USER AGREEMENT BETWEEN THE GLOBAL CYBER ALLIANCE, INC., AND USERS OF THE DOMAIN TRUST ONLINE TRIAL ENVIRONMENT PLATFORM
This online User Agreement, by and between the Global Cyber Alliance, Inc. (“GCA"), and Users of the Domain Trust Online Trial Environment Platform (“User(s)”). Together, GCA and Users are the “Parties.”
This agreement supersedes any prior agreement existing between the parties.
1. Purpose of the User Agreement.
The specific purpose of this User Agreement is related to use of GCA’s Domain Trust Online Trial Environment Platform.
2. Term and Termination.
- Term. This User Agreement shall become effective as of the date of acceptance and is valid for 30 days from date of acceptance.
- Termination. This User Agreement and the User’s access to the Domain Trust Online Trial Environment will be automatically terminated 30 days from date of acceptance. The User Agreement and the User’s access also may be terminated immediately by GCA before the 30 day term if User violates the Agreement or the Terms of Service.
3. Collaboration and Use of GCA’s Domain Trust Online Trial Environment Platform.
- This User Agreement addresses use of GCA’s Domain Trust Online Trial Environment Platform. The responsibilities vary depending on whether a Party contributes information to the Platform (each, a “Provider”), utilizes the contributed information (each, a “Consumer”), or both. Information submitted to this GCA Platform is a “Contribution” and such Contributions and other data kept in a GCA Platform is “Platform Data.”
- User will comply with all obligations applicable to its use of GCA’s Domain Trust Online Trial Environment Platform to which it has access, whether as a Provider or Consumer (or both). These obligations are included in the Domain Trust Platform Terms of Service for this Platform for which User will have access. The Platform Terms of Service in effect at the time of the effective date of this agreement are included in the Attachment A.
- If, at a later date, User is invited to or requests to become engaged in GCA’s full Domain Trust Platform, the Domain Trust Platform Terms of Service in effect at that time will be provided for review, and participation is subject to acceptance of those terms.
- Upon termination of this User Agreement, or other decision to stop participating in the platform, GCA will wipe all User data submitted through the Domain Trust Online Trial Environment Platform.
4. Use of Platform Data.
- Consumer use of data from the Domain Trust Online Trial Environment Platform is limited to evaluating the function of the Platform for the purposes of considering partnering with GCA for access to the full Domain Trust Platform. Any other uses are expressly forbidden.
5. Disclosure of Platform Data.
- Any disclosure of Contributions or Platform Data by Consumers requires the express written permission of GCA. In no event may the entire set of data from the Domain Trust Online Trial Environment Platform or a material part thereof be exported from the database other than as a temporary measure to enable Consumer’s evaluation and analysis of the Platform and only as permitted by this agreement.
6. Data Classification, Data Limitations and Due Diligence.
- Each Provider will use reasonable efforts to classify their Contributions according to the industry accepted TLP classification scheme; data will be TLP Amber unless otherwise specified by Contribution or in the Terms of Service.
- Each Provider will use reasonable efforts to classify their Contributions in accordance with the appropriate Platform Terms of Service, schema, or other relevant documents associated with the platform. (Contributions for the Domain Trust Online Trial Environment Platform will not be incorporated into the primary Domain Trust Platform.)
- Providers must not submit any Contribution that contains personal data or personal information (or analogous variations of such terms, as defined under applicable law) except as specifically authorized by GCA pursuant to a data processing agreement.
- Providers must not submit any Contribution that contains personal data or personal information (or analogous variations of such terms, as defined under applicable law) except as specifically authorized by GCA pursuant to a data processing agreement.
- If a Provider submits data received from sources outside its organization it also affirms that it has permission to submit the Contribution for use by GCA as contemplated by this Agreement, and as a result of the data contributed, GCA inherits no obligations as a result of the Contribution.
7. Relationship of the Parties.
It is the intent and purpose of the Parties that there is no relationship of agency, partnership, joint venture, employment, or franchise between the parties as a result of this User Agreement. Neither party has the authority to bind the other party or to incur any obligation on its behalf.
