ExtDB
API & MCP

SecurityShrimp APEX

Augment the web with indicators that help detect phishing attempts

As of June 2026, SecurityShrimp APEX has users in the Privacy & Security category.

SecurityShrimpPrivacy & Security
Chrome Web Store ↗.crx
Usersno change0%
Ratingno change0%
— reviews
Reviewsno change0%
Version
2.1.0
Manifest V3

History

1 snapshots

Tracking since Jun 2, 2026.

Not enough history yet for this metric — the chart fills in as we collect more snapshots.
View as table
DateUsersRatingReviewsVersion
Jun 2, 20262.1.0
Now2.1.0

Permissions & access

Permissions
storagehistorytabsalarms
Host access
https://downloads.majestic.com/*

Screenshots

SecurityShrimp APEX screenshot 1SecurityShrimp APEX screenshot 2SecurityShrimp APEX screenshot 3SecurityShrimp APEX screenshot 4SecurityShrimp APEX screenshot 5

About

SecurityShrimp APEX (Anti-Phishing EXtension) augments every page you visit
  with context-aware warnings that help you spot phishing attempts
  before you hand over a password.

  It runs entirely in your browser. Nothing is sent to any server. No
  telemetry. No accounts. No data collection of any kind.

  WHAT IT CHECKS

  • Look-alike domains. paypa1.com, goog1e.com, arnazon.com, tvvitter.com
    — homoglyph tricks that fool a quick glance get flagged against the
    top 20,000 sites on the web.

  • Unicode / IDN domains. Punycode-encoded URLs (xn--...) are decoded
    and shown so you can see what the address bar is actually rendering.

  • Misleading link text. When a link reads "paypal.com" but actually
    points at evil.example, a warning appears on hover.

  • Insecure connections. HTTP-only sites get a warning before you type
    anything sensitive.

  • First-time visits. Sites you've never been to before are flagged so
    you can pause and verify the address bar before entering credentials.

  HOW IT HELPS YOU RECOGNIZE FAMILIAR SITES

  Every domain you visit is shown alongside a unique color and emoji
  fingerprint, derived locally from the domain name. Your bank, your
  email, your work tools — each gets a stable visual signature you'll
  start to recognize. If you ever land on a look-alike, the colors and
  the emoji will be different, even if the name looks right.

  CONFIGURABLE TO HOW YOU WORK

  • Show tooltips on every input, only on password fields, or never.
  • Whitelist specific sites or wildcards (paypal.com, *.google.com).
  • Toggle the misleading-link warnings independently.

  PRIVACY

  Everything happens on your machine. The extension uses your browser
  history (locally) to detect first-time visits, and downloads a public
  list of the top 20,000 domains once a week from Majestic to power the
  look-alike check. That list arrives bundled so the extension is
  useful from the first second after install.

  OPEN SOURCE

  Source code: https://github.com/SecurityShrimp-LTD/anti-phishing-extension
  Licensed GPLv3. Forked from the original ZecOps Anti-Phishing
  Extension (unmaintained since 2022) and modernized for Manifest V3.
  Found a bug or want to suggest a check? File an issue.

Technical

Version
2.1.0
Manifest
V3
Size
258KiB
Min Chrome
88
Languages
1
Featured
No

Metadata

ID
bnadkpcdlhkaajnaelgkpdbeheiimmck
Developer ID
udfa5892823bc4b3f3399596bf51f3647
Developer Email
[email protected]
Created
Jun 1, 2026
Last Updated (Store)
Jun 1, 2026
Last Scraped
Jun 8, 2026
Website
Privacy Policy

Data sourced from the Chrome Web Store · last verified Jun 8, 2026.