Closed hagezi closed 2 months ago
Secure DNS:
- 360Secure OK
- AliDNS OK
- CFIEC OK
- CleanBrowsing OK
- Cloudflare OK
- ComodoSecure OK
- CONTROLD.TIF BLOCKED
- DNS0.eu OK
- DNS0.eu.ZERO OK
- DNSWatchGO OK
- HaGeZi.TIF BLOCKED
- Neustar OK
- NextDNS.TIF_AI OK
- NortonCS OK
- NRD.DGA.IDN OK
- Quad9 OK
- SafeDNS OK
- UltraDNS OK
- Umbrella OK
- YandexSafe OK
Intels:
- Google https://transparencyreport.google.com/safe-browsing/search?url=withsecurify.com
- VirusTotal https://www.virustotal.com/en/domain/withsecurify.com/information/
- AlienVault https://otx.alienvault.com/indicator/domain/withsecurify.com
- Bitdefender https://trafficlight.bitdefender.com/info/?url=https%3A%2F%2Fwithsecurify.com
- FortiGuard https://www.fortiguard.com/webfilter?q=withsecurify.com&type=&engine=1
- Kaspersky https://opentip.kaspersky.com/withsecurify.com?tab=web
- McAfee https://siteadvisor.com/sitereport.html?url=withsecurify.com
- Norton https://safeweb.norton.com/report/show?url=withsecurify.com
- OpenDNS https://domain.opendns.com/withsecurify.com
- URLVoid https://www.urlvoid.com/scan/withsecurify.com/
- Yandex https://yandex.com/safety/?l10n=en&url=withsecurify.com
- ThreatMiner https://www.threatminer.org/domain.php?q=withsecurify.com
It's a search engine hijacker. Reviews on the site are fake. Claims to add security without proof.
Domains seen, back when I added it.
ext.withsecurify.com
search5.withsecurify.com
search.withsecurify.com
Real reviews: https://chromewebstore.google.com/detail/securify-your-browser/eobcealmgdjeoheieiobkedbgddicaba/reviews
Additional
https://www.hybrid-analysis.com/sample/d57bcb554037fc17b59f58deb7645b584a7cfb71dad58e87ccd8a27689a972fd?environmentId=100
https://malwaretips.com/blogs/remove-securify-search/
https://www.2-spyware.com/remove-search-mysecurify-com.html
Thanks Sean @ShadowWhisperer
Blocklisted, thanks. I guess the Streisand effect is real.
Re added to badware.
withsecurify.com
securifyguard.com
getsecurify.com
@JobcenterTycoon @ShadowWhisperer @iam-py-test
Answer from info at mysecurify.com:
Hello again,
Thank you for your prompt response to our appeal. We want to clarify some misunderstandings and provide additional context regarding the points mentioned.
To kick this off we’d like to focus on the fact that blocking our endpoints will result in product breakdown and will cause an inability to use browser features. This causes major confusion for our users because it's like blocking their NewTab page.
As an official Chrome Store extension, we rigorously follow all Google policies and guidelines for extension development and distribution. Our extension does not hijack anything, the search engine is changed using the official Chrome API and users must specifically accept this change when prompted several times during the installation process.
We strongly deny the allegation of fake reviews. We have never engaged in any practices to generate fake reviews. The reviews on the Chrome Web Store are from genuine users. We continuously monitor and respond to user feedback to improve our extension.
Regarding the additional links provided. There are always false positives with AVs and other security software. We continually contact such services and ask them for a re-review, as you can see from VirusTotal, our status is clean.
Some of the articles mentioned there are peddling security software and posting blatant lies. You can even see content on the pages that isn’t even related to our products (see screenshots of other products for example) - it’s a standard template they use to earn money through affiliate marketing.
We understand the importance of maintaining a secure browsing environment for users. We are committed to transparency and cooperation. We request you review the domains mentioned and see there are no malware or security risks on there, nor have there ever been.
We look forward to resolving this matter promptly.
Best regards, Team Securify
The Apple discussions thread in https://github.com/hagezi/dns-blocklists/issues/3163#issuecomment-2229056638 is not "peddling security software and posting blatant lies". In my opinion, nothing they say disproves the allegations against their company. I also can speak from experience as to the maliciousness of this software: https://github.com/iam-py-test/my_filters_001/blob/f71199a6192747467f3020d1dfa4f1a802bf4280/antimalware.txt#L14451 (I guess past me was corrupt and lied)
Yes. it's a search engine hijacker.
