Windows 8 and 8.1 Forums


Windows 8.1 constant svchost connections to Google?

  1. #1


    Posts : 828
    Windows 7 x64 Ultimate/Windows 8.1/Linux

    Windows 8.1 constant svchost connections to Google?


    I've recently installed Windows 8.1 and I noticed Svchost is constantly attempting to connect to Google. As I don't use any google services, apart from Gmail (via thunderbird) and I firefox only as my browser, I'm quite curious.

    My firewall log gas lots of entries similar to these:
    Code:
    25/03/2015 19:17:20 | 920 | Host Process for Windows Services | C:\windows\system32\svchost.exe | Out | 59684 | 173.194.71.132 | 443 | TCP
    25/03/2015 19:17:20 | 920 | Host Process for Windows Services | C:\windows\system32\svchost.exe | Out | 59685 | 173.194.71.132 | 443 | TCP
    25/03/2015 19:16:20 | 920 | Host Process for Windows Services | C:\windows\system32\svchost.exe | Out | 59682 | 64.233.164.132 | 443 | TCP
    25/03/2015 19:16:20 | 920 | Host Process for Windows Services | C:\windows\system32\svchost.exe | Out | 59683 | 173.194.71.132 | 443 | TCP
    25/03/2015 19:15:20 | 920 | Host Process for Windows Services | C:\windows\system32\svchost.exe | Out | 59680 | 64.233.164.132 | 443 | TCP
    25/03/2015 19:15:20 | 920 | Host Process for Windows Services | C:\windows\system32\svchost.exe | Out | 59681 | 64.233.164.132 | 443 | TCP
    25/03/2015 19:14:20 | 920 | Host Process for Windows Services | C:\windows\system32\svchost.exe | Out | 59678 | 64.233.164.132 | 443 | TCP
    25/03/2015 19:14:20 | 920 | Host Process for Windows Services | C:\windows\system32\svchost.exe | Out | 59679 | 64.233.164.132 | 443 | TCP
    25/03/2015 19:13:20 | 920 | Host Process for Windows Services | C:\windows\system32\svchost.exe | Out | 59632 | 64.233.164.132 | 443 | TCP
    The IP addresses:
    Code:
    ==================================================
    Order             : 1
    IP Address        : 173.194.71.132
    Status            : Succeed
    Country           : USA - California
    Network Name      : GOOGLE
    Owner Name        : Google Inc.
    From IP           : 173.194.0.0
    To IP             : 173.194.255.255
    CIDR              : 173.194.0.0/16
    Allocated         : Yes
    Contact Name      : Google Inc.
    Address           : 1600 Amphitheatre Parkway, Mountain View
    Email             : arin-contact@google.com
    Abuse Email       : arin-contact@google.com
    Phone             : +1-650-253-0000 
    Fax               : 
    Whois Source      : ARIN
    Host Name         : 
    Resolved Name     : 
    ==================================================
    
    ==================================================
    Order             : 2
    IP Address        : 64.233.164.132
    Status            : Succeed
    Country           : USA - California
    Network Name      : GOOGLE
    Owner Name        : Google Inc.
    From IP           : 64.233.160.0
    To IP             : 64.233.191.255
    CIDR              : 64.233.160.0/19
    Allocated         : Yes
    Contact Name      : Google Inc.
    Address           : 1600 Amphitheatre Parkway, Mountain View
    Email             : arin-contact@google.com
    Abuse Email       : arin-contact@google.com
    Phone             : +1-650-253-0000 
    Fax               : 
    Whois Source      : ARIN
    Host Name         : 
    Resolved Name     : 
    ==================================================
    The PID (920 currently) for the Svchost in question leads to:
    Appinfo
    BITS
    gpsvc
    iphlpsvc
    LanmanServer
    ProfSvc
    RasMan
    Schedule
    SENS
    ShellHWDetection
    Themes
    Winmgmt

    I'm quite familiar with these services but I can't relate any of them to the connections shown above. I had a look through Task Scheduler but couldn't find any Google related tasks.

    I'm probably missing something here...

    Anyone have any ideas?

      My System SpecsSystem Spec

  2. #2


    Trnava
    Posts : 683
    Win 8.1.1 Pro x64


    It is most likely related to thunderbird's checking, since it is regular.
    Try to close
    thunderbird to see, if those connections will disappear.
      My System SpecsSystem Spec

  3. #3


    Posts : 828
    Windows 7 x64 Ultimate/Windows 8.1/Linux


    Quote Originally Posted by TairikuOkami View Post
    It is most likely related to thunderbird's checking, since it is regular.
    Try to close
    thunderbird to see, if those connections will disappear.

