Identifying Akamai IP Addresses

Any ideas on how to identify the real URL/owner of an Akamai IP Address?

For example, say you get a firewall alert saying that a process wants to make a connection to an IP address. Before allowing the connection you look up the IP address to see who owns the IP address. Ordinarily it will tell you who’s IP address it is, however if they’re using Akamai to serve their content, the only information you get is that it’s an Akamai IP address.

To give a real life example, say the firewall gives an alert to say it wants to make a connection to You look up the IP info and it says it belongs to Akamai Technologies. It seems the only way I can find out who’s behind that IP address is to start recording network traffic, allow it through the firewall and watch the DNS requests/HTTP requests. In this particular case, it’s requesting a Certificate Revocation List from, but I’m wondering whether there’s a way to find this out without letting it through the firewall and packet sniffing first?


DNS monitoring should reveal that, it first needs to do a ‘lookup’ for it get’s the Akamai IP.

So you can monitor your DNS cache with a command-box command like

ipconfig /displaydns

Or you can use a tool like DNSQuerySniffer - DNS queries sniffer for Windows

Thanks for the reply.

Yeah, I’ve tried looking in the DNS cache, but for some reason whenever I look, it never seems to cache the ones I’m interested in. I even tried using ipconfig /displaydns >C:\Users[UserName]\Desktop\dnscache.txt and using the Notepad search function in case I accidently missed it.

The Nirsoft program looks good, although I’m still faced with the same problem where I have to set it to capture in advance. If the connection is something that’s user triggered it’s simple enough, however if it’s a process that randomly tries to create a connection without user interaction, it’s a bit hit and miss as to when it’s going to try and make a connection.

I was hoping there was a way of somehow querying a DNS server to provide more info than just the standard lookup. Afterall, the DNS records obviously have the original domain in their lists somewhere in order to perform the lookup in the first place. It would be handy if there was some way backtrack Akamai addresses, sort of like: > > www

As they run probably multiple names to the same IP you won’t get the correct answer doing a PTR request.
Only thing left is to run a local DNS server so you can log every request out, ISC Bind has a Windows build.