SVCHOST:1136 Connected to Akamai

Posted on 2003-10-26
Last Modified: 2013-12-14
I'm using an IP tool that shows me my PC's IP connections.

It has revealed the IP address has established a TCP connection to SVCHOST.EXE:1136
and also to SVCHOST.EXE:1136

I looked up both of these IP addresses and they are owned by Akamai. It appears that this company hosts services for hundreds of other companies including Microsoft and many other "big" names.

I'm somewhat suspicious, but have run the lastest version of Ad-Aware and it did not flag this.

Any ideas as to what these connections might be doing?

Note: I'll need a concise and precise answer to award the full points. No guesses please.

Question by:dgwilson
  • 5
  • 3
  • 2
  • +1
LVL 49

Expert Comment

ID: 9624069
LVL 49

Expert Comment

ID: 9624072
You are nothing to worry . But you are still not convinced check for spywares and adwares using these


Spyware/Adware removal tools:

SpyBot-S&D : 

Ad-aware : 

Trojan Remover :

HijackThis : 

KL-Detector  :

X-Cleaner Free  :

SpywareBlaster  :

SpywareGuard :

SpySites  :

Keylogger Hunter :


Goodbye Spy


You may also want to update your virus definitions and check for viruses

Update your windows

Also have a firewall


Author Comment

ID: 9624080
ALL your suggestions are already implemented. See note at end of question.

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

LVL 49

Expert Comment

ID: 9624308

I was giving you a suggestion of what svchost.exe means by that links

Actually it looks like akamai is connected to windows update .

If you have windows update enabled this will happen

It is connecting to akamai servers

LVL 49

Expert Comment

ID: 9624311

Author Comment

ID: 9624635
Thanks but I already know what svchost does and that Microsoft uses them, but as your EE link says "...Akamai is a well-known host for advertising services..." so I'm wondering if I can tell exactly WHO is using this connection on my PC.

I'm assuming your statement of "akamai is connected to windows update" is just a guess. Please refer to NOTE in original question.

None of the information you've provided gives me the method for discovering who owns this link.

LVL 49

Accepted Solution

sunray_2003 earned 400 total points
ID: 9624658

I am sorry i am not able to help you exactly but I do remember your last statement of your question that I should not give any guesses

The link that i had given 2 links back states that windows users wanting updates are connected to akamai server

>> None of the information you've provided gives me the method for discovering who owns this link.

if you are the only person using the pc , disable windows update and all services.Then run that tool which you are using to
check if you still see svchost and that same IP address.


Assisted Solution

mapledrums earned 80 total points
ID: 9636501
From what I gather from, this company is in the ebusiness industry. First off, in this case, their customer could potentially be anyone. Second off, I know of web sites that spawn off pop-up ads using akamai's infrastructure.

I also found a link that states that Norton Live Update is using akamai's servers: (search for akamai in the web page)

Peer-to-peer file sharing programs could be another potential source.

I believe that it might be impossible to trace all your connections to these "questionable" servers. Probably a better alternative would be to install a decent popup blocker/cookie cleaner like pop-up stopper (, having a decent antivirus s/w with the latest virus signature updates, an adware cleaner. I believe the last two you've already installed.

Besides, from the connections that I see which you have, they're connected at ports 80 & 443, basically a web server & SSL connection. Something which I consider passive connections, as it has to be initiated from your client end to the server. As such, any suspicious activity which you detect could probably terminate such connections, if needed.

True, you or all your preventive software may not be able to capture all unauthorised/intrusive measures, but I believe in keeping yourself informed with the latest Internet "trends", and using a bit of common sense, the usual stuff: don't run suspicious attachments (even though it may seem to be from a trusted source), don't use pirated software, don't visit crack/hack, etc. web sites, make sure you have a decent firewall installed (hardware ones are the best), backup your critical data often, etc.

Finally, just keep an open mind about the Internet. The best or most secured place doesn't always mean it's the safest. No point worrying too much about things that is out of our control. If you're really curious about what transpires between your client & other servers or the Internet in general, install a protocol analyser and see/learn what is exchanged through your network. A lot of people I know have captured hidden/unknown (till it was captured) traffic through such tools. Ethereal ( is one such good tool to start from.

Have Fun & Good Luck.
LVL 16

Assisted Solution

The--Captain earned 20 total points
ID: 9661145
Did you even run "tasklist /svc" like the article suggested?  It's all well and good to say "I will only accept exact answers", but we need some additional info from you in order to provide one, since it is impossible to determine the problem without your participation.

*My* exact answer is:

If you wanted an OS that puts everything out in the open where you can see it, then you shouldn't be running XP.  Mickeysoft design philosophy is directly at odds with this idea, if you haven't noticed already.  Familiarize yourself with every process running on your XP box, and then you will be able to answer your own question.  If you are unwilling/unable to do that, then just accept the fact that XP itself (and other software you probably installed) rely on Akamai services to locate critical hosts (for updates, notifications, etc) and get over it already.

Do you even know what akamai is?  It is simply an optimized redundant DNS/server farm solution for companies (like Microsoft, Symantec, etc) that have a lot of users.  Akamai is just a bunch of DNS servers that resolve your DNS request to a server that should be fast and or close to you.  You connect to akamai hosted machines all the time, but you never see it or know it because it's not as regular and persistent as those update processes you are running that like to poll for updates and notifications constantly.

>None of the information you've provided gives me the method for discovering who owns this link

What are you talking about?  Once again, did you even bother to run "tasklist /svc"?

You are hopeless - "windows update" is only a guess until you disable it on your machine and then post back here saying it did or did not remove one of your outbound connections from svchost...

Read this:

and humble yourself



Author Comment

ID: 9662110

>What are you talking about?  Once again, did you even bother to run "tasklist /svc"?

Yes, I did and it only confirmed what the IP tool I used had told me, that SOMETHING had

>You are hopeless - "windows update" is only a guess until you ... blah, blah, blah

Who put a bee in YOUR bonnet? You way in here a week later with all your righteous indignation and superiority.

Well, since you OBVIOUSLY know more than all the rest of us combined, you OBVIOUSLY deserve ALL the points. But I'm going to give sunray and mapledrum some of them. Sunray for sticking in there and mapledrum for being the most verbose.

Thanks for all your help folks even though I never got a specific answer!


Expert Comment

ID: 9662175
Thanks for the points.

If you're asking how to trace who owns an IP address, do a "nslookup <IP address>" to obtain the domain name which the IP belongs to. Then you need to do a whois on the domain name. You can do a whois from this web site:

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now