We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Proxy server shows odd looking domain requests from one Win8 machine
rhythmsoup
Posts: 78 Forumite
Im posting this here as Im wondering if anyone may have seen something similar. If you're working in an IT department and look at proxy logs you might have come across this:
Ive setup a squid proxy server at home which runs SARG (squid reports) one of the machines is showing some odd stuff in the URLs on the reports that the other machines dont. Typically you'll see "somedomain.com" under the list of visited sites. For this machine we often see some strange random URLs, in fact they dont look anything like URLs just random text, for example:
uanchzqfjy 1 258 0.00% 0.00% 100.00% 00:00:00 146 0.00%
trmsiclhwr 1 258 0.00% 0.00% 100.00% 00:00:00 151 0.00%
tnpwxxkcpz 1 258 0.00% 0.00% 100.00% 00:00:00 154 0.00%
tkpwlgxqds 1 258 0.00% 0.00% 100.00% 00:00:00 147 0.00%
I doubt if its a SARG or Squid problem since the other machines dont show this. Its a windows 8 machine and there is another windows 8 machine too that doesn't show the same output. We also have other devices like tablets and phones which also dont show the same.
Im wondering perhaps its some odd process on the machine thats causing this. I won't rule out malware either since the user of this machine is prone to downloading software and playing a lot of games :-)
Has anyone seen anything similar to this?
Ive setup a squid proxy server at home which runs SARG (squid reports) one of the machines is showing some odd stuff in the URLs on the reports that the other machines dont. Typically you'll see "somedomain.com" under the list of visited sites. For this machine we often see some strange random URLs, in fact they dont look anything like URLs just random text, for example:
uanchzqfjy 1 258 0.00% 0.00% 100.00% 00:00:00 146 0.00%
trmsiclhwr 1 258 0.00% 0.00% 100.00% 00:00:00 151 0.00%
tnpwxxkcpz 1 258 0.00% 0.00% 100.00% 00:00:00 154 0.00%
tkpwlgxqds 1 258 0.00% 0.00% 100.00% 00:00:00 147 0.00%
I doubt if its a SARG or Squid problem since the other machines dont show this. Its a windows 8 machine and there is another windows 8 machine too that doesn't show the same output. We also have other devices like tablets and phones which also dont show the same.
Im wondering perhaps its some odd process on the machine thats causing this. I won't rule out malware either since the user of this machine is prone to downloading software and playing a lot of games :-)
Has anyone seen anything similar to this?
0
Comments
-
It could be infected.
Some bots use Domain Generation Algorithm (DGA) techniques to generate random domains - most of which will not exist - to attempt to hide communication with it's command & control servers and prevent analysts tracking them.
EG: https://www.damballa.com/tdl4/0 -
I had reason to use SRware Iron (chromium based) with fiddler tonight (I usually use IE for anything fiddler related), and noticed these appearing in the fiddler log everytime I started Iron.
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom 2 502 HTTP vwtmmrxshj / 512 text/html; charset=UTF-8 iron:1164 3 502 HTTP eglhnxxafv / 512 text/html; charset=UTF-8 iron:1164 4 502 HTTP sojflhnzxr / 512 text/html; charset=UTF-8 iron:1164
Having never noticed or come across this behaviour before I then found this:
https://mikewest.org/2012/02/chrome-connects-to-three-random-domains-at-startup0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.8K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.8K Work, Benefits & Business
- 600.2K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards