1. Scope

This AUP applies to anyone who uses our network, servers, or services — directly as a customer, or indirectly as a customer's end user. By using the Services, you and anyone you provide them to agree to these rules.

2. Prohibited Content

You may not use the Services to host, transmit, store, or distribute:

• Child sexual abuse material — zero tolerance, immediate termination, reported to authorities.
• Content that incites violence, terrorism, or hatred against individuals or groups based on race, religion, gender, orientation, or nationality.
• Material that infringes intellectual property — copyrighted works, trademarks, or trade secrets you do not have rights to.
• Defamatory or libelous content.
• Material that violates UAE law, including content that is unlawful under the Cybercrime Law and other applicable statutes.
• Personal data of others obtained or used without lawful basis.
• Doxxing material — publishing private information to harass or threaten an individual.

3. Prohibited Activity

3.1 Network abuse

• Port scanning, vulnerability scanning, or penetration testing of systems you do not own or do not have written permission to test.
• Launching, participating in, or facilitating denial-of-service (DoS / DDoS) attacks.
• Spoofing IP addresses, falsifying packet headers, or otherwise concealing the origin of traffic.
• Operating open relays, open recursive DNS resolvers, or open proxies that can be abused to launch reflected attacks.
• Sending traffic that exceeds the bandwidth or packet-rate limits of your plan in a way that affects other customers.

3.2 Email abuse (spam)

• Sending unsolicited bulk email (UBE / UCE).
• Sending email with forged headers, fake "From" addresses, or misleading subject lines.
• Operating in violation of CAN-SPAM, the GDPR's e-privacy rules, or similar laws of recipient jurisdictions.
• Maintaining a mailing list without verifiable opt-in records.
• Failing to honor unsubscribe requests within 10 business days.

If you operate any kind of mailing infrastructure, you are responsible for SPF, DKIM, DMARC, and complaint feedback loops with major providers.

3.3 Malicious software and infrastructure

• Hosting, distributing, or developing malware, worms, ransomware, viruses, keyloggers, or rootkits.
• Operating command-and-control (C2) infrastructure for botnets or malware campaigns.
• Hosting credential phishing pages, fake login portals, or social engineering kits.
• Operating credential-stuffing, account-checker, or carding services.
• Hosting drive-by-download or malvertising payloads.

3.4 Fraud and deception

• Hosting websites or services designed to defraud, including pyramid schemes, fake shops, romance scams, "investment" frauds, and counterfeit goods.
• Identity theft or impersonation of another person or organisation.
• Cryptocurrency-related fraud including fake exchanges, fake airdrops, and "rug-pull" tokens.

3.5 Resource abuse

• Operating cryptocurrency mining on standard plans is allowed only on dedicated servers you have purchased for that purpose; mining on shared, virtual, or trial resources is prohibited.
• Sustained excessive CPU, disk I/O, or network usage that destabilises shared infrastructure.
• Bypassing or attempting to bypass resource limits.

4. Network and Security Conduct

• You must keep your operating system, applications, and credentials up to date and secure.
• You must respond to abuse reports and security tickets we forward to you within 24 hours.
• You must not interfere with or attempt to gain unauthorised access to other customers' systems, our infrastructure, or third-party systems.
• Vulnerability research targeting our infrastructure is welcome via responsible disclosure to security@virtualhost.ae; do not test against production without written agreement.

5. Adult Content

Lawful adult content is permitted provided that:

• All depicted persons are verified adults at the time of recording, and you maintain age verification records that you can produce on demand.
• Hosting complies with the laws of the country your server is located in.
• It is not advertised, distributed, or made available in a way that targets minors.

6. Reporting Abuse

If you believe content or activity hosted on our network violates this AUP, please report it to abuse@virtualhost.ae with:

• The IP address, hostname, or URL involved.
• A timestamp (with timezone) of the incident.
• Evidence (logs, screenshots, headers — please do not include unnecessary personal data).
• Your contact details if you'd like a response.

We acknowledge receipt within 24 hours and triage based on severity. We do not disclose customer identity except where legally compelled.

7. Enforcement

We respond proportionally to violations:

• Warning for minor or first-time issues — we'll forward the report and ask you to remediate within a stated window.
• Suspension if the activity continues, is causing active harm, or is a serious violation. We will restore service once the underlying issue is resolved.
• Immediate suspension or termination, without notice, for activities that present imminent harm: active DDoS, child sexual abuse material, active phishing, malware C2, or where law enforcement requires it.

We reserve the right to remove infringing content, null-route abusive IPs, or report unlawful activity to authorities. Repeated or severe violations may result in permanent ban from our services.

8. Cooperation with Law Enforcement

We comply with valid legal process from UAE authorities and from authorities in jurisdictions where we operate. We disclose customer information when required by law and otherwise treat customer data as confidential.

9. Changes to This Policy

We may update this AUP from time to time as new abuse vectors emerge. Material changes will be announced by email to the Account contact at least 30 days before they take effect, except where an immediate change is necessary to respond to ongoing harm.