8. Confidential Information.
- The Parties acknowledge that by reason of their relationship, they might have access to certain information and materials concerning the other party’s business, its financial, business and technical plans and strategies, ideas, inventions, models, algorithms, software, source code, object code, p code, documentation, flow charts, databases and database structures, application programming interfaces ("APIs"), products or services, trade secrets, know how, and technology (collectively, “Confidential Information”). The Parties acknowledge and agree that the other party’s Confidential Information is of substantial value, which value would be harmed if such information were disclosed to third parties. The Parties agree that, during the term of this User Agreement and thereafter, they will not (i) use the other party’s Confidential Information in any way, except in the performance of his/her/its obligations under this User Agreement and any associated statement of work; or (ii) disclose such Confidential Information to any third party, except to its employees, or contractors, who need to know such information, provided such employees have signed a Nondisclosure Agreement (NDA), with terms no less restrictive than the terms in this User Agreement.
- Exclusions. Confidential Information does not include any information that a party can demonstrate by written records: (i) was known to the party prior to its disclosure hereunder by the other party and was not the subject of an earlier confidential relationship between the Parties; (ii) was independently developed by the party; (iii) is or becomes publicly known through no wrongful act of the party; (iv) has been rightfully received from a third party whom the party has reasonable grounds to believe is authorized to make such disclosure without restriction; or (v) has been approved for public release by the other party's prior written authorization. Confidential Information may be disclosed pursuant to applicable law, regulations or court order, provided that the disclosing party provides prompt advance notice thereof to enable the other party to seek protective order or otherwise prevent such disclosure, unless such notice is prohibited by law.
- Return of Confidential Information. Each party’s Confidential Information is and shall remain its property. In the event of any termination or expiration of this User Agreement: (i) each party shall promptly, and, in any event within five (5) days after being so requested, return to the other party its Confidential Information in tangible form that is within the possession or control of the party; and (ii) except to the extent the party is advised in writing by counsel that he/she/it is prohibited by law from so doing. The Party will also destroy all written material, memoranda, notes and other writings or recordings whatsoever prepared by it or its representatives based upon, containing or otherwise reflecting any Confidential Information of the other party. Any Confidential Information that is not returned or destroyed, including, without limitation, any oral Confidential Information, shall remain subject to the confidentiality obligations set forth in this User Agreement.
9. Fees.
No fees shall be due from one party to another based solely on this User Agreement.
10. Duties and Liability.
- Except for the good faith duties described in Section 6, Providers otherwise extend no warranties, express or implied, about the data submitted, which is furnished “as is.” Similarly, GCA provides no warranties, express or implied, about the content of the Contributions and Platform Data.
- The User Agreement and the User’s access may be terminated immediately by GCA before the 30 day term if User violates the Agreement or the Domain Trust Platform Terms of Service.
- Consumers affirm that they will not take action based on any data in the Domain Trust Online Trial Environment Platform and will use the platform solely for evaluation and analysis of the Platform and only as permitted by this agreement.
11. Limitation of Damages.
In no event will either party be liable for any direct or consequential damages to the other party as a result of a breach of this User Agreement, nor for any loss of profits, business, or goodwill.
12. Insurance.
Each party shall be responsible for maintaining its own insurance as required by its own business and compliance requirements.
13. General Provisions.
- Equitable Relief. Unauthorized use, reproduction or dissemination of a party’s Confidential Information will cause substantial damage to the owning party for which money damages are not an adequate remedy. Therefore, if the non-owning party breaches or attempts to breach any of its obligations hereunder related to Confidential Information, the owning party shall be entitled to seek equitable relief to protect its interests, including but not limited to injunctive relief, as well as monetary damages.
- Binding Effect. This User Agreement shall be binding upon, and inure to the benefit of the parties hereto, as well as their respective successors, assigns, legal representatives, agents, attorneys, partners, officers, directors, shareholders and employees; provided, however, that nothing herein shall be construed to permit either party to assign this User Agreement. Any such assignments, without the express written consent of both Parties, are void.
- The following sections shall survive any termination or expiration of this User Agreement: Section 2 (Term and Termination); Section 8 (Confidential Information); Section 10 (Duties and Liability); Section 11 (Limitation of Damages); and Section 13 (General Provisions).
- Severability. If any part of this User Agreement is found invalid or unenforceable (the “Invalid Clause”), that part will be enforced to the maximum extent permitted by law, and the remainder of this User Agreement will be enforced to the extent such enforcement, when viewed in light of the full or partial exclusion of the Invalid Clause, is consistent with the parties’ intent.
- Notices. All notices, requests, demands and other communications given to a party under this User Agreement shall be in writing and shall be deemed to have been given: (a) upon presentment in the case of personal delivery, (b) after three (3) days if mailed by first class U.S. mail to the applicable address as set forth below each party’s signature, or (c) by email if receipt is confirmed.
- Governing Law. This User Agreement shall be made and entered into and construed in accordance with and governed by the laws of the State of New York.
