LinkSentry: 14 protection layers explained in detail

LinkSentry protects with 14 independent protection layers that are all active at the same time. Each layer specializes in a specific type of threat. In this post I explain the most important layers in detail.

Layer 1: Phishing protection. Every URL is checked against four daily updated blocklists. The lists come from public threat intelligence feeds and include over 157,000 known scam sites. Blocking happens at the network level via the declarativeNetRequest API before the page even loads.

Layer 2: IP Logger Shield. Over 70 known IP logger services like Grabify, IPLogger and similar are detected and blocked. Detection is based on domain matching and URL pattern analysis.

Layer 3: Typosquatting warning. This layer compares every visited domain with a list of known websites and calculates the similarity. Domains like paypa1.com (with the number 1 instead of the letter l) are immediately detected.

Layer 4: Download protection. Suspicious file types (.exe, .msi, .bat, .cmd, .scr) from unknown sources are paused. The user gets a warning with details about the file and can decide whether to continue the download.

Layer 5: Browser locker protection. Some scam sites try to freeze the browser with endless alert dialogs or fullscreen overlays. LinkSentry detects these patterns and interrupts the attack.

Layer 6: Fake shop detection. Online shops are analyzed for suspicious signs: age of the domain (freshly registered), missing legal information, cryptocurrency as the only payment method and unrealistic prices.

All of these checks run entirely locally in the browser. No data is sent to external servers. The entire extension uses less than 1 millisecond per page load thanks to the efficient declarativeNetRequest API.