Do these sites belong to akamai/and are legitimate? (e.g hosted-by.illuminati.es)

I was looking at resource monitor, under the network tab. I was viewing steam.exe and steamwebhelper.exe (official signed exexutables from valves steam service.)

I was alerted when I saw them with network activity to:

Dimequein.com
Hosted-by.illuminati.es
Telia.net
Teliacarrier.com
Level3.net
Frankfurt1.mik.net

The first 2 immediately were suspicious to me, but steam was using it, which is owned by a multi billion euro company. I havent downloaded anything or viisted anywhere since the last mbam and tdss scan I ran, a day or two ao which were all clean. No malaware has been on the system to date.

Searching these domains via google in a search like "illuminati.es akamai" show it being linked to tinet spa, and owned by Akamai. Steam uses akamai. Howver using a site like virustotal shows a different, with no reference to akamai, an american corporate address.

Are these legitimate domains? No other program seems to use these domains at all. Is it something to be worried about?

networking

Keyes

Posted 2014-11-15T14:52:22.717

Reputation: 191

it probably wouldnt hurt to do a quick check of your hosts file, and to check what DNS is being used. If these are fully official programs going to any site that has been closed down, it could be a redirection. Also check for the disk location of these files named steam, a trick would be to have a similar file name but in a different location. That is what i might check to look deeper. (and always scroll the hosts to the bottom, new trick to put it low) – Psycogeek – 2014-11-15T17:53:17.010

The executables used were official digitally signed ones. Hosts file is unedited, 824 bytes. https://forum.eset.com/topic/3562-suspicious-outbound-traffic/ this post has some other user having this domain having activity, and being possibly akamai

– Keyes – 2014-11-16T15:14:11.123

I do not nessisarily agree (with the diatribe) that a user having concerns is the wrong. The programs connecting to all kinds of places to aquire info and services, and scripts and data , and not informing the user What and Why, and where all they will go, is the problem. The users who noticed :-) should be able to get facts. Steam forum? – Psycogeek – 2014-11-16T15:45:43.160

Answers

Only the first couple are dubious

Level3.net - Level 3 Communications is an American multinational telecommunications and Internet service provider company headquartered in Broomfield, Colorado. It operates a Tier 1 network

Telia.net - TeliaSonera AB is the dominant telephone company and mobile network operator in Sweden and Finland. The company has operations in other countries in Northern, Eastern Europe, Central Asia, South Asia

Frankfurt1.mik.net resolves to GoDaddy

illuminati traceroutes to ip.secureserver.net https://who.is/whois/secureserver.net/ which is akam, again via GoDaddy. idk whether akam is akamai

Tetsujin

Posted 2014-11-15T14:52:22.717

Reputation: 22 456

Sorry, dimequein should be dimequien.com. "Geo Information. IP Address, 77.67.11.122. Host, dimequien.com. Location, DE, Germany. City, -, - -. Organization, Akamai Technologies." – Keyes – 2014-11-15T15:09:19.903

https://who.godaddy.com/whoisstd.aspx?domain=dimequien.com&prog_id=GoDaddy – Tetsujin – 2014-11-15T15:13:01.933

Then how come searching the domain with akamai next to in google shows many things like the above comment I made? – Keyes – 2014-11-15T15:16:43.100

I'm providing links to my evidence. – Tetsujin – 2014-11-15T15:19:17.420

So what should I do? Ia it possible these are malicious? Even though its being used by an official program? – Keyes – 2014-11-15T15:35:18.290

I have no clue - ask Steam. – Tetsujin – 2014-11-15T15:36:03.057

Akam.net is owned by Akamai Technologies. Does this mean its a legit domain? And for dimequien? – Keyes – 2014-11-15T16:19:00.487

that one seems to resolve to somewhere different for you than me, so I couldn't say. Seems to be GoDaddy Australia to me. – Tetsujin – 2014-11-15T16:23:43.200

Sorry, it shpuld be dimequien.com (if you used dimequein.com, thats the wrong one) – Keyes – 2014-11-15T16:27:27.833

http://www.tcpiputils.com/browse/domain/dimequien.com – Tetsujin – 2014-11-15T16:31:57.853