2o7.net
While checking a firewall's logs, I noticed a "TCP FIN SCAN" entry for
66.235.139.18. The log entry showed the local host accessing port 80 on the
remote host at that IP address. Out of curiosity, I performed an nslookup on
the IP address. The
PTR record for the IP address points to the 2o7.net
domain
name.
C:\>nslookup
Default Server:
Address: 192.168.0.1
> 66.235.139.18
Server:
Address: 192.168.0.1
Name: *.112.2o7.net
Address: 66.235.139.18
>
When I put
http://2o7.net in the address bar of a browser,
I was taken to a
Adobe Marketing Cloud privacy web page, which states:
The Adobe Marketing Cloud
solutions enable our business customers to personalize and improve the
performance of their websites, apps, and social networking pages. These
companies use Adobe Marketing Cloud solutions to collect and analyze
information, such as clicks made by visitors on their websites, apps, and
social networking pages. The solutions also allow the companies to provide you
with more relevant messages within their emails, text messages, and other
online and offline marketing campaigns. In general, companies use Adobe
Marketing Cloud solutions when they want to better understand and improve
their online resources and marketing.
[ More Info ]
[/network/Internet/domains]
permanent link
Check a Domain's Reputation
There are a number of companies that provide a means of checking
a domain's reputation. E.g., perhaps you may wish to determine if a particular
domain name is associated with the transmission of spam or want to know whether
it is safe to visit a particular website. Often antispam and antivirus vendors
will allow you to lookup an IP address or
fully qualified domain name (FQDN)
, e.g.
somesite.example.com to make that determination through
a website they provide.
[ More
Info ]
[/network/Internet/domains]
permanent link
IP and Domain Name Reputation Sites
An
IP address may be added to a
DNS Blacklist (DNSBL), if spam
is detected as emanating from that IP address. You can check for the presence
of an IP address on various blacklists using the
MxToolBox Email Blacklist
Check, which currently checks 124 blacklists, or at individual
blacklist sites, such as
MAPS.
You can check on whether an IP address has been associated with attacks
on other systems at DShield
or myNetWatchman by
performing an IP lookup.
You can also obtain information on the "reputation" for a site
at Barracuda
Central by performing a lookup on either an IP address or a domain name.
Barracuda Networks sells widely used spam firewall devices, so a poor
reputation listing at Barracuda Central may lead to email from an IP address
listed there, or with a domain name in the body of email messages being found
there, being blocked by those using Barracuda Networks security devices.
Another reputation site is
TrustedSource. You can lookup an IP address there and see a graph
of activity associated with that site. If you see red bars on the
graph, those represent malicious activity associated with the IP address
on the days for which those bars appear.
[/network/Internet/domains]
permanent link
Locating Cybersquatters Capitalizing on a Variant of Your Domain
Cybersquatters
may buy domains similar to yours hoping to take advantage
of someone mistyping your domain name or to mislead someone into thinking
a domain name in a URL belongs to a legitimate company or organization.
For instance many people might visit microsoft.com, so a cybersquatter might
buy micrsoft.com, which has a missing "o", so that someone making a typo that
left out that "o" would be directed to the cybersquatter's site instead, where
the cybersquatter may have nothing but ads, hoping to get money generated
from those viewing those ads. If millions of people visit microsoft.com every
week, the cybersquatter will probably get a signifiant amount of traffic
from such a typo.
Or perhaps you own example.com. The cybersquatter may purchase example.net,
if it is available. Someone seeing example.net in an email may think the
domain belongs to your company and visit a site that might have nothing but ads,
perhaps even risque ones, or the site might try to infect visitors with
adware/spyware, which might harm your company's reputation, even though you
don't own the domain name and have no control over the site.
CitizenHawk helps you locate
potential cybersquatter sites for your domain name.
[/network/Internet/domains]
permanent link
