Casper's Cloak runs a real machine-learning classifier on every domain your devices try to reach — blocking phishing sites, malware command-and-control, credential exfiltration, and scam storefronts before they're on any public blocklist. Works in every app, not just your browser. Same protection on hostile public WiFi.
Not a marketing layer over a blocklist. A real ML classifier, scoring every DNS query in milliseconds against ~40 features.
The fake bank-login, fake Apple ID, fake delivery-tracker pages that arrive via SMS, iMessage, email, or WhatsApp. Caught by the AI model before the site is reported anywhere public.
If an app on your phone is compromised, it can't reach its C2 server through Casper. The damage stays bounded; data doesn't leave the device.
Fake e-commerce sites, cryptocurrency drain pages, romance-scam infrastructure, fake-investment portals. Real-time scoring of newly-registered hostile domains.
Encrypted VPN tunnel hides your traffic from coffee-shop networks, hotel WiFi, airport WiFi. No script injection, no TLS man-in-the-middle.
When a malicious app or page tries to ship your passwords / cookies / tokens to an attacker-controlled endpoint, the connection is refused at the DNS layer.
Pure blocklists react to threats. The AI model scores domains by their structural features (registration age, naming patterns, TLS signatures) — so brand-new threats get caught the first time anyone reaches them.
Every DNS query your phone makes runs through a classifier in milliseconds. Here's what it's looking at.
Could be from any app — Safari, Messages opening an SMS link, the email client, a webview embedded in a free game. All app traffic routes through Casper.
Features: domain age, registrar, TLS cert chain + age, DNS topology, hostname-to-brand similarity (Levenshtein-distance from popular brands), cluster proximity to known-bad infrastructure, presence of common phishing keywords, IP autonomous-system reputation, ~40 features total. Output: 0.0–1.0 risk score.
Score above the threshold → block with a clear warning page. Score in the gray zone → log + allow + flag for review. Score below threshold → resolve normally. No perceptible latency to you.
False-positive overrides (when a user marks a block as wrong) and aggregate behavior (sites being looked up from many devices then immediately abandoned) flow back into retraining within ~24 hours. The model gets sharper with use.
Zero-day phishing — the kind that ships out via SMS at 2 AM and is gone by morning — gets caught within seconds of you tapping the link, not days later when a blocklist catches up. Same protection on every app, not just your browser.
What security-conscious users ask first.
Free trial. iOS, Mac, and Android. Real-time AI threat scoring on every connection — including hostile public WiFi.