2o7.net

While checking a firewall's logs, I noticed a "TCP FIN SCAN" entry for 66.235.139.18. The log entry showed the local host accessing port 80 on the remote host at that IP address. Out of curiosity, I performed an nslookup on the IP address. The PTR record for the IP address points to the 2o7.net domain name.
C:\>nslookup
Default Server:
Address:  192.168.0.1

> 66.235.139.18
Server:
Address:  192.168.0.1

Name:    *.112.2o7.net
Address:  66.235.139.18

>

When I put http://2o7.net in the address bar of a browser, I was taken to a Adobe Marketing Cloud privacy web page, which states:

The Adobe Marketing Cloud solutions enable our business customers to personalize and improve the performance of their websites, apps, and social networking pages. These companies use Adobe Marketing Cloud solutions to collect and analyze information, such as clicks made by visitors on their websites, apps, and social networking pages. The solutions also allow the companies to provide you with more relevant messages within their emails, text messages, and other online and offline marketing campaigns. In general, companies use Adobe Marketing Cloud solutions when they want to better understand and improve their online resources and marketing.

When I checked on the history of the domain name using the WhoISRequest Domain History Checker, I saw the domain name was previously associated with Omniture from 2002 through 2010 (report). Omniture, an online marketing and web analytics business, was acquired by Adobe Systems in 2009.

In 2008, there was a measure of controversy over Omniture's use of a host name beginning with 192.168, i.e., 192.168.112.2O7.net. IP addresses in the range 192.168.0.0 to 192.168.255.255 are within private IP address space, aka, RFC1918 address space, so some felt starting the host name with 192.168 might mislead some users to think the host was one on their own network. E.g., see What is Omniture, and why is it watching me?.

Only the Safari browser was open on the MacBook Pro laptop associated with the firewall log entry. I used a Python script to view all Safari cookies on the system, but did not see any associated with omniture.com or omtrdc.net, which I saw in the WhoISRequest report as provding DNS servers for the 2o7.net domain. Nor did I see any cookies for 2o7.net or adobe.com. The 2015 Relese of the Adobe Acrobat Reader DC application was open on the system, so perhaps it was responsible for the outgoing port 80 connetion; port 80 is the standard HTTP port used by websites for unencrypted communications.

 

TechRabbit ad 300x250 newegg.com

Justdeals Daily Electronics Deals1x1 px