Advanced AI‑Driven Browser Security
AIScamHunter is a next‑gen security extension that blocks phishing, malware, crypto scams, fake shops, trackers, and malicious redirects in real time — with local‑first privacy, enterprise‑grade detection, and an integrated Tools Center for advanced scanning.
01. What is AIScamHunter?
AIScamHunter is a comprehensive browser security platform that continuously analyses websites, scripts, downloads, redirects, SSL certificates, and scam patterns — before threats can compromise your data. It combines 8+ threat intelligence sources, local heuristics, and a powerful Tools Center for manual security checks.
🛡️ Real‑time web protection
Every visited URL is automatically scanned using reputation, heuristics, SSL analysis, redirect chains, and script behaviour. Blocks malicious pages instantly.
🧠 Advanced heuristics
Detects typosquatting, homoglyph attacks, DGA domains, fake login pages, cloned websites and zero‑hour phishing campaigns with weighted scoring (0‑100).
⚡ Manifest V3 architecture
Fully compliant with Chrome's latest security model: service worker, declarative net request, isolated storage, and download interception.
02. Installation & compatibility
| Browser | Compatibility | Installation |
|---|---|---|
 Google Chrome | ✓ Full | Chrome Web Store |
 Microsoft Edge | ✓ Full | Chrome extensions |
 Brave | ✓ Full | Chrome Web Store |
 Opera | ✓ Full | Chrome extensions |
 Opera GX | ✓ Full | Chrome extensions |
 Vivaldi | ✓ Full | Chromium compatible |
 Arc | ✓ Full | Chromium compatible |
 Chromium | ✓ Full | Chromium compatible |
 Yandex Browser | ✓ Full | Chrome extensions |
 Whale | ✓ Full | Chrome extensions |
 Cốc Cốc | ✓ Full | Chrome extensions |
 Maxthon | ✓ Full | Chrome extensions |
 Kiwi Browser (Android) | ✓ Full | Chrome extensions |
 Comodo Dragon | ✓ Full | Chrome extensions |
 Samsung Internet | ⚠ Partial | Limited support |
 Firefox | 🕐 Soon | Firefox Add‑ons |
Visit the official store or use the direct link on our website.
Click "Add to Chrome". Installation takes a few seconds.
Click the puzzle icon and pin AIScamHunter for quick access.
All security systems are operational immediately – no configuration needed.
03. Complete protection systems
AIScamHunter combines multiple detection engines, behavioural analysis, external threat feeds (URLhaus, OpenPhish, PhishTank, AbuseIPDB) and native browser APIs.
🧬 Typosquatting & homoglyphs
Detects domains that impersonate brands using character substitution, Cyrillic lookalikes, and phonetic tricks: paypa1.com, g00gle.com.
📛 Suspicious TLDs & DGA
Monitors .xyz, .top, .shop, .click, .live and uses entropy, consonant/vowel ratio and bigram analysis to detect algorithmically generated domains (DGA).
🔗 Redirect & short URL analysis
Resolves shortened links (bit.ly, tinyurl, etc.) and follows redirect chains to block cloaked malicious destinations.
📅 Advanced SSL reputation
Flags recently issued (<30 days), self‑signed, expired or wildcard certificates often used by phishing sites.
🤖 Weighted risk scoring
Combines 8+ sources (Google Safe Browsing, URLScan, AbuseIPDB, PhishDestroy, external feeds, PhishStats, DNS reputation, SSL analysis, local heuristics) with dynamic weights. Score 0‑100 with adjustable thresholds.
📦 Obfuscated scripts & miners
Detects eval/atob, document.write injections, and cryptocurrency miners (CoinHive, Crypto‑Loot) in real time.
⛔ Dangerous download guard
Blocks executable files (.exe, .bat, .scr, .apk, .js, .msi) and analyses downloaded files; provides option to delete suspicious files.
🧾 Fake login & fake shops
Identifies cloned banking pages, fake stores with unrealistic discounts, missing legal notices and counterfeit trust badges.
📞 Tech support scams & quishing
Blocks browser lock screens, fake Microsoft/Apple alerts, and QR‑code phishing (quishing) campaigns.
