the surface web or in the environments known as the deep and dark web.

Cardcast does not in any way access the card’s decrypted data, and retains in its database only cards that have already been publicly exposed on the Internet.