DDoS · Always-on · L3 / L4 / L7

1.6 Tbit/s of always-on mitigation.

Inline scrubbing at every PoP. No re-routing, no GRE tunnels, no manual triggers. Filtering starts before your stack even notices the anomaly.

Configure server Talk to security

1.6Tbit/s

scrubbing capacity

< 10sec

time to mitigate

L3-L7

full stack coverage

∞attacks

no per-event fees

Mixed inbound

SCRUBBING

RX 12.4 Gbit/s

DROP 0.0 Gbit/s

PASS 12.4 Gbit/s

Clean traffic

✓ baseline — 12.4 Gbit/s legitimate traffic passing

/coverage

Every layer. Every vector.

L3 — Volumetric

UDP / ICMP / amplification

Memcached, NTP, DNS, CLDAP reflection. Filtered at the edge before reaching our backbone.

L4 — Protocol

SYN / ACK / RST floods

Stateful inspection at line rate. Cookie-based SYN protection, connection limits per /32.

L7 — Application

HTTP / HTTPS floods

JS challenge, rate-limit per fingerprint, optional CAPTCHA. Bring your own WAF rules or use ours.

DNS

Authoritative DNS protection

If you run nameservers on us, we filter DNS-specific attacks: NXDOMAIN, water-torture, random subdomain.

Game

Game-server protocols

Source Engine, Minecraft, FiveM, custom UDP. Pre-built filters per protocol — no false positives on legit clients.

Custom

Your filter rules

ACL, BPF, FlowSpec — push your own rules to our edge in real time. API access for automation.

/last 30 days

What our scrubbers actually saw.

14,267

attacks mitigated

847 Gbit/s

largest attack (SYN flood)

216 Mpps

peak packet rate

6.4 sec

avg time-to-mitigate

customer-impacting events

per-event surcharges

/availability

Where you can get it.

Amsterdam, NL

✓ available now

Warsaw, PL

✓ available now

Kyiv, UA

✓ available now

Miami, US

✓ available now

Already under attack?

Spin up a protected server in under 30 minutes. Or migrate IPs to our scrubbing in real time.

Talk to engineering Get protection →