Pricing

Per-store pricing. No per-seat tax.

Add a store, we scan it. Add another, we scan that too. Every tier includes 6 detection engines, database scanning, and SOC-grade incident reports.

— 2 months free on yearly
Starter

Single store · founders & small shops

Full malware scanning for one storefront. 6 detection engines, database scanning, incident reports.

$40/store/mobilled yearly
Start free trial
  • 1 storefront
  • 6 detection engines (signature, YARA, heuristic, IOC, exploit, CVE)
  • WordPress database scanning
  • File integrity monitoring
  • SOC-grade incident reports (--report flag)
  • Email report delivery (--email flag)
  • 30-day finding retention
  • Email alerts
License: EC-STAR-XXXX-XXXX-XXXX
korp install --license-key=EC-STAR-...
Growth
Most popular

Up to 10 stores · scaling brands

Multi-store dashboard, all integrations, compliance monitoring, threat intelligence.

$120/store/mobilled yearly
Start free trial
  • Up to 10 storefronts
  • Everything in Starter
  • All integrations (Slack, PagerDuty, Jira, Splunk, Datadog)
  • PCI-DSS compliance dashboard
  • Threat intelligence (IOC feed, malware families)
  • Attack chain correlation + MITRE mapping
  • Scan explorer (file tree + code viewer)
  • 180-day finding retention
  • API access
  • SSO + RBAC
License: EC-GROW-XXXX-XXXX-XXXX
korp install --license-key=EC-GROW-...
Agency

Unlimited stores · multi-tenant

Built for agencies managing 30-300 client stores. White-label reports, per-client grouping.

$320/store/mobilled yearly
Talk to sales
  • Unlimited storefronts (volume pricing)
  • Everything in Growth
  • Multi-tenant — group by client
  • White-label incident reports
  • Per-client billing
  • Agency runbook templates
  • IOC feed (read-only)
  • Priority support
License: EC-AGCY-XXXX-XXXX-XXXX
korp install --license-key=EC-AGCY-...
Enterprise

Custom · SOC + supply-chain

Unlimited stores, full IOC feed, dedicated detection engineer, 24/7 support.

Custom
Contact us
  • Unlimited stores + custom retention
  • Everything in Agency
  • Full IOC feed (STIX / TAXII)
  • Branded console + reports
  • Custom MITRE coverage mapping
  • Dedicated detection engineer
  • Custom integrations
  • 24/7 P1 phone support
License: EC-ENTR-XXXX-XXXX-XXXX
korp install --license-key=EC-ENTR-...
Add-ons

Bolt on what your fleet needs.

Edge block

Drop exfil destinations at the CDN edge. Cloudflare & Fastly worker.

+ $25 / store / mo

Long retention

365-day finding retention + cold storage for chargeback investigation.

+ $0.04 / event

Managed response

Our analysts take the page. P1 acknowledged in < 5 min, 24/7.

From $1,800 / mo

Custom MITRE map

Map detections to your internal coverage framework.

Included on Enterprise

PCI 6.4.3 reporter

Quarterly auditor-ready PDF mapping every script source/sink.

+ $99 / store / mo

SDK access

Embed EcomScan detection into your own product. Multi-tenant API.

Custom
Compare

What's in every tier.

FeatureStarterGrowthAgencyEnterprise
Storefronts1up to 10unlimitedunlimited
Detection engines6666
Database scanning
File integrity monitoring
Incident reports (CLI)
Email report delivery
Dashboard + API
SIEM connectors
Compliance (PCI-DSS)
Threat intelligence
Finding retention30d180d180dcustom
SSO + RBAC
Multi-tenant / white-label
IOC feedread-onlySTIX / TAXII
Dedicated engineer
24/7 P1 support
FAQ

Honest answers to the questions you'd ask on the call anyway.

What counts as a "storefront"?
A storefront is one production domain serving checkout — for example shop.example.com. Staging environments are free. Multi-language subdomains of the same store count as one.
You install a lightweight CLI agent (korp) on your server. It scans files locally and uploads results to the dashboard. No browser JS tag required — the agent runs server-side.
Run "korp scan --path /var/www/html --platform woocommerce --db-scan" to scan your store. It checks files with 6 detection engines (signature, YARA, heuristic, IOC, exploit, vulnerability) and optionally scans the WordPress database for injected malware.
WooCommerce, Magento / Adobe Commerce, Shopware, PrestaShop, OpenCart, Shopify Plus (via checkout extensions), and any custom/headless storefront.
A WAF blocks known attack patterns at the network level. EcomScan scans your actual files for planted malware, backdoors, and skimmers that are already inside your server. The two are complementary.
Yes. Monthly plans cancel at the end of the billing period. Yearly plans are prorated. We export all incident data on request.