Chrome Connecting To Random Domains On Start? Here Is Why!

Martin Brinkmann
Feb 18, 2012
Updated • Feb 19, 2012
Google Chrome

If you are monitoring your network traffic closely you may have noticed that the Google Chrome web browser and its Open Source counterpart Chromium are both trying to connect to three random ten letter words on start up. For most users, it is not clear why the browser is making those connections, and some have even assumed that they were either made to send information privately to Google, for tracking purposes, or even caused by malware running on the system.

Mike West analyzed the part of the browser's source code that was responsible for making the connections. He discovered that Chrome and Chromium are making those connections to help the browser's Omnibox figure out user intents correctly.

The issue that Google aims to fix with these connections is easily explained. Some Internet Service Providers have started to intercept requests that do not resolve properly. If you enter ghacks for instance in the address bar and tap on the return key afterwards, Chrome needs to figure out if you want to search for the term ghacks, or if you want to visit the site http://ghacks/. Since it cannot do that, it displays an infobar if the word would resolve to an existing domain name giving the user the chance to open the domain with another click.

When ISPs intercept the lookups to display their own error pages, usually filled with advertisement and search options, then it appears to the browser as if the word would resolve just fine. This in turn would mean that users would see the infobox in the browser even for words that do not resolve.

To prevent this, Google is making these three initial lookups on start up to see if ISPs intercept requests that cannot be resolved. It compares the IP addresses of the pages that are returned, and turns the infobox off if they are identical (as this suggests an ISP is intercepting the look ups).

How can you find out if Chrome or Chromium are making those requests? You can use programs that monitor traffic on the system. One example would be the free tool Fiddler which can show you the connections the browser makes.

google chrome random requests

The three random connections are highlighted in the screenshot above.

The three connections are nothing that users need to worry about. Thanks Mike for finding that out for us.


Previous Post: «
Next Post: «


  1. David said on September 24, 2020 at 5:54 pm

    Very interesting, and this is potentially causing issues with our Palo Alto Networks firewalls URL filtering service.

  2. Febrika Setiyawan said on February 25, 2014 at 5:03 pm

    Nice info =) I also experience that.

  3. Edu said on May 14, 2012 at 8:30 pm

    Buit it does more than that… in my case, it connects to and that are both google.

    It seems to be an https connection (the data is not readable). And it seems to keep running for a while. Anybody knws what it is?

  4. said on February 23, 2012 at 3:25 pm

    Very interesting the Fiddler, thanks.

  5. TheOldFellow said on February 21, 2012 at 1:43 pm

    Interesting, well done Google.
    Now what would someone without Windows do to discover things since Fiddler is a Windows program?

    1. Sum Yung Gai said on February 21, 2012 at 5:24 pm

      Wireshark, which is cross-platform, would also get us that information.

  6. Watt said on February 20, 2012 at 6:17 pm

    Thanks for the information, it’s very curious !

  7. vasa1 said on February 19, 2012 at 4:26 am

    Nice! I used to wonder about those entries but never got around to figuring out what they were. Incidentally, I use Privoxy to log and control http:// connections. One advantage of Privoxy is that it’s cross-platform.

  8. Jyo said on February 19, 2012 at 1:36 am

    This is a very interesting read, the way they approach and solve the omnibox issue. And thanks for sharing Fiddler with us too.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.