Just checked one site that Google lists as suspicious. And here is what I discovered on the Safe Browsing diagnostic page
When I noticed the domain name listed as an intermediary for distributing malware I thought it was not a real Google Analytics.
I’ve seen a lot of malicious domains that mimics the Google Analytics address. At the first glance they are usually indistinguishable from the real address and look trustworthy, but once you take a closer look at them, you’ll be able to spot a fraud. Here are just a few items from my collection of fake Google Analytics domais: google-analysis .com, ssl-google-analytics .com, gooqle-analytics .com.
However this time it was a real Analytics domain. I double checked it by loading this address in my browser. No surprise – I landed on a real Google Analytics start page.
What’s wrong? I clicked on the link to check the diagnostics page for google-analytics.com.
This page said that google-analytics.com was not listed as suspicious and suspicious content was never found on this site within the past 90 days. However “over the past 90 days, google-analytics.com appeared to function as an intermediary for the infection of 2 sites “
So far it’s just a couple of sites but it’s not clear if this can affect millions of other sites using this popular Google’s web statistics service. Is there any potential danger? No one wants to get banned by Google for using Google’s own service.
What happened? Has someone managed to abuse Google Analytics code and make it distribute malware? Was it just a strange coincedence or another “human error“?
It would be really interesting to hear from Google regarding this issue.
Do you have any idea?
Update: Google contacted me to say that google-analytics.com was incorrectly identified as an intermediary. They told me that this happens in rare cases because determining which domains are intermediaries is complex, and they assured me that they are working on their systems to help avoid this problem in the future.