Is uBlock Origin safe to use?

uBlock Origin has a security risk score of 72.71/100 (HIGH risk). Our security analysis detected 149532 findings. Review the detailed security assessment below to understand the specific risks before installation.

What are the security risks of uBlock Origin?

Based on our automated security analysis, uBlock Origin presents high risk level. The extension is analyzed for malware patterns, secret exposure, network communications, permissions, and supply chain vulnerabilities.

How is the security score calculated?

Risky Plugins calculates security scores using weighted categories: severity of findings (25 points max), malware detections (35 points), secret exposure (28 points), network communications (10 points), and obfuscation (10 points). Scores range from 0-100, with higher scores indicating greater risk.

What does CRITICAL, HIGH, MEDIUM, LOW, MINIMAL risk mean?

CRITICAL (80-100): Severe security issues like malware. HIGH (60-79): Significant vulnerabilities. MEDIUM (40-59): Moderate security concerns. LOW (20-39): Minor issues. MINIMAL (0-19): Very low risk. Always review findings before installing any extension.

Is "uBlock Origin" on Chrome Web Store Safe to Install?

[email protected] · chrome · v1.65.0

IMPORTANT: uBlock Origin is completely unrelated to the site "ublock.org". uBlock Origin is not an "ad blocker", it's a wide-spectrum content blocker with CPU and memory efficiency as a primary feature. *** Out of the box, these lists of filters are loaded and enforced: - uBlock Origin filter lists - EasyList (ads) - EasyPrivacy (tracking) - Peter Lowe’s Ad server list (ads and tracking) - Online Malicious URL Blocklist More lists are available for you to select if you wish: - Annoyances (cookie warnings, overlays, etc.) - hosts-based lists - And many others Additionally, you can point-and-click to block JavaScript locally or globally, create your own global or local rules to override entries from filter lists, and many more advanced features. *** Free. Open source with public license (GPLv3) For users by users. If ever you really do want to contribute something, think about the people working hard to maintain the filter lists you are using, which were made available to use by all for free. *** Documentation: https://github.com/gorhill/uBlock#ublock-origin Project change log: https://github.com/gorhill/uBlock/releases Contributors @ Github: https://github.com/gorhill/uBlock/graphs/contributors Contributors @ Crowdin: https://crowdin.net/project/ublock

Risk Assessment

Analyzed

72.71

out of 100

HIGH

149532 security findings detected across all analyzers

Chrome extension requesting 10 permissions

Severity Breakdown

Critical

778

High

148754

Medium

Low

Info

Finding Categories

775

Malware Signatures

Obfuscation

Network

206

IoC Indicators

YARA Rules Matched

18 rules(775 hits)

postinstall file download postinstall network communication postinstall file manipulation postinstall system command postinstall obfuscation postinstall persistence mechanism LocalStorageShouldNotBeUsed postinstall crypto operations WarpStrings credential steam data credential env files credential skype data postinstall registry modification postinstall environment access DebuggerStatementsShouldNotBeUsed NoUseWeakRandom +2 more

Requested Permissions

10 permissions

<all_urls>

Access and modify data on every website you visit

Dangerous

webRequest

Intercept, modify, and block all network requests

High

webRequestBlocking

Block network requests before they complete

High

tabs

Medium

alarms

Low

contextMenus

Low

privacy

Low

storage

Low

unlimitedStorage

Low

webNavigation

Low

About This Extension

Detailed Findings

794 total

YARA Rule Matches

18 rules

Indicators of Compromise

Network indicators, suspicious strings, and potential IoCs extracted during analysis

