imtransferagent to ads.jetpackdigital.com -What is this????

General discussions about Little Snitch
Post Reply
DCIFRTHS
Posts: 10
Joined: Thu May 14, 2009 9:36 am

imtransferagent to ads.jetpackdigital.com -What is this????

Post by DCIFRTHS » Fri Dec 06, 2013 4:08 am

I just got a message asking me to allow incoming connections from ads.jetpackdigital.com, on port 80 to imtransferagent

Why would imtransferagent need to connect to ads.jetpackdigital.com? Do they host images for Apple now? Is this a nefarious connection attempt?

OS: Mavericks (10.9)
Little Snitch: 3.3

rob_06
Rank 3
Rank 3
Posts: 122
Joined: Fri Nov 20, 2009 12:02 am
Location: Australia

Re: imtransferagent to ads.jetpackdigital.com -What is this

Post by rob_06 » Fri Dec 06, 2013 5:33 am

It is part of the iMessage framework.

Don't know a lot more about it but googling brings up quite a few things some that seem strange. But it is apple related.

DCIFRTHS
Posts: 10
Joined: Thu May 14, 2009 9:36 am

Re: imtransferagent to ads.jetpackdigital.com -What is this

Post by DCIFRTHS » Fri Dec 06, 2013 6:55 am

I know that imtransferagent is part of iMessage, but ads.jetpackdigital.com isn't. Is it????

I wasn't happy with what I found when I first Googled it. Why would Apple be using an ad delivery service as part of iMessage? This is supposed to be a "secure" messaging system...

I also noticed that I did not receive a message, that had a image in it, after denying the request to connect to ads.jetpackdigital.com - I did come through on my phone though.

hagen
Wizard
Wizard
Posts: 594
Joined: Mon Feb 18, 2008 11:05 pm

Re: imtransferagent to ads.jetpackdigital.com -What is this

Post by hagen » Fri Dec 06, 2013 7:32 am

I could be wrong about this, but I interpret "incoming connection" request to mean that the communication originated from outside. In other words, ads.jetpackdigital.com is trying to connect to imtransferagent, not the other way around. If imtransferagent originated the communication, and the outgoing was allowed, no incoming alert would be generated.

Can someone comment on whether that interpretation is right or not? rob_06? anyone?

Perhaps ads.jetpackdigital.com is attempting to inject ads into the IM system.

DCIFRTHS
Posts: 10
Joined: Thu May 14, 2009 9:36 am

Re: imtransferagent to ads.jetpackdigital.com -What is this

Post by DCIFRTHS » Fri Dec 06, 2013 8:50 am

I got the Little Snitch dialog again. This time I captured it. Click the link below to view it. BTW, I couldn't embed the pic. Does anyone know how to do it? I placed a link (to the image) between the image tags, but it didn't work properly.

https://app.box.com/s/z3z6b2ywdv8dl45rlz2t This is a link to the image.


Below is the whois info for the IP in the LS dialog:

NETWORK
NetRange 176.0.0.0 - 176.255.255.255
CIDR 176.0.0.0/8
Name RIPE-176
Handle NET-176-0-0-0-0
Parent
Net Type Allocated to RIPE NCC
Origin AS
Organization RIPE Network Coordination Centre (RIPE)
Registration Date 1993-05-01
Last Updated 2010-05-18
Comments These addresses have been further assigned to users in
the RIPE NCC region. Contact information can be found in
the RIPE database at http://www.ripe.net/whois
RESTful Link http://whois.arin.net/rest/net/NET-176-0-0-0-0
See Also Related organization's POC records.
See Also Related delegations.

ORGANIZATION
Name RIPE Network Coordination Centre
Handle RIPE
Street P.O. Box 10096
City Amsterdam
State/Province
Postal Code 1001EB
Country NL
Registration Date
Last Updated 2013-07-29
Comments
RESTful Link http://whois.arin.net/rest/org/RIPE
Referral Server whois://whois.ripe.net:43

hagen
Wizard
Wizard
Posts: 594
Joined: Mon Feb 18, 2008 11:05 pm

Re: imtransferagent to ads.jetpackdigital.com -What is this

Post by hagen » Fri Dec 06, 2013 7:56 pm

Ah, I see. That screenshot indicates the connection attempt was originated by imagent.

I know nothing; I'll go away now.

jum
Posts: 1
Joined: Sun Apr 06, 2014 1:11 am

Re: imtransferagent to ads.jetpackdigital.com -What is this

Post by jum » Sun Apr 06, 2014 1:23 am

Hi DCIFRTHS, I saw the same thing from iMessage. I'm guessing that comes from a reverse DNS lookup.

If I use nslookup, I get this, though the IP address changes:

Code: Select all

$ nslookup ads.jetpackdigital.com
Server:      8.8.8.8
Address:   8.8.8.8#53

Non-authoritative answer:
ads.jetpackdigital.com   canonical name = ads.jetpackdigital.com.s3-external-1.amazonaws.com.
ads.jetpackdigital.com.s3-external-1.amazonaws.com   canonical name = s3-external-1.amazonaws.com.
Name:   s3-external-1.amazonaws.com
Address: 176.32.100.250


So it looks like Apple is using Amazon S3 to host media files which are sent over iMessage. Your computer retrieves the file from Amazon's server, and Little Snitch sees that IP address. (The attachments are encrypted, according to Apple's documentation on iOS security.) For some reason, it reports that to you as "ads.jetpackdigital.com" even though "s3-external-1.amazonaws.com" would be more informative.

DCIFRTHS
Posts: 10
Joined: Thu May 14, 2009 9:36 am

Re: imtransferagent to ads.jetpackdigital.com -What is this

Post by DCIFRTHS » Sat May 17, 2014 5:06 pm

Thank you for the information. I feel better about allowing it now.

Post Reply