/ 01 — REAL-TIME ATTACK DETECTION + ACTIVE DEFENSE

Everyone deserves a safe connection. We start with the network you’re on right now.

On public WiFi, an attacker can quietly read your traffic. We detect it — free, forever — then break their targeting and route you through our own VPN. One network at a time, toward an internet that’s safe for everyone.

SEE HOW IT WORKS

Free download. Detection forever free. Try Active Defense + VPN free for 10 minutes.

DETECT  ·  DEFEND  ·  ENCRYPT  ·  SELF-HOSTED VPN  ·  WINDOWS

WIFI
THREAT
WATCH
[NETWORK INTEGRITY MONITOR]
DETECTION FREE FOREVER ■ LIVE ARP-SPOOF DETECTION ■ EVIL TWIN ALERTS ■ ROGUE DEVICE FLAGS ■ ROGUE DHCP DETECTION ■ DNS SPOOF ALERTS ■ DEAUTH FLOOD DETECTION ■ FREE DOWNLOAD ■ ACTIVE DEFENSE ■ MAC + IP RANDOMIZATION ■ ENCRYPTED VPN TUNNEL ■ REAL-TIME THREAT DASHBOARD ■ TWO-SIGNAL VERIFICATION ■ NO TRAFFIC CONTENT LOGS ■ YOUR KEYS ■ WINDOWS ■ DETECTION FREE FOREVER ■ LIVE ARP-SPOOF DETECTION ■ EVIL TWIN ALERTS ■ ROGUE DEVICE FLAGS ■ ROGUE DHCP DETECTION ■ DNS SPOOF ALERTS ■ DEAUTH FLOOD DETECTION ■ FREE DOWNLOAD ■ ACTIVE DEFENSE ■ MAC + IP RANDOMIZATION ■ ENCRYPTED VPN TUNNEL ■ REAL-TIME THREAT DASHBOARD ■ TWO-SIGNAL VERIFICATION ■ NO TRAFFIC CONTENT LOGS ■ YOUR KEYS ■ WINDOWS ■
/ 02 — THE THREE PILLARS

Detect. Defend. Encrypt.

A VPN does one of these. WifiThreatWatch does all three — in that order — every time you tap Protect Me.

/ 01

DETECT

FREE FOREVER

We sniff ARP frames off the wire in real time and watch for evil-twin access points, rogue devices, rogue DHCP servers, deauth floods, and DNS tampering — catching the attack as it happens, not by polling a table the attacker already rewrote.

[ LIVE PACKET CAPTURE ]
/ 02

DEFEND

WITH SUBSCRIPTION

The moment an attack is confirmed, we disconnect, randomize your MAC address, and pull a fresh IP — before the VPN even connects. The attacker is left poisoning an address that no longer exists.

[ ACTIVE DEFENSE ]
/ 03

ENCRYPT

WITH SUBSCRIPTION

Then we route you through a self-hosted encrypted tunnel and verify your traffic is actually flowing through our server. Your keys are generated on your device and never leave it. Private keys are stored in Windows Credential Manager with OS-level encryption.

[ SELF-HOSTED VPN ]

Detect is free forever. Try Defend + Encrypt free for 10 minutes — no credit card needed.

/ 03 — THE DASHBOARD

SEE WHAT YOUR
ROUTER WON'T.

Every device. Every threat. Every second. Live.

PACKETS ANALYZED: 12,847WIFITHREATWATCH — LIVE
SCANNING
STATUSNAMEIPMACVENDORLAST SEEN
MacBook Pro192.168.1.2A4:C3:F0:12:34:56Apple2 min ago
iPhone 14192.168.1.3D0:03:4B:78:9A:BCApple1 min ago
⚠ ARP ANOMALY192.168.1.111:22:33:44:55:66UnknownACTIVE ▮
DESKTOP-X7J2192.168.1.4B8:27:EB:DE:F0:12Raspberry Pi5 min ago
Smart TV192.168.1.540:4E:36:34:56:78Samsung10 min ago
Amazon Echo192.168.1.668:37:E9:9A:BC:DEAmazon15 min ago
android-a8f2c192.168.1.7F0:18:98:F0:12:34Samsung22 min ago
Router192.168.1.1AA:BB:CC:DD:EE:FFASUSAlways
[14:23:08] ARP SPOOF DETECTED — IP 192.168.1.1 changed MAC from AA:BB:CC:DD:EE:FF to 11:22:33:44:55:66THREATS LAST HOUR: 2
/ 04 — WHY YOUR VPN ISN’T ENOUGH

Your VPN hides your traffic.
We stop the attacker.

