ElHunter

Tracking since Apr 1, 2026.

Changelog

• May 5, 2026
  description

  ElHunter — Threat Intelligence & Phishing Detector
  
  ElHunter is a real-time cybersecurity extension that checks every website 
  you visit against VirusTotal and AbuseIPDB threat intelligence databases. 
  If a domain or IP address is flagged as malicious, access is blocked 
  immediately and a detailed threat report is shown — including VirusTotal 
  vendor count, AbuseIPDB abuse confidence score, resolved IP address, 
  hosting country, ISP, and Cloudflare detection.
  
  Malicious sites are blocked using Chrome's declarativeNetRequest API before 
  the page loads. On repeat visits, known threats are blocked instantly at the 
  network level — no API call required.
  
  ElHunter also detects phishing threats in email. On Gmail, Outlook, Yahoo 
  Mail, and ProtonMail, every link inside an open email is automatically 
  scanned via VirusTotal and AbuseIPDB. Results appear inline at the top of 
  the page. Optionally, the full email can be analyzed by an AI model of your 
  choice to receive a 0–100% phishing probability score with a one-sentence 
  explanation. AI analysis only runs when you explicitly click Analyze — email 
  content is never sent automatically.
  
  Country-based rules let you block or monitor traffic from specific countries 
  by server hosting location (IP geolocation) or domain TLD. Each rule can be 
  configured to notify only, block completely, or send a Telegram alert.
  
  Scan results are cached locally for 14 days so that revisiting a known site 
  never triggers a redundant API call.
  
  No data is collected by ElHunter. API keys are stored locally in your 
  browser and sent only to their respective services. All threat checks run 
  directly from your browser — no proxy, no telemetry, no middleman.
  
  ElHunter is open source. Source code and full documentation are available 
  on GitHub: https://github.com/elstati0n/ELHunter

  ElHunter — Threat Intelligence & Phishing Detector
  
  ElHunter is a real-time cybersecurity extension that checks every website 
  you visit against ZeroScan.az threat intelligence. 
  If a domain, IP address, or URL is flagged as malicious, access is blocked 
  immediately and a detailed threat report is shown — including ZeroScan 
  verdict, category, resolved IP address, hosting country, ISP, and 
  Cloudflare detection.
  
  Malicious sites are blocked using Chrome's declarativeNetRequest API before 
  the page loads. On repeat visits, known threats are blocked instantly at the 
  network level — no API call required.
  
  ElHunter also detects phishing threats in email. On Gmail, Outlook, Yahoo 
  Mail, and ProtonMail, every link inside an open email is automatically 
  scanned via ZeroScan.az. Results appear inline at the top of 
  the page. Optionally, the full email can be analyzed by an AI model of your 
  choice to receive a 0–100% phishing probability score with a one-sentence 
  explanation. AI analysis only runs when you explicitly click Analyze — email 
  content is never sent automatically.
  
  Country-based rules let you block or monitor traffic from specific countries 
  by server hosting location (IP geolocation) or domain TLD. Each rule can be 
  configured to notify only, block completely, or send a Telegram alert.
  
  Scan results are cached locally for 14 days so that revisiting a known site 
  never triggers a redundant API call.
  
  No data is collected by ElHunter. API keys are stored locally in your 
  browser and sent only to their respective services. All threat checks run 
  directly from your browser — no proxy, no telemetry, no middleman.
  
  ElHunter is open source. Source code and full documentation are available 
  on GitHub: https://github.com/elstati0n/ELHunter

• May 5, 2026
  short_description

  Real-time domain & IP threat analysis via VirusTotal and AbuseIPDB

  Real-time URL, domain & IP threat analysis via ZeroScan

Permissions & access

Permissions

storagetabswebNavigationscriptingnotificationsdeclarativeNetRequest

Host access

<all_urls>, https://www.virustotal.com/*, https://api.abuseipdb.com/*, https://dns.google/*, https://cloudflare-dns.com/*, https://networkcalc.com/*, https://ipinfo.io/*, https://api.telegram.org/*, https://api.openai.com/*, https://api.anthropic.com/*, https://generativelanguage.googleapis.com/*, https://api.mistral.ai/*, https://api.groq.com/*, https://openrouter.ai/*

Screenshots