Update: I got an email from Hetzner's legal team today saying they came across my blog post (nice!). Paraphrasing:

- They're monitoring and understand that there is no actual abuse being done from these Tor relays getting spoofed.
- They emphasized that they do not routinely take action on this kind of abuse complaints, and that's why they forward them without requiring reply/action from the customer.

Love hearing this, and I'm actually impressed by Hetzner's response! Major props.

New update: the CTO from "watchdogcyberdefense.com" has been in my emails, and I can only summarize our exchanges by my current feeling of "wow there should be an exam to be allowed to send more than N abuse complaints/day".

To quote from them: they're seeing "1.3 billion attacks logged in the past 24h", they claim IPs are infected because VirusTotal says so, and they're trying to make a deal with me where if I iptables OUTPUT DROP their network they'll stop sending abuse complaints to Hetzner.