A VPN is a privacy tool. WifiThreatWatch is a security tool. Different category — and on a hostile network, you want both.

A VPN ENCRYPTS YOUR TRAFFIC

It hides what you send from your ISP and from anyone watching the wire. That’s real, and it matters.

BUT THE ATTACKER IS STILL THERE

On public WiFi, an attacker who poisons ARP is impersonating your router. Even with a VPN, they still hold your device’s network identity and can keep interfering with the connection.

WE TAKE AWAY THEIR TARGET

Before the tunnel comes up, we change your MAC address and pull a fresh IP from the real router. The attacker is left intercepting an address that’s already gone — then we encrypt.

WifiThreatWatch is free to download, and detection is always free. Add Active Defense + VPN when you need to stay connected on hostile networks.

/ 05 — SHARED THREAT INTELLIGENCEFREE FOREVEREarly access

The database that documents the attacker — and hashes everything of yours.

When one WifiThreatWatch device confirms an attack, it can anonymously warn every other one — before they connect. That turns a single-device tool into a network: every user makes every other user safer.

/ GUARDED COLLECTION — THE PART THAT MAKES IT DIFFERENT

Most “threat intelligence” works by collecting more about you. This one walks a sharper line: it documents the attacker’s hardware in full, and hashes yours. A rogue hotspot caught running an attack is reported by its real name, hardware address, radio fingerprint, and rough area — so every other device can recognize it the moment it reappears.

Your own network never gets that treatment. Before anything about it leaves your computer, its identifiers become a one-way hash — a fingerprint that can be matched, but never turned back into a name. Reports are anonymized for good after at most 90 days, and warnings never say who reported what.

THE ATTACKER’S ROGUE AP
Reported in full: real network name, hardware address, radio details, and a rough area (150 m–1 km) — never an exact position.
YOUR OWN NETWORK
One-way hashes only — its real name and router address never leave your device. Never collected: browsing, files, exact GPS.
YOUR DEVICEOUR SERVERSTHE ATTACKER’S ROGUE APreported as-isFakeCafe_FreeWiFide:ad:be:ef:13:37name · MAC · radioarea ≈ 150 m – 1 kmDOCUMENTED IN FULLYOUR OWN NETWORKHome WiFia4:5e:60:2b:8f:c1ONE-WAY HASHruns on your devicea3f9··c1HASH ONLY — NEVER THE NAME
GUARDED COLLECTIONthe attacker’s rogue AP crosses documented in full — your own network only ever crosses as a hash
/ BEFORE YOU JOIN

Every scan, checked

Every network you can see is checked against the community’s flags — so the warning is already in your list before you tap connect.

Terminal_Free_WiFino reports
Free Airport WiFichecking…
Gate_C_Guestno reports
looked up by hashed fingerprint — and warnings never say who reported them
SEE THREATS BEFORE YOU JOINevery nearby network checked against the shared database — before you tap connect
/ WHILE YOU’RE ON IT

Re-checked every ~30 seconds

If another user’s device flags the network you’re on, the app warns you on the next re-check — not the next time you happen to scan.

CoffeeShop_WiFiconnected
00:00
00:30
01:00
RE-CHECKED ~EVERY 30sflagged after you already joined? you’re warned in the app on the next re-check, not at your next scan
/ WITH EVERY USER

Defense that compounds

The database is young and grows with every device that joins. One person’s bad afternoon becomes everyone else’s heads-up.

SHAREDDB1 device sharing · grows with every user
IT COMPOUNDSthe database is young — every device that joins makes the next warning likelier to already be there

[ it warns — it doesn’t block · every copy contributes — that’s what makes it work · grows with the community ]

How the guarded collection model works →
/ 06 — PRICING

Detection is free. Protection is easy.

Download the app and know the moment you’re under attack — free, forever. Add Active Defense and the self-hosted VPN when you need to break the attacker’s hold and stay connected.

