Is "Enhanced L00tCase User Experience" on Chrome Web Store Safe to Install?
Enhances the overall user experience on the LootCase website by adding several useful features. Current Features: - Chat message highlighting: Makes it easier to spot chat messages coming from a specific user or contain a certain keyword by highlighting the message. - Chat message exclusion: Allows you to exclude messages from specific users or containing certain keywords from being shown (either fully or message only). - Case statistics: Calculates and displays a cases expected value, profit chance, volatility index, median and color chances on the page of each case and the daily free cases. - Copy username button: Adds a copy-to-clipboard button next to each username in chat to make direct messaging easier. - Visible profile badge: Allows you to enable or disable your profile badge in the chat window if you own one. - Online streamer alert: Alerts you when one or more of LootCase affiliated streamers is online. Supporter Features: - Case price history: Allows you to track the prices of each case and visualize them in a chart. All these features are customizable through the extension's settings menu, giving you the flexibility to tailor your experience to your preferences. Report Issues: If you encounter any issues, bugs, or problems, I value your feedback! Please report them to [email protected]. If you enjoy this extension, I'd greatly appreciate it if you could rate it on the Chrome Web Store and/or use my affiliate code on LootCase: THEBLOCK Important Note: This extension is not affiliated with, endorsed, or supported by LootCase or its creators in any way. The use of this extension is entirely at the user's own risk. As the developer of this extension, I take no responsibility for any issues that may arise from its use. By installing and using this extension, you agree to accept any risks associated with its use.
Risk Assessment
Analyzed172 security findings detected across all analyzers
Chrome extension requesting 4 permissions
Severity Breakdown
Finding Categories
YARA Rules Matched
7 rules(16 hits)Requested Permissions
4 permissionsIntercept, modify, and block all network requests
About This Extension
Detailed Findings
22 totalYARA Rule Matches
7 rulesIndicators of Compromise
Network indicators, suspicious strings, and potential IoCs extracted during analysis
All Indicators · 150
detected Domain: e.options.events XIOC detected Domain: e.options.events
extracted_from_files
detected Domain: a.properties XIOC detected Domain: a.properties
extracted_from_files
detected Domain: handler.observer XIOC detected Domain: handler.observer
extracted_from_files
detected URL: https://www.twitch.tv/* XIOC detected URL: https://www.twitch.tv/*
extracted_from_files
detected URL: https://toby-theblock.github.io/utilities/data-store/lootcase.json', XIOC detected URL: https://toby-theblock.github.io/utilities/data-store/lootcase.json',
extracted_from_files
detected URL: https://www.LootCase.gg/affiliate', XIOC detected URL: https://www.LootCase.gg/affiliate',
extracted_from_files
detected URL: https://www.pullbox.gg/affiliate', XIOC detected URL: https://www.pullbox.gg/affiliate',
extracted_from_files
detected URL: https://www.twitch.tv/$ XIOC detected URL: https://www.twitch.tv/$
extracted_from_files
detected URL: https://clients2.google.com/service/update2/crx XIOC detected URL: https://clients2.google.com/service/update2/crx
extracted_from_files
detected URL: https://www.LootCase.gg/api/* XIOC detected URL: https://www.LootCase.gg/api/*
extracted_from_files
detected Domain: handler.id XIOC detected Domain: handler.id
extracted_from_files
detected Domain: switchstatus.id XIOC detected Domain: switchstatus.id
extracted_from_files
detected Domain: storedkeywords.map XIOC detected Domain: storedkeywords.map
extracted_from_files
detected Domain: table.id XIOC detected Domain: table.id
extracted_from_files
detected Domain: row.id XIOC detected Domain: row.id
extracted_from_files
detected URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css XIOC detected URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
extracted_from_files
detected URL: https://www.chartjs.org XIOC detected URL: https://www.chartjs.org
extracted_from_files
detected Domain: div.flex.flex-wrap.justify-center.mt XIOC detected Domain: div.flex.flex-wrap.justify-center.mt
extracted_from_files
detected Domain: copybutton.id XIOC detected Domain: copybutton.id
extracted_from_files
detected Domain: badgecandidate.name XIOC detected Domain: badgecandidate.name
