Open dashboard

Security Scanning Policy

How SecurityAlert.ai scans for security threats on behalf of our customers.

What We Do

SecurityAlert.ai provides brand protection and security monitoring services. When our customers add their domain to our platform, we perform automated security scans to detect threats including typosquatting, phishing, credential exposure, and infrastructure vulnerabilities.

All scanning is non-invasive and read-only. We never attempt exploitation, authentication bypass, or any destructive action. Our scans consist entirely of standard HTTP GET/HEAD requests and DNS lookups.

What We Scan

  • Typosquat domains, We generate lookalike domain variants and check DNS resolution, SSL certificates, and WHOIS data to detect potential phishing sites.
  • Subdomain discovery, We enumerate subdomains via Certificate Transparency logs and DNS to map the attack surface.
  • Subdomain vulnerability checks, We probe discovered subdomains for commonly exposed files (/.env, /.git) and admin panels using standard HTTP requests.
  • Email security (SPF/DMARC/DKIM), We query DNS TXT records to evaluate email authentication configuration.
  • Cloud storage exposure, We check for publicly accessible S3 buckets, Azure Blob containers, and GCP storage using HEAD requests.
  • Dark web monitoring, We search GitHub, paste sites, and public threat intelligence feeds for leaked credentials and code exposure.
  • Ransomware monitoring, We poll public ransomware tracking APIs to detect if a customer's organization appears in ransomware group claims.
  • Visual impersonation, We capture screenshots of suspected phishing sites and compare them against the legitimate website using perceptual hashing.

How to Identify Our Scanner

All HTTP requests from our security scanner use the following User-Agent string:

SecurityAlert.ai SecurityScanner/1.0 (+https://securityalert.ai/security-scanning)

Our scanning originates from Azure-hosted infrastructure. If you see this User-Agent in your access logs, it means one of our customers has added your domain (or a related domain) to their brand protection monitoring.

Scanning Behavior

  • Frequency: Scans run at most once every 24 hours per monitored domain.
  • Rate: Requests are throttled with delays between each check. We never send more than a few requests per second to any single target.
  • Methods: GET and HEAD requests only. No POST, PUT, DELETE, or any method that could modify data.
  • No exploitation: We detect the presence of exposed files but do not download, read, or exfiltrate their contents from your servers.
  • No authentication: We never attempt to log in, guess passwords, or bypass access controls.

Opt Out

If you would like your domain excluded from our security scanning, please contact us. We will add your domain to our exclusion list within 24 hours.

You can also block our scanner by filtering the User-Agent string shown above in your web server configuration.

Contact Us

Email: support@securityalert.ai

Website: securityalert.ai