IP Addresses

Domains

206

Strings

206

All Indicators · 206

Domain

detected Domain: api.litres.ru

XIOC detected Domain: api.litres.ru

extracted_from_files

detected Domain: pipeline.nachtkastje.nl

XIOC detected Domain: pipeline.nachtkastje.nl

extracted_from_files

detected Domain: pipeline.lc.nl

XIOC detected Domain: pipeline.lc.nl

extracted_from_files

detected Domain: pipeline.dvhn.nl

XIOC detected Domain: pipeline.dvhn.nl

extracted_from_files

detected Domain: pipeline.balkstercourant.nl

XIOC detected Domain: pipeline.balkstercourant.nl

extracted_from_files

Domain

detected Domain: pg.totaaltv.nl

XIOC detected Domain: pg.totaaltv.nl

extracted_from_files

Domain

detected Domain: sst.babypark.nl

XIOC detected Domain: sst.babypark.nl

extracted_from_files

detected Domain: sliponline.nl

XIOC detected Domain: sliponline.nl

extracted_from_files

Domain

detected Domain: sat.sanoma.fi

XIOC detected Domain: sat.sanoma.fi

extracted_from_files

Domain

detected Domain: sanoma.nl

XIOC detected Domain: sanoma.nl

extracted_from_files

Domain

detected Domain: rtl.nl

XIOC detected Domain: rtl.nl

extracted_from_files

Domain

detected Domain: raf.postnl.nl

XIOC detected Domain: raf.postnl.nl

extracted_from_files

Domain

detected Domain: raf.postnl.be

XIOC detected Domain: raf.postnl.be

extracted_from_files

Domain

detected Domain: t.destentor.nl

XIOC detected Domain: t.destentor.nl

extracted_from_files

Domain

detected Domain: t.bndestem.nl

XIOC detected Domain: t.bndestem.nl

extracted_from_files

Domain

detected Domain: t.bd.nl

XIOC detected Domain: t.bd.nl

extracted_from_files

Domain

detected Domain: t.ad.nl

XIOC detected Domain: t.ad.nl

extracted_from_files

Domain

detected Domain: stats.fd.nl

XIOC detected Domain: stats.fd.nl

extracted_from_files

Domain

detected Domain: statistiek.rijksoverheid.nl

XIOC detected Domain: statistiek.rijksoverheid.nl

extracted_from_files

Domain

detected Domain: sst.vrijopnaam.nl

XIOC detected Domain: sst.vrijopnaam.nl

extracted_from_files

Domain

detected Domain: tijd.be

XIOC detected Domain: tijd.be

extracted_from_files

detected Domain: tagging.sliponline.nl

XIOC detected Domain: tagging.sliponline.nl

extracted_from_files

Domain

detected Domain: t.tubantia.nl

XIOC detected Domain: t.tubantia.nl

extracted_from_files

Domain

detected Domain: t.pzc.nl

XIOC detected Domain: t.pzc.nl

extracted_from_files

Domain

detected Domain: t.hln.be

XIOC detected Domain: t.hln.be

extracted_from_files

Domain

detected Domain: t.gelderlander.nl

XIOC detected Domain: t.gelderlander.nl

extracted_from_files

Domain

detected Domain: t.ed.nl

XIOC detected Domain: t.ed.nl

extracted_from_files

Domain

detected Domain: tweakers.nl

XIOC detected Domain: tweakers.nl

extracted_from_files

Domain

detected Domain: tweakers.net

XIOC detected Domain: tweakers.net

extracted_from_files

Domain

detected Domain: tvgids.nl

XIOC detected Domain: tvgids.nl

extracted_from_files

Domain

detected Domain: tracking.voordeeluitjes.nl

XIOC detected Domain: tracking.voordeeluitjes.nl

extracted_from_files

Domain

detected Domain: tracking.gaslicht.com

XIOC detected Domain: tracking.gaslicht.com

extracted_from_files

Domain

detected Domain: track.pexi.nl

XIOC detected Domain: track.pexi.nl

extracted_from_files

Domain

detected Domain: topspin.npo.nl

XIOC detected Domain: topspin.npo.nl

extracted_from_files

Domain

detected Domain: analytics.sanoma.fi

XIOC detected Domain: analytics.sanoma.fi

extracted_from_files

Domain

detected Domain: woonboulevardpoortvliet.nl

XIOC detected Domain: woonboulevardpoortvliet.nl

extracted_from_files

Domain

detected Domain: vroom.be

XIOC detected Domain: vroom.be

extracted_from_files

Domain

detected Domain: vinted.nl

XIOC detected Domain: vinted.nl

extracted_from_files

Domain

detected Domain: u299.libelle-lekker.be

XIOC detected Domain: u299.libelle-lekker.be

extracted_from_files

Domain

detected Domain: txrx.bol.com

XIOC detected Domain: txrx.bol.com

extracted_from_files

Domain

detected Domain: two.tio.nl

XIOC detected Domain: two.tio.nl

