WebAIM - Web Accessibility In Mind

E-mail List Archives

Re: Fw: is it a fake adobe site?, A Brief Analysis

for

From: Terrill Bennett
Date: Aug 23, 2010 6:30AM

"Give a man a fish and you feed him for a day. Teach a man to fish
and you feed him for a lifetime." It's always better to provide a
"How To," don't you agree?

While any website can be spoofed or hijacked, large companies like
Adobe usually notice and fix it fast. That in mind, my short,
non-definative analysis is: adobe.ge belongs and redirects to adobe.com.

I used ping from my laptop, and two online tools (ipinfodb.com which
does a lookup, and traceroute via network-tools.com). The results are
below. Enjoy!


=== adobe.ge ==
C:> ping -n 1 adobe.ge

Pinging adobe.ge [192.150.18.117] with 32 bytes of data:

Reply from 192.150.18.117: bytes=32 time=125ms TTL=241

Ping statistics for 192.150.18.117:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 125ms, Average = 125ms

http://www.ipinfodb.com/ip_locator.php?ip=adobe.ge
* IP address : 192.150.18.117
* Country : United States
* State/Province : California
* City : San Jose
* Zip or postal code : 95110
* Latitude : 37.3422
* Longitude : -121.905
* Timezone : America/Los_Angeles
* Gmtoffset : -7
* Local time : August 23 04:58:52
* Hostname : 192.150.18.117

=== Adobe.com ==
C:> ping -n 1 adobe.com

Pinging adobe.com [192.150.18.117] with 32 bytes of data:

Reply from 192.150.18.117: bytes=32 time=123ms TTL=241

Ping statistics for 192.150.18.117:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 123ms, Maximum = 123ms, Average = 123ms

http://www.ipinfodb.com/ip_locator.php?ip=adobe.com

* IP address : 192.150.18.117
* Country : United States
* State/Province : California
* City : San Jose
* Zip or postal code : 95110
* Latitude : 37.3422
* Longitude : -121.905
* Timezone : America/Los_Angeles
* Gmtoffset : -7
* Local time : August 23 05:00:08
* Hostname : 192.150.18.117

================= TraceRoute ================
http://network-tools.com/default.asp?prog=express&;host=adobe.ge

IP address: 192.150.18.117
Host name: adobe.ge

Alias:
adobe.ge
192.150.18.117 is from United States(US) in region North America


TraceRoute to 192.150.18.117 [adobe.ge]
Hop (ms) (ms) (ms) IP Address Host name
1 174 173 212 72.249.128.109 -
2 178 229 234 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net
3 99 128 95 4.69.145.204 ae-4-90.edge2.dallas3.level3.net
4 151 149 113 4.68.63.226 ntt-level3-te.dallas3.level3.net
5 112 155 204 129.250.4.25 ae-4.r21.snjsca04.us.bb.gin.ntt.net
6 129 170 159 129.250.4.25 ae-4.r21.snjsca04.us.bb.gin.ntt.net
7 104 87 134 129.250.5.57 ae-2.r07.snjsca04.us.bb.gin.ntt.net
8 118 147 138 128.241.219.86 xe-0-2-0-3.r07.snjsca04.us.ce.gin.ntt.net
9 87 81 81 192.150.18.11 -
10 88 106 106 192.150.18.117 -

Trace complete


Retrieving DNS records for adobe.ge...

DNS servers
adobe-dns-3.adobe.com
adobe-dns.adobe.com
adobe-dns-2.adobe.com

Answer records
adobe.ge SOA
server: adobe-dns-3.adobe.com
email: <EMAIL REMOVED>
serial: 2008013025
refresh: 10800
retry: 1800
expire: 1036800
minimum ttl: 86400
86400s
adobe.ge MX
preference: 3
exchange: adobe.com.mail7.psmtp.com
86400s
adobe.ge MX
preference: 4
exchange: adobe.com.mail8.psmtp.com
86400s
adobe.ge MX
preference: 5
exchange: smtp-relay-man.adobe.com
86400s
adobe.ge MX
preference: 100
exchange: filter-relay-1.adobe.com
86400s
adobe.ge MX
preference: 100
exchange: filter-relay-2.adobe.com
86400s
adobe.ge MX
preference: 1
exchange: adobe.com.mail5.psmtp.com
86400s
adobe.ge MX
preference: 2
exchange: adobe.com.mail6.psmtp.com
86400s
adobe.ge A 192.150.18.117 86400s
adobe.ge NS adobe-dns-2.adobe.com 86400s
adobe.ge NS adobe-dns-3.adobe.com 86400s
adobe.ge NS adobe-dns.adobe.com 86400s

Authority records

Additional records
smtp-relay-man.adobe.com A 192.150.11.200 86400s
filter-relay-1.adobe.com A 192.150.11.140 86400s
filter-relay-2.adobe.com A 192.150.11.141 86400s
adobe-dns.adobe.com A 192.150.11.30 86400s
adobe-dns-2.adobe.com A 192.150.11.247 86400s
adobe-dns-3.adobe.com A 192.150.22.30 86400s


Whois query for adobe.ge...

Query error: No whois server known for the given domain

Network IP address lookup:


Whois query for 192.150.18.117...

Results returned from whois.arin.net:

#
# The following results may also be obtained via:
#
http://whois.arin.net/rest/nets;q=192.150.18.117?showDetails=true&showARIN=false
#

NetRange: 192.150.18.0 - 192.150.18.255
CIDR: 192.150.18.0/24
OriginAS:
NetName: ADOBE42
NetHandle: NET-192-150-18-0-1
Parent: NET-192-0-0-0-0
NetType: Direct Assignment
NameServer: ADOBE-DNS.ADOBE.COM
NameServer: ADOBE-DNS-3.ADOBE.COM
NameServer: ADOBE-DNS-2.ADOBE.COM
RegDate: 1992-06-25
Updated: 2008-11-10
Ref: http://whois.arin.net/rest/net/NET-192-150-18-0-1

OrgName: Adobe Systems Inc.
OrgId: ADOBES-Z
Address: 345 Park Avenue
City: San Jose
StateProv: CA
PostalCode: 95110
Country: US
RegDate: 2008-03-21
Updated: 2008-11-10
Ref: http://whois.arin.net/rest/org/ADOBES-Z

OrgTechHandle: INTER86-ARIN
OrgTechName: Internet Administrator
OrgTechPhone: +1-408-536-2800
OrgTechEmail: <EMAIL REMOVED>
OrgTechRef: http://whois.arin.net/rest/poc/INTER86-ARIN

OrgAbuseHandle: NOC3375-ARIN
OrgAbuseName: Network Operations Center
OrgAbusePhone: +1-408-536-2800
OrgAbuseEmail: <EMAIL REMOVED>
OrgAbuseRef: http://whois.arin.net/rest/poc/NOC3375-ARIN

OrgNOCHandle: NOC3375-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-408-536-2800
OrgNOCEmail: <EMAIL REMOVED>
OrgNOCRef: http://whois.arin.net/rest/poc/NOC3375-ARIN

RTechHandle: JF790-ARIN
RTechName: Fitzgerald, Jim
RTechPhone: +1-206-675-7286
RTechEmail: <EMAIL REMOVED>
RTechRef: http://whois.arin.net/rest/poc/JF790-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

We return now to the Accessibility Topics already in progress...