C:\>nslookup Default Server: Address: 192.168.0.1 > 66.235.139.18 Server: Address: 192.168.0.1 Name: *.112.2o7.net Address: 66.235.139.18 >
When I put http://2o7.net in the address bar of a browser, I was taken to a Adobe Marketing Cloud privacy web page, which states:
The Adobe Marketing Cloud solutions enable our business customers to personalize and improve the performance of their websites, apps, and social networking pages. These companies use Adobe Marketing Cloud solutions to collect and analyze information, such as clicks made by visitors on their websites, apps, and social networking pages. The solutions also allow the companies to provide you with more relevant messages within their emails, text messages, and other online and offline marketing campaigns. In general, companies use Adobe Marketing Cloud solutions when they want to better understand and improve their online resources and marketing.
When I checked on the history of the domain name using the WhoISRequest Domain History Checker, I saw the domain name was previously associated with Omniture from 2002 through 2010 (report). Omniture, an online marketing and web analytics business, was acquired by Adobe Systems in 2009.
In 2008, there was a measure of controversy over Omniture's use of a host
name beginning with 192.168, i.e., 192.168.112.2O7.net. IP
addresses in the range 192.168.0.0 to 192.168.255.255 are within
private IP address space, aka, RFC1918 address space, so some felt starting the host name with 192.168
might mislead some users to think the host was one on their own network. E.g.,
see
What is Omniture, and why is it watching me?.
Only the Safari browser was open on the MacBook Pro laptop associated with the firewall log entry. I used a Python script to view all Safari cookies on the system, but did not see any associated with omniture.com or omtrdc.net, which I saw in the WhoISRequest report as provding DNS servers for the 2o7.net domain. Nor did I see any cookies for 2o7.net or adobe.com. The 2015 Relese of the Adobe Acrobat Reader DC application was open on the system, so perhaps it was responsible for the outgoing port 80 connetion; port 80 is the standard HTTP port used by websites for unencrypted communications.