How does ServiceAlert compare to Bolster or PhishLabs?

ServiceAlert covers the same core DRP capabilities, typosquat detection, phishing monitoring, screenshot tracking, dark web scanning, credential exposure detection, and takedown management, at a fraction of the cost. Enterprise DRP platforms charge $20K+ per year. ServiceAlert's Business plan starts at $249/month and includes DRP alongside uptime monitoring and status page aggregation.

How many domain extensions (TLDs) does the scanner cover?

Our NOD (Newly Observed Domain) scanner ingests daily zone files from 12 gTLDs via ICANN's CZDS program: .com, .net, .org, .info, .biz, .club, .mobi, .name, .pro, .tel, .xyz, and .shop. This catches typosquat registrations within hours of creation, before they can be weaponized.

Does ServiceAlert do takedowns?

Yes. The takedown manager generates and sends abuse complaints to domain registrars via their published abuse contacts. You can track submission status, follow up, and maintain a full audit trail. One click to submit, automatic deduplication, and status tracking through resolution.

Agentic DRP · for the rest of us

The work a DRP analyst does
we do automatically

Name: ServiceAlert Agentic Digital Risk Protection
Brand: ServiceAlert.ai

A brand-protection team at a $40K/year vendor runs the same loop every day: discover candidate impersonation domains, triage the noisy ones out, verify the real threats, send the takedown, check if it worked, escalate if it didn't. We do the whole loop for you, detect, triage, verify, take down, re-verify, archive, and surface only the findings that need a human decision.

Enterprise DRP (Bolster, Doppel, Outtake, PhishLabs): $20K-$100K/yr • ServiceAlert Agentic DRP: $249/mo

See plans Try the free scanner

The loop runs 24/7. You get the outcome.

Most DRP platforms dump findings into a dashboard and expect a human analyst to clear the queue. We automate the whole case lifecycle and escalate to you only when a decision actually needs to be made.

Detect

NOD zone-file ingest across 10 gTLDs (~35M domains/day), 13 typosquat generation techniques, CT log monitoring, dark-web scanners, credential breach feeds, brand-keyword substring matching, social & app-store monitors.

Triage

Auto-prioritise with a transparent 0-100 risk score (eight published signals), infrastructure clustering (shared IPs, NS, registrar, SSL, favicon), and a confidence threshold that filters out the long tail of false positives.

Verify

Fetch the page in parallel via headless browser + curl, capture a screenshot, run six phishing signals (SSL impersonation, login form, favicon hash, brand keyword, OG meta, iframe) and a perceptual hash against your real site. Only confirmed threats proceed.

Take down

Auto-generate a registrar abuse complaint with the evidence pack, submit on your behalf via Postmark to the WHOIS abuse contact, dedupe re-submissions, and record the case ID.

Re-verify

Daily cron checks DNS, HTTP, WHOIS, and marketplace signals on every open takedown. Confirms resolution automatically or escalates to the next registrar if the takedown stalls.

Enterprise DRP (Bolster · Doppel · Outtake · PhishLabs)

$20K-$100K/yr · procurement cycle, analyst desk, contract minimums

Custom pricing, annual contracts, sales cycle
Agentic positioning often means "the analyst uses AI tools", you still pay per-seat
Separate from your monitoring stack
Black-box risk scoring
Uptime & status aggregation not included
Incident management not included

ServiceAlert Agentic DRP

Business $249/mo · Enterprise $999/mo · flat, month-to-month

Sign up today, scanning tonight
Detect→triage→verify→takedown→re-verify loop runs without you
Bundled with uptime monitoring, status aggregation, cert lifecycle, vuln scanning, incident management
Transparent, published risk scoring rubric (see it)
2,300+ vendor status pages + outage map included
STIX 2.1 / TAXII 2.1 + MISP feed for SIEM ingest

What's included

Every feature listed here is live today. Not a roadmap, these are running in production, protecting brands right now.

🔍

Typosquat Detection

Generates hundreds of lookalike variants of your domain (homoglyphs, bit-flips, TLD swaps, keyword additions) and monitors registration status across all major TLDs. Catches impersonation domains before they go live.

🆕

Newly Observed Domain Scanning

Ingests daily zone files from 12 gTLDs via ICANN CZDS (.com, .net, .org, .info, .biz, .club, and more). Matches new registrations against your brand within hours of creation, before attackers can weaponize them.

📷

Visual Similarity & Screenshots

Captures screenshots of suspected phishing sites and compares them against your legitimate pages using visual similarity analysis. Tracks visual changes over time with dated screenshot history.

