I’m not sure if these calls really come from the OS itself, seems more like it’s coming from an app.
Mtalk is related to Google Talk / Google Hangouts (which definitely is not a part of /e/).
Googleapis can be pretty much anything, like Google Fonts or any other libraries hosted by Google. So this call can also come from a website for example.
Safebrowsing is a blacklisting service by Google which identifies possible malicious or harming websites and then blocks them when you try to visit them with your browser.
As this thread was started about a year ago, it would be great if @ralxx could recheck if these calls still occur with the latest /e/ version.