    Thanks for the reply. Unfortunately, thunderbird doesn't use svchost, it makes it's own connections. Also. the secure mail ports used by Gmail are 995 and 465. However, the IP address used by thunderbird when checking mail does fall with one of the blocks mentioned above.

    Code:
    25/03/2015 21:23:57 | 548 | Thunderbird | M:\windows\mozilla\thunderbird\thunderbird.exe | Out | 60626 | 64.233.165.16 | 995 | TCP
    Curiously, whilst investigating this, I noticed my feed reader (QuiteRSS) also makes connections to an address within the 173.194 block. Specifically - 173.194.71.121 which points to lb-in-f121.1e100.net. This a generic Google host name:

    What is 1e100.net?

    1e100.net is a Google-owned domain name used to identify the servers in our network.

    Following standard industry practice, we make sure each IP address has a corresponding hostname. In October 2009, we started using a single domain name to identify our servers across all Google products, rather than use different product domains such as youtube.com, blogger.com, and google.com. We did this for two reasons: first, to keep things simpler, and second, to proactively improve security by protecting against potential threats such as cross-site scripting attacks.

    Most typical Internet users will never see 1e100.net, but we picked a Googley name for it just in case (1e100 is scientific notation for 1 googol).
    Source

    In one link I read this is related to Chrome and Google safe browsing, but I don't have any chromium based products installed or otherwise. I know firefox also uses Google safe browsing but disabling that made no difference. I wonder if IE uses this service...
      My System SpecsSystem Spec

  4. #4


    Trnava
    Posts : 683
    Win 8.1.1 Pro x64


    It is related to Google Search as well. If you are running Firefox and you type something into URL bar, it will give you suggestions, which it gets from Google Search, since it is Mozilla's default search engine.
      My System SpecsSystem Spec

  5. #5


    Posts : 828
    Windows 7 x64 Ultimate/Windows 8.1/Linux


    Quote Originally Posted by TairikuOkami View Post
    It is related to Google Search as well. If you are running Firefox and you type something into URL bar, it will give you suggestions, which it gets from Google Search, since it is Mozilla's default search engine.
    No, I'm afraid it's not that either. I remove the default search engines from firefox and replace with DDG. I also use Omnibar with search suggestions disabled and I have 'browser.search.suggest.enabled' set to false in my user.js. Moreover, firefox doesn't use svchost for making searches.

    Edit: I should have mentioned in my original post, these are all in the 'blocked' connection log. So whatever is causing these connections is not adversely affecting day-to-day activities, at least not noticeably.
      My System SpecsSystem Spec

Windows 8.1 constant svchost connections to Google?
Related Threads
I have an issue that at times my computer gets all laggy(using all the resources) where a single action takes a lot of time to perform. So I opened my Task Manager and under processes I constantly see that this problem originates from the svchost consuming all available memory, that is, if I was...
BSOD ntkrnlmp and svchost. Almost daily now. in BSOD Crashes and Debugging
So recently I switched to 8.1. Not more than a few months back. Never had any trouble or crashes in windows 7 before. Since a few weeks ago I got a bsod during a long game session (3+hours) and that happened again a few days after that. But recently as I've been trying to fix it (check cables,...
Is svchost is a malware? in System Security
The free version of AVAST identified svchost.exe in C:\Windows\System32 as a malware, but some articles on internet state it is not a malware. Is svchost.exe in that location really a malware?
Well the title pretty much says it all, after updating to 8.1 from 8, svchost.exe is using a massive amount of my bandwidth. I know svchost.exe is a collection of services, but what I want to know is how I can figure out what specifally is using up all my bandwidth. I did make sure to disable...
event id 10010 dcom . and svchost.ext in Performance & Maintenance
Hi guys..getting multiple DCOM errors in event finder ... The server {9E6E74C7-0E85-4D14-8851-7635E2C1C528} did not register with DCOM within the required timeout. if I search that in the registry its a subkey of the icloudServices.NCAccount System
Help for svchost in User Accounts and Family Safety
Hi, I have a few days one problem with svchost.exe. Can you help me please?
Problem with svchost in Software and Apps
So uh... I'm using my computer for many hours... and finally notice that I am using 4GB of RAM... on idle. 2653 Everything seems to be running as normal... Any ideas at what this could be? Edit: I tried to create a dump but it was taking too long, so I cancelled it, and noticed that the same...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook