In an earlier topic I posted about Comodo crashing repeatedly. I’ve done a clean install and so far it has been ok, but I’ve been keeping an eye on my active connections and have noticed a few odd IPs that I can’t determine who/what they belong to.
Whenever I log on I see an outgoing connection made by svchost.exe to an IP in the range of 216.246.75.*, which resolves to “unknown.scnet.net” - which seems related to the host “servercentral”.
There are some references to Akamai and scnet.net on Google, along with some malware-related results… I just don’t know why my PC would be connecting to scnet/Akamai upon login, and seemingly randomly during my login session… I’ve seen the following IPs in the Comodo logs:
216.246.75.81
216.246.75.122
216.246.75.123
216.246.75.227
216.246.75.229
216.246.75.131
216.246.75.236
I just don’t like the idea of some unknown program phoning home, and I don’t know what data is being sent out.
Any ideas?
Server Central/scnet.net belong to Akamai as a whois look up show.
Akamai is huge hosting provider where software makers can host their updates and having them distributed load balanced over the world. Years ago Akamai was said to host about 25% of the web.
Some programs will use svchost.exe to connect to the web for updates. I would not be bothered about this. I don’t think malware makers would use Akamai; would most likely be out of their financial league…
If you want to know what process is using svchost.exe you have to find out what svchost.exe instance with which Process ID (PID) is making the connection. Then use Svchost Viewer or Svchost analyser to see what applications are connected to the concerned svchost instance.
Ah, ok - that makes sense! So, it’s probably just a program updater - MS Update, Adobe, etc. checking periodically for updates? I’ve just been overly-paranoid lately - thanks for putting my mind at ease, and for putting up with my questions! 