SVCHOST:1136 Connected to Akamai

I'm using an IP tool that shows me my PC's IP connections.

It has revealed the IP address has established a TCP connection to SVCHOST.EXE:1136
and also to SVCHOST.EXE:1136

I looked up both of these IP addresses and they are owned by Akamai. It appears that this company hosts services for hundreds of other companies including Microsoft and many other "big" names.

I'm somewhat suspicious, but have run the lastest version of Ad-Aware and it did not flag this.

Any ideas as to what these connections might be doing?

Note: I'll need a concise and precise answer to award the full points. No guesses please.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You are nothing to worry . But you are still not convinced check for spywares and adwares using these


Spyware/Adware removal tools:

SpyBot-S&D : 

Ad-aware : 

Trojan Remover :

HijackThis : 

KL-Detector  :

X-Cleaner Free  :

SpywareBlaster  :

SpywareGuard :

SpySites  :

Keylogger Hunter :


Goodbye Spy


You may also want to update your virus definitions and check for viruses

Update your windows

Also have a firewall

dgwilsonAuthor Commented:
ALL your suggestions are already implemented. See note at end of question.

Introduction to R

R is considered the predominant language for data scientist and statisticians. Learn how to use R for your own data science projects.


I was giving you a suggestion of what svchost.exe means by that links

Actually it looks like akamai is connected to windows update .

If you have windows update enabled this will happen

It is connecting to akamai servers

dgwilsonAuthor Commented:
Thanks but I already know what svchost does and that Microsoft uses them, but as your EE link says "...Akamai is a well-known host for advertising services..." so I'm wondering if I can tell exactly WHO is using this connection on my PC.

I'm assuming your statement of "akamai is connected to windows update" is just a guess. Please refer to NOTE in original question.

None of the information you've provided gives me the method for discovering who owns this link.


I am sorry i am not able to help you exactly but I do remember your last statement of your question that I should not give any guesses

The link that i had given 2 links back states that windows users wanting updates are connected to akamai server

>> None of the information you've provided gives me the method for discovering who owns this link.

if you are the only person using the pc , disable windows update and all services.Then run that tool which you are using to
check if you still see svchost and that same IP address.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
From what I gather from, this company is in the ebusiness industry. First off, in this case, their customer could potentially be anyone. Second off, I know of web sites that spawn off pop-up ads using akamai's infrastructure.

I also found a link that states that Norton Live Update is using akamai's servers: (search for akamai in the web page)

Peer-to-peer file sharing programs could be another potential source.

I believe that it might be impossible to trace all your connections to these "questionable" servers. Probably a better alternative would be to install a decent popup blocker/cookie cleaner like pop-up stopper (, having a decent antivirus s/w with the latest virus signature updates, an adware cleaner. I believe the last two you've already installed.

Besides, from the connections that I see which you have, they're connected at ports 80 & 443, basically a web server & SSL connection. Something which I consider passive connections, as it has to be initiated from your client end to the server. As such, any suspicious activity which you detect could probably terminate such connections, if needed.

True, you or all your preventive software may not be able to capture all unauthorised/intrusive measures, but I believe in keeping yourself informed with the latest Internet "trends", and using a bit of common sense, the usual stuff: don't run suspicious attachments (even though it may seem to be from a trusted source), don't use pirated software, don't visit crack/hack, etc. web sites, make sure you have a decent firewall installed (hardware ones are the best), backup your critical data often, etc.

Finally, just keep an open mind about the Internet. The best or most secured place doesn't always mean it's the safest. No point worrying too much about things that is out of our control. If you're really curious about what transpires between your client & other servers or the Internet in general, install a protocol analyser and see/learn what is exchanged through your network. A lot of people I know have captured hidden/unknown (till it was captured) traffic through such tools. Ethereal ( is one such good tool to start from.

Have Fun & Good Luck.
Did you even run "tasklist /svc" like the article suggested?  It's all well and good to say "I will only accept exact answers", but we need some additional info from you in order to provide one, since it is impossible to determine the problem without your participation.

*My* exact answer is:

If you wanted an OS that puts everything out in the open where you can see it, then you shouldn't be running XP.  Mickeysoft design philosophy is directly at odds with this idea, if you haven't noticed already.  Familiarize yourself with every process running on your XP box, and then you will be able to answer your own question.  If you are unwilling/unable to do that, then just accept the fact that XP itself (and other software you probably installed) rely on Akamai services to locate critical hosts (for updates, notifications, etc) and get over it already.

Do you even know what akamai is?  It is simply an optimized redundant DNS/server farm solution for companies (like Microsoft, Symantec, etc) that have a lot of users.  Akamai is just a bunch of DNS servers that resolve your DNS request to a server that should be fast and or close to you.  You connect to akamai hosted machines all the time, but you never see it or know it because it's not as regular and persistent as those update processes you are running that like to poll for updates and notifications constantly.

>None of the information you've provided gives me the method for discovering who owns this link

What are you talking about?  Once again, did you even bother to run "tasklist /svc"?

You are hopeless - "windows update" is only a guess until you disable it on your machine and then post back here saying it did or did not remove one of your outbound connections from svchost...

Read this:

and humble yourself


dgwilsonAuthor Commented:

>What are you talking about?  Once again, did you even bother to run "tasklist /svc"?

Yes, I did and it only confirmed what the IP tool I used had told me, that SOMETHING had

>You are hopeless - "windows update" is only a guess until you ... blah, blah, blah

Who put a bee in YOUR bonnet? You way in here a week later with all your righteous indignation and superiority.

Well, since you OBVIOUSLY know more than all the rest of us combined, you OBVIOUSLY deserve ALL the points. But I'm going to give sunray and mapledrum some of them. Sunray for sticking in there and mapledrum for being the most verbose.

Thanks for all your help folks even though I never got a specific answer!

Thanks for the points.

If you're asking how to trace who owns an IP address, do a "nslookup <IP address>" to obtain the domain name which the IP belongs to. Then you need to do a whois on the domain name. You can do a whois from this web site:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.