The Mysterious

For those of you who watch their incoming/outgoing internet connections closely, you may have noticed the domain pop up periodically for seemingly no reason, and in some instances you may have a persistent connection to it – even as soon as you start your computer.

What is It’s Google. A WHOIS lookup for that domain reveals it’s owned by them.

Why would Google use an "weird" domain name like It’s symbolic of a googol (10×10^100) which is where Google gets its name from.

Being that most people aren’t aware of this, the first reaction upon seeing this in a network management program, such as a software-based firewall, is to block it because they don’t know what it is. It further freaks people out if it shows up as a persistent connection that they can’t get rid of.

The domain will never show up by itself. It will always be a subdomain such as

Instances where you will see the connection

(By "see" I mean literally seeing this from a network utility that can closely monitor all network requests.)

Any web page that has embedded YouTube video

For YouTube itself (a Google property) or any other web site that has a YouTube video embedded in it, will show up even if the video isn’t loaded. When the Flash player first launches it makes a request to YouTube for the video thumbnail image and therefore requests for that data.

Firefox "safe browsing"

This feature by default is enabled and uses a Google server to check web sites you load to see if they’re in the "bad" list.

This is located from Tools / Options / Security:


The two checkboxes "Block reported attack sites" and "Block reported web forgeries" enable Firefox to check every single web site you load against the "bad" list Google has.

Uncheck these two boxes if you don’t want where you surf to be checked against the Google list.

If you want to see the actual configuration data for this, load the address about:config in Firefox, then search for safebrowsing, like this:


You don’t have to necessarily do anything here, but if you wanted to know "How much Google is in my Firefox?", there’s your answer.

Google Earth / Google Updater

Both Earth and Updater (which Earth installs by default) will make connections to to check for updates.

You can instruct Updater not to do that if so desired.

Other places?

As far as I’m aware, the three above instances are where you will see appear. Now that you’re aware what it is and its purpose, you now know it’s not spyware or malware. It’s Google. Using a weird domain because.. um.. well.. it’s a really long (but not really) story and we’ll leave it at that. 🙂


  1. is google the new microsoft?

    first we had microsft everything, now it’s google everything.

  2. Excellent information….I agree with Jase. Sadly, its becoming harder to stay one step ahead of the unethical.

  3. toddboyle says:

    OK thanks for all the information.

    Where can I get a utility to BLOCK GOOGLE EVERYTHING?

    How hard is that. Sheesh. GIVE ME THE UTILITY.

  4. doesprivacyexist says:

    haha Googol. officially it’s caching or attack site verification (a “service”, but personally i think it’s to collect info on habbits… Cheaper then phoning ppl for inquiries and big money it is. Yet nobody hangs up when google is phoning you ;)… Stange. Anyhow if you’re up to it: Best learn about how to get rid of flash cookies and read about unique id’s, afterwards never visit google, youtube, etc… (yes they are the same) Don’t forget to also set search bar to something different then google too if using firefox. Maybe check out 🙂

    As a final note, I want to mention, if it will not be google, it will be another. Get used to it or don’t use internet

  5. You’re right that the googol has one hundred zeros but your scientific notation is off. 10*10^100 is 1e101, whereas a googol is 1*10^100 (or just 10^100 or 1e100).

  6. ekrn.exe (nod32 antivirus) keeps connecting to 1e100…

    ekrn.exe:296 TCP 192.168.*.*:* ESTABLISHED resolves to
    Top Level Domain: “”
    Country IP Address: UNITED STATES

    • Jim Cooper (of course) says:

      I wonder who has the job of dreaming up all the sub-domain and sub-sub-domain names to use with … : ))

  7. GoogleMail, Blogger, GTalk … all appear to open connections to 1e100 …

  8. i'm also getting this for port 993 (i think it's an imap thing or something as i'm usinng google for email hosting and stuff)

  9. You can see the also if you 'ping'
    (and of course by using nslookup/dig but that's geeky stuff 😉

    • TechnoShaman says:

      PING showed me nothing of the sort. I think you mean to say, “Do a TRACEROUTE”, as in
      (leave off the http:// stuff, it is not the proper syntax for this)
      which for me leads to a series of anonymous servers along the path… rather odd.
      For those unfamiliar with this “geeky stuff”, these are DOS-like commands you use in a Command Window in Windows: CMD.EXE followed by TRACERT and the NAME or ADDRESS you wish to inquire about, which does not have to be an http type name or address:
      works just fine (but checks a slightly different address).

      Regards, etc.

  10. Biswajit says:

    Well why actually google is using for is quite unknown, but i checked out the above link to find out, what is the link between google and 1e100

    • Jim Cooper says:

      A ‘google’ is the name for the number that is one with 100 zeros… similar to Tera .. and Mega … we’re just not used to dealing with numbers quite that big … YET ..

  11. you will see that domain when you start firefox… you know.. the default google search page that loads when you first start google?

  12. found 12 names for the MX servers for ESTAFADORES TIMO,,,,,,,,,,, and (A single machine may go by more than one hostname. All of them are shown.)

  13. > …it’s not spyware or malware. It’s Google…

    Well, who says that Google isn’t spying on you anyway. Just because it’s Google doesn’t mean it’s can’t or won’t be used against you.

  14. Tiago Paolini says:

    Just in case someone is interested, here is the official satement from Google about this domain:

  15. using ie 11 and no network activity that I can see in network resource monitor

  16. “ET ATTACK_RESPONSE Microsoft CScript Banner Outbound” being detected to and not entirely sure why the sig matches what Google is doing. shows registered to Google but Registrar is who specializes in brand protection. Curious what is really going on but no time to dig deeper.

  17. Those interested can buy the away from google, it expires on: Registrar Registration Expiration Date: 2019-09-24T22:40:03-0700. Hmmm, I wonder if you could reserve it from the 25th of September and on….. >;)

  18. Mikael Isaksson says:

    Occasionally Fallout 4 crasches when changing area. Everytime that happens, and I don’t know if this is the cause or a respons to the crasch, but every time that happens, steam.exe sends several hundreds of megabyte to an adress such as this. But Fallout just become unresponsive and has to be forcibly shut down.

  19. By mass data collection makes it Harder to find the correct information. What it is this 1e100 doesnt represent scientific notion for a Google. Bc e= 2.718
    Whst does it mean?
    Giving in this situation I know that the integral of e is itself a partial differential operation. Do e= operator of the partial differential in question, with reference yo our initial integral.

    Technically speaking GOOGLE COULD HAVE AN INFINITE VOLUME OF SPACE by utilizing this domain name properly. Its what sets an integral to start moving leads to imaginary numbers, Querteronians…..

    My best guess is a SUPER WIFIMAXX COMPUTER OR “baby QUANTUM” computer using just Quibits FOR EXTRA COMPUTATIONAL POWER

Speak Your Mind