Difference between revisions of "Googleusercontent"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m
m
Line 2: Line 2:
  
 
googleusercontent.com
 
googleusercontent.com
 +
 +
There is a security risk involved.  The problem is that because legitimate services rents use of this particular Google Cloud system, googleusercontent.com, it is difficult to discern what active connections to hosts on the domain are not malicious.  The Google Cloud system in question is also being used by data thieves, hackers, and corporate logistics operations just to name a few.  An active connection on your idle system could indicate an intruder, or simply be part of Firefox, or the operating system updater.  COMPANIES SHOULD NOT USE SERVICES FROM GOOGLE CLOUD as the same system is being used for malicious activity.  Google is making insufficient effort to keep the criminals from using the system also.
  
 
Hackers have found a way to share malware via trusted and reliable Google servers like those of googleusercontent.  googleusercontent is Google’s domain for serving user-supplied content without affecting the safety of Google’s own pages.   
 
Hackers have found a way to share malware via trusted and reliable Google servers like those of googleusercontent.  googleusercontent is Google’s domain for serving user-supplied content without affecting the safety of Google’s own pages.   
Line 11: Line 13:
 
bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use.
 
bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use.
  
 
+
Recently, [https://blog.kerika.com/googleusercontent-com-can-trip-you-up-if-you-disable-third-party-cookies/ Google has started storing images] in a new domain, called googleusercontent.com. This domain is used for a variety of purposes, including cached copies of websites visited by the Google search engine, but the general purpose of this domain appears to be to store static content: i.e. content that is not expected to change.
  
 
You also need to take into account the 1st bit of that:
 
You also need to take into account the 1st bit of that:
Line 36: Line 38:
 
* [https://support.google.com/webmasters/thread/142961720/malicious-bot-on-googleusercontent-com?hl=en Malicious BOT on googleusercontent.com]
 
* [https://support.google.com/webmasters/thread/142961720/malicious-bot-on-googleusercontent-com?hl=en Malicious BOT on googleusercontent.com]
 
* [https://www.bleepingcomputer.com/news/security/google-user-content-cdn-used-for-malware-hosting/ Google User Content CDN Used for Malware Hosting]
 
* [https://www.bleepingcomputer.com/news/security/google-user-content-cdn-used-for-malware-hosting/ Google User Content CDN Used for Malware Hosting]
 +
 +
There are different servers hosting Google user content, it's looks like they are on lh[1-6].googleusercontent.com, and with different prefixes.
 +
 +
For example, a picture in a Google Maps review will gives this URL : https://lh5.googleusercontent.com/p/AF1QipO_dHIeVRPSIqwxu3VQY7n0rh_R_6oH92NKSJzE And their prefixes will be "AF1Qip",
 +
 +
And Google profile pictures will starts with "AOh14G" :
 +
 +
*    https://lh3.googleusercontent.com/a-/AOh14GiUjlWnt4MNgr7Wmeyb3PzXlka4E8PFEIlF27oIxIA
 +
*    https://lh3.googleusercontent.com/a-/AOh14GjfjYX7SdSzS12uUNr7biejHeSNKkS1cEHRwHNiSAk
 +
 +
We can also note that Google Photos / Albums URLs are also starting with "AF1Qip" :
 +
 +
*    https://get.google.com/albumarchive/116817211900620900327/album/AF1QipMsEEwFLNjciBTQaRxIbn1AEyTYURdLnTU36CqT/AF1QipOX0W4N7QYJDyq449-5EVDkuQ6Nk6Dvkz1HxldI
 +
*    https://photos.google.com/photo/AF1QipOX0W4N7QYJDyq449-5EVDkuQ6Nk6Dvkz1HxldI
 +
 +
Mozilla uses the Google Cloud Platform for Firefox components.  It is rented server capacity. Extensions can use googleusercontent.com to host some of their data files.

Revision as of 17:45, 11 January 2024

googleusercontent

googleusercontent.com

There is a security risk involved. The problem is that because legitimate services rents use of this particular Google Cloud system, googleusercontent.com, it is difficult to discern what active connections to hosts on the domain are not malicious. The Google Cloud system in question is also being used by data thieves, hackers, and corporate logistics operations just to name a few. An active connection on your idle system could indicate an intruder, or simply be part of Firefox, or the operating system updater. COMPANIES SHOULD NOT USE SERVICES FROM GOOGLE CLOUD as the same system is being used for malicious activity. Google is making insufficient effort to keep the criminals from using the system also.

Hackers have found a way to share malware via trusted and reliable Google servers like those of googleusercontent. googleusercontent is Google’s domain for serving user-supplied content without affecting the safety of Google’s own pages.

"bc.googleusercontent.com" is Google computing cloud.

bc.googleusercontent.com

bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use.

Recently, Google has started storing images in a new domain, called googleusercontent.com. This domain is used for a variety of purposes, including cached copies of websites visited by the Google search engine, but the general purpose of this domain appears to be to store static content: i.e. content that is not expected to change.

You also need to take into account the 1st bit of that:

bc.googleusercontent.com

bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use.

Some other services that are from Google:

   lh3.googleusercontent.com Used for loading images for Google+.
   lh5.googleusercontent.com Used for loading images for Google+.
   lh6.googleusercontent.com Used for loading images for Google+.
   s3.googleusercontent.com Used for loading favicons for AdWords ads.
   static.googleusercontent.com
   themes.googleusercontent.com Used for loading font files for Google Fonts. (Generally called within CSS from fonts.googleapis.com)
   translate.googleusercontent.com Google Translation Service


There are different servers hosting Google user content, it's looks like they are on lh[1-6].googleusercontent.com, and with different prefixes.

For example, a picture in a Google Maps review will gives this URL : https://lh5.googleusercontent.com/p/AF1QipO_dHIeVRPSIqwxu3VQY7n0rh_R_6oH92NKSJzE And their prefixes will be "AF1Qip",

And Google profile pictures will starts with "AOh14G" :

We can also note that Google Photos / Albums URLs are also starting with "AF1Qip" :

Mozilla uses the Google Cloud Platform for Firefox components. It is rented server capacity. Extensions can use googleusercontent.com to host some of their data files.