Everything runs at the DNS layer — before threats reach your devices.
We aggregate 18 threat feeds — URLhaus, ThreatFox, Feodo Tracker, Spamhaus, OpenPhish, PhishTank, StevenBlack, AdGuard, HaGeZi Pro, and OISD Big among them. The combined blocklist updates every 5 minutes. Every DNS query is checked in microseconds, and malicious domains are stopped before a single packet reaches your network.
How threat blocking works →Domain Generation Algorithms let malware create thousands of random domains to evade static blocklists. Escudo runs Shannon entropy analysis, character-pattern scoring, and suspicious TLD detection on every query. If a domain looks machine-generated, we block it — even if no threat feed has seen it yet.
Escudo detects fraudulent domains targeting financial institutions using Levenshtein-distance typosquat detection, keyword scoring, and suspicious TLD flagging. If someone registers a lookalike domain to steal banking credentials, we block it at the DNS layer before the page loads. Covers 20+ institutions with region-specific detection rules.
Learn more →Block adult content, gambling, social media, gaming, and more — across every device on your network. Seven category groups let you choose what gets through. Set time-based schedules so homework hours stay focused. Changes propagate to DNS in under a second, and a PIN lock prevents kids from disabling protection.
Escudo checks your email addresses against the Have I Been Pwned database — covering over 700 breaches and billions of compromised records. 60% of users find a leak in their first week. After the initial scan, daily auto-checks run quietly in the background. When a new breach surfaces, you get notified before criminals can use your data.
Most people have no idea what is connected to their network. Escudo identifies every device using 127 passive DNS fingerprinting rules — no port scanning, no agents, no traffic disruption. Smart TVs, IoT sensors, security cameras, game consoles: each one appears in your dashboard with a device type, OS guess, and query history.
Every query is logged with SHA-256 hashing, hourly integrity checkpoints, and daily Merkle-tree verification. Export logs as JSON or CSV for compliance audits, insurance claims, or law enforcement. Fully aligned with LGPD and NIS2 requirements. When you need to prove what happened and when, the evidence is already there.
Two DNS nodes on separate providers in separate continents. Sao Paulo covers the Americas. Frankfurt covers Europe, Africa, and Asia. Both run the same Rust binary with identical rulesets. If one node goes down, the other takes over automatically. Average resolution time: under 5 milliseconds. No single point of failure.
Change your DNS settings. Every device is protected. No software to install, no agents to manage.