Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What's 'akamai', and why is my firewall alerting me about it?

Question:

Hi Leo, My Zone Alarm is constantly blocking “a1255.g.akamai”. I did a
Google on it but didn’t find out much. Can you tell me what it is?

I had to make an assumption or two, but a few steps lead me to an answer
that I think is correct.

What I can’t explain is why Zone Alarm is blocking it.

Let me walk you through what I did. The steps may be useful in researching
other domain issues in the future.

Become a Patron of Ask Leo! and go ad-free!

First off, I have to assume you really mean “a1255.g.akamai.net”. Here’s why
I say that:

  • “a1255.g.akamai” is an invalid domain name, simply because “.akamai” is an
    invalid top level domain (TLD). Top level domains are things like “.com”,
    “.net”, or country codes like “.ca”, “.nl” and so on.

  • My first guess, “a1255.g.akamai.com” doesn’t resolve. If, in a command
    prompt, I attempt to:

    ping a1255.g.akamai.com

    I get the error message “Ping request could not find host
    a1255.g.akamai.com. Please check the name and try again.”

  • My second guess, “a1255.g.akamai.net”, resolved properly. The ping command
    responded with actual ping results.

So now, armed with a working domain name, I attempted to find out
who owns the “second level” domain, “akamai.net”.

My first attempt is to use a “Whois” service to look up the owner of the
domain. I typically start with betterwhois.com, which in this case tells me that the registrar
(not the owner) is Tucows.com, and that I need to visit them to get more
details.

I visit Tucows domain help
site which includes their whois look-up. Entering “akamai.net” tells me what I
wanted to know: the owner is a company called, not surprisingly, “Akamai
Technologies”.

So that didn’t help much, did it? We still don’t know what Akamai does.

To me that means it’s time for Google. Searching on “akamai” returns not
only the company home page (akamai.com), but also an interesting Wikipedia article on Akamai. In there we
learn that “Akamai Technologies … provides, among other services, global
Internet content caching.” And in one of the references cited in that article,
“Theory of how Akamai works”, we learn that there’s actually a structure to the
domain name – the “a1255” and the “g” probably mean something specific – though
we’re not quite sure what.

So what’s all that mean? What’s this “Internet content caching” thing?

To grossly oversimplify, it’s a form of web hosting that “spreads the load”
across other servers. For example, a business might use akamai to host all of
it’s images, so as to reduce load on their own servers. The akamai servers
might optimize for providing images, and only images, very quickly. For busy
sites, this type of load balancing, or more correctly, load spreading, allows
several computers, servers and infrastructure to cooperate in such a way as to
present web pages as quickly as possible.

“[Internet content caching is] a form of web hosting
that ‘spreads the load’ across other servers.”

While I’m not as busy as sites that use akamai, I use a similar technique
here at Ask Leo! If you download any of my podcasts, while the URL you
initially see begins with “http://ask-leo.com/podcasts/…”, that’s redirected,
and the actual download occurs from a completely different server:
“http://media.pugetsoundsoftware.com/ask-leo.com/podcasts/…”. This actually
distributes the bandwidth of the larger MP3 downloads to a completely different
server. That “media” server is acting in many ways like the Akamai service
we’ve just discussed.

Now… why is Zone Alarm tripping on it? I have no idea. You didn’t say
whether the block was outgoing or incoming. I can’t envision a reason for an
incoming connection from an akamai server, so blocking that makes
sense. But my assumption is that you’re seeing an outgoing block. Since so many
companies use Akamai services I’m not sure at all why that might be blocked,
unless the specific customer represented by “a1255.g” is something or someone
that Zone Alarm has determined may be harmful.

I’d be tempted to follow that question through with Zone Alarm.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

43 comments on “What's 'akamai', and why is my firewall alerting me about it?”

  1. I’ve seen this name before when my previous anti-virus program from McAfee (then Network Associates)started downloading virus definition updates (the gas-station icon. Since then I changed anti-virus software so I do not know whether this is still in use.

    Regards

    Ad

    Reply
  2. Akamai is not just serving of content from distributed servers, but the servers are geographically distributed as well. It attempts to serve the content from the server geographically closest to the person receiving the content.

    So, if you’re in Los Angeles, it tries to route you through an L.A. based server, rather than serve the content from a datacenter in New York. Besides having to travel a shorter distance, it usually means there are fewer “hops” (data getting passed from one router to another), which lowers latency. All in all, it’s trying to make sure the content is delivered as efficiently and speedily as possible.