- Entire Agreement; Amendments. This User Agreement embodies the entire understanding between the parties in relation to the subject matter hereof and supersedes all prior understandings, agreements or arrangements between the parties with respect to this subject matter. The provisions of this User Agreement may only be amended or waived by a written instrument executed by an officer of both parties. Further, the parties agree to the terms of this User Agreement without reliance upon any promise, warranty, or representation by any party or any representative of any party other than those expressly contained in this User Agreement, and each party has carefully read this User Agreement, is aware of the option to have the User Agreement’s meaning and consequences explained by its respective attorney, and signs the same of its own free will.
- Waiver. No waiver will be implied from conduct or failure to enforce rights. No waiver will be effective unless in a writing that is signed by the party against whom the waiver is asserted, and such waiver shall only be effective as to the particular act identified in the written waiver.
- Headings. The headings in the User Agreement are intended for convenience or reference and shall not affect its interpretation.
- No Third-Party Beneficiaries. No rights of any third party are created by this User Agreement and no person not a party to this User Agreement may rely on any aspect of this User Agreement notwithstanding any representation, written or oral, to the contrary.
ATTACHMENT A: Domain Trust Platform Terms of Service
The Terms of Service in effect at the time of signing this agreement are as follows.
The Domain Trust Online Trial Environment Platform is designed to offer Users a sampling of real, aggregate information from the primary Domain Trust Platform regarding suspected malicious domains. “Contributions” submitted by Providers are limited to domains identified as “malicious” according to the following definition.
Malicious domains are defined as those hosting sites that are dedicated to
- Distribution of malware
- Phishing mail sites
- Phishing recipient sites
- Malware command and/or control sites (commonly known as C2s)
Provider rankings (A, B, C, or D as defined in the Taxonomy) are determined and\ implemented by GCA, and mutually agreed with the Provider prior to connection to the primary Domain Trust Platform.
Providers for both the Domain Trust Online Trial Environment Platform and the primary Domain Trust Platform will provide their data according to the Domain Trust Platform Taxonomy.
Domain Trust Platform Taxonomy - TLP Amber
This document describes the outline taxonomy and interface approach
Data String Format
<< PROVIDER >> << DOMAIN >> << PROVIDER RATING >> << PROVIDER CLASSIFICATION >> << SOURCE >> << SOURCE NAME >> << ACTIVITY >> << DATE >> << TIMESTAMP >> << TYPE >> << ROLE >> << REGISTRATION DATE >>
| Field title | Description | |
|---|---|---|
| Provider | Name of provider i.e., the organization providing the data to Domain Trust | |
| Domain | Internet domain being submitted | |
| Provider Rating | GCA-assigned rating of provider based on their level of authority | |
| A | High authority provider such as law enforcement agency or judge | |
| B | Medium authority provider with high scale SOC, such as CERTs, CSIRTs, ISPs and TELCOs | |
| C | Low authority provider such as anti-spam and anti-scam contributors | |
| D | Predictive intelligence provider such as artificial intelligence contributors | |
| Provider Classification | Provider-assigned classification of the domain based on their level of certainty | |
| 1 | Definitely criminal | |
| 2 | Probably criminal | |
| 3 | Possibly criminal | |
| -1 | Definitely not criminal, designed to allow loading of allowed lists, negative false positives or investigations underway | |
| Source | S | Self |
| E | External | |
| Source Name | Name of source | |
| Activity | Flag used by registries, registrars, or ICANN to flag to specify the activity state of the domain | |
| A | Active | |
| S | Suspended | |
| N | Non-existent | |
| T | Taken down | |
| B | Blocked | |
| Date | Date the entry being submitted was first discovered - Unix time format (e.g., 1604484698) when submitting domains, ISO-8601 format (e.g., 2021-09-15 15:59:15) when consuming/retrieving domains, | |
| Timestamp | Timestamp Timestamp automatically assigned by Domain Trust | |
| Type (optional) | Blank field | Cyber (default) - This Type should be used where a domain is suspected of distributing malware, could be multiple 'Types' or where the provider is uncertain about how to categorize it |
| F | Fraud (where an individual deceives with the intended result of financial or personal gain) | |
| B | Brand spoof | |
| Role | Registry | Role of provider |
| Registrar | ||
| Reseller | ||
| ICANN | ||
| Other | ||
| Registration Date (optional) | Date | Date domain was created - to be used by registry/registrar - Unix time format when submitting domains, ISO-8601 format when consuming/retrieving domains |
