TL;DR at the very bottom. I woke up today at around noon to an email from my host.

Just what I wanted to wake up to on a Wednesday morning. I opened a support ticket with them with the following:

“I’d appreciate it if you at least gave me links to this “doxxing” content I’m hosting. About 98% of my content is user uploaded, and I typically stay on top of removing any doxxing/malicious/illegal content.

You failed to even give me one link regarding this and now I’ve lost 2~ hours of content.”

To which support personnel answered:

We detected malicious traffic stemming from port 443 off of your VDS. We do not directly access or maintain your unmanaged VDS, so it would be entirely up to you to determine what is causing this malicious behavior & correct it.

Something to note here: Port 443 is SSL/TLS HTTP traffic. Normal web traffic is done through port 80 (HTTP). So during this time Catbox was still accessable from http://catbox.moe/ 

Me:

You do realize that port 443 is just the SSL/TLS port for HTTP, right? Somehow you guys “detected” malicious traffic, and now JUST port 443 is being blocked.

Them:

When you have located the doxxing content, and corrected the issue, let us know & we can unblock the port. Until then you are in violation of our Terms of Service & the block will remain in place.

Me:

This is some kind of joke, right? I have over 239,000 files uploaded by over 17,000 unique IP addresses. For you to even “detect” malicious traffic from port 443 means you would have had to sniff the traffic and find what file was actually being “malicious”. I’d appreciate it if I could speak to John/your CEO for more insight on this, since I’m not getting much help.

Them:

John, our CEO, is the one who placed the block, so I am not certain what more you hope to gain from what he directly posted on your Events Log tab; but if you feel that waiting for him to respond instead of looking into your content is the better use of your time, I’ll be glad to forward you over to him now.

Their CEO/Main Technician:

We didn’t “detect” malicious traffic. This is in reference to the support request that you chose not to respond to.

Me once more:

I would have loved to have responded to that request asking you to have whoever filed that complaint to email me directly at admin@catbox.moe, however when I went to respond to the ticket I just got a “Invalid Login” for that ticket. Accessing all my other tickets works fine. 
I’d also like to point out that file was uploaded back in *September*, anonymously (not linked to an account). I would have been more than glad to remove the file had the person given me either A: an email from the uploading IP verifying that it was his file or B: proof that the picture was indeed him. 

John:

You can respond to support requests here or through email. You can’t receive an invalid-login error through email. If you receive an error, you can ask us about it, and we can communicate with you on how to address it.

Me:

Thanks for the insight, I received the email from support@nfoservers.com so I suspected it was a noreply address. The ticket is still unavailable to me, still displaying “Invalid Login”.
Should I take this as a formal takedown notice? I’d once again urge you to tell whomever initially contacted you to contact me either through my Contact Us page or directly at admin@catbox.moe, so we can resolve this without the problems we’re currently having.
Just a little P.S. too: 443 is TLS/SSL. port 80 (http) works. http://files.catbox.moe/ggfvwr.jpg 

Now John had bugged out, and I was relegated to regular support staff again.

Were you intending to remove the image, then? John already offered to remove the block if you did, which would make this all a non-issue (except for the help request viewing).

Me:

I’ve removed the file. I’m very disappointed in how NFO handled this. I’ll be keeping this in mind in the future.

Their final response:

Thank you. I have removed the block for you now. We will also be reviewing this internally so that a situation such as this will be better handled in the future.
If you would like to also work on the other problem of the invalid login when viewing old request, please go ahead and open a new help request about that, and we can start working on sorting that out for you. 

TL;DR: Woke up to an email from my host saying that HTTPS traffic was being blocked because of “doxxing” content. Support was 1000% unhelpful until I was transferred to their chief tech who said it was due to an email/support ticket I had received but failed to respond to. Couldn’t respond to the ticket because their ticket system was giving me an error every time I tried to access it. Host forces me to remove the image or keep the traffic blocked.

No data was lost or was ever vulnerable. Traffic was not sniffed and this was due to an outside malicious reporter. Backups were made immediately after receiving the notice.

But hey, I’m the one at fault, right? Here’s the image I was forced to take down.

https://my.mixtape.moe/uwfcsp.jpg
https://p.fuwafuwa.moe/qayhpw.jpg
https://a.safe.moe/mn07r.jpg
https://aww.moe/3noeh1.jpg
https://a.cocaine.ninja/kjoxhg.jpg
https://a.doko.moe/fkhnmy.jpg
https://jaz.konch.xyz/yswpgk.jpg
https://d.filebox.moe/ifitxo.jpg
http://y.zxq.co/criipa.jpg
http://gateway.glop.me/ipfs/QmbzL35pbu7mGRe7oppLUqFEvg1rWDrYnJLpGSom2MTrXF/ggfvwr.jpg
https://a.lainfile.pw/DH
https://a.pomf.cat/tnpnwr.jpg
https://u.nya.is/iccnuv.jpg
https://a.pomf.space/ymoolfdnezud.jpg
https://pomf.pyonpyon.moe/dlhqho.jpg
https://a.pomfe.co/pywrplb.jpg
http://b.reich.io/vlgbbh.jpg
https://qt.vidyagam.es/i8VcqLk.jpg
http://dl.asis.io/0ygJRC4r.jpg
http://cdn.che.moe/qqobrd.jpg
https://a.vidga.me/llatsi.jpg

Get fucked NFO. And you, guy that decided to try and get me taken down.