extracted_from_files

Domain

detected Domain: huuto.net

XIOC detected Domain: huuto.net

extracted_from_files

Domain

detected Domain: hs.fi

XIOC detected Domain: hs.fi

extracted_from_files

Domain

detected Domain: events.il.fi

XIOC detected Domain: events.il.fi

extracted_from_files

Domain

detected Domain: dp.alma.iltalehti.fi

XIOC detected Domain: dp.alma.iltalehti.fi

extracted_from_files

Domain

detected Domain: dax.yle.fi

XIOC detected Domain: dax.yle.fi

extracted_from_files

Domain

detected Domain: data.reactandshare.com

XIOC detected Domain: data.reactandshare.com

extracted_from_files

Domain

detected Domain: api.nettix.fi

XIOC detected Domain: api.nettix.fi

extracted_from_files

Domain

detected Domain: mtv3.fi

XIOC detected Domain: mtv3.fi

extracted_from_files

Domain

detected Domain: mha.fi

XIOC detected Domain: mha.fi

extracted_from_files

Domain

detected Domain: logger.omio.com

XIOC detected Domain: logger.omio.com

extracted_from_files

Domain

detected Domain: is.fi

XIOC detected Domain: is.fi

extracted_from_files

Domain

detected Domain: io-tech.fi

XIOC detected Domain: io-tech.fi

extracted_from_files

Domain

detected Domain: insights.mtv.a2d.tv

XIOC detected Domain: insights.mtv.a2d.tv

extracted_from_files

Domain

detected Domain: ilcdn.fi

XIOC detected Domain: ilcdn.fi

extracted_from_files

Domain

detected Domain: stats.fonecta.fi

XIOC detected Domain: stats.fonecta.fi

extracted_from_files

Domain

detected Domain: stat.mtv3.fi

XIOC detected Domain: stat.mtv3.fi

extracted_from_files

Domain

detected Domain: rantapallo.fi

XIOC detected Domain: rantapallo.fi

extracted_from_files

Domain

detected Domain: rakentaja.fi

XIOC detected Domain: rakentaja.fi

extracted_from_files

Domain

detected Domain: rac.ruutu.fi

XIOC detected Domain: rac.ruutu.fi

extracted_from_files

Domain

detected Domain: puutarha.net

XIOC detected Domain: puutarha.net

extracted_from_files

Domain

detected Domain: omataloyhtio.fi

XIOC detected Domain: omataloyhtio.fi

extracted_from_files

Domain

detected Domain: bravo.israelweather.co.il

XIOC detected Domain: bravo.israelweather.co.il

extracted_from_files

Domain

detected Domain: vidads.gr

XIOC detected Domain: vidads.gr

extracted_from_files

Domain

detected Domain: skroutza.skroutz.gr

XIOC detected Domain: skroutza.skroutz.gr

extracted_from_files

Domain

detected Domain: skroutz.gr

XIOC detected Domain: skroutz.gr

extracted_from_files

Domain

detected Domain: ts.fi

XIOC detected Domain: ts.fi

extracted_from_files

Domain

detected Domain: tori.fi

XIOC detected Domain: tori.fi

extracted_from_files

Domain

detected Domain: teamtailor.com

XIOC detected Domain: teamtailor.com

extracted_from_files

Domain

detected Domain: adat.ingatlanbazar.hu

XIOC detected Domain: adat.ingatlanbazar.hu

extracted_from_files

Domain

detected Domain: adat.borsonline.hu

XIOC detected Domain: adat.borsonline.hu

extracted_from_files

Domain

detected Domain: stats.mako.co.il

XIOC detected Domain: stats.mako.co.il

extracted_from_files

Domain

detected Domain: services.haaretz.co.il

XIOC detected Domain: services.haaretz.co.il

extracted_from_files

Domain

detected Domain: inn.co.il

XIOC detected Domain: inn.co.il

extracted_from_files

Domain

detected Domain: ds.haaretz.co.il

XIOC detected Domain: ds.haaretz.co.il

extracted_from_files

Domain

detected Domain: cellstats.mako.co.il

XIOC detected Domain: cellstats.mako.co.il

extracted_from_files

Domain

detected Domain: adat.veol.hu

XIOC detected Domain: adat.veol.hu

extracted_from_files

Domain

detected Domain: adat.travelo.hu

XIOC detected Domain: adat.travelo.hu

extracted_from_files

Domain

detected Domain: adat.origo.hu

XIOC detected Domain: adat.origo.hu

extracted_from_files

Domain

detected Domain: adat.mindmegette.hu

XIOC detected Domain: adat.mindmegette.hu

extracted_from_files

Domain

detected Domain: adat.mandiner.hu

XIOC detected Domain: adat.mandiner.hu

extracted_from_files

Domain

detected Domain: adat.life.hu

XIOC detected Domain: adat.life.hu

extracted_from_files

Domain