🖱️ Hover warnings & context menu
Hover over any link: shows a warning if dangerous. Right‑click → scan link, block or trust domain instantly.
🌍 Safe mode
Increases detection sensitivity, forces HTTPS, blocks legacy plugins (Flash, Java, ActiveX) and insecure WebSockets.
📋 Clipboard hijack detection
Periodic check (every 5s, only when tab is visible) detects replaced crypto addresses or unexpected clipboard changes. Respects browser permissions policy – no errors on restricted sites.
04. All features in depth
📊 Dynamic risk score
Every page receives a 0‑100 risk score based on multi‑source intelligence. Thresholds can be customised (strict mode, safe mode).
🚨 Secure warning page
When a critical threat is detected, a detailed interceptor shows category, severity, detected signals, and actions (continue once, trust domain, report false positive).
🔔 Smart notifications
Instant alerts when a malicious site is blocked, a crypto drainer is identified, or a suspicious redirect occurs. Disableable.
📊 Tools Center with batch scanner
Complete toolkit: URL/domain (batch up to 10), email and phone scanner, password vault, privacy cleaner, personal stats, persistent history of last 5 checks, sparklines and activity charts.
🔐 Cryptographic password generator
Uses crypto.getRandomValues() to generate strong passwords (8‑64 chars) with uppercase, digits, symbols and a real‑time strength indicator.
🧹 Privacy cleaner & shredder
One‑click removal of browsing traces with granular data type selection and time‑range presets. Also cleans IndexedDB and WebSQL.
🌐 Tracker blocker
Blocks analytics scripts (Google, Facebook, Hotjar, Mixpanel), ad servers, fingerprinting and telemetry domains via declarative net request rules.
📜 Local allow/block lists
Users can manually add domains to personal allowlist or blocklist. They override global rules and sync across browser sessions.
⚙️ Fine‑grained settings
Enable/disable real‑time shield, safe mode, tracker blocking, download guard, notifications, strict mode, telemetry. Reset statistics, clear activity log.
🌍 15 languages + RTL
Full internationalisation including Arabic (right‑to‑left). Light/dark theme syncs with system preference.
🔗 Admin sync & false positive reporting
Users can report false positives from the warning page. Administrators review and update global trusted/blocked lists. Extension refreshes lists hourly.
🧪 Email & phone scam check
Checks email addresses for disposable/low reputation (Disify API) and phone numbers against known scam prefixes. Available in Tools Center.
05. Tools Center – advanced utilities
The Tools Center (accessible from popup or dedicated private.html page) provides powerful security tools and personal statistics. All history is stored locally.
🌐 URL / Domain scanner (batch)
Check any URL or domain with multi‑source analysis (Google Safe Browsing, URLScan, PhishDestroy, local heuristics). Returns risk score, category, detected signals. Supports batch (up to 10 URLs) and persistent history of last 5 checks.
📧 Email safety check
Detects disposable or low‑reputation email addresses via Disify API (HTTPS). Helps avoid sign‑ups on fraudulent sites. Batch mode available.
📞 Phone number check
Verifies phone numbers against known scam prefixes (e.g., premium‑rate or fake support lines). Country selection included.
📊 Activity charts & sparklines
Visualises scans, blocked threats and alerts over 24h, 7 days, and 30 days. Sparkline graphs on stat cards show weekly trends.
🔐 Password vault (secure generator)
Cryptographically strong passwords (crypto.getRandomValues). Adjustable length, character sets, and a live strength meter (weak → very strong).
🧹 Privacy cleaner & shredder
One‑click removal of browsing traces with granular data type selection and time‑range presets. Also cleans IndexedDB and WebSQL.
06. Crypto & Web3 security
Specialised protection for cryptocurrency users against drainers, fake wallets, and giveaway scams.
💸 Crypto drainer detection
Monitors dangerous Web3 calls: eth_sendTransaction, approve, transferFrom, personal_sign on pages that inject window.ethereum or window.solana.
🎁 Fake giveaway / airdrop
Text and countdown timer analysis to detect "Elon Musk giveaway", "double your crypto", and fake airdrop campaigns.
