If you believe your assets have been scanned by Eleion Scanner without your authorization, we want to stop it immediately and provide full transparency about what happened.
Email:abuse@eleion.io Acknowledgement SLA: 4 business hours (09:00–18:00 CET). First substantive response: 24 business hours.
What to include
Domain or IP address that was scanned;
Approximate timestamps from your firewall / IDS / access logs;
Source IP addresses observed (our egress IPs will be confirmed if a scan is found);
Proof that you own or are authorized to act for the target (WHOIS, DNS zone, legal role document).
What we do on receipt
Acknowledge within 4 business hours;
Search audit logs for any scan matching your target and timestamp range;
If a scan is found without valid ownership proof from the tenant who issued it, we suspend that tenant immediately and preserve logs;
Share the sanitized audit trail with you (redacted to remove other tenants' data);
Cooperate with law enforcement on written request under Italian and EU procedural law (Art. 615-ter c.p. accesso abusivo a un sistema informatico + equivalents).
For security researchers
If you found a vulnerability in the Service itself (not abuse of the Service, but a bug in our own code or infrastructure), email security@eleion.io. Coordinated disclosure policy: 90 days, or shorter if a public advisory already exists.
Our commitment
Eleion Scanner exists to help organizations scan their own assets, not to enable unauthorized scanning of third parties. The ownership-verification system (DNS TXT + HTTP /.well-known) is the exact safeguard against this. If it fails, we want to know.
We use only strictly necessary cookies (session, CSRF, captcha). No analytics, no advertising, no third-party tracking. Read more.