2.1 Testing Only Verified or Owned Resources

You may use the Service solely to test:

• systems, domains, applications, servers and networks that you personally own; or
• systems for which you have explicit, provable authorization from the rightful owner.

Use of the Service against any other target is strictly prohibited.

2.2 Mandatory Verification

Verification of ownership or authorization is required. This may include, but is not limited to:

• DNS verification (e.g. adding a TXT record with a unique token);
• ICMP (ping) verification with a unique hash;
• submission of a Letter of Authorization (LOA) or other written proof of permission when requested.

We may refuse or terminate testing for any resource that has not passed our verification procedures or where authorization is unclear.

2.3 Prohibited Targets

Testing the following systems is strictly forbidden, regardless of ownership claims:

• systems belonging to third parties without explicit written authorization;
• government or public administration systems;
• banking and financial institutions;
• educational institutions;
• military or defense-related systems;
• critical infrastructure (including but not limited to power, water, healthcare, telecom, transport, emergency services).

Abusive or unethical use for personal gain

Using the Service to harm competitors, extort organizations, disrupt services for profit, or otherwise derive benefit from malicious or unethical activity.

Unauthorized DDoS / DoS attacks

• Using the Service to launch, assist, or simulate denial-of-service or distributed denial-of-service attacks against any system that you do not own or are not explicitly authorized to test.
• Continuing to run tests after authorization has been withdrawn or expired.

Account and access key misuse

• Selling, renting, or transferring your login credentials, API keys, or access tokens to any third party.
• Sharing access to your account in a way that enables others to breach this Policy.

Circumvention of authorization requirements

• Attempting to bypass or falsify domain/resource verification procedures.
• Forging or manipulating Letters of Authorization (LOA) or other proof of permission.
• Using the Service in any way that is designed to avoid detection of unauthorized testing.

Monitoring

We reserve the right to monitor usage patterns, traffic characteristics, and test behavior to identify abuse, anomalies, or suspicious activity. This may include automated and manual review.

Enforcement Actions

If we determine, at our sole discretion, that you have violated this Policy or are reasonably suspected of doing so, we may take one or more of the following actions, without prior notice:

• immediate suspension or termination of your account and/or access to the Service;
• revocation of API keys and other access credentials;
• blocking of specific targets, IP ranges, or network segments;
• refusal of future service or registration.

No refunds will be issued in case of suspension or termination due to Policy violations.

Notification of Authorities

In cases of intentional misuse, attempted or actual criminal activity, or serious abuse (including unauthorized DDoS/DoS attacks), we may report the incident and share relevant information with law enforcement or other competent authorities, in accordance with applicable law.