detected Domain: adat.koponyeg.hu

XIOC detected Domain: adat.koponyeg.hu

extracted_from_files

Domain

detected Domain: outal.origo.hu

XIOC detected Domain: outal.origo.hu

extracted_from_files

Domain

detected Domain: otthonterkep.hu

XIOC detected Domain: otthonterkep.hu

extracted_from_files

Domain

detected Domain: nyitvatartas24.hu

XIOC detected Domain: nyitvatartas24.hu

extracted_from_files

Domain

detected Domain: hirtv.hu

XIOC detected Domain: hirtv.hu

extracted_from_files

Domain

detected Domain: events.ingatlan.com

XIOC detected Domain: events.ingatlan.com

extracted_from_files

Domain

detected Domain: beam.telex.hu

XIOC detected Domain: beam.telex.hu

extracted_from_files

Domain

detected Domain: adat.videa.hu

XIOC detected Domain: adat.videa.hu

extracted_from_files

Domain

detected Domain: bukalapak.com

XIOC detected Domain: bukalapak.com

extracted_from_files

Domain

detected Domain: analytic20.detik.com

XIOC detected Domain: analytic20.detik.com

extracted_from_files

Domain

detected Domain: staticasset.amarujala.com

XIOC detected Domain: staticasset.amarujala.com

extracted_from_files

Domain

detected Domain: handler.amarujala.com

XIOC detected Domain: handler.amarujala.com

extracted_from_files

Domain

detected Domain: bhaskar.com

XIOC detected Domain: bhaskar.com

extracted_from_files

Domain

detected Domain: videa.hu

XIOC detected Domain: videa.hu

extracted_from_files

Domain

detected Domain: rtl.hu

XIOC detected Domain: rtl.hu

extracted_from_files

Domain

detected Domain: alfemminile.com

XIOC detected Domain: alfemminile.com

extracted_from_files

Domain

detected Domain: adnkronos.com

XIOC detected Domain: adnkronos.com

extracted_from_files

Domain

detected Domain: ta.tokopedia.com

XIOC detected Domain: ta.tokopedia.com

extracted_from_files

Domain

detected Domain: t.bukalapak.com

XIOC detected Domain: t.bukalapak.com

extracted_from_files

Domain

detected Domain: mygostore.com

XIOC detected Domain: mygostore.com

extracted_from_files

Domain

detected Domain: ktracker.kumparan.com

XIOC detected Domain: ktracker.kumparan.com

extracted_from_files

Domain

detected Domain: dt-tracker.mamikos.com

XIOC detected Domain: dt-tracker.mamikos.com

extracted_from_files

Domain

detected Domain: automobile.it

XIOC detected Domain: automobile.it

extracted_from_files

Domain

detected Domain: as.payback.it

XIOC detected Domain: as.payback.it

extracted_from_files

Domain

detected Domain: analytics.traderlink.com

XIOC detected Domain: analytics.traderlink.com

extracted_from_files

Domain

detected Domain: analytics.tio.ch

XIOC detected Domain: analytics.tio.ch

extracted_from_files

Domain

detected Domain: analytics.ticinolibero.ch

XIOC detected Domain: analytics.ticinolibero.ch

extracted_from_files

Domain

detected Domain: analytics.laregione.ch

XIOC detected Domain: analytics.laregione.ch

extracted_from_files

Domain

detected Domain: altervista.org

XIOC detected Domain: altervista.org

extracted_from_files

Domain

detected Domain: catalove.com

XIOC detected Domain: catalove.com

extracted_from_files

Domain

detected Domain: c.corriere.it

XIOC detected Domain: c.corriere.it

extracted_from_files

Domain

detected Domain: c-date.it

XIOC detected Domain: c-date.it

extracted_from_files

Domain

detected Domain: bnamic.com

XIOC detected Domain: bnamic.com

extracted_from_files

Domain

detected Domain: bachecaannunci.it

XIOC detected Domain: bachecaannunci.it

extracted_from_files

Domain

detected Domain: ayo.arredoitaliano.it

XIOC detected Domain: ayo.arredoitaliano.it

extracted_from_files

Domain

detected Domain: avvenire.it

XIOC detected Domain: avvenire.it

extracted_from_files

Domain

detected Domain: fanpage.it

XIOC detected Domain: fanpage.it

extracted_from_files

Domain

detected Domain: execution-ci360.rai.it

XIOC detected Domain: execution-ci360.rai.it

extracted_from_files

detected Domain: deagostinipassion.it

XIOC detected Domain: deagostinipassion.it

extracted_from_files

Domain

detected Domain: data.segugio.it

XIOC detected Domain: data.segugio.it

extracted_from_files