    But, usually the actual link to the content is just using akamai.net or even the domain of the site using Akamai for distribution. Akamai gets the request, determines the best datacenter, and reroutes the request.

    A lot of software companies use Akamai for distributing updates. Even Zone Alarm uses them. In fact, when you’re running certain programs, it seems Zone Alarm routes its own check for updates through them and then interprets its own action as funny business.

    http://forum.zonelabs.org/zonelabs/board/message?board.id=access&message.id=24931

    Reply
  3. I did testing about akamai and can tell you this if you by chance do block this connection most sites you go to will appear broken as some images will not appear and even the color in the site will be blank. Most akamai outgoing hits are legal on firewalls but if you also have a spyware program and anything comes at you from akamai your spyware host file will block that so dont worry.

    Reply
  4. Just a note: A huge number of websites run through the Akamai site – including the world’s four biggest, Yahoo.com, MSN.com, Google.com and Microsoft.com – when Akamai goes down, so will they, as they did in June 2004 …
    My guess is the g is for google…!
    c’mon you sleuths
    Lov Lou

    Reply
  5. My browser has a myriad of cookies for the domain akamai.net. So Akamai may have really good check on what google identities are coupled with what logins on yahoo and other sites.
    This will help them to get to know you better, so they can serve you personalized ads, whether you like it or not…

    Reply
  6. Basically it’s a spy service masquerading as a \service\ wake up. What do you think they do with all that info dummies? If you had any brains you’d block it/them. The sites using them would stop using them very quickly if you did, cause you wouldn’t see the adds and get a chance to be tricked into clicking on something they know will attract you, George Orwell would role over in his grave. Did you ever think that an akamai cookie was a bit out of place if you didn’t hit the site? Not to mention the ‘other’ uses for the info.

    Reply
  7. Dr is right. Spy service. Part of echelon to spy on you. I knew for along time but really clears it up is that there is this company in Iraq that supplys weapons, bombs, grenades to anyone who basicly has a credit card and they use akamai. Our US Department of defense uses akamai too, now tell me why our country would have any interest in doing business with a company that also host Business’s that sell weapons to terrorist?

    Reply
  8. LAWL paranoia reigns supreme! Who cares what anyone ‘knows’ about you based on your browsing habits. Everytime you clear your cookies that info is gone and besides it would have been 99.9% anonymous (other than ip) anyway.
    Rather go and ask your bank and other financial institutions you use why and to whom they sell your spending habits .. I know because I’ve written data mining software for companies who use it. It’s common practise.

    Reply
  9. Here is a solution I use with Firefox – http://noscript.net/ Here is what is written on their site:

    “The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and others mozilla-based browsers: this free, open source add-on allows JavaScript and Java execution only for trusted domains of your choice”

    Here is an article by PC World as noscript is one of the 100 Best Products of last year – 2006
    http://www.pcworld.com/article/id,123771-page,1/article.html

    The PC World Top 100 list is here:
    http://www.pcworld.com/article/id,125706-page,14-c,technology/article.html

    2007’s top 100 list is here:
    http://www.pcworld.com/article/id,131935-page,14-c,systems/article.html
    Hope this helps ;)

    Reply
  10. Little Google search and wikipedia, should have been enough.
    akamai is a site that keeps track of number of users, and other information, for sites like yahoo and et al.
    And Dr, FYI companies like Yahoo, do need to keep track of number of hits.

    Reply
  11. akamai uses your information in all the above ways and may mix it up to further confuse you. It uses gif files which are really tracking devices like cookies along with providing it’s cache service. It is most likely being watched by Big Brother through a statistic service and it will at times serve to gather some personal data if it can. And to JoeSA, they care a lot and clearing your cookies means nothing as the data mining is done whenever the page is refreshed through clicking a link or navigating. I have account with Yahoo and MS and why should I care if they make a statistic out of me? Well I’m not their number or a product of there dollar and I’m not a lab monkey.

    Reply
  12. It is!!! a from of spying and I have set my fire wall to block out akamai.net I noticed using System Internal`s TCP viewer that this pararsite akamai was leeching along with my browsing using port # 80, like typical spy ware does connecting to
    IP 72.246.51.XXX and if you blocked out a specific number XXX it would just resort to another one. So I blocked the entire range from
    0 to 255. Now my browsing is A LOT QUICKER!
    Is it not enough that every time you log into a
    website NARUS along with programs like “Magic Lantern” and “Carnivore” steel your User Names and
    Passwords, while “Triangle Boy” gets your real name and address from your ISP?….Why would you even begin to tolerate Jerks like “Akamai” who as the name implies think they are smarter than you!

