A Look at the Top Blocked Websites

JULIEN SOBRIER

May 14, 2012 - 2 min read

Security Insights

Contents

Article
More blogs

Google Safe Browsing is the most popular security denylist in use. It is leveraged by Firefox, Safari and Google Chrome. As such, being blocked by Google is a big deal - users of these three browsers are warned not to visit the sites and Google puts warnings in their search results.

I've run Google Safe Browsing against the top 1 million (based on number of visits) websites according to Alexa. 621 of them are blocked by Google Safe Browsing. I've looked at the most popular to understand why they are considered malicious. Here is what I found for the most popular blocked sites:

Rank	Domain	Threat	Comment
6,239	subtitleseeker.com	Malicious JavaScript	Hijacked
18,784	financereports.co	Scam	Work from home scam
35,610	tryteens.com	PDF malware	Porn
41,560	iranact.co	Malicious JavaScript	Hijacked
47,016	creativebookmark.com	Fake AV	Hijacked
52,409	ffupdate.org	Adware download
52,431	vegweb.com	Malicious JavaScript	Hijacked
53,902	delgets.com	Malicious JavaScript	Hijacked
78,202	totalpad.com	Fake AV	Hijacked
81,403	kvfan.net	Malicious JavaScript	Hijacked
82,344	hgk.biz	Malicious JavaScript	Hijacked
83,858	youngthroats.com	Malicious IFRAME	Porn
125,305	metro-ads.co.in	Malicious JavaScript	Hijacked
133,455	salescript.info	Malicious JavaScript	Hijacked

http://financereports.co

creativebookmark.com

Most of the top-ranked websites that have been blocked are not malicious by nature, but they have been hijacked. Malicious JavaScript, similar to the code we found on a French government website, or a malicious IFRAME is generally the culprit. It is interesting to notice that Google decided to denylist the infected site, rather than just blocking the external domain hosting the malicious content.

I have also checked to see which country the blocked domain is hosted in. Here is the breakdown:

Most of the blocked sites are hosted in the US. Western Europe (especially Germany, France and the Netherlands) is number two, followed by China (8%).

There is a government website in this list: mdjjj.gov.cn. It contains malicious JavaScript for a third domain. The code is much more sophisticated that on the other sites on this list. The JavaScript is obfuscated, broken down in several files with a .jpeg extension. There is also a Flash exploit with a heap spray targeting Mac OS X, not unlike a Flash exploit we found on another Chinese site a few years ago. Windows users with Internet Explorer 6 and 7 users get the old "iepeers.dll" exploit (a different version for each browser).

No site is safe from hijacking. Personal websites and top-10,000 sites are all likely to be infected at some point.

Thank you for reading

Was this post useful?

Yes, very!

Not really

Disclaimer: This blog post has been created by Zscaler for informational purposes only and is provided "as is" without any guarantees of accuracy, completeness or reliability. Zscaler assumes no responsibility for any errors or omissions or for any actions taken based on the information provided. Any third-party websites or resources linked in this blog post are provided for convenience only, and Zscaler is not responsible for their content or practices. All content is subject to change without notice. By accessing this blog, you agree to these terms and acknowledge your sole responsibility to verify and use the information as appropriate for your needs.