Domain

detected Domain: compare.easyviaggio.com

XIOC detected Domain: compare.easyviaggio.com

extracted_from_files

Domain

detected Domain: clickserver.libero.it

XIOC detected Domain: clickserver.libero.it

extracted_from_files

Domain

detected Domain: click.tv.repubblica.it

XIOC detected Domain: click.tv.repubblica.it

extracted_from_files

Domain

detected Domain: la7.it

XIOC detected Domain: la7.it

extracted_from_files

Domain

detected Domain: kijimea.it

XIOC detected Domain: kijimea.it

extracted_from_files

Domain

detected Domain: joka.it

XIOC detected Domain: joka.it

extracted_from_files

Domain

detected Domain: insights.cdt.ch

XIOC detected Domain: insights.cdt.ch

extracted_from_files

Domain

detected Domain: gazzetta.it

XIOC detected Domain: gazzetta.it

extracted_from_files

Domain

detected Domain: freeonline.org

XIOC detected Domain: freeonline.org

extracted_from_files

Domain

detected Domain: fideuram.it

XIOC detected Domain: fideuram.it

extracted_from_files

Domain

detected Domain: mediaset.it

XIOC detected Domain: mediaset.it

extracted_from_files

Domain

detected Domain: ma.register.it

XIOC detected Domain: ma.register.it

extracted_from_files

Domain

detected Domain: lupoporno.com

XIOC detected Domain: lupoporno.com

extracted_from_files

Domain

detected Domain: libero.it

XIOC detected Domain: libero.it

extracted_from_files

Domain

detected Domain: leggo.it

XIOC detected Domain: leggo.it

extracted_from_files

Domain

detected Domain: laregione.ch

XIOC detected Domain: laregione.ch

extracted_from_files

Domain

detected Domain: lalaziosiamonoi.it

XIOC detected Domain: lalaziosiamonoi.it

extracted_from_files

Domain

detected Domain: seat.it

XIOC detected Domain: seat.it

extracted_from_files

Domain

detected Domain: repstatic.it

XIOC detected Domain: repstatic.it

extracted_from_files

detected Domain: raiplay.it

XIOC detected Domain: raiplay.it

extracted_from_files

Domain

detected Domain: ppcdn.it

XIOC detected Domain: ppcdn.it

extracted_from_files

Domain

detected Domain: paginegialle.it

XIOC detected Domain: paginegialle.it

extracted_from_files

Domain

detected Domain: paginebianche.it

XIOC detected Domain: paginebianche.it

extracted_from_files

Domain

detected Domain: mtv.it

XIOC detected Domain: mtv.it

extracted_from_files

Domain

detected Domain: yachtingnetwork.it

XIOC detected Domain: yachtingnetwork.it

extracted_from_files

Domain

detected Domain: vistanet.it

XIOC detected Domain: vistanet.it

extracted_from_files

Domain

detected Domain: virgilio.it

XIOC detected Domain: virgilio.it

extracted_from_files

Domain

detected Domain: vinted.it

XIOC detected Domain: vinted.it

extracted_from_files

Domain

detected Domain: videogame.it

XIOC detected Domain: videogame.it

extracted_from_files

Domain

detected Domain: video.mediaset.it

XIOC detected Domain: video.mediaset.it

extracted_from_files

Domain

detected Domain: ana.chat.shalove.net

XIOC detected Domain: ana.chat.shalove.net

extracted_from_files

Domain

detected Domain: ana.3751chat.com

XIOC detected Domain: ana.3751chat.com

extracted_from_files

Domain

detected Domain: altema-log.com

XIOC detected Domain: altema-log.com

extracted_from_files

Domain

detected Domain: volkswagen-italia.it

XIOC detected Domain: volkswagen-italia.it

extracted_from_files

Domain

detected Domain: ad-bls-tracking.lemino.docomo.ne.jp

XIOC detected Domain: ad-bls-tracking.lemino.docomo.ne.jp

extracted_from_files

Domain

detected Domain: abema-tv.com

XIOC detected Domain: abema-tv.com

extracted_from_files

Domain

detected Domain: ad-platform.jmty.jp

XIOC detected Domain: ad-platform.jmty.jp

extracted_from_files

Domain

detected Domain: anyelse.com

XIOC detected Domain: anyelse.com

extracted_from_files

Domain

detected Domain: astat.nikkei.com

XIOC detected Domain: astat.nikkei.com

extracted_from_files

Domain

detected Domain: askdoctors.jp

XIOC detected Domain: askdoctors.jp

extracted_from_files

Domain

detected Domain: analyzer.fc2.com

XIOC detected Domain: analyzer.fc2.com

extracted_from_files

Domain