extracted_from_files
detected Domain: badge.id XIOC detected Domain: badge.id
extracted_from_files
detected Domain: div.fixed.bottom-0.left-0.right-0.border-t.flex.justify-around.items-center.py XIOC detected Domain: div.fixed.bottom-0.left-0.right-0.border-t.flex.justify-around.items-center.py
extracted_from_files
detected Domain: joinlootdropbutton.click XIOC detected Domain: joinlootdropbutton.click
extracted_from_files
detected Domain: div.flex.flex-col.items-center.my-8.mx XIOC detected Domain: div.flex.flex-col.items-center.my-8.mx
extracted_from_files
detected Domain: iconwrapper.id XIOC detected Domain: iconwrapper.id
extracted_from_files
detected Domain: historydata.map XIOC detected Domain: historydata.map
extracted_from_files
detected Domain: h.date XIOC detected Domain: h.date
extracted_from_files
detected Domain: ctx.save XIOC detected Domain: ctx.save
extracted_from_files
detected Domain: dataset.data XIOC detected Domain: dataset.data
extracted_from_files
detected Domain: tooltip.style.top XIOC detected Domain: tooltip.style.top
extracted_from_files
detected Domain: demopricewrapper.id XIOC detected Domain: demopricewrapper.id
extracted_from_files
detected Domain: www.pullbox.gg XIOC detected Domain: www.pullbox.gg
extracted_from_files
detected Domain: data.date XIOC detected Domain: data.date
extracted_from_files
detected Domain: www.twitch.tv XIOC detected Domain: www.twitch.tv
extracted_from_files
detected Domain: statisticswrapper.id XIOC detected Domain: statisticswrapper.id
extracted_from_files
detected Domain: div.flex.inline-flex.mx XIOC detected Domain: div.flex.inline-flex.mx
extracted_from_files
detected Domain: updatedhistorydata.data XIOC detected Domain: updatedhistorydata.data
extracted_from_files
detected Domain: casepricehistory.data XIOC detected Domain: casepricehistory.data
extracted_from_files
detected Domain: valueatpath.map XIOC detected Domain: valueatpath.map
extracted_from_files
detected Domain: globaltooltip.style.top XIOC detected Domain: globaltooltip.style.top
extracted_from_files
detected URL: https://www.LootCase.gg/* XIOC detected URL: https://www.LootCase.gg/*
extracted_from_files
detected URL: https://github.com/kurkle/color#readme XIOC detected URL: https://github.com/kurkle/color#readme
extracted_from_files
detected Domain: e.target XIOC detected Domain: e.target
extracted_from_files
detected Domain: badge.name XIOC detected Domain: badge.name
extracted_from_files
detected Domain: os.name XIOC detected Domain: os.name
extracted_from_files
detected Domain: store.name XIOC detected Domain: store.name
extracted_from_files
detected Domain: store.data XIOC detected Domain: store.data
extracted_from_files
detected Domain: entry.id XIOC detected Domain: entry.id
extracted_from_files
detected Domain: toast.id XIOC detected Domain: toast.id
extracted_from_files
detected Domain: toby-theblock.github.io XIOC detected Domain: toby-theblock.github.io
extracted_from_files
detected Domain: www.lootcase.gg XIOC detected Domain: www.lootcase.gg
extracted_from_files
detected Domain: i.target XIOC detected Domain: i.target
extracted_from_files
detected Domain: s.save XIOC detected Domain: s.save
extracted_from_files
detected Domain: n.show XIOC detected Domain: n.show
extracted_from_files
detected Domain: i.external.call XIOC detected Domain: i.external.call
extracted_from_files
detected Domain: chart.umd.js.map XIOC detected Domain: chart.umd.js.map
extracted_from_files
detected Domain: indexeddb.open XIOC detected Domain: indexeddb.open
extracted_from_files
detected Domain: storenames.map XIOC detected Domain: storenames.map
extracted_from_files
detected Domain: o.save XIOC detected Domain: o.save
extracted_from_files
detected Domain: t.adapters.date XIOC detected Domain: t.adapters.date
extracted_from_files
detected Domain: this.ticks.map XIOC detected Domain: this.ticks.map
extracted_from_files
detected Domain: cache.data XIOC detected Domain: cache.data
extracted_from_files
detected Domain: mo.call XIOC detected Domain: mo.call
extracted_from_files
detected Domain: yo.map XIOC detected Domain: yo.map
extracted_from_files
detected Domain: t.data.map XIOC detected Domain: t.data.map
extracted_from_files
detected Domain: g.center XIOC detected Domain: g.center
extracted_from_files
detected Domain: h.data XIOC detected Domain: h.data
extracted_from_files
detected Domain: r.style XIOC detected Domain: r.style
extracted_from_files
detected Domain: o.top XIOC detected Domain: o.top
extracted_from_files
