Difference between revisions of "Googleusercontent"
m |
m |
||
| Line 54: | Line 54: | ||
Mozilla uses the Google Cloud Platform for Firefox components. It is rented server capacity. Extensions can use googleusercontent.com to host some of their data files. | Mozilla uses the Google Cloud Platform for Firefox components. It is rented server capacity. Extensions can use googleusercontent.com to host some of their data files. | ||
| + | |||
| + | Ubuntu using googleusercontent.com | ||
| + | * connectivity-check.ubuntu.com | ||
| + | |||
| + | Ubuntu's Connectivity checking is a NetworkManager functionality that allows periodic checks to see if the system can access the internet. This is in poor taste by the developers of NetworkManager as it creates what might appear as suspicious looking connections to a domain that is known to host malware and other types of misuse. | ||
| + | |||
| + | Recommended Solution for Ubuntu / Mint Linux Users: disable Network Manager connectivity checks | ||
| + | * You can disable connectivity checking inside system settings -> privacy -> connectivity. | ||
Revision as of 17:56, 11 January 2024
googleusercontent
googleusercontent.com
There is a security risk involved. The problem is that because legitimate services rents use of this particular Google Cloud system, googleusercontent.com, it is difficult to discern what active connections to hosts on the domain are not malicious. The Google Cloud system in question is also being used by data thieves, hackers, and corporate logistics operations just to name a few. An active connection on your idle system could indicate an intruder, or simply be part of Firefox, or the operating system updater. COMPANIES SHOULD NOT USE SERVICES FROM GOOGLE CLOUD as the same system is being used for malicious activity. Google is making insufficient effort to keep the criminals from using the system also.
Hackers have found a way to share malware via trusted and reliable Google servers like those of googleusercontent. googleusercontent is Google’s domain for serving user-supplied content without affecting the safety of Google’s own pages.
"bc.googleusercontent.com" is Google computing cloud.
bc.googleusercontent.com
bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use.
Recently, Google has started storing images in a new domain, called googleusercontent.com. This domain is used for a variety of purposes, including cached copies of websites visited by the Google search engine, but the general purpose of this domain appears to be to store static content: i.e. content that is not expected to change.
You also need to take into account the 1st bit of that:
bc.googleusercontent.com
bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use.
Some other services that are from Google:
lh3.googleusercontent.com Used for loading images for Google+. lh5.googleusercontent.com Used for loading images for Google+. lh6.googleusercontent.com Used for loading images for Google+. s3.googleusercontent.com Used for loading favicons for AdWords ads. static.googleusercontent.com themes.googleusercontent.com Used for loading font files for Google Fonts. (Generally called within CSS from fonts.googleapis.com) translate.googleusercontent.com Google Translation Service
- Blocking access to all sites "bc.googleusercontent.com"
- Is NetworkManager sending HTTP requests to googleusercontent.com?
- Constant googeusercontent hits
- Malicious BOT on googleusercontent.com
- Google User Content CDN Used for Malware Hosting
There are different servers hosting Google user content, it's looks like they are on lh[1-6].googleusercontent.com, and with different prefixes.
For example, a picture in a Google Maps review will gives this URL : https://lh5.googleusercontent.com/p/AF1QipO_dHIeVRPSIqwxu3VQY7n0rh_R_6oH92NKSJzE And their prefixes will be "AF1Qip",
And Google profile pictures will starts with "AOh14G" :
- https://lh3.googleusercontent.com/a-/AOh14GiUjlWnt4MNgr7Wmeyb3PzXlka4E8PFEIlF27oIxIA
- https://lh3.googleusercontent.com/a-/AOh14GjfjYX7SdSzS12uUNr7biejHeSNKkS1cEHRwHNiSAk
We can also note that Google Photos / Albums URLs are also starting with "AF1Qip" :
- https://get.google.com/albumarchive/116817211900620900327/album/AF1QipMsEEwFLNjciBTQaRxIbn1AEyTYURdLnTU36CqT/AF1QipOX0W4N7QYJDyq449-5EVDkuQ6Nk6Dvkz1HxldI
- https://photos.google.com/photo/AF1QipOX0W4N7QYJDyq449-5EVDkuQ6Nk6Dvkz1HxldI
Mozilla uses the Google Cloud Platform for Firefox components. It is rented server capacity. Extensions can use googleusercontent.com to host some of their data files.
Ubuntu using googleusercontent.com
- connectivity-check.ubuntu.com
Ubuntu's Connectivity checking is a NetworkManager functionality that allows periodic checks to see if the system can access the internet. This is in poor taste by the developers of NetworkManager as it creates what might appear as suspicious looking connections to a domain that is known to host malware and other types of misuse.
Recommended Solution for Ubuntu / Mint Linux Users: disable Network Manager connectivity checks
- You can disable connectivity checking inside system settings -> privacy -> connectivity.