detected Domain: bringatrailer.com

XIOC detected Domain: bringatrailer.com

extracted_from_files

Domain

detected Domain: analyzer2.fc2.com

XIOC detected Domain: analyzer2.fc2.com

extracted_from_files

Domain

detected Domain: analysis.aws.locondo.jp

XIOC detected Domain: analysis.aws.locondo.jp

extracted_from_files

Domain

detected Domain: ana.luvul.net

XIOC detected Domain: ana.luvul.net

extracted_from_files

Domain

detected Domain: ana.skypemeet.net

XIOC detected Domain: ana.skypemeet.net

extracted_from_files

Domain

detected Domain: vvvvid.it

XIOC detected Domain: vvvvid.it

extracted_from_files

Domain

detected Domain: analysis.prod.joyfru.jiji.com

XIOC detected Domain: analysis.prod.joyfru.jiji.com

extracted_from_files

Domain

detected Domain: analytics.castel.jp

XIOC detected Domain: analytics.castel.jp

extracted_from_files

Domain

detected Domain: analytics.cocolog-nifty.com

XIOC detected Domain: analytics.cocolog-nifty.com

extracted_from_files

Domain

detected Domain: analytics.ikyu.com

XIOC detected Domain: analytics.ikyu.com

extracted_from_files

Domain

detected Domain: tracking.gruppo.mps.it

XIOC detected Domain: tracking.gruppo.mps.it

extracted_from_files

Domain

detected Domain: tracking.offerteshopping.it

XIOC detected Domain: tracking.offerteshopping.it

extracted_from_files

Domain

detected Domain: tracking.style24.it

XIOC detected Domain: tracking.style24.it

extracted_from_files

Domain

detected Domain: tracking.tuobenessere.it

XIOC detected Domain: tracking.tuobenessere.it

extracted_from_files

Domain

detected Domain: tracking.viaggiamo.it

XIOC detected Domain: tracking.viaggiamo.it

extracted_from_files

Domain

detected Domain: tuttocagliari.net

XIOC detected Domain: tuttocagliari.net

extracted_from_files

Domain

detected Domain: tuttogratis.it

XIOC detected Domain: tuttogratis.it

extracted_from_files

Domain

detected Domain: tuttomercatoweb.com

XIOC detected Domain: tuttomercatoweb.com

extracted_from_files

Domain

detected Domain: tracker.stileo.it

XIOC detected Domain: tracker.stileo.it

extracted_from_files

Domain

detected Domain: tracking.donnemagazine.it

XIOC detected Domain: tracking.donnemagazine.it

extracted_from_files

Domain

detected Domain: tracking.foodblog.it

XIOC detected Domain: tracking.foodblog.it

extracted_from_files

Domain

detected Domain: analytics.tver.jp

XIOC detected Domain: analytics.tver.jp

extracted_from_files

Domain

detected Domain: tracking.mammemagazine.it

XIOC detected Domain: tracking.mammemagazine.it

extracted_from_files

Domain

detected Domain: tracking.motorimagazine.it

XIOC detected Domain: tracking.motorimagazine.it

extracted_from_files

Domain

detected Domain: tracking.notizie.it

XIOC detected Domain: tracking.notizie.it

extracted_from_files

Domain

detected Domain: tantifilm.top

XIOC detected Domain: tantifilm.top

extracted_from_files

Domain

detected Domain: timinternet.it

XIOC detected Domain: timinternet.it

extracted_from_files

Domain

detected Domain: tio.ch

XIOC detected Domain: tio.ch

extracted_from_files

Domain

detected Domain: tiscali.it

XIOC detected Domain: tiscali.it

extracted_from_files

Domain

detected Domain: tla.traderlink.com

XIOC detected Domain: tla.traderlink.com

extracted_from_files

Domain

detected Domain: topolino.it

XIOC detected Domain: topolino.it

extracted_from_files

Domain

detected Domain: track.tesiteca.it

XIOC detected Domain: track.tesiteca.it

extracted_from_files

Domain

detected Domain: servizi.unionesarda.it

XIOC detected Domain: servizi.unionesarda.it

extracted_from_files

Domain

detected Domain: sgtm.tagmanageritalia.it

XIOC detected Domain: sgtm.tagmanageritalia.it

extracted_from_files

Domain

detected Domain: smsaffari.it

XIOC detected Domain: smsaffari.it

extracted_from_files

Domain

detected Domain: spaziogames.it

XIOC detected Domain: spaziogames.it

extracted_from_files

Domain

detected Domain: sst.colemanfurniture.com

XIOC detected Domain: sst.colemanfurniture.com

extracted_from_files

Domain

detected Domain: stats.splinder.com

XIOC detected Domain: stats.splinder.com