FREEFREE FOREVER
$0/forever
  • Real-time threat detection (ARP spoof, evil twin, rogue device & more)
  • Real-time threat dashboard & device tracking
  • Live alerts the moment an attack starts
  • Two-signal verification so it doesn’t cry wolf
  • 10-minute Active Defense + VPN trial — no subscription needed
ACTIVE DEFENSESave 17% YEARLY
$6.99/month
or $69.99/year
  • Everything in Free
  • Active Defense — MAC + IP randomization under attack
  • Self-hosted encrypted VPN tunnel (your keys, no traffic content logs)
  • Priority support

First time you’re attacked? Get 10 minutes of Active Defense free.

No subscription needed for your first emergency. We don’t take payments through the website — subscribe in the app after download.

/ 08 — MORE WAYS IT WATCHES

Detection that sees the whole network — not just the device it runs on.

/ MESH AP PANEL

See every node behind your network name

FREE FOREVER

Mesh WiFi hides a crowd of access points behind one network name. WifiThreatWatch lists every one broadcasting your SSID — its signal, band, vendor, and the load the AP reports it’s carrying — and tags each with a trust verdict from the evil-twin engine: trusted, new, or flagged.

When your current node is congested, it points you at a stronger, quieter one and can ask your adapter to prefer it — honest best-effort steering, and it tells you plainly whether the mesh actually moved you. It’s also how a rogue AP wearing your network’s name stops hiding in the crowd.

30:57:8E:D9:DC:C4
5 GHz · −41 dBm
LOAD
trusted
30:57:8E:D9:DC:A0
5 GHz · −58 dBm
LOAD
trusted
30:57:8E:D9:DB:11
2.4 GHz · −66 dBm
LOAD
trusted
B4:FB:E4:07:2C:9F
5 GHz · −47 dBm
LOAD
new
↳ suggest: prefer D9:DC:A0 — least busy, strong, trusted
MESH AP PANELevery node broadcasting your network name — signal, load, and trust at a glance
/ 09 — OUR MISSION

A safer internet,
for everyone.

Protecting one device on one network is where we start — not where we stop. Every attack WifiThreatWatch catches is a data point that could keep the next person safe. We’re building toward a world where attackers run out of places to hide.

  • A shared threat database, fed by attacks caught in the wild
  • A living blacklist that helps track repeat attackers
  • A router built secure from the first packet
/ 10 — ON THE WORKBENCHIn development

WiFiThreatWatch Nano — a sentry that never sleeps.

The app protects the device it runs on. The Nano protects the whole network — a small, always-on box that watches the air around the clock, so an attack at 3 a.m. is caught and logged even with every laptop in the house asleep.

NANO
managed radio · stays connected
monitor radio · sniffs the air
LOCAL ATTACK HISTORY
02:14⚑ ARP_SPOOF
02:11✓ clear
01:47⚑ ROGUE_DHCP
01:32✓ clear
00:58⚑ DEAUTH
🛡 advertises “Nano-protected” on your LAN
WIFITHREATWATCH NANOa headless sensor running the same detectors 24/7 — even when your PC is asleep
/ WHY IT MATTERS

Windows can’t put a WiFi card into monitor mode — so the app detects some attacks by their symptoms. The Nano runs Linux with a dedicated monitor radio, which is where frame-level detection of real deauth floods and evil-twin beacons finally becomes possible. It advertises itself on your LAN, so the app can show “🛡 Protected by Nano.”

FORM
Headless Raspberry Pi–class sensor, ~$165 to build
RADIOS
Two — one stays connected, one sits in monitor mode
RUNS
The same detectors as the app, 24/7, even when your PC is off
SHARES
Read-only local history + guarded reports to the shared DB
Why the Nano beats the app alone →

[ hardware in prototype — not yet for sale ]

/ 11 — DOWNLOAD
DETECTTHEATTACK.
BREAKTHEIRTARGETING.
ENCRYPTEVERYTHING.

Download WifiThreatWatch for Windows. Free forever — see attacks the moment they happen. Try Active Defense + VPN free for 10 minutes, then subscribe in the app for ongoing protection at $6.99/month or $69.99/year. Your VPN keys are generated on your device and never leave it.

FREE DOWNLOAD · WINDOWS 10 / 11 · NPCAP BUNDLED · SELF-HOSTED VPN