Google's questionable actions during the user verification process using nodejs raised concerns

In my Nodejs project, I've implemented a user authentication system that involves sending confirmation emails for account verification.

Once a user creates an account, they receive an email with a URL to click on and verify their account - a process that runs smoothly without any issues.

During testing, I noticed something unusual. After clicking on the verification URL in the email sent to myself (simulating a new user), I observed two subsequent connections to the endpoint from Google's source IPs. What caught my attention even more was that the user agent strings associated with these requests were random versions of Chrome.

Here’s an example of the sequence: The first request is HTTP 200 followed by two HTTP 400s from Google IPs. I remove the user's verification code from the database upon successful verification to prevent such subsequent requests.

162.158.78.180 - - [03/Jul/2020:20:35:40 +0000] "GET /v1/user/verify/95a546cf7ad448a18e7512ced322d96f HTTP/1.1" 200 70 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36" "hidden.com" "72.191.192.163" "US" "en-US,en;q=0.9"
162.158.187.117 - - [03/Jul/2020:20:35:43 +0000] "GET /v1/user/verify/95a546cf7ad448a18e7512ced322d96f HTTP/1.1" 400 28 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" "hidden.com" "74.125.210.22" "US" "en-US,en;q=0.9"
162.158.187.117 - - [03/Jul/2020:20:35:43 +0000] "GET /v1/user/verify/95a546cf7ad448a18e7512ced322d96f HTTP/1.1" 400 28 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36" "hidden.com" "74.125.210.8" "US" "en-US,en;q=0.9"

Although the first IP address belongs to Cloudflare due to my usage, the subsequent ones reflected are the real ones reported by Cloudflare as shown in Nginx logs.

Any ideas on why Google is making these connections? Is there a reason behind using randomized user agents, which I find highly suspicious?

It's puzzling how these subsequent Google connections only occur when not monitoring the network tab via Chrome console before clicking the verification link in the email. Could this be related to some sort of tracking extension or malware affecting Google IPs? How else would these Google IPs appear?

For further information, follow the discussion in this thread:

node.jsexpressgoogle-chrome

Answer №1

It may sound strange, but I recently encountered a similar issue and it has been driving me crazy trying to pinpoint the cause. Is your desktop operating on Windows? If so, do you have the Adobe Update Service running (adobeupdateservice.exe)?

I resorted to terminating processes and disabling Chrome extensions one by one, and the problem ceased after I disabled the Adobe services. Oddly enough, only one of my two computers, with almost identical software installations, was triggering these unwanted "cache.google.com" requests. The key difference was that the computer generating these requests had a more recent version of adobeupdateservice installed just two weeks ago.

I have been testing it all day long now, and fortunately, it appears that the phantom follow-up requests from unknown IPs have finally ceased.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Is there a way to execute a Node 6 npm package within a Node 5.6.0 environment?

I am currently utilizing a tool called easy-sauce to conduct cross-browser JavaScript tests. Essentially, my package.json file references this tool for the test command: { "scripts": { "test": "easy-sauce" } } Everything runs smoothly when I exec ...

javascriptnode.jsnpmecmascript-6

Encountering difficulty in reaching the /login endpoint with TypeScript in Express framework

I'm currently working on a demo project using TypeScript and Express, but I've hit a roadblock that I can't seem to figure out. For this project, I've been following a tutorial series from this blog. However, after completing two parts ...

node.jstypescriptexpress

What is the best method for circumventing an express middleware?

I am currently working on an express application that utilizes several express routes, such as server.get('*' , ... ) to handle common operations like authentication, validation, and more. These routes also add extra information to the respon ...

javascriptjsonnode.jshttpexpress

Unveiling the steps to automatically conceal a submitted form in React, no longer requiring the manual activation of a toggle button

Currently, I have a list of songs and a toggle button that reveals a form to add a new song. However, I want the form to hide automatically after submission without requiring another button click. I tried using useEffect but couldn't get it to work. A ...

javascriptreactjsformsexpresshide

What is the process for changing a DynamoDB table from PROVISIONED to PAY_PER_REQUEST using Node.js?

Currently, I have a DDB table set up with BillingMode: PROVISIONED and ProvisionedThroughput:{...}. My goal is to switch it to BillingMode: PAY_PER_REQUEST, but every time I attempt this change, I encounter the following error: TypeError: Cannot read prop ...

javascriptnode.jsamazon-web-servicesamazon-dynamodbaws-sdk

Why is Zod making every single one of my schema fields optional?

