Security Insights

A Look at the Top Blocked Websites

A Look at the Top Blocked Websites
Google Safe Browsing is the most popular security denylist in use. It is leveraged by Firefox, Safari and Google Chrome. As such, being blocked by Google is a big deal - users of these three browsers are warned not to visit the sites and Google puts warnings in their search results.

I've run Google Safe Browsing against the top 1 million (based on number of visits) websites according to Alexa. 621 of them are blocked by Google Safe Browsing. I've looked at the most popular to understand why they are considered malicious. Here is what I found for the most popular blocked sites:

 
Rank Domain Threat Comment
6,239 subtitleseeker.com Malicious JavaScript Hijacked
18,784 financereports.co Scam Work from home scam
35,610 tryteens.com PDF malware Porn
41,560 iranact.co Malicious JavaScript Hijacked
47,016 creativebookmark.com Fake AV Hijacked
52,409 ffupdate.org Adware download  
52,431 vegweb.com Malicious JavaScript Hijacked
53,902 delgets.com Malicious JavaScript Hijacked
78,202 totalpad.com Fake AV Hijacked
81,403 kvfan.net Malicious JavaScript Hijacked
82,344 hgk.biz Malicious JavaScript Hijacked
83,858 youngthroats.com Malicious IFRAME Porn
125,305 metro-ads.co.in Malicious JavaScript Hijacked
133,455 salescript.info Malicious JavaScript Hijacked
 
http://financereports.co
creativebookmark.com
Most of the top-ranked websites that have been blocked are not malicious by nature, but they have been hijacked. Malicious JavaScript, similar to the code we found on a French government website, or a malicious IFRAME is generally the culprit. It is interesting to notice that Google decided to denylist the infected site, rather than just blocking the external domain hosting the malicious content.

I have also checked to see which country the blocked domain is hosted in. Here is the breakdown:
 

Most of the blocked sites are hosted in the US. Western Europe (especially Germany, France and the Netherlands) is number two, followed by China (8%).

There is a government website in this list: mdjjj.gov.cn. It contains malicious JavaScript for a third domain. The code is much more sophisticated that on the other sites on this list. The JavaScript is obfuscated, broken down in several files with a .jpeg extension. There is also a Flash exploit with a heap spray targeting Mac OS X, not unlike a Flash exploit we found on another Chinese site a few years ago. Windows users with Internet Explorer 6 and 7 users get the old "iepeers.dll" exploit (a different version for each browser).


No site is safe from hijacking. Personal websites and top-10,000 sites are all likely to be infected at some point.

Get the latest Zscaler blog updates in your inbox

Subscription confirmed. More of the latest from Zscaler, coming your way soon!

By submitting the form, you are agreeing to our privacy policy.