Most link scanners send every URL you visit off to a server, which leaks your browsing and slows things down. ThreatStrike Shield does the work right in your browser. A scored heuristics engine and a small offline blocklist catch threats the lists haven't picked up yet, and nobody gets to watch where you go.
Catches phishing that isn't on any list yet: homograph and punycode look-alikes, typosquats, brand-in-subdomain tricks like paypal.com.evil.ru, the @-userinfo decoy, raw-IP hosts, open-redirect traps, link shorteners, and insecure or cross-site login forms. Every signal carries a weight, and the total lands on one of three verdicts: safe, caution, or danger.
It learns the domains you actually visit, all of it locally and none of it uploaded, then warns you when some new domain starts imitating one of them. That's the targeted spear-phishing case that generic brand lists always miss.
On a login page, it flags when the page is dressed up as a brand it isn't. The title, favicon, or hot-linked logo all say "Microsoft" or "PayPal" while the address says otherwise. That catches credential-harvesting kits running on clean or freshly-compromised domains, where no blocklist would fire.
A tiny (~KB) offline membership test covering URLhaus, PhishTank, OpenPhish, Phishing.Database, and the Steven Black hosts list. Every hit is confirmed against an exact set first, so a false positive never blocks you. It refreshes itself every few hours with a conditional fetch.
Hit Report and Shield blocks the host on your machine right then, saves it to a local feed you can export, and (only if you've opted in) sends that one URL to anti-phishing takedown services. The local block doesn't wait on the network, so you're covered even if every submission fails.
Right-click any link, pick Scan link with ThreatStrike Shield, and it checks the link against the full local engine without you ever visiting it. Add your own VirusTotal API key and it cross-references the same link against 70+ engines right beside the local verdict. Each scan sends only that one URL, and you can switch it off whenever.
Shield watches the three moments that matter: hovering a link, opening a site, and submitting a login form. It only speaks up when there's real risk. A hunch just gets a warning, while a confirmed-bad hit or a password-stealing form gets the full block page.
Drop your own VirusTotal API key into Settings and any right-click scan can also ask VirusTotal's 70+ engines, with their answer sitting right next to the local one. It only happens when you ask for it: one URL at a time, and only if you've added a key. Skip the key and Shield runs entirely on its own local engine, same as before.
No telemetry, no analytics, no account. The URLs and history you browse never leave the browser. The only traffic that ever goes out is traffic you start yourself, and you can switch off every bit of it.
Bulk downloads from the public feeds you turn on. They say nothing about you or the sites you visit. Turn updates off and Shield just runs on the snapshot it shipped with.
Only when you click Report, and only that one URL (plus a contact email if you set one). Turn community reporting off and every report stays on your machine.
Only when you right-click a link and you've added a key, and only that one URL. No key means no traffic. Everything else, like your settings, allowlist, stats, and cached blocklist, stays in your browser's storage.
Available for Chrome and Firefox. Open the store listing for your browser and click install, that's the whole setup.
No account, no telemetry, no browsing data off your device. Add it in under a minute.
It pairs with the ThreatStrike desktop apps, and works just fine on its own.