I am currently incorporating Zod into my Express, TypeScript, and Mongoose API project. However, I am facing type conflicts when attempting to validate user input against the user schema: Argument of type '{ firstName?: string; lastName?: string; pa ...

typescriptexpresszod

The system cannot locate the "default" task. Please consider using the --force option to proceed. The process has been halted due to warnings

Below is the content of my gruntfile.js file var fs = require("fs"), browserify = require("browserify"), pkg = require("./package.json"); module.exports = function(grunt) { grunt.initConfig({ mochaTest: { test: { options: { ...

javascriptnode.jsgruntjs

"Make sure to close the serial connection with Arduino's serial port before proceeding with

Trying to utilize node.js to display the Serial data from an Arduino Uno connected via USB. The file script.js contains the following code: var SerialPort= require("serialport"); SerialPort.list(function(err,ports){ ports.forEach(fun ...

node.jsarduinonode-serialport

Top approach for Constructing Angular Front-End Forms with User Input

Greetings to all who happen upon this message, thank you for taking the time to potentially offer assistance! In my past experiences working with Wordpress (PHP), I utilized a plugin called Advanced Custom Fields from advancedcustomfields.com. This plugin ...

node.jsangularmongodbformsmean-stack

Changing the prototype of a generator function

TL;DR I am looking to enhance a generator function instance by adjusting its prototype, specifically the object received when calling a function*. Imagine I have a generator function: function* thing(n){ while(--n>=0) yield n; } Next, I create a ...

javascriptnode.jsecmascript-6generator

Can you please explain the counterpart of Date() in NodeJS for Python functions?

Can Python provide a function similar to Date() in NodeJS? Here is an example of the output from Node's Date() function: https://i.stack.imgur.com/oYvs2.png I am looking for the equivalent format in Python. ...

node.jspython-3.x

Denying the request to include sqlite3 as a requirement for its own installation

I managed to successfully compile the latest version of node.js without any hiccups. Now, my next task is to integrate a sqlite module for node.js into my project. Following the instructions provided by developmentseed for node-sqlite3, here's what I ...

node.jssqlitenpm

Is it possible to streamline the use of next() in Express middleware functions?

I have devised my route in a way that I'm not completely satisfied with. I would prefer to have separate middleware for each hasValid, but I am uncertain of how that could be implemented without interrupting the execution flow. const secretSender = a ...

node.jsexpress

Get image data from Next.JS API and show it in the web browser

I am looking to utilize my own next.js endpoints to request an image that I can then embed into my website. Currently, the issue I am facing is that the image seems to be immediately downloaded and does not display in the browser window. import type { Next ...

javascriptnode.jsrestnext.jsnext.js13

Accessing the Document Id in Mongoose Model Methods Using Pre / Save Middleware

Can anyone help me understand why I sometimes can't find the document ID from the post middle during a findAndUpdate operation? If you need further clarification, here is some code snippet: const mongoose = require('mongoose'), Schem ...

node.jsmongodbmongoosenpm

Welcome to the JavaScript NodeJs Open Library!

I am trying to open multiple images simultaneously in the default Windows Photo Viewer that I have stored in my folder using the npm open library: let files = ['Dog.gif', 'Cat.jpeg']; for(let i=0; i<files.length; i++){ open(`${file ...

javascriptnode.jsfilenpm

Error message: "Encountered an unhandled promise rejection while

I encountered the following error within a catch block: Error: Unhandled promise rejection. This error occurred either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). Here is ...

node.jsunhandled-promise-rejection

What is the correct process for authenticating requests from SSR to the Feathers JS API?

There are some examples available on how to access FeathersJS API from SSR, but the important aspect of authorizing such requests is missing. Is it feasible to create a feathers-client app for each request? Wouldn't that put too much load on the syste ...

javascriptnode.jsfeathersjs

Unable to transfer the array from express to mongoDB

I am attempting to send an array to MongoDB through an express post request. app.post('/createGroup', (req, res) => { const { title, description, tenants } = req.body; const group = { title: title, description: descript ...

node.jsmongodbexpress

Error: Package [email protected] could not be located

While attempting to launch my project, I encountered an unexpected error message. npm ERR! 404 Not Found: [email protected] ...

node.jsnpm