Difference between revisions of "Googleusercontent"
m |
m |
||
Line 2: | Line 2: | ||
googleusercontent.com | googleusercontent.com | ||
+ | |||
+ | There is a security risk involved. The problem is that because legitimate services rents use of this particular Google Cloud system, googleusercontent.com, it is difficult to discern what active connections to hosts on the domain are not malicious. The Google Cloud system in question is also being used by data thieves, hackers, and corporate logistics operations just to name a few. An active connection on your idle system could indicate an intruder, or simply be part of Firefox, or the operating system updater. COMPANIES SHOULD NOT USE SERVICES FROM GOOGLE CLOUD as the same system is being used for malicious activity. Google is making insufficient effort to keep the criminals from using the system also. | ||
Hackers have found a way to share malware via trusted and reliable Google servers like those of googleusercontent. googleusercontent is Google’s domain for serving user-supplied content without affecting the safety of Google’s own pages. | Hackers have found a way to share malware via trusted and reliable Google servers like those of googleusercontent. googleusercontent is Google’s domain for serving user-supplied content without affecting the safety of Google’s own pages. | ||
Line 11: | Line 13: | ||
bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use. | bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use. | ||
− | + | Recently, [https://blog.kerika.com/googleusercontent-com-can-trip-you-up-if-you-disable-third-party-cookies/ Google has started storing images] in a new domain, called googleusercontent.com. This domain is used for a variety of purposes, including cached copies of websites visited by the Google search engine, but the general purpose of this domain appears to be to store static content: i.e. content that is not expected to change. | |
You also need to take into account the 1st bit of that: | You also need to take into account the 1st bit of that: | ||
Line 36: | Line 38: | ||
* [https://support.google.com/webmasters/thread/142961720/malicious-bot-on-googleusercontent-com?hl=en Malicious BOT on googleusercontent.com] | * [https://support.google.com/webmasters/thread/142961720/malicious-bot-on-googleusercontent-com?hl=en Malicious BOT on googleusercontent.com] | ||
* [https://www.bleepingcomputer.com/news/security/google-user-content-cdn-used-for-malware-hosting/ Google User Content CDN Used for Malware Hosting] | * [https://www.bleepingcomputer.com/news/security/google-user-content-cdn-used-for-malware-hosting/ Google User Content CDN Used for Malware Hosting] | ||
+ | |||
+ | There are different servers hosting Google user content, it's looks like they are on lh[1-6].googleusercontent.com, and with different prefixes. | ||
+ | |||
+ | For example, a picture in a Google Maps review will gives this URL : https://lh5.googleusercontent.com/p/AF1QipO_dHIeVRPSIqwxu3VQY7n0rh_R_6oH92NKSJzE And their prefixes will be "AF1Qip", | ||
+ | |||
+ | And Google profile pictures will starts with "AOh14G" : | ||
+ | |||
+ | * https://lh3.googleusercontent.com/a-/AOh14GiUjlWnt4MNgr7Wmeyb3PzXlka4E8PFEIlF27oIxIA | ||
+ | * https://lh3.googleusercontent.com/a-/AOh14GjfjYX7SdSzS12uUNr7biejHeSNKkS1cEHRwHNiSAk | ||
+ | |||
+ | We can also note that Google Photos / Albums URLs are also starting with "AF1Qip" : | ||
+ | |||
+ | * https://get.google.com/albumarchive/116817211900620900327/album/AF1QipMsEEwFLNjciBTQaRxIbn1AEyTYURdLnTU36CqT/AF1QipOX0W4N7QYJDyq449-5EVDkuQ6Nk6Dvkz1HxldI | ||
+ | * https://photos.google.com/photo/AF1QipOX0W4N7QYJDyq449-5EVDkuQ6Nk6Dvkz1HxldI | ||
+ | |||
+ | Mozilla uses the Google Cloud Platform for Firefox components. It is rented server capacity. Extensions can use googleusercontent.com to host some of their data files. |
Revision as of 18:45, 11 January 2024
googleusercontent
googleusercontent.com
There is a security risk involved. The problem is that because legitimate services rents use of this particular Google Cloud system, googleusercontent.com, it is difficult to discern what active connections to hosts on the domain are not malicious. The Google Cloud system in question is also being used by data thieves, hackers, and corporate logistics operations just to name a few. An active connection on your idle system could indicate an intruder, or simply be part of Firefox, or the operating system updater. COMPANIES SHOULD NOT USE SERVICES FROM GOOGLE CLOUD as the same system is being used for malicious activity. Google is making insufficient effort to keep the criminals from using the system also.
Hackers have found a way to share malware via trusted and reliable Google servers like those of googleusercontent. googleusercontent is Google’s domain for serving user-supplied content without affecting the safety of Google’s own pages.
"bc.googleusercontent.com" is Google computing cloud.
bc.googleusercontent.com
bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use.
Recently, Google has started storing images in a new domain, called googleusercontent.com. This domain is used for a variety of purposes, including cached copies of websites visited by the Google search engine, but the general purpose of this domain appears to be to store static content: i.e. content that is not expected to change.
You also need to take into account the 1st bit of that:
bc.googleusercontent.com
bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use.
Some other services that are from Google:
lh3.googleusercontent.com Used for loading images for Google+. lh5.googleusercontent.com Used for loading images for Google+. lh6.googleusercontent.com Used for loading images for Google+. s3.googleusercontent.com Used for loading favicons for AdWords ads. static.googleusercontent.com themes.googleusercontent.com Used for loading font files for Google Fonts. (Generally called within CSS from fonts.googleapis.com) translate.googleusercontent.com Google Translation Service
- Blocking access to all sites "bc.googleusercontent.com"
- Is NetworkManager sending HTTP requests to googleusercontent.com?
- Constant googeusercontent hits
- Malicious BOT on googleusercontent.com
- Google User Content CDN Used for Malware Hosting
There are different servers hosting Google user content, it's looks like they are on lh[1-6].googleusercontent.com, and with different prefixes.
For example, a picture in a Google Maps review will gives this URL : https://lh5.googleusercontent.com/p/AF1QipO_dHIeVRPSIqwxu3VQY7n0rh_R_6oH92NKSJzE And their prefixes will be "AF1Qip",
And Google profile pictures will starts with "AOh14G" :
- https://lh3.googleusercontent.com/a-/AOh14GiUjlWnt4MNgr7Wmeyb3PzXlka4E8PFEIlF27oIxIA
- https://lh3.googleusercontent.com/a-/AOh14GjfjYX7SdSzS12uUNr7biejHeSNKkS1cEHRwHNiSAk
We can also note that Google Photos / Albums URLs are also starting with "AF1Qip" :
- https://get.google.com/albumarchive/116817211900620900327/album/AF1QipMsEEwFLNjciBTQaRxIbn1AEyTYURdLnTU36CqT/AF1QipOX0W4N7QYJDyq449-5EVDkuQ6Nk6Dvkz1HxldI
- https://photos.google.com/photo/AF1QipOX0W4N7QYJDyq449-5EVDkuQ6Nk6Dvkz1HxldI
Mozilla uses the Google Cloud Platform for Firefox components. It is rented server capacity. Extensions can use googleusercontent.com to host some of their data files.