    Reply
  13. Disable cookies, disable images, disable javascript, use Mozilla, or Firefox, and the addons NoScript, and AdBlock. No more garbage, no more spyware, no more bullshit.

    And yes you can still access websites without akamai’s garbage. So what if a few images don’t show, I have them disabled anyway and can navigate yahoo’s mail and other sites just fine.

    NoScript only needs to allow mail.yahoo.com and mail.yimg.com to have mail work for yahoo. And only session cookies turned on for the same root names as for AdBlock.

    Get a clue people.

    Reply
  14. The main problem with “services” supplied by Akamai.net (and others) is that there are a lot of phishing sites hosted on it, particularly of the “update/re-activate your on-line banking” type.
    Being charitable, I like to think that they do not have the resources necessary to monitor exactly what all sites they host are doing in detail. On the other hand, they do make money out of hosting (and selling user data).
    The best recourse is to report any problem users to Akamai.net. Either they will deal with the situation out of moral indignation, or eventually because the number of complaints will block their systems.

    Reply
  15. To most of the comments about ‘spy’ stuff is really incorrect. Symantec (norton) uses akamai.net to do exactly what the articles desribe for its live update services.

    As for the paranoia I suggest removing zone alarm because the average comptuer user does not have the knowledge to properly administer it and get concerned about things that done matter.

    For the comments about syping etc. . please disregard them, its comming from people who spend too much time on the internet and watching tv.

    R (Formerly with the CIA Computer Spy Network)

    Reply
  16. I was curious about the akamai connections too. Taking a cue from Robert’s post (4/01), I confirmed that at least on my computer, it is Norton’s update service.

    Click on ‘run live update’ on Norton & see if your firewall makes connections to Akamai ip addresses – mine were 96.17.107.32, 96.6.245.153 thru port 80. When I shut down Norton’s auto-update, so did the Akamai connections.

    Reply
  17. i want to copy a EBAY PAGE [MY CONTENT] into Word,
    and Word hangs (with 96.17.111.33 displayed as ‘process-subject’?),2nd try. A web-search of 96.17.111.33 names’ ‘akamai.net’; tritch, or what? This terminal only uses I.E.phisher,pop-up,Protectd.mode’.norton,mcafee, scans–too like fruitfly.

    Reply
  18. Greiviously slow since Akamai first seen on pc

    I am concerned as my browser looks hijacked as no matter where I go there are links to akamai.net now. pages need refreshed more than a few times to load pages and I have been using pc’s at a high level for nearly 20 years. I have also worked as tech support for an isp back in the day when there were no ready made scripts for people to follow and we figured out how to solve our own problems. I can’t get the PC to stop connecting to the akamai sites and my current ISP is telling me that I am connecting to known botnets and my sent packets is incredibly huge comparitively to my received packet count. Akamai is the only listed connection I am not familiar with and one site says it’s a federal trace site but the site is down and no other site is able to trace information about it. …. Odd that a reported former spook is saying don’t worry.

    I am having trouble finding the place to input the range to block on my new version of Zone Alarm so if anyone knows where to add ranges to block manualy please post it.

    Sorry Cousin but I have to blow your cover on this one, primarily because my PC is much faster than this and I am sick of your soft getting in my way.

    Reply
  19. There’s attack sites hosted on it.
    One of these works by trying to hijack searches via “google alerts” and then tries to tell you that your windows is infected (even if using a linnux system!) and tries various browser hijacks.

    Then, when your firewall and browser have fought all that off, several hits from:
    195.27.154.25

    for example.

    So, it’s a bad place, block, avoid, shun.

