I found a phishing filter (here) which can be used in content blockers (as well as adblockers) like uBlock Origin. I wanted to analyze the phishing links — and this is the analysis.
crazydomains.com (with their Sitebeat website builder), with 1,164 websites. Interestingly, the domains I tested seemed to redirect to global_errors.sitebeat.crazydomains.com with a “Coming Soon” page (which is also in the filter list)
Google Docs, with 1,296 entries. This includes 74 forms, 10 documents, 6 drawings, and 1,206 presentations. Almost all presentations contain “/pub?” with some data as URL parameters. I’m not too sure what this does. In addition, Google Drive has 9 entries. Many of the URLs seem to be taken down, either by the owner or by Google.
There are 102 entries for “script.google.com” (Google Apps Script) which link to macros and running the script, sometimes with parameters to track the user that clicks.