detected Domain: l.top XIOC detected Domain: l.top
extracted_from_files
detected Domain: padding.top XIOC detected Domain: padding.top
extracted_from_files
detected Domain: bo.prototype.generateticklabels.call XIOC detected Domain: bo.prototype.generateticklabels.call
extracted_from_files
detected Domain: n.data XIOC detected Domain: n.data
extracted_from_files
detected Domain: this.options.events XIOC detected Domain: this.options.events
extracted_from_files
detected Domain: o.data XIOC detected Domain: o.data
extracted_from_files
detected Domain: response.data XIOC detected Domain: response.data
extracted_from_files
detected Domain: s.total XIOC detected Domain: s.total
extracted_from_files
detected Domain: cachedmeta.total XIOC detected Domain: cachedmeta.total
extracted_from_files
detected Domain: k.nl XIOC detected Domain: k.nl
extracted_from_files
detected Domain: paths.map XIOC detected Domain: paths.map
extracted_from_files
detected Domain: o.id XIOC detected Domain: o.id
extracted_from_files
detected Domain: o.canvas.id XIOC detected Domain: o.canvas.id
extracted_from_files
detected Domain: this.config.data XIOC detected Domain: this.config.data
extracted_from_files
detected Domain: n.id XIOC detected Domain: n.id
extracted_from_files
detected Domain: h.id XIOC detected Domain: h.id
extracted_from_files
detected Domain: t.events XIOC detected Domain: t.events
extracted_from_files
detected Domain: c.top XIOC detected Domain: c.top
extracted_from_files
detected Domain: object.prototype.isprototypeof.call XIOC detected Domain: object.prototype.isprototypeof.call
extracted_from_files
detected Domain: s.id XIOC detected Domain: s.id
extracted_from_files
detected Domain: r.id XIOC detected Domain: r.id
extracted_from_files
detected Domain: t.plugin.id XIOC detected Domain: t.plugin.id
extracted_from_files
detected Domain: e.plugin.id XIOC detected Domain: e.plugin.id
extracted_from_files
detected Domain: e.data XIOC detected Domain: e.data
extracted_from_files
detected Domain: this.top XIOC detected Domain: this.top
extracted_from_files
detected Domain: this.chart.data XIOC detected Domain: this.chart.data
extracted_from_files
detected Domain: this.fit XIOC detected Domain: this.fit
extracted_from_files
detected Domain: margins.top XIOC detected Domain: margins.top
extracted_from_files
detected Domain: x.data XIOC detected Domain: x.data
extracted_from_files
detected Domain: i.save XIOC detected Domain: i.save
extracted_from_files
detected Domain: e.save XIOC detected Domain: e.save
extracted_from_files
detected Domain: t.id XIOC detected Domain: t.id
extracted_from_files
detected Domain: e.id XIOC detected Domain: e.id
extracted_from_files
detected Domain: cachedmeta.data XIOC detected Domain: cachedmeta.data
extracted_from_files
detected Domain: i.data XIOC detected Domain: i.data
extracted_from_files
detected Domain: this.datasetelementtype.id XIOC detected Domain: this.datasetelementtype.id
extracted_from_files
detected Domain: this.dataelementtype.id XIOC detected Domain: this.dataelementtype.id
extracted_from_files
detected Domain: this.id XIOC detected Domain: this.id
extracted_from_files
detected Domain: r.box XIOC detected Domain: r.box
extracted_from_files
detected Domain: n.top XIOC detected Domain: n.top
extracted_from_files
detected Domain: g.top XIOC detected Domain: g.top
extracted_from_files
detected Domain: e.box XIOC detected Domain: e.box
extracted_from_files
detected Domain: request.data XIOC detected Domain: request.data
extracted_from_files
detected Domain: tab.id XIOC detected Domain: tab.id
extracted_from_files
detected Domain: config.data XIOC detected Domain: config.data
extracted_from_files
detected Domain: e.top XIOC detected Domain: e.top
extracted_from_files
detected Domain: l.next XIOC detected Domain: l.next
extracted_from_files
detected Domain: e.style XIOC detected Domain: e.style
extracted_from_files
detected Domain: i.top XIOC detected Domain: i.top
extracted_from_files
detected Domain: t.canvas.style XIOC detected Domain: t.canvas.style
extracted_from_files
detected Domain: e.family XIOC detected Domain: e.family
extracted_from_files
detected Domain: t.data XIOC detected Domain: t.data
extracted_from_files
detected Domain: a.top XIOC detected Domain: a.top
extracted_from_files
detected Domain: r.top XIOC detected Domain: r.top
extracted_from_files
detected Domain: a.style XIOC detected Domain: a.style
extracted_from_files
detected Domain: t.family XIOC detected Domain: t.family
extracted_from_files
