Welcome to the UPPward browser extension user guide.
The UPPward browser extension is a multifunctional tool. It actively checks the URL the user is accessing and cross-references it to the TRDB to see whether it is blacklisted or whitelisted. It allows users to search patterns such as URLs and crypto wallet addresses to check their legitimacy, and also to submit incident reports for the Sentinels to review.
Additionally, it scans wallet addresses displayed on websites. If the wallet address in question is blacklisted, the wallet address will be marked as suspicious and highlighted in red.
This user guide covers the features of the browser extension and how to make an incident report to the Sentinels for them to review.
Features: UPPward Active Protection
As mentioned earlier, UPPward actively checks the URL users are accessing to see whether it is blacklisted or whitelisted. Users may notice that the colour of the UPPward icon, which is found on the top right of the browser together with your other extensions, may differ according to the website they are on. The legend and their meaning will be elaborated on below:
Green: The site the user is on is whitelisted and verified to be legitimate by the Sentinels.
Yellow: The site is not captured in the TRDB, hence it is neither whitelisted nor blacklisted. Caution is advisable if visiting sites which require you to input confidential data.
Red: The site is blacklisted and verified to be malicious by the Sentinels. Interaction with the website is not advised.
Labels and overlays
Depending on the URL the users are on, UPPward will also display a green label or red overlay if it is a whitelisted or blacklisted website respectively.
If the user accesses a whitelisted website, an alert would appear in a form of this label at the top right instead. Additionally, the icon will turn green.
If the user is accessing a malicious website which is blacklisted in the Threat Reputation Database, the browser extension will display a warning and a red overlay to alert the user.
Users will be alerted if they visit a site which is blacklisted in the TRDB.
If the website is neither blacklisted nor whitelisted, no labels or overlays will be displayed. Instead, the UPPward icon will simply remain yellow .
Features: Twitter Filter
As UPPward only displays the red overlay when the URL itself is blacklisted, tweets made by bad actors on Twitter who had their handles blacklisted may escape UPPward Active Protection’s detection by making replies to other tweets made by famous people or accounts. One such example would be Binance, where scammers often promote giveaway scams by replying to Binance’s tweets.
However, the Twitter Filter scans tweets and compares the handles of their makers to the indicators in the TRDB. If it is a match and the handle belongs to a blacklisted account, then the tweet itself will be shaded in red , with a red hexagon with a white cross in the middle appearing next to their handle.
The Twitter Filter in action - catching tweets made by malicious actors
Similarly to the URL checker, the Twitter filter also works for tweets made by whitelisted accounts and accounts which are neither whitelisted or blacklisted
Tweets made by whitelisted accounts would have a green hexagon with a white tick in its centre next to the handle.
Features: The Search Bar
In order to access the search bar, users are required to click on the UPPward browser extension icon. It would be found on the top right corner of your browser together with your other extensions.
Once the icon has been clicked, the search bar would drop down from it.
The UPPward browser extension’s search bar
Users are able to input data such as URLs, domain names, crypto wallet addresses, twitter handles (e.g. @cz_binance) and email addresses. The browser extension will then match the patterns input by the users to any corresponding indicators in the TRDB and return the result.
If it is a malicious indicator which is captured in the TRDB, users will see something similar to the first picture above. Likewise, if it is a whitelisted indicator in the TRDB, users will encounter a result similar to the second picture.
If the indicator is not captured in the TRDB, the search bar will simply return a result similar to the picture above.
Features: Cryptocurrency Wallet Address Highlight
The cryptocurrency wallet address highlight operates by detecting wallet addresses, which are blacklisted in the TRDB, shown on websites. Upon detection, UPPward will highlight the wallet address accordingly in red and label it as ‘Suspicious’.
If users happen to be using Telegram on their web browser and a malicious actor contacts them, the cryptocurrency wallet address will highlight their wallet address if it is present in the TRDB.