    Reply
  20. reading all these comments,i am still at a lost.i woke up one day to find akamia,had landed on my pc,with out asking.were did it come from,i now see that it does,when i open my browser most of the pages tells me can,t connect,so after pulling my hair out and almost sweet talking my pc,to telling me what she was up to,i thought i would look around in my in my control panel,there it was bold as brass,sat there looking at me,i did n,t install this prog,so were did it/how did it get in my pc.do i try to uninstall it?,whats the effects of doing that,will it make orther prog run slow or worse not run at all,i am at a lost,but what i will say,i hate a company who seeks in the back way into my pc,give me the choice to install your software,thank you for listening.twiky24

    Reply
  21. Hi. The first time Akamai entered my virtual life was a few weeks ago, when I downloaded a Trial/Demo version of the latest Adobe Photoshop to see if it could read CR2 Canon files with Camera Raw.
    Adobe referred to Akamai, I downloaded an installer file from Akamai, which worked like a Torrent, downloading the Photoshop File from their server (I suppose). Ever since Akamai or names composed with it (eg. akadns.net) keeps popping up. I have just changed my router and purchased a sitecom one. 5 minutes later I connected it the xxxxxx.akadns.net connection has become xxxxxx.akadns.net.sitecom.
    Therefore if you have downloaded or updated any software from Adobe, you’ve got your answer about Akamai’s origins in your pc.
    Hope it helped

    Reply
  22. Akamia Tactics Questionable!
    All be it Internet content caching might be a good thing. My in depth research on this company has lead me to some very alarming conclusions.
    Shortly after signing on with Road Runner I began to notice much the same as some of these post.
    It would seem I couldn't go anywhere on the Internet without first going through Akamia Tech. Servers in some capacity. Then our home network began to get hacked. Over the course of the past year I have closely monitored my home network only to now find myself back to the point of which I started. Akamia Tech. No I am not out right accusing Akamia Tech. nor Road Runner at this point. Yet many of the files, folders, and process's I have seen manipulated sure leaves one to question the tactics and techniques of this company.

    Reply
  23. The plot thickens, enter Bandcon. I have been fighting a losing battle against Akamai for the past 2 months, it has become so invasive into every aspect of my internet experience that in every sense of the word Akamai is a virus. It infects, it self replicates, and it defends against action taken against it. The companies buying into Akamai are being sold such a cheap solution to online distribution that they are blindly jumping on board. In retrospect Akamai is the Borg and it’s trying to assimilate us all.

    To truly understand my fear you have to understand the people behind Akamai. They aren’t your run of the mill internet developers, these guys are Israeli and American cyber counter terrorism experts, or maybe its worse even than that, sans the movie Eagle Eye. Akamai is digging itself into everything and digging deep.

    After months battling Akamai and finally starting to make a little head way suddenly I am now under attack by Bandcon, so I check it out and lo and behond Bandcon and Akamai are two heads of the same hydra.

    At this point I am pretty well convinced this is all government sanctioned watchdogging between Israel and the NSA. I believe they base it out of Israel to avoid the issues, answers, and question of legality that would arise if operated within the US.

    I find this kind of conspiracy paranoia pretty far fetched. Akamai is a well known content delivery network used by many web sites, so it’s not at all surprising you’d see it in so many different places.

    Leo
    21-Jun-2010

    Reply
  24. I’m feeling a little paranoid too – yesterday I saw my email client ‘The Bat!’ was trying to connect to Akamai sites – and I do not have any email accounts with akamai.net set up! It is greatly concerning. Perhaps Zone Alarm is right? I have Zone Alarm Extreme Security, and rarely question its judgement.

    Reply
  25. I found akamai from what i suspect is a fishing email. it acts like it came from a bank, actually one that i do business with. it tells me that my account has been limted “due to billing failure” and I am supposed to login and confirm all of my info. And I mean ALL of my info. Account numbers, passwords, PIN numbers, mother’s maiden name, father’s middle name, city of birth etc, etc,etc.

    Being suspicious and familiar with web programming, I checked the source of the page. Everything on the page points back to https://a248.e.akamai.net.

    I believe it’s probably some type of host-by-proxy service.

    I know that no bank would ever ask for as much information as this email.

    Reply
  26. Akamai.net *is* truly invasive and it’s almost impossible to even surf online without permitting it access to your machine. Sites like MICROSOFT (surprise!), eBay, Breitbart, etc. use it, along with lots of other snoopy devices. We block akamai.net in our firewall, unless we absolutely HAVE TO navigate one of the aforementioned sites, in which case we temporarily allow it access. The less info akamai.net has about your surf habits, the better–but that goes for ALL SNOOPING ONLINE.

    Reply
  27. There are intrusive and invasive programs I have also faced not being able to kill ,terminate nor delete.I rebooted in safe mode and went to search the registry and simply deleted everything that was related akamai.net perhaps.
    If it does not registered in windows it does not work!! I must also say that Registry editing is for professionals only.

