Item logo image for FixClick — ClickFix & Ghost Phishing Guard

FixClick — ClickFix & Ghost Phishing Guard

ExtensionPrivacy & Security
Item media 3 (screenshot) for FixClick — ClickFix & Ghost Phishing Guard
Item media 1 (screenshot) for FixClick — ClickFix & Ghost Phishing Guard
Item media 2 (screenshot) for FixClick — ClickFix & Ghost Phishing Guard
Item media 3 (screenshot) for FixClick — ClickFix & Ghost Phishing Guard
Item media 1 (screenshot) for FixClick — ClickFix & Ghost Phishing Guard
Item media 1 (screenshot) for FixClick — ClickFix & Ghost Phishing Guard
Item media 2 (screenshot) for FixClick — ClickFix & Ghost Phishing Guard
Item media 3 (screenshot) for FixClick — ClickFix & Ghost Phishing Guard

Overview

Detects ClickFix paste-and-run lures and ghost/AiTM Microsoft token-phishing pages. Extensible detector framework.

A cross-browser Manifest V3 extension for Chrome, Edge, Brave, Opera and other Chromium browsers, plus Firefox, that detects two credential/token-theft attack families in the page, in real time, and warns the user: - ClickFix — fake "human verification" / error pages that trick you into pasting and running a command in the Windows Run dialog, PowerShell, or a terminal. Detected via clipboard interception + on-page lure heuristics. - Ghost phishing — Microsoft credential/token theft that appears to run on Microsoft's own infrastructure: - AiTM — a page rendering Microsoft's cloud sign-in form (the loginfmt username field) from a non-Microsoft origin (reverse-proxy kits such as Evilginx / EvilProxy). Keying on loginfmt avoids flagging legitimate on-prem AD FS pages and "Sign in with Microsoft" buttons, which don't render that field. - Device-code — the genuine device-authorization page, where an attacker relays a code for you to authorize their device. - Consent — an OAuth consent screen requesting high-risk Graph scopes and/or a non-Microsoft redirect.

Details

  • Version
    1.0.0
  • Updated
    July 12, 2026
  • Offered by
    Subnet345LLC
  • Size
    33.52KiB
  • Languages
    English (United States)
  • Developer
    Subnet345 LLC
    1325 Nottingham Ln Hoffman Estates, IL 60169-2640 US
    Email
    jsingleton@subnet345.com
    Phone
    +1 224-385-6577
  • Trader
    This developer has identified itself as a trader per the definition from the European Union and committed to only offer products or services that comply with EU laws.
  • D-U-N-S
    145898426

Privacy

Manage extensions and learn how they're being used in your organization
The developer has disclosed that it will not collect or use your data. To learn more, see the developer’s privacy policy.

This developer declares that your data is

  • Not being sold to third parties, outside of the approved use cases
  • Not being used or transferred for purposes that are unrelated to the item's core functionality
  • Not being used or transferred to determine creditworthiness or for lending purposes

Support

For help with questions, suggestions, or problems, visit the developer's support site

Google apps