View Full Version : Anyone had problems with 2o7.net?

11th Jul 2010, 20:26
Over the past few weeks, Thunderbird has hiccupped spasmodically on my machine. I didn't worry too much, until it did it several times in one day.

The error message was always the same:
102.112.2o7.net has sent an incorrect or unexpected message. Error code: -12263

Google didn't recognise the error code. Some more research indicated that 2o7.net iappears to be a proprietary security outfit in Utah, specialising in anti-fraud "solutions". So I decided to go to their website to see what's up.

At that point, WOT came up with a warning that the site has a poor/very poor reputation and advised me not to go to it. Further research showed that a whole range of 2o7.net links are proscribed in the hosts file I downloaded from a security site. Clearly some folks who I trust about Internet security have reservations about 2o7.net.

Next question: so why is Thunderbird trying to connect to 2o7.net anyway?
The answer was soon revealed, in the HTML of a PayPal e-mail confirming I'd paid someone:

So, I ask myself, why is PayPal sending me to a dodgy "security" site when it confirms I've paid? I asked PayPal via their online enquiries panel. The first answer, from their technical support, was evasive and asked me to contact customer services. I have now sent the same query to customer services (I wonder why technical services couldn't forward it).

Does anyone know more about 2o7.net and what it actually does? Is there a reason why the "advisers" put it into their recommended hosts file, and why WOT doesn't like it?

11th Jul 2010, 20:48
In my experience, don't expect any coherent or relevant response from Paypal.

green granite
11th Jul 2010, 21:28
Their explanation: Omniture Privacy - 2o7.net Explained (http://www.omniture.com/en/privacy/2o7?f=2o7)

other info:

Plagued by the 2o7.net cookie | Technology | guardian.co.uk (http://www.guardian.co.uk/technology/askjack/2008/apr/24/plaguedbythe2o7netcookie)

What is Omniture, and why is it watching me? | Technology | The Guardian (http://www.guardian.co.uk/technology/2008/jan/03/adobe.apple)

I suggest you untick the 'accept cookies from third parties' box, that will stop it geting into your M/C.

11th Jul 2010, 22:14
Thanks! So it's a tracking cookie. I'm glad it's blocked - I don't like being tracked.

No connection is being made to 2o7.net from my PC because the hosts file blocks it - that's what's causing the error messages. There are no 2o7 cookies in my Firefox.
It's Thunderbird that's getting these - or rather, not.

I watched this afternoon when I opened a Paypal e-mail: the "doing something" spinning daisy whirled for a good 20 seconds before giving up and spitting out the error message about 2o7.

More browsing revealed that there's a toggle in the Paypal Profile settings for all e-mails to come in plain text rather than HTML. I've made that change which, I think, will remove the 2o7 link altogether from Paypal e-mails.

GG's links are scary. It hadn't dawned on me that they'd create a link like - made to look like an IP address on a network. That is sneaky! Obviously up to no good.

12th Jul 2010, 08:56
GG's links are scary. It hadn't dawned on me that they'd create a link like - made to look like an IP address on a network. That is sneaky! Obviously up to no good.

How about Google running 1e100.net then ? :cool:

13th Jul 2010, 01:00
I have a simple policy: No cookies from any site unless I specifically allow. Even then I limit cookies only to those that enable a service I require. I don't allow any cookies or scripts from any ad or tracking organisation.

Perhaps if they chose to contract with me for price (high - I value my privacy) then I might consider allowing them to use my data but until then they can stick their cookies up their arse.

I also block connections to ad & tracking companies. I'm not entirely against ads - I appreciate that the revenue supports the site I'm viewing - but not when they're intrusive, garish, flicker, shimmer, move or make noise. Those get blocked.

At first the cookie, script & block requests are frequent but once the blocklist is populated there's quite a drop in the frequency of cookie requests I have to deal with.

16th Jul 2010, 13:11
Well, I got a reply from Paypal Customer Services saying there's no record of them sending me to 2o7.net, so I sent them the relevant line from their e-mail with the link in it.

They replied that there's no record of them sending me to 2o7.net (clearly don't read e-mails, so it's probably a bot). I've written back asking them to investigate urgently before I make a formal complaint under the law.

Anyone know what law governs computer misuse, and who to complain to?
If it's OfCom I won't bother, because significant experience proves they do nowt anyway.

16th Jul 2010, 17:57
I say again

In my experience, don't expect any coherent or relevant response from Paypal.

16th Jul 2010, 21:34
Location: Rural Suffolk (bliss!)
Anyone know what law governs computer misuse, and who to complain to?

Funnily enough, it's called the Computer Misuse Act..... :cool:

OPSI is your friend for more info.... Office of Public Sector Information (http://www.opsi.gov.uk), all the statutes are there.

and who to complain to?

Sending a Mr Angry letter to some company quoting computer misuse ? You'll get a laugh and an automated letter. Only way you're going to see action is through a legal case. Problem is not only are you going to have to spend money on lawyers, you'll need some forensics or something substantial to support your case too. Oh, and then there's the small problem of their servers probably not being under UK jurisdiction..... :cool:

17th Jul 2010, 02:09
Oh well. Not going to waste that sort of time and money.

I've put Paypal on my "scammers or security risk" mail blacklist. I can still use 'em to pay for stuff, but they can't e-mail me.

Saab Dastard
30th Jul 2010, 18:16
Not just PayPal, which I use quite a lot.

I also discovered


in my cookies list.

Needless to say the 2o7.net domain is now blocked completely (I use OpenDNS).

Through a combination of browser, hosts file and DNS configurations, I am gradually reducing the amount of [email protected]<hidden> dropped onto the Dastard PCs.


SEO by vBSEO 3.6.1