I have asked them to continue the discussion here and not by e-mail, so that everyone can read along and react.
Currently blocked by:
Blocklists:
- 1Hosts.Lite OK
- 1Hosts.Mini OK
- 1Hosts.Pro BLOCKED
- AdGuardDNS OK
- CONTROLD.AT BLOCKED
- DevDansHosts OK
- EasyList OK
- GoodbyeAds OK
- HaGeZi.LIGHT BLOCKED
- HaGeZi.NORMAL BLOCKED
- HaGeZi.PRO BLOCKED
- HaGeZi.PRO.PLUS BLOCKED
- HaGeZi.TIF BLOCKED
- HaGeZi.ULTIMATE BLOCKED
- hBlock BLOCKED
- NextDNS.AT OK
- OISD.Big BLOCKED
- OISD.Small OK
- QuidsUp.NOTRACK OK
- StevenBlack OK
Top 1M/10M lists:
Top 1M:
- Umbrella: YES
- Cloudflare: YES
- Tranco: YES
- Majestic: NO
- BuiltWith: NO
- Chrome: NO
Top 10M:
- DOMCOP: NO
ping @bongochong @sjhgvr to join the conversation, also blocked in your list.
Reason for being in oisd; found in; https://filters.adavoid.org/ultimate-security-filter.txt Personally I don't have anything valuable to add to this subject.
https://filters.adavoid.org/ultimate-security-filter.txt is just the uBO badware list?
@hagezi Thank you for pinging me. This will make for a fun read when I'm decompressing from the day later on.
@JobcenterTycoon @sjhgvr I have been pulling in entries from both of the aforementioned lists for a long time, which make their way into different compiled lists I maintain. I never thought to compare the two before, but after stripping away some ABP syntax, followed by a quick sort & diff, it appears that Ultimate Security contains the bulk of uBO's Badware list. There are currently 3219 identical filters between them, with the only difference for those entries being uBO's use of abbreviated aliases, whereas Ultimate Security uses standard static filter syntax (e.g. $doc
vs. $document
).
This is all likely due to AdBlocker Ultimate lists being substantially derived from default lists offered by AdGuard and EasyList, many of which seem to incorporate much of uBO's Badware list as well. The ad-blocking scene is so huge and interconnected now, that sometimes I think it would be better if we all pooled our time and resources together to perfect and expand a single project, but hey, at least it's fun :wink:
I'm curious where the "reviews" come from. Don't see any of these on Google's side.
"from our users" 🤡
The ad-blocking scene is so huge and interconnected now, that sometimes I think it would be better if we all pooled our time and resources together to perfect and expand a single project, but hey, at least it's fun
At least its harder for ad companies to monitor many ad blockers instead of one because the behavior may be different even if the same filter are used. Same for security vendors, its harder to monitor 100 different one instead of 1. But for simple open source domain blocking it would be the best to combine the power.
I think we are all in agreement here. Closing ....
Which AdBlocker/DNS cloud service do you use?
AdGuard DNS
Other
No response
ControlD users
NextDNS users
With which block list(s) does the problem occur?
Threat Intelligence Feeds
Which domain(s) should be unblocked?
withsecurify.com
Why should the domain(s) be unblocked?
Via Mail from info at mysecurify.com:
In the past few days, we’ve been receiving numerous complaints from our users that their extensions aren’t working properly.
We’re contacting you as it has been caused by the recent classification of our domain as "malware, adware, and PUPs" on the uBlock Origin lists.
Specifically these two pull requests listing “withsecurify.com”:
https://github.com/hagezi/dns-blocklists/issues/3073 https://github.com/uBlockOrigin/uAssets/issues/24390
“withsecurify.com” is one of our production domains and is not used for ads, PUP, malware, or adware. It’s used by our extensions, mainly for API and search endpoints.
Blocking this domain breaks the user's basic browser experience and some cannot even use the Chrome omnibox properly.
Examples of broken endpoints:
In light of the above, we kindly request an urgent review of our domain’s classification on the uBlock Origin badware list. We’ll be happy to provide any additional information or clarification needed to facilitate this review.
ping @JobcenterTycoon @shadowwhisperer
Privacy