The Cryptocurrency wallet highlight works on all websites except for a few. The exceptions are mostly well-known blockchain explorer websites, such as BlockExplorer, Etherscan and TRXplorer.
Features: Submitting an Incident Report
Users are able to submit an incident report to the Sentinels by clicking “ Report Now ” below the UPPward search bar. Alternatively, users can make a report at the following URL “https://portal.sentinelprotocol.io/create/case”.
Upon arriving at the reporting portal website, users are required to fill in the form with necessary information. The fields in the reporting form will be elaborated on below.
Take note that Sentinels and Uppsala employees will never ask for any personal information such as phone numbers, private keys, password or credit card information under any other circumstances. Please do not input any such information in the reporting portal.
Security Type: How the reported indicator would be labelled as once approved. Indicators under ‘ blacklist ’ will be reviewed and if approved, will be considered as malicious content . Likewise, indicators under ‘ whitelist ’ will be considered as legitimate content once reviewed and approved.
Reporting Target: The indicator such as URL, email address and crypto wallet address the users wish to report to the Sentinels for blacklisting or whitelisting. For URLs, it is recommended for users to specify whether it begins with HTTP or HTTPS.
Data Type: This field will be automatically filled once the user has input data inside the Reporting Target field. If the user thinks that it is incorrect, he can change the data type manually. Please take note that Facebook, Youtube, Twitter and Telegram links should fall under the “ Social Media ’ Data Type instead of “URL”.
Data Sub Type: Similarly to the Data Type field, this field will be automatically filled. It can also be changed by users manually.
Tags: Users are recommended to use at least one tag related to the reporting target. If you are unsure about which tag to choose, you may follow the guidelines below:
Phishing - The bad actor operated by stealing confidential information such as passwords and private keys by appearing to be from a legitimate source. E.g. fake MyEtherWallet sites.
Malware - Software which purposely performs tasks which damages, disrupts or grants unauthorized personnel access to a computer system or steals information. E.g. ransomware, trojans.
Scam - The malicious actor operated by deceiving users of their funds. E.g. Trust-trading scams, Giveaway scams, Admin impersonation scams on Telegram.
Hacks - The reporting target is involved in a large scale hack, such as the Cryptopia hack and the DragonEx hack.
Exploits - The malicious actor operates by exploiting a bug or vulnerability in a system.
Details: Users are highly recommended to describe the incident in as much detail as possible. For example:
Describe how you could have lost your crypto assets.
Describe how you believe may have found a potential suspicious website or wallet address.
Did you accidentally arrive at a suspicious website?
Did you receive a suspicious email?
Did you download any suspicious files?
Attachments (optional): This field is purely optional. However, users are recommended to provide as much evidence as possible, such as screenshots of the malicious content.
Contact (optional): An email address belonging to the user who made a user report. While this is optional, it is recommended to provide an email address so that the Sentinels may get in touch with the user if they need to clarify any information submitted by the user. Users’ email addresses would be not used in any other way.
Browser Extension Settings
If users wish to do so, they can edit the settings of the UPPward browser extension.
Under the General Settings tab, users are able to disable and enable the UPPward active protection, Twitter Filter and Crypto Address Highlight whenever they wish to. Users are advised to be extra cautious if they wish to disable them.
Users can alter the settings of the whitelist alert. They could choose whether to disable or enable the alert appearing , the display time and font size of the alert. Additionally, they can edit the colour of the alert itself.
Users can change the colour of the whitelist alert to anything they want.
Users could change the way UPPward blocks blacklisted sites from the traditional red overlay to a redirection instead.
UPPward prompting the users to be redirected to sentinelprotocol.io instead of ‘Back to Safety’ or ‘Proceed anyway’.
Users can also choose to enable or disable punycode URL block.
The punycode URL block is disabled by default, but if it is enabled, UPPward will block any website which contains punycode in its URL.
This is the end of the UPPward Browser Extension User Guide. If you still have any questions you wish to clarify, please do feel free to ask us in the forum!