Whalebone, the European cybersecurity company operating the DNS4EU Public Service, has released new insights showing how the service actively protects European citizens from online threats, intercepting hundreds of thousands of malicious connections every day before they can reach users’ browsers.

Real-World Threats Intercepted by DNS4EU

Recent threat-intelligence analysis reveals DNS4EU’s impact in preventing cyber incidents across Europe:

• cdn.polyfill.io – Supply-chain poisoning
  A widely used JavaScript service, polyfill.io, was recently compromised in a supply-chain attack affecting thousands of websites. Impact: DNS4EU blocked all attempts to access this domain, stopping malicious scripts before they could reach users’ browsers.
• usrpubtrk.com – Hidden tracking & data collection
  A covert tracking domain collecting data and potentially staging malicious redirects. Impact: DNS4EU prevented background data leaks and interrupted its reuse in larger campaigns.
• tags.stickloader.info – Malware loader campaign
  A domain distributing obfuscated JavaScript loaders (Stickloader family) designed to fetch malware payloads. Impact: DNS4EU blocked connections, stopping the infection chain before any malware could be delivered.
• searchpoweronline.com – Browser hijacker & adware
  A fake “search engine optimizer” domain hijacking browsers, altering search results, and pushing adware or phishing links. Impact: DNS4EU prevented users from being redirected, tracked, or exposed to intrusive ads.
• halogrowde.health-insight.net – Health-themed phishing
  Appeared as a wellness site but was flagged by multiple antivirus engines as malicious. Impact: DNS4EU blocked connections, preventing phishing attempts and data theft.

“Every blocked connection represents a threat that never reached a user,” said Viliam Peli, Threat Intelligence Lead at Whalebone. “DNS4EU provides seamless protection for European citizens without requiring any downloads or installation.”

Europe-Wide Protection at Scale

The DNS4EU network now handles over 1.3 billion DNS resolutions per day, blocking an average of 16 million malicious and 26 million advertising or tracking domains daily.

Most users choose protective or privacy-oriented modes, and adoption of encrypted DNS protocols (DoT/DoH) continues to grow – reflecting strong demand for transparent, GDPR-compliant internet protection across the EU.

Operational Transparency and Continuous Improvement

The DNS4EU Public Service has also faced occasional operational challenges. For instance, DNS4EU resolvers were temporarily blocked by Archive.today nameservers. The issue was quickly resolved after Whalebone’s Threat Intelligence team contacted the Archive.today administrators. Initial public perception was that DNS4EU had been blocking the site, but in reality the block originated on the Archive.today side.

This incident underscored the importance of open communication and transparency in maintaining a trustworthy European DNS infrastructure – core principles of the DNS4EU mission.

Intelligence in Motion: How DNS4EU’s Threat Detection Evolves

Behind every blocked domain lies a constantly adapting intelligence network. The Whalebone Threat Intelligence team continuously analyses and correlates Indicators of Compromise (IOCs) across millions of signals daily.

Between May and September, the system scaled from processing 350,000 to more than 1 million IOCs per day, expanding from 26 million to over 50 million total IOCs. These signals feed into Whalebone’s Global Threat Database, a living system that uses multiple machine learning and metadata analysis engines to evaluate and re-evaluate domains continuously – in a proactive approach that uncovers, for example, metadata patterns linked to EU-targeted phishing activity.

“We don’t just block threats – we study their origins and patterns to prevent future ones,” added Peli. “These results show that EU-developed DNS security is effective, and with DNS4GOV, governments can protect entire networks with the same smart approach.”

From Public Protection to Institutional Resilience: DNS4GOV

Building on the DNS4EU mission, Whalebone is now inviting governments, ministries, and critical infrastructure providers across Europe to participate in a large-scale, EU-wide evaluation of DNS4GOV, the institutional extension of DNS4EU.

“DNS4GOV allows national CERTs, ministries, hospitals, and universities to deploy trusted, EU-based DNS protection across their networks,” explained George Buhai, Government Liaison at Whalebone. “This is the natural continuation of the DNS4EU mission, providing critical institutions with a practical way to strengthen cybersecurity, ensure compliance, and maintain digital sovereignty.”

In collaboration with national CERT partners and European cybersecurity organisations, the program provides participants with secure onboarding, anonymised traffic insights, daily protection summaries, and a comprehensive evaluation report – all at no cost and with no operational impact.

A Shared Mission for Europe’s Digital Sovereignty

The DNS4EU/DNS4GOV model exemplifies a collaborative, EU-compliant public-private collaboration to deliver tangible cybersecurity benefits to European citizens. Citizens gain daily real-time protection, while public institutions gain operational insight, test innovative defenses, and contribute to a unified, EU-based cyberdefense framework.

“Even institutions that don’t join the first wave will benefit from the momentum,” said Buhai. “The more organisations participate, the more data, insights, and trust we build together.”

Security Starts Now

Public institutions can join the DNS4GOV evaluation at www.whalebone.io/immunity-dns4gov

Private institutions can start their own Protective DNS trial at www.whalebone.io/immunity/free-30-day-trial

Citizens can use the DNS4EU Public Service at https://www.joindns4.eu/for-public (Note: The DNS4EU Public Service is provided exclusively for individual citizens and is not for commercial use.)