Report abuse

The fastest channel. The address goes to the founder’s inbox with a real-time relay; we treat every message as P1 until triaged.

Please include the IP you saw, the timestamp (with timezone), and any log line that helps us match the activity to a mission. PGP / Signal contact available on request.

• Acknowledgement within 24 business hours — even if the investigation will take longer. Silence is what gets a provider to escalate.
• Target response under 4 hours during EU business hours (CET, Mon–Fri).
• If the activity matches a customer mission whose signed scope did not include your asset, we cancel the mission immediately, tear down the sandbox, refund the customer and notify you in writing — same business day.
• If we cannot attribute the activity to any mission, we treat it as a suspected compromise of our own infrastructure, snapshot the host for forensics, rotate credentials, and update you within 48 hours.
• Every report is logged into the same append-only audit chain we use for mission events — including reporter IP/User-Agent — so the trail survives any later attempt at rewriting history.

All Sentinelle missions egress through a tight allowlist of IPs. If you see an incoming connection from anything not on this list claiming to be Sentinelle, it is not us — please tell us anyway so we can publish a notice.

User-Agent fingerprint on outbound HTTP from our agents: secai-pentest/1.0 (contact: abuse@sentinel-sec.pro)

1. We match the IP + timestamp against our append-only mission-event chain (no admin can quietly rewrite an entry).
2. If we find an in-scope mission, we reply with the proof of scope and continue. If we find an out-of-scope mission, we stop it on the spot.
3. No match means a suspected compromise on our side. The VPS is snapshotted, credentials are rotated, and a clean spare is stood up before we touch DNS.
4. Every decision and reply is logged in the audit chain and available to insurance carriers and authorities on request.