extracted_from_files

Domain

detected Domain: stats.stylight.it

XIOC detected Domain: stats.stylight.it

extracted_from_files

Domain

detected Domain: bookoffonline.co.jp

XIOC detected Domain: bookoffonline.co.jp

extracted_from_files

Domain

detected Domain: beat.yourtv.jp

XIOC detected Domain: beat.yourtv.jp

extracted_from_files

Domain

detected Domain: beacon.watch.impress.co.jp

XIOC detected Domain: beacon.watch.impress.co.jp

extracted_from_files

Domain

detected Domain: beacon.radiko.jp

XIOC detected Domain: beacon.radiko.jp

extracted_from_files

AI Security Report

AI Security Analysis: uBlock Origin

Analysis generated: 2025-12-11T12:58:56+13:00
Model: gemini-3-pro-preview

Quick Facts

Property	Value
UUID	`2b3d0a59-4175-5510-92ff-385b5b564ba8`
Type	chrome
Version
Users	24000000
Risk Score	100.0/100 (CRITICAL)
Malware Detected	⚠️ Yes
Secrets Exposed	✅ No
Critical Vulns	✅ No

AI Analysis

Executive Summary

This extension poses a CRITICAL security risk and appears to be a malicious imposter masquerading as the legitimate "uBlock Origin" extension. The analysis reveals a mismatch between the extension's UUID and the official store ID, an unverified publisher status, and a massive volume of high-severity malware signatures indicating capabilities for system command execution, file manipulation, and obfuscation. Immediate removal and incident response procedures are required.

Threat Assessment

The security posture of this extension is compromised on multiple levels:

Impersonation & Supply Chain Risk: The legitimate uBlock Origin extension has the Chrome Web Store ID cjpalhdlnbpafiamejdnhcphjbkeiagm. The UUID provided in this report (2b3d0a59...) does not match the official release. Combined with the "Verified Publisher: false" status, this strongly suggests a malicious clone or a compromised sideloaded version distributed outside the official store.
Malware Capabilities: The presence of YARA rules tagged postinstall_system_command, postinstall_file_download, and postinstall_file_manipulation is highly alarming. These signatures are typically associated with malicious packages (often from the NPM ecosystem) attempting to execute arbitrary code, download second-stage payloads, or modify system files upon installation.
Obfuscation: The detection of postinstall_obfuscation suggests the code is intentionally hidden to bypass static analysis, a tactic rarely used by legitimate open-source ad blockers which usually prioritize transparency.
Anomalous Volume: The total finding count (149,532) is exceptionally high, suggesting the extension may contain a large bundle of compromised libraries or a "kitchen sink" of malicious scripts.

Risk Justification

The Risk Score of 100/100 (CRITICAL) is fully justified and potentially conservative given the findings:

Malicious Intent: The findings indicate active malware behavior (system commands, file manipulation) rather than passive vulnerabilities.
High Impact: The ability to execute system commands and download files implies a potential for Remote Code Execution (RCE) and full system compromise.
Deception: Using the name of a trusted tool (uBlock Origin) increases the likelihood of users installing it and ignoring warning signs.

Key Findings

Identity Mismatch: The Extension UUID (2b3d0a59...) does not match the official uBlock Origin ID, confirming this is an unauthorized or fake version.
System Command Execution: Multiple instances of YARA--postinstall_system_command indicate the extension attempts to run shell commands on the host operating system, which is outside the scope of a legitimate ad blocker.
Dropper Behavior: Findings for postinstall_file_download and postinstall_file_manipulation suggest the extension acts as a "dropper," downloading and installing additional malware after the initial extension installation.
Obfuscation Techniques: YARA--postinstall_obfuscation indicates active attempts to hide malicious logic from security scanners.
Unverified Publisher: The lack of publisher verification contradicts the status of the legitimate uBlock Origin project, which is highly reputable.