detected Domain: t.style XIOC detected Domain: t.style
extracted_from_files
detected Domain: s.data XIOC detected Domain: s.data
extracted_from_files
detected Domain: t.save XIOC detected Domain: t.save
extracted_from_files
detected Domain: date.now XIOC detected Domain: date.now
extracted_from_files
detected Domain: oe.numeric.call XIOC detected Domain: oe.numeric.call
extracted_from_files
detected Domain: this.events XIOC detected Domain: this.events
extracted_from_files
detected Domain: e.host XIOC detected Domain: e.host
extracted_from_files
detected Domain: s.top XIOC detected Domain: s.top
extracted_from_files
detected Domain: t.target XIOC detected Domain: t.target
extracted_from_files
detected Domain: t.top XIOC detected Domain: t.top
extracted_from_files
detected Domain: www.chartjs.org XIOC detected Domain: www.chartjs.org
extracted_from_files
detected Domain: object.prototype.tostring.call XIOC detected Domain: object.prototype.tostring.call
extracted_from_files
detected Domain: t.call XIOC detected Domain: t.call
extracted_from_files
detected Domain: e.call XIOC detected Domain: e.call
extracted_from_files
detected Domain: t.map XIOC detected Domain: t.map
extracted_from_files
detected Domain: object.prototype.hasownproperty.call XIOC detected Domain: object.prototype.hasownproperty.call
extracted_from_files
detected Domain: ht.call XIOC detected Domain: ht.call
extracted_from_files
detected Domain: toast.mobile XIOC detected Domain: toast.mobile
extracted_from_files
detected Domain: msg.play XIOC detected Domain: msg.play
extracted_from_files
detected Domain: audio.play XIOC detected Domain: audio.play
extracted_from_files
detected Domain: port.name XIOC detected Domain: port.name
extracted_from_files
detected Domain: request.id XIOC detected Domain: request.id
extracted_from_files
detected Domain: i.style XIOC detected Domain: i.style
extracted_from_files
detected Domain: t.to XIOC detected Domain: t.to
extracted_from_files
detected Domain: e.labels.map XIOC detected Domain: e.labels.map
extracted_from_files
AI Security Report
AI Security Review
Risky Plugins reviewed this extension with an AI-assisted security workflow on 2026-04-23. The review verdict is confirmed malicious with 85% confidence.
Recommended action: takedown request.
Risk context: MEDIUM risk, score 63/100.
Evidence context: threat category typosquatting; evidence quality moderate.
The extension 'Enhanced L00tCase User Experience' employs leetspeak substitution (replacing 'O' with '0') in its name to mimic the legitimate 'LootCase' brand, a documented typosquatting tactic. The developer is listed as '[email protected]', a personal email address with no corporate affiliation, which aligns with impersonation patterns where malicious actors avoid verifiable identities. Despite no code-level findings (findings_by_category is empty), the name itself constitutes a high-confidence threat indicator under the typosquatting category. The extension claims to enhance the LootCase website, but the altered spelling suggests an attempt to deceive users into believing it is an official or trusted tool.
A skeptic might argue the name is a legitimate branding choice, but leetspeak substitutions are overwhelmingly used in malicious contexts to bypass trademark protections or confuse users. The absence of code findings does not negate the metadata-based threat; typosquatting is a standalone indicator of intent to impersonate. The low user count (43) and lack of developer transparency further reduce trust. This extension should be treated as malicious due to its deceptive naming convention, which is a well-documented precursor to credential theft or data exfiltration in similar cases.
Key Reasons
- Leetspeak substitution in extension name mimics legitimate brand
- Anonymous developer using personal email address
- Low user count with no verifiable publisher identity
- Typosquatting is a high-confidence threat indicator per threat model
False Positive Considerations
- Name could be a legitimate branding variant (unlikely given leetspeak usage)
Source Code Not Available
Source code is not available for this version of the extension.
Frequently Asked Questions
Similar Extensions
Related extensions from the same publisher or marketplace
Enhanced Pullb0x User Experience
[email protected]
Enhanced Outlook Web App
[email protected]
YouTube Uninterrupted
[email protected]
Ship Xanh copy sản phẩm, nhân bản shop, hiển thị % phí sàn, lượt bán tháng
[email protected]
KEYOLOGIC AUTOFILLER PRO
[email protected]
Razor Wallet
[email protected]