Phishing emails look real. Cloned login pages look perfect. Lookalike URLs slip past tired eyes. PhishFry checks every link before you click โ green is safe, red means stop.
It's not Nigerian-prince emails anymore. Modern phishing is AI-written, pixel-perfect, and shows up in your inbox from sender addresses you've seen a hundred times.
These are the patterns PhishFry catches.
Zeros for o's, ones for l's, swapped letters. They look right at a glance โ until PhishFry's brand-impersonation check spots the digit-substitution and tanks the score.
Free disposable TLDs (.tk, .ml, .gq), urgency keywords (verify, secure, account), and a brand name in the URL. Three signals in one โ score crashes before the page loads.
The real domain is the LAST part โ and that part is shady. PhishFry parses where you're actually going (.xyz, not amazon.com) and scores from there, ignoring the misdirection.
Phishing campaigns spin up fresh domains by the thousand. PhishFry checks the registration date via RDAP โ anything registered in the last few weeks gets weighted as risky until it earns trust.
No clicks. No popups. Just hover.
Add the extension in your browser, or install the Gmail add-on. Setup takes about 30 seconds.
Hover over any link for half a second. A small tooltip shows the domain's safety score, color-coded green / yellow / red.
Click a low-scoring link and PhishFry blocks or warns you first โ using thresholds you control.
Browser extensions and a Gmail add-on. Same scoring engine in all of them.
Manifest V3 extension. Works on every page. Also works in Edge, Brave, Arc, and other Chromium browsers.
Get the Chrome extension โ
WebExtension build of the same scoring engine. Same tooltips, same configurable thresholds.
Get the Firefox extension โ
Native Safari Web Extension built from the shared core, for both macOS and iOS.
Get the Safari build โ
Workspace add-on that scans every link in an email when you open it โ and works on Gmail web, Android, and iOS.
Get the Gmail add-on โFive signals, combined into a 0โ100 number you can read at a glance.
.gov, .edu, and .mil score high. Frequently abused TLDs like .tk, .xyz, and .gq score low.
Top 500K websites from the Tranco research list. Domains the world already trusts get a boost.
Phishy keywords (login, verify, secure), embedded TLDs, long numeric runs, urgency words, and other classic patterns drop the score.
Looks up registration date via RDAP when available. Brand-new domains are weighted as riskier.
Whitelist or blacklist any domain. Your overrides always win, and stay local to your browser.
Site owners can verify ownership and earn a score boost (more on that below).
Type a URL โ real or phishy โ and see how it scores. Runs entirely in your browser.
The demo uses a simplified version of the scoring engine. The installed extension also factors in the Tranco list, RDAP domain age, and your own whitelist/blacklist.
Every threshold is configurable. Defaults are sensible; if you want stricter or looser, just slide.
How long to hover before the tooltip shows. Default: 2 seconds.
Hide tooltips for clearly safe scores so they don't clutter your reading. Default: 90.
Click a link below this score and PhishFry shows a confirmation modal. Default: 50.
Below this, PhishFry hard-blocks the navigation. Default: 15.
Same product on every plan. Pick the one that matches your seat count.
For yourself.
Paid annually ยท $60 / year
For the household.
Paid annually ยท $144 / year ยท up to 4 users
For small teams.
Up to 10 users
For larger orgs.
Custom pricing
Verify your domain and PhishFry users see a โ checkmark plus a +15 score boost on your links. Two ways to claim โ pick the one that fits your stack.
An embeddable SVG badge is included so you can show off your verification on your site.
A small REST API for embedding the scoring engine in your apps and pipelines.
# API key required โ included with your subscription
curl -X POST https://api.phishfry.ai/v1/score \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "url": "https://my-bank-l0gin.xyz/verify" }'
# Response
{
"url": "https://my-bank-l0gin.xyz/verify",
"score": 22,
"verdict": "danger",
"signals": [
"suspicious_tld:.xyz",
"phishy_keyword:login",
"tld_embedded_in_subdomain"
]
}Same scoring engine the extensions use, exposed over HTTP. API access is included with every PhishFry subscription.
Short answers, no marketing.
Four: Individual ($5/month, billed annually), Family ($12/month annual for up to 4 users; additional users $3/user/month), Small Business ($30/month for up to 10 users; additional users $3/user/month), and Enterprise (custom). Every plan ships the same product โ the difference is how many seats it covers. See the Pricing section above.
No. The extensions score every link locally using a bundled list and a heuristic ruleset โ your URLs don't leave your machine. The Gmail add-on runs server-side under your own Google Workspace account.
TLD reputation, the Tranco top-500K popularity list, a set of heuristic patterns (phishy keywords, embedded TLDs, long numeric runs, urgency words), domain age via RDAP when available, and your own whitelist / blacklist. PhishFry Verified domains get a +15 boost.
Yes. Any Chromium-based browser (Edge, Brave, Arc, Vivaldi, Opera) can install the Chrome extension directly. There are also dedicated Firefox and Safari builds.
The Gmail add-on runs on Gmail's iOS and Android apps, so links inside email are scored on mobile out of the box. The Safari extension also has an iOS build for Safari on iPhone and iPad.
That's the default. Anything scoring 90 or higher hides its tooltip so you only see the score when something is actually worth flagging. The threshold is adjustable.
Plans from $5 a month. About thirty seconds to install once you're signed up.
Get PhishFry