[chromium-discuss] Chrome and Iron send out random http requests upon program launch
5,305 views
Skip to first unread message
bitburger
May 19, 2010, 1:44:41 PM5/19/10
to Chromium-discuss
Hi all,
I recently started using Privoxy, for a variety of reasons. Checking
my logs, I see that anytime I start Chrome or Iron - with no instance
running already - three random http requests are made, which are in no
way valid hostnames. They seem to be "random" strings containing only
chars. They are passed to Privoxy with no qualifiers. For example,
from the Privoxy log:
May 19 13:31:59.843 00000b94 Request: xcoilxxpwk/
May 19 13:31:59.843 00001eb8 Request: jvgebxlubf/
May 19 13:31:59.843 00000d0c Request: tnmgxgktww/
May 19 13:32:02.140 00000b94 Error: could not resolve hostname
xcoilxxpwk
May 19 13:32:04.453 00001eb8 Error: could not resolve hostname
jvgebxlubf
May 19 13:32:06.750 00000d0c Error: could not resolve hostname
tnmgxgktww
May 19 13:32:06.906 00000b94 Crunch: DNS failure: http://xcoilxxpwk/
May 19 13:32:07.000 00001eb8 Crunch: DNS failure: http://jvgebxlubf/
May 19 13:32:07.093 00000d0c Crunch: DNS failure: http://tnmgxgktww/
What do these strings mean? Why are they sent out? Putting on my
tinfoil hat... If a request like this is made with Google being the
default search engine, after the DNS failure for these, aren't the
queries sent to Google?
Interestingly, on TimeWarner in my area, apparently http://test/ is a
valid address...
On Chrome, another request can be sent and loaded while these fail to
resolve. On Iron, it seems that no further requests are sent until
the DNS failure comes back - try to load a page and you get the
backwards wheel until all the DNS failures are in (could be a
coincidence and just some slowness on Iron's part in startup).
Tested on WinXP SP3, current updates
Chrome 5.0.375.38
Iron 5.0.380
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
I recently started using Privoxy, for a variety of reasons. Checking
my logs, I see that anytime I start Chrome or Iron - with no instance
running already - three random http requests are made, which are in no
way valid hostnames. They seem to be "random" strings containing only
chars. They are passed to Privoxy with no qualifiers. For example,
from the Privoxy log:
May 19 13:31:59.843 00000b94 Request: xcoilxxpwk/
May 19 13:31:59.843 00001eb8 Request: jvgebxlubf/
May 19 13:31:59.843 00000d0c Request: tnmgxgktww/
May 19 13:32:02.140 00000b94 Error: could not resolve hostname
xcoilxxpwk
May 19 13:32:04.453 00001eb8 Error: could not resolve hostname
jvgebxlubf
May 19 13:32:06.750 00000d0c Error: could not resolve hostname
tnmgxgktww
May 19 13:32:06.906 00000b94 Crunch: DNS failure: http://xcoilxxpwk/
May 19 13:32:07.000 00001eb8 Crunch: DNS failure: http://jvgebxlubf/
May 19 13:32:07.093 00000d0c Crunch: DNS failure: http://tnmgxgktww/
What do these strings mean? Why are they sent out? Putting on my
tinfoil hat... If a request like this is made with Google being the
default search engine, after the DNS failure for these, aren't the
queries sent to Google?
Interestingly, on TimeWarner in my area, apparently http://test/ is a
valid address...
On Chrome, another request can be sent and loaded while these fail to
resolve. On Iron, it seems that no further requests are sent until
the DNS failure comes back - try to load a page and you get the
backwards wheel until all the DNS failures are in (could be a
coincidence and just some slowness on Iron's part in startup).
Tested on WinXP SP3, current updates
Chrome 5.0.375.38
Iron 5.0.380
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
Nico Weber
May 19, 2010, 1:51:43 PM5/19/10
to krg...@rit.edu, Chromium-discuss
If you type in a single-word search query, chrome needs to send a DNS
request to check if this might be a single-word host name: For
example, "test" might be a search for "test" or a navigation to
"http://test". If the query ends up being a host, chrome shows an
infobar that asks "did you mean to go to 'test' instead". For perf
reasons, the dns query needs to be asynchronous.