🔒

SSL & Infrastructure Probing

Checks SSL certificates, DNS records, MX configuration, WHOIS registration, and hosting infrastructure for every finding. Clusters related domains by shared infrastructure (IPs, name servers, registrars).

🌐

Dark Web & Credential Monitoring

Monitors dark web sources for mentions of your brand, leaked credentials, and data exposure. Alerts when employee or customer credentials appear in breach databases.

📈

Domain Risk Scoring

Transparent 0-100 risk score with A-F grades. Eight weighted signals, every weight published. Audit any score from the signals we show you. See the full rubric.

👥

Social Media & App Store Monitoring

Scans social platforms and app stores for unauthorized use of your brand name, logos, and assets. Catches fake accounts and fraudulent apps impersonating your organization.

⚠️

Takedown Management

One-click abuse complaint generation to domain registrars. Tracks submission status, prevents duplicate filings, and maintains a full audit trail through resolution.

📑

WHOIS History & Passive DNS

Historical WHOIS snapshots with change-tracking across registrar, name servers, and registration dates. Multi-provider passive DNS (OTX + VirusTotal) with persistent data store. Try the free WHOIS tool.

🚀

Threat Intel Feeds (TAXII & MISP)

Export your brand findings as structured threat intelligence via TAXII 2.1 and MISP formats. Feed directly into your SIEM, SOAR, or threat intel platform for automated response.

🛠

Maltego Transforms

Five transforms for Maltego CE: domain-to-risk-score, domain-to-whois, domain-to-threat-intel, domain-to-passive-dns, domain-to-status. Pivot through ServiceAlert data in your investigation workflow.

💫

Favicon Hash & Infrastructure Clustering

Calculates favicon hashes to identify domains reusing the same assets. Clusters findings by shared IP ranges, name servers, and registrars to reveal coordinated campaigns.

Plus everything else in ServiceAlert

DRP is one part of the platform. Every plan also includes:

Uptime Monitoring

HTTP, ping, TCP, SSL, DNS, and heartbeat checks for your own infrastructure. Up to 100 monitors on Enterprise.

Status Page Aggregation

Track 2,336+ vendor status pages in one dashboard. Know when AWS, Stripe, or Slack goes down before your users tell you.

Early Signals

Crowd-sourced outage detection catches issues before the vendor's status page updates. Reddit, Hacker News, and Bluesky scanning.

10 Alert Channels

Email, Slack, Teams, Discord, Google Chat, SMS, webhooks, PagerDuty, Opsgenie, and browser push.

By the numbers

gTLD zone files scanned daily

2,336+

vendor status pages monitored

risk signals, every weight published

$249

/mo, not $20K/yr

Frequently asked

What is Digital Risk Protection?

DRP is a category of security tools that monitor for external threats to your brand: domain impersonation, phishing sites, typosquatting, dark web exposure, credential leaks, and fraudulent accounts. Traditional DRP platforms cost $20K-$100K/year and require annual contracts with lengthy procurement cycles.

How does this compare to Bolster, Doppel, or PhishLabs?

We cover the same core capabilities at a fraction of the cost. The main difference: enterprise DRP vendors use proprietary ML models and offer white-glove onboarding. We publish our risk scoring rubric in full and let you self-serve. If you need a dedicated analyst and custom ML, enterprise DRP is the right choice. If you need the protection without the procurement process, we're the fit.

Do I need the Business or Enterprise plan?

Brand protection features are included in both Business ($249/mo) and Enterprise ($999/mo). Enterprise adds more monitors (100 vs 25), SSO, teams with RBAC, audit logs, 1-year data retention, and a dedicated support SLA. Most teams start on Business and upgrade when they need team features or compliance artifacts.

Can I try the scanning before I sign up?

Yes. The phishing scanner is free and runs every signal except the continuous monitoring. Paste any URL and see the full risk score, threat intel check, redirect chain analysis, email security grade, and screenshot, no account required.

How do the TAXII and MISP feeds work?

Your brand monitoring findings are automatically exported as STIX 2.1 bundles via a standard TAXII 2.1 endpoint, and as MISP events via the MISP feed endpoint. Point your SIEM or SOAR at the URL and your threat intel platform ingests the indicators automatically, no manual export needed.

Start protecting your brand tonight

Sign up, add your domains, and the first scan runs automatically. No procurement, no annual contracts, no sales calls required.

See plans & pricing

The work a DRP analyst doeswe do automatically