Elhunter

ElHunter — Threat Intelligence & Phishing Detector

ElHunter is a real-time cybersecurity extension that checks every website
you visit against VirusTotal and AbuseIPDB threat intelligence databases.
If a domain or IP address is flagged as malicious, access is blocked
immediately and a detailed threat report is shown — including VirusTotal
vendor count, AbuseIPDB abuse confidence score, resolved IP address,
hosting country, ISP, and Cloudflare detection.

Malicious sites are blocked using Chrome's declarativeNetRequest API before
the page loads. On repeat visits, known threats are blocked instantly at the
network level — no API call required.

ElHunter also detects phishing threats in email. On Gmail, Outlook, Yahoo
Mail, and ProtonMail, every link inside an open email is automatically
scanned via VirusTotal and AbuseIPDB. Results appear inline at the top of
the page. Optionally, the full email can be analyzed by an AI model of your
choice to receive a 0–100% phishing probability score with a one-sentence
explanation. AI analysis only runs when you explicitly click Analyze — email
content is never sent automatically.

Country-based rules let you block or monitor traffic from specific countries
by server hosting location (IP geolocation) or domain TLD. Each rule can be
configured to notify only, block completely, or send a Telegram alert.

Scan results are cached locally for 14 days so that revisiting a known site
never triggers a redundant API call.

No data is collected by ElHunter. API keys are stored locally in your
browser and sent only to their respective services. All threat checks run
directly from your browser — no proxy, no telemetry, no middleman.

ElHunter is open source. Source code and full documentation are available
on GitHub: https://github.com/elstati0n/ELHunter