Kestrel

Real-time phishing and lookalike-domain detection for your browser, with inline warnings on Gmail email links.

Kestrel warns you about phishing and lookalike websites, including links inside emails, before you click. How it works - Detects domain lookalikes: when you visit a site whose name resembles a known brand (paypa1.com, cosico.com, fedex1.com), a site you visit often (netfl1x.com vs your real netflix.com), or a domain you've added to your personal protected-brand list, Kestrel shows a full-width warning banner explaining why. - Scans email links in Gmail: badges suspicious links inline and shows a banner at the top of the message. Click any badge to see the specific reason ("Says paypal.com but actually goes to example.com", "bit.ly is a URL shortener"). - Combines local heuristics with Google Safe Browsing for known malware and phishing sites. Privacy - Your browsing history stays on your device. Kestrel reads it to build a local in-memory index of sites you visit, and never transmits it. - Email scanning reads only link URLs and the sender's From address. Message text, attachments, and subjects are never read or uploaded. - Only the current URL is sent to Google Safe Browsing for reputation lookups, the same lookup Chrome's built-in Safe Browsing performs. - You control the trust list: dismiss any warning you disagree with, or remove sites from the local index from the popup.