Now some ISPs started showing ads for non-existent domain names (
http://en.wikipedia.org/wiki/DNS_hijacking ), meaning chrome would
always show that infobar for every single-word query. Since this is
annoying, chrome now sends three random DNS requests at startup, and
if they all resolve (to the same IP, I think), it now knows not to
show the "did you mean" infobar for single-word queries that resolve
to that IP.
Nico
request to check if this might be a single-word host name: For
example, "test" might be a search for "test" or a navigation to
"http://test". If the query ends up being a host, chrome shows an
infobar that asks "did you mean to go to 'test' instead". For perf
reasons, the dns query needs to be asynchronous.
Now some ISPs started showing ads for non-existent domain names (
http://en.wikipedia.org/wiki/DNS_hijacking ), meaning chrome would
always show that infobar for every single-word query. Since this is
annoying, chrome now sends three random DNS requests at startup, and
if they all resolve (to the same IP, I think), it now knows not to
show the "did you mean" infobar for single-word queries that resolve
to that IP.
Nico
PhistucK
May 20, 2010, 2:56:15 AM5/20/10
to tha...@chromium.org, krg...@rit.edu, Chromium-discuss
Heh.
☆PhistucK
That is cool.
:)
☆PhistucK
PJC
May 21, 2010, 3:39:58 AM5/21/10
to Chromium-discuss
I have to agree, that's a neat trick to sidestep the ISPs that
redirect "non-existant domains"...
Wonder if there are any plans to extend its use to prevent the display
of those search pages/ad pages, and instead display a genuine DNS
lookup failure?
-PJC
On May 20, 7:56 am, PhistucK <phist...@gmail.com> wrote:
> Heh.
> That is cool.
> :)
>
> ☆PhistucK
>
>
>
>
>
> On Wed, May 19, 2010 at 20:51, Nico Weber <tha...@chromium.org> wrote:
> > If you type in a single-word search query, chrome needs to send a DNS
> > request to check if this might be a single-word host name: For
> > example, "test" might be a search for "test" or a navigation to
> > "http://test". If the query ends up being a host, chrome shows an
> > infobar that asks "did you mean to go to 'test' instead". For perf
> > reasons, the dns query needs to be asynchronous.
>
> > Now some ISPs started showing ads for non-existent domain names (
> >http://en.wikipedia.org/wiki/DNS_hijacking), meaning chrome would
redirect "non-existant domains"...
Wonder if there are any plans to extend its use to prevent the display
of those search pages/ad pages, and instead display a genuine DNS
lookup failure?
-PJC
On May 20, 7:56 am, PhistucK <phist...@gmail.com> wrote:
> Heh.
> That is cool.
> :)
>
> ☆PhistucK
>
>
>
>
>
> On Wed, May 19, 2010 at 20:51, Nico Weber <tha...@chromium.org> wrote:
> > If you type in a single-word search query, chrome needs to send a DNS
> > request to check if this might be a single-word host name: For
> > example, "test" might be a search for "test" or a navigation to
> > "http://test". If the query ends up being a host, chrome shows an
> > infobar that asks "did you mean to go to 'test' instead". For perf
> > reasons, the dns query needs to be asynchronous.
>
> > Now some ISPs started showing ads for non-existent domain names (
> > always show that infobar for every single-word query. Since this is
> > annoying, chrome now sends three random DNS requests at startup, and
> > if they all resolve (to the same IP, I think), it now knows not to
> > show the "did you mean" infobar for single-word queries that resolve
> > to that IP.
>
> > Nico
>
> > annoying, chrome now sends three random DNS requests at startup, and
> > if they all resolve (to the same IP, I think), it now knows not to
> > show the "did you mean" infobar for single-word queries that resolve
> > to that IP.
