Anyone know what these URLs are for?

Google is becoming like a bad rash. It just won’t go away. There’s very little useful info in the posts below. Basically me ranting about Google URL’s. If you’ve found a good way to block Google IPs please leave a post. I’ve been blocking them at the firewall but it’s a PITA.

Anyone know what Firefox does with these URLs?
Are these critical or can I chop them off at the firewall?

yyz = Toronto (AFAIK) = Google domain

A reverse IP for those servers .

Google is becoming a bad rash.

It looks like I’m stuck with these connections.

ff seems to love them. Connects to them on every new page. I assume it’s checking the page url against a white/black list.

1 or 2 connections for lookups is no problem. But 10 or 15 or 20? Excessive? Yup. Security hole? You decide.

Ok I’m back to blocking by ip. Thanks for the info.

Solved part of the mystery of the above URLs.

Opened about:config in ff. Searched for safebrowsing. ff returns a bunch of rows. Took one of them → and did a nslookup with it.

nslookup returned these ips:,,,,,,,, (these will probably change based on your location)

Took the first ip → and did a nslookup lookup with it. It returned this: (yyz might change depending on where you live)

So the above urls are ff checking black/white lists.

So at least I know why/where ff is poking holes out of my system.

It appears these urls:

Update these files in Firefox:

08/13/2015 09:58 AM 12 goog-badbinurl-shavar.cache
08/13/2015 09:58 AM 550,934 goog-badbinurl-shavar.pset
08/13/2015 09:58 AM 1,020,294 goog-badbinurl-shavar.sbstore
08/04/2015 03:23 PM 9,900 goog-downloadwhite-digest256.cache
08/04/2015 03:23 PM 16 goog-downloadwhite-digest256.pset
08/04/2015 03:23 PM 12,600 goog-downloadwhite-digest256.sbstore
08/13/2015 09:58 AM 12 goog-malware-shavar.cache
08/13/2015 09:58 AM 1,025,022 goog-malware-shavar.pset
08/13/2015 09:58 AM 1,792,357 goog-malware-shavar.sbstore
08/12/2015 09:26 AM 12 goog-phish-shavar.cache
08/12/2015 09:26 AM 953,976 goog-phish-shavar.pset
08/12/2015 09:26 AM 973,708 goog-phish-shavar.sbstore
08/13/2015 09:28 AM 44 test-malware-simple.cache
08/13/2015 09:28 AM 16 test-malware-simple.pset
08/13/2015 09:28 AM 232 test-malware-simple.sbstore
08/13/2015 09:28 AM 44 test-phish-simple.cache
08/13/2015 09:28 AM 16 test-phish-simple.pset
08/13/2015 09:28 AM 232 test-phish-simple.sbstore

In xp find the above in:
C:\Documents and Settings[i][/i]\Local Settings\Application Data\Mozilla\Firefox\Profiles[i][/i]\safebrowsing

Trying to get completely rid of the * and * URLs has proven to be a PITA. Disabling everything in FF DOESN’T prevent the connections. So I started chopping them off at the firewall (again another PITA). If you can add more to the story please leave a note below. Bob

After doing a lot of searching I found the piece below, have a read it’s pretty interesting:

=== snip ===
Why The Fool blocks Google Safe-Browsing
August 29, 2009 · Filed Under Networking, News

The Fool is an Italian start-up founded by Matteo Flora, a security consultant known for having helped Silvio Berlusconi’s Mediaset to put together the data required to bring a 500 million euros lawsuit against Google and YouTube in July 2008. On the blog of FoolDNS, the main product offered by The Fool, the company has recently explained the reasons why Google Safe-Browsing is part of the service blacklist hence it is blocked for users and companies which use it.

FoolDNS is a website filtering and Internet usage monitoring system working at the DNS level, likewise to other services as the well known OpenDNS. Google Safe-Browsing, on the other hand, started as an optional add-on for Mozilla Firefox and eventually turned into an anti-phishing and anti-malware API-based service, currently implemented on Firefox, Safari and obviously the Google-browser Chrome.

“For years we said that SafeBrowsing is the main reason for the millionaire agreement between Mozilla Foundation and Google - the FoolDNS blog states - because the system allows to trace the behaviours of single users behind any IP effectively allowing the user identification by his browser’s UniqueID even after Cookies deletion and roaming between home and office“.


The Italian company says that, essentially, Google uses and abuses the (real) protection offered by Safe-Browsing to have the chance to (presumably) track users in a univocal way, without depending on cookies or other temporary identification systems that are easy to bypass. To corroborate its theory, FoolDNS quotes “the very highly esteemed” site in a post that highlights the oddities of Safe-Browsing’s home-phoning system.

“When I started looking at Chrome I noticed two additional pieces of information that were being phoned home outside of Safe Browsing” the post says. This two extra data pieces, tagged machineid and userid, “both computed information based on machine/user information“, and were sent together with other data useful to Google to decide if there was the need of a protection update.

“The real question“, the post continues, is “why would Google need to know my machineid and userid to give me an update - wouldn’t the version number of my browser be enough to make that decision? I just can’t believe this isn’t used for tracking“. “There’s no more plausible deniability“, and FoolDNS say together, Google Safe-Browsing is “a perfect way to spy on people” by exploiting the browser against users in the name of security.

The conclusion of the post is that “Safe Browsing is a great feature since it protects you from phishing and malware sites“, but despite of what stated in the Google privacy policy, facing a law court order Mountain View would be obliged to blurt out everything the company knows about a particular user, including the eventual tracking data gathered up to that time. On Firefox it is possible to disable the service to protect one’s own privacy, but as of Chrome the only useful advice is “don’t use it“.
===snip ===

Hi Bob101. Follow this guide and the only connections you should be left with are loopback.

Thanks for the link. I worked through those pages back in May. Following each and every step still leaves some Google connections active. It’s like a bad rash - it just won’t go away.

I ended up blocking - and - at the firewall. This removes most, but not all, of the connections. Some of the connections switch to using other Google IP ranges (they seem to have tons).

The only issue with the firewall block is lots of pages break.

Google is getting as bad as MS for weasling it’s way into your PC. Time to look for a bigger stick.