[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


SVCHOST:1136 Connected to Akamai

Posted on 2003-10-26
Medium Priority
Last Modified: 2013-12-14
I'm using an IP tool that shows me my PC's IP connections.

It has revealed the IP address has established a TCP connection to SVCHOST.EXE:1136
and also to SVCHOST.EXE:1136

I looked up both of these IP addresses and they are owned by Akamai. It appears that this company hosts services for hundreds of other companies including Microsoft and many other "big" names.

I'm somewhat suspicious, but have run the lastest version of Ad-Aware and it did not flag this.

Any ideas as to what these connections might be doing?

Note: I'll need a concise and precise answer to award the full points. No guesses please.

Question by:dgwilson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +1
LVL 49

Expert Comment

ID: 9624069
LVL 49

Expert Comment

ID: 9624072
You are nothing to worry . But you are still not convinced check for spywares and adwares using these


Spyware/Adware removal tools:

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml 

Ad-aware : http://www.webattack.com/download/dladaware.shtml 

Trojan Remover :http://www.simplysup.com/

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml

X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml

SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml

SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

SpySites  :http://www.webattack.com/download/dlspysites.shtml

Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml

Spycop: http://www.spycop.com/

Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm


You may also want to update your virus definitions and check for viruses

Update your windows

Also have a firewall


Author Comment

ID: 9624080
ALL your suggestions are already implemented. See note at end of question.

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

LVL 49

Expert Comment

ID: 9624308

I was giving you a suggestion of what svchost.exe means by that links

Actually it looks like akamai is connected to windows update .

If you have windows update enabled this will happen


It is connecting to akamai servers


Author Comment

ID: 9624635
Thanks but I already know what svchost does and that Microsoft uses them, but as your EE link says "...Akamai is a well-known host for advertising services..." so I'm wondering if I can tell exactly WHO is using this connection on my PC.

I'm assuming your statement of "akamai is connected to windows update" is just a guess. Please refer to NOTE in original question.

None of the information you've provided gives me the method for discovering who owns this link.

LVL 49

Accepted Solution

sunray_2003 earned 1200 total points
ID: 9624658

I am sorry i am not able to help you exactly but I do remember your last statement of your question that I should not give any guesses

The link that i had given 2 links back states that windows users wanting updates are connected to akamai server

>> None of the information you've provided gives me the method for discovering who owns this link.

if you are the only person using the pc , disable windows update and all services.Then run that tool which you are using to
check if you still see svchost and that same IP address.


Assisted Solution

mapledrums earned 240 total points
ID: 9636501
From what I gather from www.akamai.com, this company is in the ebusiness industry. First off, in this case, their customer could potentially be anyone. Second off, I know of web sites that spawn off pop-up ads using akamai's infrastructure.

I also found a link that states that Norton Live Update is using akamai's servers: http://www.itcompany.com/spystop.htm (search for akamai in the web page)

Peer-to-peer file sharing programs could be another potential source.

I believe that it might be impossible to trace all your connections to these "questionable" servers. Probably a better alternative would be to install a decent popup blocker/cookie cleaner like pop-up stopper (www.panicware.com), having a decent antivirus s/w with the latest virus signature updates, an adware cleaner. I believe the last two you've already installed.

Besides, from the connections that I see which you have, they're connected at ports 80 & 443, basically a web server & SSL connection. Something which I consider passive connections, as it has to be initiated from your client end to the server. As such, any suspicious activity which you detect could probably terminate such connections, if needed.

True, you or all your preventive software may not be able to capture all unauthorised/intrusive measures, but I believe in keeping yourself informed with the latest Internet "trends", and using a bit of common sense, the usual stuff: don't run suspicious attachments (even though it may seem to be from a trusted source), don't use pirated software, don't visit crack/hack, etc. web sites, make sure you have a decent firewall installed (hardware ones are the best), backup your critical data often, etc.

Finally, just keep an open mind about the Internet. The best or most secured place doesn't always mean it's the safest. No point worrying too much about things that is out of our control. If you're really curious about what transpires between your client & other servers or the Internet in general, install a protocol analyser and see/learn what is exchanged through your network. A lot of people I know have captured hidden/unknown (till it was captured) traffic through such tools. Ethereal (www.ethereal.com) is one such good tool to start from.

Have Fun & Good Luck.
LVL 16

Assisted Solution

The--Captain earned 60 total points
ID: 9661145
Did you even run "tasklist /svc" like the article suggested?  It's all well and good to say "I will only accept exact answers", but we need some additional info from you in order to provide one, since it is impossible to determine the problem without your participation.

*My* exact answer is:

If you wanted an OS that puts everything out in the open where you can see it, then you shouldn't be running XP.  Mickeysoft design philosophy is directly at odds with this idea, if you haven't noticed already.  Familiarize yourself with every process running on your XP box, and then you will be able to answer your own question.  If you are unwilling/unable to do that, then just accept the fact that XP itself (and other software you probably installed) rely on Akamai services to locate critical hosts (for updates, notifications, etc) and get over it already.

Do you even know what akamai is?  It is simply an optimized redundant DNS/server farm solution for companies (like Microsoft, Symantec, etc) that have a lot of users.  Akamai is just a bunch of DNS servers that resolve your DNS request to a server that should be fast and or close to you.  You connect to akamai hosted machines all the time, but you never see it or know it because it's not as regular and persistent as those update processes you are running that like to poll for updates and notifications constantly.

>None of the information you've provided gives me the method for discovering who owns this link

What are you talking about?  Once again, did you even bother to run "tasklist /svc"?

You are hopeless - "windows update" is only a guess until you disable it on your machine and then post back here saying it did or did not remove one of your outbound connections from svchost...

Read this:


and humble yourself



Author Comment

ID: 9662110

>What are you talking about?  Once again, did you even bother to run "tasklist /svc"?

Yes, I did and it only confirmed what the IP tool I used had told me, that SOMETHING had

>You are hopeless - "windows update" is only a guess until you ... blah, blah, blah

Who put a bee in YOUR bonnet? You way in here a week later with all your righteous indignation and superiority.

Well, since you OBVIOUSLY know more than all the rest of us combined, you OBVIOUSLY deserve ALL the points. But I'm going to give sunray and mapledrum some of them. Sunray for sticking in there and mapledrum for being the most verbose.

Thanks for all your help folks even though I never got a specific answer!


Expert Comment

ID: 9662175
Thanks for the points.

If you're asking how to trace who owns an IP address, do a "nslookup <IP address>" to obtain the domain name which the IP belongs to. Then you need to do a whois on the domain name. You can do a whois from this web site: http://www.internic.net/whois.html.

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question