iTerm2 added a feature in version 3.0.0 which would perform DNS requests on the text under the cursor to get a hint whether it was a clickable URL. This was a bad idea because DNS requests are not privacy-preserving. The feature has been disabled by default in 3.1.1 in commit e4eb1063.
I don't have an excuse: I just didn't give this issue enough thought. I apologize for the oversight and promise to be more careful in the future. Your privacy will always be my highest priority.
A user requested more details on when DNS requests were performed and what was requested.
When the Cmd key was pressed, the text under the mouse cursor was searched for a consecutive range of characters that contain alphanumerics or any of these characters: .?\/:;%=&_-,+~#@!*'(（)）|. The set of punctuation characters was configurable by an advanced preference ("Non-alphanumeric characters considered part of a URL for Semantic History"). This range of characters was placed in a string.
The string was then subjected to the following tests:
It contains a slash (but not as a prefix)
It starts with a scheme (e.g., http:) that has a registered handler
It starts with two or more words separated by a period, or a "dotted quad" IPv4 address
If any of those tests passes, then the hostname portion of that candidate URL was extracted and looked up. This would only happen if all the following conditions were met:
The window was "key" (i.e., it would receive keyboard input)
Semantic history was not disabled by an advanced pref