Unusual HEAD requests to nonsense URLs from Chrome
- by JeremyDWill
I have noticed unusual traffic coming from my workstation the last couple of days. I am seeing HEAD requests sent to random character URLs, usually three or four within a second, and they appear to be coming from my Chrome browser. The requests repeat only three or four times a day, but I have not identified a particular pattern. The URL characters are different for each request.
Here is an example of the request as recorded by Fiddler 2:
HEAD http://xqwvykjfei/ HTTP/1.1 Host:
xqwvykjfei Proxy-Connection:
keep-alive Content-Length: 0
User-Agent: Mozilla/5.0 (Windows; U;
Windows NT 6.1; en-US)
AppleWebKit/534.13 (KHTML, like Gecko)
Chrome/9.0.597.98 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.3
The response to this request is as follows:
HTTP/1.1 502 Fiddler - DNS Lookup
Failed Content-Type: text/html
Connection: close Timestamp:
08:15:45.283
Fiddler: DNS Lookup for xqwvykjfei
failed. No such host is known
I have been unable to find any information through Google searches related to this issue. I do not remember seeing this kind of traffic before late last week, but it may be that I just missed it before. The one modification I made to my system last week that was unusual was adding the Delicious add-in/extension to both IE and Chrome. I have since removed both of these, but am still seeing the traffic. I have run virus scan (Trend Micro) and HiJackThis looking for malicious code, but I have not found any.
I would appreciate any help tracking down the source of the requests, so I can determine if they are benign, or indicative of a bigger problem. Thanks.
