Is something infecting my Google searches?

Posted by hippietrail on Super User See other posts from Super User or by hippietrail
Published on 2012-11-16T06:57:43Z Indexed on 2012/11/17 5:04 UTC
Read the original article Hit count: 462

I starting doing some experimentation toward making a browser userscript for Google searches and when opening the JavaScript console noticed something that strikes me as very fishy:

The page at https://www.google.com.au/search?oq=XYZ&sourceid=chrome&ie=UTF-8&q=XYZ displayed insecure content from http://50.116.62.47/js/chromeServerV45.js.
The page at about:blank displayed insecure content from http://96.126.107.154/amz/google.php?callback=a&q=XYZ&country=US.

(XYZ is a placeholder for whatever the search terms really was.)

Is it likely that I've picked something like a drive-by browser infection? I've tried all kinds of searches for these URLs and other keywords but I've had no luck finding anything conclusive about whether they're malicious or what they are:

  • 50.116.62.47
  • chromeServerV45.js
  • 96.126.107.154
  • amz/google.php

The only extensions I have installed are either widely used or written by myself. But something else is strange and I'm not sure if it's just a coincidence. I updated my Windows Chrome browser today to version 23.0.1271.64 m and now my Extensions tab as well as my settings tab are blank, so I can't try disabling my extesions.


Here's some discussion I've been able to find so far but not really understand and make sense of:

© Super User or respective owner

Related posts about google-chrome

Related posts about malware