Today I found that google chrome was making lots of background connections to 1e100.net. I was a little worried at first but this seems to be a google owned domain and these connections are used for their anti-phishing/malware feature.
But even after disabling the feature I still noticed lots of connections open to 1e100.net:
ian@macbook-ian:~$ lsof -i4 | grep chrome
chrome 5294 ian 70u IPv4 82734 0t0 TCP macbook-ian.local:54753->nrt04s01-in-f99.1e100.net:www (ESTABLISHED)
chrome 5294 ian 81u IPv4 82735 0t0 TCP macbook-ian.local:54754->nrt04s01-in-f99.1e100.net:www (ESTABLISHED)
chrome 5294 ian 82u IPv4 82736 0t0 TCP macbook-ian.local:54755->nrt04s01-in-f99.1e100.net:www (ESTABLISHED)
chrome 5294 ian 89u IPv4 83365 0t0 TCP macbook-ian.local:56139->tx-in-f100.1e100.net:www (ESTABLISHED)
chrome 5294 ian 94u IPv4 83413 0t0 TCP macbook-ian.local:46004->tx-in-f138.1e100.net:www (ESTABLISHED)
Google seems to be doing a lot of user tracking via google chrome.
As for 1e100.net, it seems to be a domain used by google as a gateway to their server infrastructure. Simply pinging www.google.com reveals that it’s aliased to a 1e100.net subdomain:
ian@macbook-ian:~$ ping www.google.com
PING www.google.com (66.249.89.104) 56(84) bytes of data.
64 bytes from nrt04s01-in-f104.1e100.net (66.249.89.104): icmp_seq=1 ttl=51 time=10.2 ms
...