👛 Fake wallet pages
Identifies phishing sites impersonating MetaMask, Binance, Coinbase, Ledger, Trust Wallet, Phantom, etc., using typosquatting and subdomain tricks.
📋 Clipboard hijacking (crypto)
Detects when a copied crypto address (e.g., 0x... Ethereum address) is silently replaced by a malicious address. Triggers a critical alert.
07. Administration & false‑positive handling
AIScamHunter includes a private admin dashboard that aggregates user reports, manages global allow/block lists, and improves detection for all users.
📢 User false‑positive reporting
From the warning page or popup, users can report a blocked domain as a false positive. The report includes domain, timestamp, and anonymised user hash.
🔧 Admin actions
Trust → adds to global allowlist; Block → adds to global blocklist; Resolve → removes the report without global changes. Decisions sync to all users via shared JSON files.
🔄 Hourly synchronisation
The extension polls the server every hour for updated trusted/blocked lists. Admin changes propagate to all users within ≤60 minutes.
📊 Anonymous telemetry (optional)
Aggregated threat statistics (type, country, score) help improve detection. No personal data, IPs or full URLs are stored. Can be disabled in settings.
08. Privacy & data protection
🔒 Local processing
Heuristics (typosquatting, DGA, form analysis, script scanning) run entirely on your device. Only optional safe browsing checks go through secured proxies.
🕶️ Incognito mode support
Extension can be enabled in incognito (manual activation). Telemetry is automatically disabled in private windows.
📊 Optional anonymised telemetry
A toggle in settings allows sending aggregate statistics (event type, country, risk score) to improve global detection. No personal identifiers, IPs or URLs are ever transmitted.
🛡️ Proxied external APIs
Calls to Google Safe Browsing, AbuseIPDB, URLScan are routed through AIScamHunter servers to hide your IP and avoid exposing API keys.
09. Technical architecture
⚙️ Manifest V3 core
- Service worker (background.js)
- Declarative Net Request (3 rulesets: threats, trackers, safe mode)
- Isolated storage, alarms, notifications
- Session & local caching
🌐 Threat intelligence sources
- Google Safe Browsing (via proxy)
- URLhaus, OpenPhish, Phishing Army
- PhishTank, PhishStats, PhishDestroy
- AbuseIPDB, DNS reputation (Google DoH)
- Certificate transparency (crt.sh)
- Local heuristics (typosquatting, DGA, homoglyphs)
📂 Internal rule sets
- Malware & phishing (financial, crypto, gov, shipping)
- Tracker blocking (Google, Facebook, TikTok, Hotjar, etc.)
- Safe mode: HTTPS upgrade, block legacy plugins
- Download guard: executable extensions
📈 Weighted scoring engine
- Weights: Google 30%, URLScan 18%, AbuseIPDB 10%, PhishDestroy 13%, external feeds 13%, PhishStats 5%, DNS reputation 3%, SSL analysis 3%, local heuristics 13%.
- Dynamic adjustment for strict/safe mode
- Contextual reduction (no login/banking keywords)
- Session cache (TTL 30 min)
10. Permissions explained
| Permission | Reason |
|---|---|
| storage | Stores settings, allow/block lists, cache, stats, activity history. |
| tabs | Retrieves the active tab URL and hostname for scanning and status display. |
| alarms | Manages scheduled tasks: telemetry queue, feed refresh, cache cleanup, keep‑alive pings. |
| downloads | Analyses and blocks dangerous downloads; post‑download file scanning and deletion. |
| notifications | Displays security alerts when threats are blocked. |
| cookies | Privacy cleaner and detection of suspicious cookies. |
| browsingData | Clears cache, history, downloads, form data, etc. |
| contextMenus | Adds scan/block/trust options to right‑click menu. |
| webNavigation | Monitors redirects and navigation events for real‑time analysis. |
| clipboardRead | Detects clipboard hijacking (only when tab is visible, 5s interval). |
| declarativeNetRequest | Efficient network request filtering (trackers, threats, HTTPS upgrade). |