    Reply
  28. a.248.e.akamai.net !! This came down as a notice, when I accessed the Nationalrail.co.uk website on Fri 5 Nov ’10.

    This is what I wrote down in ‘long-hand’ :

    rmd.atdmt.com – a248.e.akamai.net

    Common name : a.248.e.akamai.net

    Organisation: Akamai Technologies Inc

    Serial: 07.27.52.61

    Issued by: GTE Cyber Trust Global Koo
    GTE Cyber Trust Global Corp

    SHAI Fingerprint:
    1B : D8 : B7: 7F : 7B: 40 : FB : D1: F5 : 20 : 11 : 7B : F4 : 5B: 9B : DA : 40 : 3D : 6D : 45

    MDS Fingerprint:
    68 03 FF 6B OD DC C3 17 ED 58 DO 54 12 A3 BA 9C

    Not sure if of any use but wrote to National Rail

    Reply
  29. Read an article a while back, that said akamai was involved, in one way or another, with about 70 percent of all internet traffic… there used to be a LOT of articles about it, but I’ve noticed there aren’t many any more. (Hmmm). They have a website, and an interesting internet traffic meter (http://www.akamai.com/html/technology/nui/news/index.html). Back in the day, a standard “proxy hunt” would involve signing up for a “trial” akamai account, and then using that as a “header” for surfing.. since akamai was used in so many applications and sites.
    Hope this helps…

    Reply
  30. wtf. knowledgeable people say being paranoid. They havent done there homework, they just like calling people paranoid.

    No kidding most of us know what there supposed front is, “content delivery”.

    Forget all that though, and forget it being part of echelon. I’m stating facts while your spurting what you believe.

    The fact is that there was an iraq weapons company selling grenades, rocket launchers, etc online to anyone with a credit card, except for anyone located in the united states. As you browsed there sites all the connections came up as akamai.

    All united state citizens should be outraged by this. Akamai provides content delivery for United States DOD and plenty of other sites. So answer me this, Why would we have any connections with a company that sells weapons to terrorist. Either there was government involvement and it was a sting to catch people (doubt it since there wasn’t any arrest over that website), or it is an evil company run by the goverment since dod and other elite companys/agencys use it.

    So why would our country want to do business with a company that host content for illegal, corrupt or immoral sites. Americans should be outraged and want answers, if Akamia was hosting content for child porn sites people would be outraged, so why are they hosting content for weapon sites that sell to anybody except people located within the united states.

    So none of that is about paranoia, but based on facts. Its either part of corrupt government elite, or part of governments echelon system to monitor by connecting all computers and using “content delivery” as a front.

    Reply
  31. Mm that is true. Does the internet really need akamai? I don’t like it. I don’t like it because Google chrome doesn’t allow me to enter certain pages because of akamai. I realized that happens when i’m using an iPad. It doesn’t happen in the computer because akamai is strangely instaled since i have the computer. Sorry muy english. I think the whole thing about akamai is a way of keeping all of us controled. And probably there is another way for spreading the load. Thanks anyway. Bye

    Reply
  32. If you didn’t ask for the certificate from GTE/Akamai…why accept it.

    Now if they send me a valid check in the mail, along with a request, fine, after it clears they can dump a certificate on me.

    Reply
  33. The reason *.akamai.net is being blocked by firewalls and browsers has a lot to do with the nature of hosting described in this article and security certificates (used with https). It is most likely the case that akamai holds the security certificate and so the certificate is in akamai’s name. Firewalls and web browsers have a important job of finding mismatches and discrepancies among servers and their certificates. When a websites name does not match the company name on the certificate, the firewall and browser will complain (for good reason too). Since akamai hosts so many domains, it is hard to always determine if ignoring these complaints by your firewall is such a good idea.

    Reply
  34. Hi,

    I’m actually having ads displayed saying they’re from “Akamai.net”. Popups/Popunders, 160×600 size ads appearing on sides of webpages. Even on my own website [url removed], if you scroll down to the latest article, part of it, random 2-3 letter words, are hyperlinked with an ad. Wtf? What do I do? Just scan my PC? Should I change my passwords incase they were hacked or stolen?

    I’m not seeing those ads on your site. I’m wondering if perhaps you have malware on your machine. It might be worth seeing if the ads appear when you visit the site from another computer.

    Leo
    19-Apr-2013

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.