HomeToolsDocsPricingGalleryExtensionContact Get the extension
Local detection
Checks run in your browser, never on a server
0 bytes
Of your browsing history ever transmitted
2 browsers
Chrome & Firefox (MV3)
// why shield

Most phishing checkers phone home. This one doesn't.

Most link scanners send every URL you visit off to a server, which leaks your browsing and slows things down. ThreatStrike Shield does the work right in your browser. A scored heuristics engine and a small offline blocklist catch threats the lists haven't picked up yet, and nobody gets to watch where you go.

Offline heuristics engine

Catches phishing that isn't on any list yet: homograph and punycode look-alikes, typosquats, brand-in-subdomain tricks like paypal.com.evil.ru, the @-userinfo decoy, raw-IP hosts, open-redirect traps, link shorteners, and insecure or cross-site login forms. Every signal carries a weight, and the total lands on one of three verdicts: safe, caution, or danger.

Personalized look-alike detection

It learns the domains you actually visit, all of it locally and none of it uploaded, then warns you when some new domain starts imitating one of them. That's the targeted spear-phishing case that generic brand lists always miss.

Brand impersonation, at the DOM

On a login page, it flags when the page is dressed up as a brand it isn't. The title, favicon, or hot-linked logo all say "Microsoft" or "PayPal" while the address says otherwise. That catches credential-harvesting kits running on clean or freshly-compromised domains, where no blocklist would fire.

Bloom-filter blocklist

A tiny (~KB) offline membership test covering URLhaus, PhishTank, OpenPhish, Phishing.Database, and the Steven Black hosts list. Every hit is confirmed against an exact set first, so a false positive never blocks you. It refreshes itself every few hours with a conditional fetch.

One-click counter-strike

Hit Report and Shield blocks the host on your machine right then, saves it to a local feed you can export, and (only if you've opted in) sends that one URL to anti-phishing takedown services. The local block doesn't wait on the network, so you're covered even if every submission fails.

Right-click scan + VirusTotal

Right-click any link, pick Scan link with ThreatStrike Shield, and it checks the link against the full local engine without you ever visiting it. Add your own VirusTotal API key and it cross-references the same link against 70+ engines right beside the local verdict. Each scan sends only that one URL, and you can switch it off whenever.

// how it works

Four layers, zero browsing leaked.

Shield watches the three moments that matter: hovering a link, opening a site, and submitting a login form. It only speaks up when there's real risk. A hunch just gets a warning, while a confirmed-bad hit or a password-stealing form gets the full block page.

01Hover a link and a risk chip rates it on the spot: safe, caution, or danger.
02Navigate to a confirmed-bad host and Shield blocks it before the page loads.
03Reach a login form that's insecure or impersonating a brand and the guard steps in.
04One click blocks the host locally and, if you choose, reports it for takedown.
// new · virustotal

Now with an optional VirusTotal cross-check.

Drop your own VirusTotal API key into Settings and any right-click scan can also ask VirusTotal's 70+ engines, with their answer sitting right next to the local one. It only happens when you ask for it: one URL at a time, and only if you've added a key. Skip the key and Shield runs entirely on its own local engine, same as before.

// privacy

Local-first, and we mean it.

No telemetry, no analytics, no account. The URLs and history you browse never leave the browser. The only traffic that ever goes out is traffic you start yourself, and you can switch off every bit of it.

Blocklist downloads

Bulk downloads from the public feeds you turn on. They say nothing about you or the sites you visit. Turn updates off and Shield just runs on the snapshot it shipped with.

Reports you send

Only when you click Report, and only that one URL (plus a contact email if you set one). Turn community reporting off and every report stays on your machine.

VirusTotal scans you run

Only when you right-click a link and you've added a key, and only that one URL. No key means no traffic. Everything else, like your settings, allowlist, stats, and cached blocklist, stays in your browser's storage.

// install

Add it to your browser.

Available for Chrome and Firefox. Open the store listing for your browser and click install, that's the whole setup.

ChromeFirefox
  1. Firefox: open the ThreatStrike Shield listing on Firefox Add-ons and click Add to Firefox.
  2. Chrome: the Chrome Web Store listing is on the way. The Chrome build is still in the works, so check back soon.
  3. Once it's added, open the toolbar popup to confirm it's active. The blocklist fills itself in on install, so that's all there is to it.
Add to Firefox Chrome — coming soon

Free protection that respects your browsing.

No account, no telemetry, no browsing data off your device. Add it in under a minute.

It pairs with the ThreatStrike desktop apps, and works just fine on its own.