Guardedsearchingext.xyz
The Guardedsearchingext.xyz domain is used to force Mozilla Firefox users to install a browser add-on called 'FF Guarded Searching.' The Guardedsearchingext.xyz domain includes a code that generates dialog boxes on your screen and prevents users from closing the page. Also, clicks on the Guardedsearchingext.xyz dialog boxes may issue a command to the browser to load Guardedsearchingext.xyz in full-screen mode. The full-screen page on Guardedsearchingext.xyz might show a notification in the top left corner of the browser and direct users to download and install the 'FF Guarded Searching' browser add-on. We have recorded the following messages appearing on Guardedsearchingext.xyz:
- Message №1:
- Message №2:
'To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier.
[Resend|BUTTON] [Cancel|BUTTON]'
'[URL] is requesting your username and password. The site says: "CLICK ON CANCEL TO CONTINUE!"
User Name: [TEXT BOX]
Password: [TEXT BOX]
[OK|BUTTON] [Cancel|BUTTON]'
The main body of the Guardedsearchingext.xyz page might include the logo of Firefox and the following text:
'Firefox requires a manual update
This update is required to ensure that you are protected on the Internet.
[Install now|BUTTON]
* This update is required
Protect yourself immediately on the Internet
Internet pages are automatically examined and possibly blocked
Increased protection against malware and viruses'
The 'FF Guarded Searching' browser add-on is known to require the following privileges:
- Access your data on websites.
- Access your browser tabs.
The Guardedsearchingext.xyz pop-ups may feature the following URLs:
h[tt]p://Guardedsearchingext.xyz/ff/?_subid=2m6mib21a2ie8qpkamhe&_token=
h[tt]p://Guardedsearchingext.xyz/ff/?_subid=17bjg421a2ie8qpkamhi&_token=
The Mozilla Foundation is a non-profit organization that leads the development of the Mozilla Firefox Web browser and does not use third-party services to deliver updates to Firefox. The Firefox browser includes a built-in updater that handles the installation of security patches and code fixes. You should not install add-ons from Guardedsearchingext.xyz and similar sites. The 'FF Guarded Searching' app is not recognized as a legitimate browser add-on, and it might expose users to malvertising and advanced cyber-threats. The pop-ups from Guardedsearchingext.xyz are perceived as the equivalent of the Chrome-38.site pop-ups also referred to as 'Add Extension' pop-ups. The Guardedsearchingext.xyz domain is registered to the 5.149.250.80 IP address where we found more than a dozen clones. PC users might want to install a trusted anti-malware shield that can block the content of the following domains associated with Guardedsearchingext.xyz:
h[tt]p://adblockshieldext[.]xyz/ff
h[tt]p://antivirmonitoringext[.]xyz/ff/
h[tt]p://ffantivir[.]com/ff
h[tt]p://getupdateff[.]com/ff
h[tt]p://guardedsurfingext[.]com/ff
h[tt]p://protectantivirext[.]biz//ff
h[tt]p://safeprotection[.]xyz/ff
h[tt]p://www.ffdefend[.]com/ff
h[tt]p://www.protecttoolext[.]com/ff
h[tt]p://www.saveprotecterext[.]com/ff
h[tt]p://www.securityext[.]com/ff
h[tt]p://www.ublockerext[.]com/ff
