New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 755068 link

Starred by 2 users

Issue metadata

Status: WontFix
Owner: ----
Closed: Aug 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 1
Type: Bug-Security



Sign in to add a comment

redirector.gvt1.com opening in chrome

Project Member Reported by s.patw...@samsung.com, Aug 14 2017

Issue description

Chrome Version: (copy from chrome://version) 59.0.3071.125
OS: (Android NOS)

What steps will reproduce the problem?
(1)chrome is making a connection to redirector.gvt1.com randomly
(2)
(3)

What is the expected result?
We just need explanation for why chrome is making a network connection to this site

What happens instead?


Please use labels and text to provide additional information.
 redirector.gvt1.com browser hijacker

For graphics-related bugs, please copy/paste the contents of the about:gpu
page at the end of this report.

 
Hello,

chrome is also seen made connections to the below URL
1) redirector.gvt1.com

2) vnhmlreal

3) Details on following unknown URL's 

Seq#=   4105 URL= aimxjdijddej
Seq#=   4107 URL= xzvvtdokuskcmm
Seq#=   4108 URL= yxsbdnbjewfmrq
Seq#=   4113 URL= yxsbdnbjewfmrq
Seq#=   4114 URL= yxsbdnbjewfmrq
Seq#=   4117 URL= aimxjdijddej
Seq#=   4118 URL= aimxjdijddej
Seq#=   4121 URL= yxsbdnbjewfmrq
Seq#=   4123 URL= xzvvtdokuskcmm
Seq#=   4124 URL= xzvvtdokuskcmm
Seq#=   4129 URL= aimxjdijddej
Seq#=   4137 URL= xzvvtdokuskcmm
Seq#=   6664 URL= qvvewuezeifyv
Seq#=   6666 URL= ycjbrxtuue
Seq#=   6667 URL= vnhmlreal
Seq#=   6672 URL= qvvewuezeifyv
Seq#=   6673 URL= qvvewuezeifyv
Seq#=   6676 URL= qvvewuezeifyv
Seq#=   6680 URL= ycjbrxtuue
Seq#=   6681 URL= ycjbrxtuue
Seq#=   6686 URL= vnhmlreal
Seq#=   6687 URL= vnhmlreal
Seq#=   6696 URL= ycjbrxtuue
Seq#=   6722 URL= vnhmlreal


can this be explained ?
What other information do you need?
Status: WontFix (was: Untriaged)
The random dotless hostnames you're seeing hit on startup are probes to determine whether your local network is providing truthful DNS results or whether it fakes results (e.g. in order to provide "value added" advertising or navigation pages). This feature is described here: https://mikewest.org/2012/02/chrome-connects-to-three-random-domains-at-startup

redirector.gvt1.com is a redirection service used by Google for a variety of purposes, including download of updates, etc.
Hello,

Please refer to the below two queries

1)What is the frequency of these probes
2)what triggers these probes?

Thanks
Re #3: It's not clear what you're asking. If you're asking when Chrome looks up randomly-generated dotless hostnames, then as outlined in #2, it occurs each time Chrome starts.
Cc: mili.adl...@samsung.cm
Please refer to the Client query below:-

1st query

Google mentioned they are checking whether local network is sending truthful DNS results or fake results. 

What is the frequency of this checking mechanism? Is it 3 times , 4 times in daily basis? 



2nd Query

Also, TMO is claiming some of URLS (below) sync frequencies are increased compared to typical sync frequency (4-8 times) a day. 

1)Please specify the triggers for junk DNS queries. Include feedback on what is the frequency of these queries for a scenario where there is no user interaction with the device sitting idle for 24 hours with UI turned off.

2)Pending action item ; Please provide RCA for following activities reported in the Data Application report from Samsung. For a device with SMD,

typical sync frequency for such android/Google background activities is 4-8 times a day.

play.googleapis.com 59 169.536 

android.clients.google.com 33 90.257 
 
www.google.com 17 39.515  

Re #6: Repeating myself in #4: DNS lookups of randomly-generated hostnames occur each time Chrome starts.

With regard to the question of when Android and Chrome hit the other URLs, these occur on an as-needed basis.
We found some sites accessed by google as below

r4---sn-n4v7sn76.gvt1.com
r5---sn-n4v7knll.gvt1.com

may i know what do these links do?

Sign in to add a comment