Recommendations

IMMEDIATE REMOVAL: Force-uninstall this specific extension UUID (2b3d0a59-4175-5510-92ff-385b5b564ba8) from all endpoints immediately.
Blocklist UUID: Add this specific UUID to the organization's browser policy blocklist to prevent re-installation.
Incident Response: Initiate a threat hunt on endpoints where this extension was installed. Look for:
- Unusual processes spawned by the browser.
- Unexpected network connections to unknown IPs.
- Files created in temporary directories around the time of extension installation.
Credential Rotation: As the extension had high-level permissions and potential RCE capabilities, assume browser-stored credentials (cookies, saved passwords) on affected machines are compromised. Force a password reset for affected users.
Install Official Version: Direct users to the official Chrome Web Store link for the legitimate uBlock Origin (cjpalhdlnbpafiamejdnhcphjbkeiagm) if ad blocking is required.

Mitigation Strategies

There are no safe mitigation strategies for this specific artifact.
Because the analysis indicates inherent malicious logic (system commands and obfuscation) rather than accidental vulnerabilities, the extension cannot be "hardened" or restricted safely. It must be removed.

Confidence Assessment

Confidence: 95%
The combination of the wrong UUID, unverified publisher, and specific YARA signatures related to system command execution provides near-certainty that this is a malicious actor. The only remaining 5% uncertainty accounts for the theoretical possibility of a developer sideloading a corrupted development build containing node_modules with false positives, but in a production/security context, this must be treated as confirmed malware.

Disclaimer

This analysis was generated by an AI model and should be reviewed by security professionals. The findings are based on automated security scanning and may include false positives. Always verify critical findings manually before taking action.

Source Code Viewer

Source Code Not Available

Source code is not available for this version of the extension.

Frequently Asked Questions

Similar Extensions

Related extensions from the same publisher or marketplace

uBlock Origin Lite

[email protected]

CRITICAL 15.0M users

uMatrix

[email protected]

CRITICAL 70K users

uBlock Origin Scope

[email protected]

CRITICAL 40K users

JSaw Puzzle

[email protected]

HIGH 95 users

Photos Downloader Pro for Facebook

[email protected]

CRITICAL 458 users

OnHand

[email protected]

CRITICAL 5 users

Risk Assessment

Severity Breakdown

Finding Categories

YARA Rules Matched

Requested Permissions

About This Extension

Detailed Findings

OBFUSCATION-UNICODE_HEAVY-js/popup-fenix.js-70

OBFUSCATION-UNICODE_HEAVY-lib/codemirror/lib/codemirror.js-7711

OBFUSCATION-UNICODE_HEAVY-lib/codemirror/lib/codemirror.js-288

NET-FETCH-js/storage.js-1249

NET-FETCH-js/resources/json-edit.js-793

MANIFEST-SENSITIVE-PERM-TABS

MANIFEST-SENSITIVE-PERM-<ALL_URLS>

NET-FETCH-js/resources/prevent-fetch.js-82

NET-FETCH-js/start.js-313

NET-XMLHTTPREQUEST-js/cloud-ui.js-189

NET-FETCH-js/resources/prevent-fetch.js-192

NET-FETCH-js/storage.js-1203

NET-FETCH-js/assets.js-361

NET-FETCH-js/code-viewer.js-102

NET-FETCH-lib/lz4/lz4-block-codec-wasm.js-139

NET-FETCH-js/resources/json-edit.js-767

NET-XMLHTTPREQUEST-js/resources/utils.js-171

NET-XMLHTTPREQUEST-js/assets.js-249

NET-FETCH-js/diff-updater.js-190

YARA Rule Matches

postinstall file download

postinstall network communication

postinstall file manipulation

postinstall system command

postinstall obfuscation

postinstall persistence mechanism

LocalStorageShouldNotBeUsed

postinstall crypto operations

WarpStrings

credential steam data

credential env files

credential skype data

postinstall registry modification

postinstall environment access

DebuggerStatementsShouldNotBeUsed

NoUseWeakRandom

NoUseEval

Cerberus

Indicators of Compromise

All Indicators · 206

AI Security Report

Frequently Asked Questions

Similar Extensions

uBlock Origin Lite

uMatrix

uBlock Origin Scope

JSaw Puzzle

Photos Downloader Pro for Facebook

OnHand