What is 1e100.net and why do I have TCP ports open to it?
I see my PC has TCP connections open to 1e100.net
. Then I checked the whois record and find it is registered to Google. Weird.
A quick search seems to indicate that 1e100.net
is pretty popular - about the same reach as adobe.com
or bbc.co.uk
according to Alexa - but what the hell is it? I run Chrome so assume it might have something to do with that, but why is there so little information about it?
Solution 1:
It's Google Safebrowsing feature in Chrome.
That feature checking sites and tell you if that site is "Attack Site"
sinni800: @MicTech, Google has all it's search servers under the 1e100 domain. I know this is kind of late but w/e. It does not ONLY relate to google safe browsing.
Solution 2:
From Google Help:
1e100.net is a Google-owned domain name used to identify the servers in our network.
Following standard industry practice, we make sure each IP address has a corresponding hostname. In October 2009, we started using a single domain name to identify our servers across all Google products, rather than use different product domains such as youtube.com, blogger.com, and google.com. We did this for two reasons: first, to keep things simpler, and second, to proactively improve security by protecting against potential threats such as cross-site scripting attacks.
Most typical Internet users will never see 1e100.net, but we picked a Googley name for it just in case (1e100 is scientific notation for 1 googol).
Solution 3:
Here is the truth. Google tracks you, me and everybody!
Lots of Google services use 1e100.net but that doesn't mean 1e100 is just for the services you want to have. For example Google safebrowsing feature(or I should say snitch) is being used no matter what you choose. Even if you disable any option on chrome to prevent safebrowsing, you will still have lots of connections to 1e100.net.
I have been trying to block all connections to 1e100.net but no luck! If you are using Google Chrome or any other Chrome based browser (Comodo Dragon, Yandex Browser and so on), your browser WILL send the URL you are visiting to Google. Even if you tell Chrome not to do that!
You can confirm that with these steps:
- Download and install Comodo Dragon(to test any Chrome based browser do that, of course Google Chrome also does that).
- Uncheck all checkboxes under the Privacy section in the Setting tab.
- Change default search engine for omnibox(you can use duckduckgo or something else).
- Type an URL into address bar and chrome immediately inform 1e100.net about the URL you are about to visit!
Here is the screenshot from Comodo Killswitch after I did those steps:
Not only that, GoogleUpdate.exe will run and send some more information EVEN IF chrome is closed and GoogleUpdate service is DISABLED!
I used Comodo Firewall the block 1e100.net and guess what, Chrome still find a way to open connection and send data to 1e100.net! It even pass through firewall. I don't know how but it does! then I found that Chrome uses IP addresses to access 1e100.net services, not domain name! That's a clever way to get through firewalls. Since there is huge number of IP addresses belonging to 1e100.net, it becames impossible to block it by IP addresses. On the other way, so other services also use 1e100.net which makes blocking 1e100.net resulting in also blocking some google services (maps, gmail, etc).
Google started with the motto "Don't be evil" but I say, "Don't be evil, says the devil".
I recommend to use Firefox as browser (of course you will still need to disable safebrowing in Firefox) and stop using Google products. I know it is a painful experience to do it but it had to be done!