>
> > Nico
>
> > On Wed, May 19, 2010 at 10:44 AM, bitburger <krg1...@rit.edu> wrote:
> > > Hi all,
>
> > > I recently started using Privoxy, for a variety of reasons. Checking
> > > my logs, I see that anytime I start Chrome or Iron - with no instance
> > > running already - three random http requests are made, which are in no
> > > way valid hostnames. They seem to be "random" strings containing only
> > > chars. They are passed to Privoxy with no qualifiers. For example,
> > > from the Privoxy log:
>
> > > May 19 13:31:59.843 00000b94 Request: xcoilxxpwk/
> > > May 19 13:31:59.843 00001eb8 Request: jvgebxlubf/
> > > May 19 13:31:59.843 00000d0c Request: tnmgxgktww/
> > > May 19 13:32:02.140 00000b94 Error: could not resolve hostname
> > > xcoilxxpwk
> > > May 19 13:32:04.453 00001eb8 Error: could not resolve hostname
> > > jvgebxlubf
> > > May 19 13:32:06.750 00000d0c Error: could not resolve hostname
> > > tnmgxgktww
> > > May 19 13:32:06.906 00000b94 Crunch: DNS failure:http://xcoilxxpwk/
> > > May 19 13:32:07.000 00001eb8 Crunch: DNS failure:http://jvgebxlubf/
> > > May 19 13:32:07.093 00000d0c Crunch: DNS failure:http://tnmgxgktww/
>
> > > What do these strings mean? Why are they sent out? Putting on my
> > > tinfoil hat... If a request like this is made with Google being the
> > > default search engine, after the DNS failure for these, aren't the
> > > queries sent to Google?
>
> > > Interestingly, on TimeWarner in my area, apparentlyhttp://test/is a
> > > Hi all,
>
> > > I recently started using Privoxy, for a variety of reasons. Checking
> > > my logs, I see that anytime I start Chrome or Iron - with no instance
> > > running already - three random http requests are made, which are in no
> > > way valid hostnames. They seem to be "random" strings containing only
> > > chars. They are passed to Privoxy with no qualifiers. For example,
> > > from the Privoxy log:
>
> > > May 19 13:31:59.843 00000b94 Request: xcoilxxpwk/
> > > May 19 13:31:59.843 00001eb8 Request: jvgebxlubf/
> > > May 19 13:31:59.843 00000d0c Request: tnmgxgktww/
> > > May 19 13:32:02.140 00000b94 Error: could not resolve hostname
> > > xcoilxxpwk
> > > May 19 13:32:04.453 00001eb8 Error: could not resolve hostname
> > > jvgebxlubf
> > > May 19 13:32:06.750 00000d0c Error: could not resolve hostname
> > > tnmgxgktww
> > > May 19 13:32:06.906 00000b94 Crunch: DNS failure:http://xcoilxxpwk/
> > > May 19 13:32:07.000 00001eb8 Crunch: DNS failure:http://jvgebxlubf/
> > > May 19 13:32:07.093 00000d0c Crunch: DNS failure:http://tnmgxgktww/
>
> > > What do these strings mean? Why are they sent out? Putting on my
> > > tinfoil hat... If a request like this is made with Google being the
> > > default search engine, after the DNS failure for these, aren't the
> > > queries sent to Google?
>
> > > valid address...
>
> > > On Chrome, another request can be sent and loaded while these fail to
> > > resolve. On Iron, it seems that no further requests are sent until
> > > the DNS failure comes back - try to load a page and you get the
> > > backwards wheel until all the DNS failures are in (could be a
> > > coincidence and just some slowness on Iron's part in startup).
>
> > > Tested on WinXP SP3, current updates
> > > Chrome 5.0.375.38
> > > Iron 5.0.380
>
> > > --
> > > Chromium Discussion mailing list: chromium-disc...@chromium.org
>
> > > On Chrome, another request can be sent and loaded while these fail to
> > > resolve. On Iron, it seems that no further requests are sent until
> > > the DNS failure comes back - try to load a page and you get the
> > > backwards wheel until all the DNS failures are in (could be a
> > > coincidence and just some slowness on Iron's part in startup).
>
> > > Tested on WinXP SP3, current updates
> > > Chrome 5.0.375.38
> > > Iron 5.0.380
>
> > > --
> > > View archives, change email options, or unsubscribe:
> > > http://groups.google.com/a/chromium.org/group/chromium-discuss
>
> > --
> > Chromium Discussion mailing list: chromium-disc...@chromium.org
> > > http://groups.google.com/a/chromium.org/group/chromium-discuss
>
> > --
> > View archives, change email options, or unsubscribe:
> > http://groups.google.com/a/chromium.org/group/chromium-discuss
>
> --
> Chromium Discussion mailing list: chromium-disc...@chromium.org
> > http://groups.google.com/a/chromium.org/group/chromium-discuss
>
> --
Shadow
Jun 21, 2010, 11:33:05 AM6/21/10
to Chromium-discuss
This explains why my Google Web History is absolutely littered with
random http 'searches' that I supposedly executed, and additionally
explains the source of the requests.
Unfortunately, one Google product is affecting another... I really
dislike the spam in my Web History >:(
-- Shadow
On May 20, 3:51 am, Nico Weber <tha...@chromium.org> wrote:
> If you type in a single-word search query, chrome needs to send a DNS
> request to check if this might be a single-word host name: For
> example, "test" might be a search for "test" or a navigation to
> "http://test". If the query ends up being a host, chrome shows an
> infobar that asks "did you mean to go to 'test' instead". For perf
> reasons, the dns query needs to be asynchronous.
>
> Now some ISPs started showing ads for non-existent domain names (http://en.wikipedia.org/wiki/DNS_hijacking), meaning chrome would
> > Interestingly, on TimeWarner in my area, apparentlyhttp://test/is a
random http 'searches' that I supposedly executed, and additionally
explains the source of the requests.
Unfortunately, one Google product is affecting another... I really
dislike the spam in my Web History >:(
-- Shadow
On May 20, 3:51 am, Nico Weber <tha...@chromium.org> wrote:
> If you type in a single-word search query, chrome needs to send a DNS
> request to check if this might be a single-word host name: For
> example, "test" might be a search for "test" or a navigation to
> "http://test". If the query ends up being a host, chrome shows an
> infobar that asks "did you mean to go to 'test' instead". For perf
> reasons, the dns query needs to be asynchronous.
>
> > valid address...
>
> > On Chrome, another request can be sent and loaded while these fail to
> > resolve. On Iron, it seems that no further requests are sent until
> > the DNS failure comes back - try to load a page and you get the
> > backwards wheel until all the DNS failures are in (could be a
> > coincidence and just some slowness on Iron's part in startup).
>
> > Tested on WinXP SP3, current updates
> > Chrome 5.0.375.38
> > Iron 5.0.380
>
> > --
> > Chromium Discussion mailing list: chromium-disc...@chromium.org
>
> > On Chrome, another request can be sent and loaded while these fail to
> > resolve. On Iron, it seems that no further requests are sent until
> > the DNS failure comes back - try to load a page and you get the
> > backwards wheel until all the DNS failures are in (could be a
> > coincidence and just some slowness on Iron's part in startup).
>
> > Tested on WinXP SP3, current updates
> > Chrome 5.0.375.38
> > Iron 5.0.380
>
> > --
> > View archives, change email options, or unsubscribe:
> > http://groups.google.com/a/chromium.org/group/chromium-discuss
>
> --
> Chromium Discussion mailing list: chromium-disc...@chromium.org
> > http://groups.google.com/a/chromium.org/group/chromium-discuss
>
> --
Paul M
Dec 1, 2011, 5:26:47 AM12/1/11
to bitburger, chromium...@chromium.org
in the latest version of Chrome (15 on linux x86-64), if you enable a
proxy (either using manual settings or automatic) it sends requests
for random URLs at regular intervals, not just at startup.
proxy (either using manual settings or automatic) it sends requests
for random URLs at regular intervals, not just at startup.
I wonder if the repeated regular requests are a feature or a bug?
Pete Wilson
Apr 1, 2018, 3:09:27 AM4/1/18
to Chromium-discuss, krg...@rit.edu, paul.ma...@gmail.com
Still seems to be happening seven years later, so I guess Google isn't interested in fixing it.
For example, why send any additional requests if the first random request returns a host not found error? That implies no DNS hijacking is occurring, or are they worried that someone is going to delay DNS hijacking? Still seems a waste.
Reply all
Reply to author
Forward
0 new messages