E-mail List Archives

You are here: Home > Community > E-mail List Archives > View Thread

Thread: Fw: is it a fake adobe site?

Number of posts in this thread: 13 (In chronological order)

From: Tania
Date: Fri, Aug 20 2010 10:18PM
Subject: Fw: is it a fake adobe site?
No previous message | Next message →

i received this from a friend about a suspicious site
----- Original Message -----
Subject: is it a fake adobe site?

i google search for adobe and found this site. is it fake or genuine? i thought adobe website ends in '.com' not'.G'

Adobe - Flash Player 10 Accessibility overview

thanks

From: Andrew Kirkpatrick
Date: Sat, Aug 21 2010 6:21AM
Subject: Re: Fw: is it a fake adobe site?
← Previous message | Next message →

Can you provide the link?

Thanks,
AWK

Andrew Kirkpatrick
Group Product Manager, Accessibility
Adobe Systems

= EMAIL ADDRESS REMOVED =
http://twitter.com/awkawk
http://blogs.adobe.com/accessibility

-----Original Message-----
From: = EMAIL ADDRESS REMOVED = [mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Tania
Sent: Saturday, August 21, 2010 12:18 AM
To: WebAIM Discussion List
Subject: [WebAIM] Fw: is it a fake adobe site?

i received this from a friend about a suspicious site
----- Original Message -----
Subject: is it a fake adobe site?

i google search for adobe and found this site. is it fake or genuine? i thought adobe website ends in '.com' not'.G'

Adobe - Flash Player 10 Accessibility overview

thanks

From: Tania
Date: Sat, Aug 21 2010 8:48PM
Subject: Re: Fw: is it a fake adobe site?
← Previous message | Next message →

here it is. i received all emails in txt format; maybe it affected the link
when i forwarded it.

http://www.adobe.ge/accessibility/products/flashplayer/overview.html

----- Original Message -----
From: "Andrew Kirkpatrick" < = EMAIL ADDRESS REMOVED = >
To: "WebAIM Discussion List" < = EMAIL ADDRESS REMOVED = >
Sent: Saturday, August 21, 2010 8:18 PM
Subject: Re: [WebAIM] Fw: is it a fake adobe site?

> Can you provide the link?
>
> Thanks,
> AWK
>
> Andrew Kirkpatrick
> Group Product Manager, Accessibility
> Adobe Systems
>
> = EMAIL ADDRESS REMOVED =
> http://twitter.com/awkawk
> http://blogs.adobe.com/accessibility
>
>
> -----Original Message-----
> From: = EMAIL ADDRESS REMOVED =
> [mailto: = EMAIL ADDRESS REMOVED = ] On Behalf Of Tania
> Sent: Saturday, August 21, 2010 12:18 AM
> To: WebAIM Discussion List
> Subject: [WebAIM] Fw: is it a fake adobe site?
>
> i received this from a friend about a suspicious site
> ----- Original Message -----
> Subject: is it a fake adobe site?
>
>
> i google search for adobe and found this site. is it fake or genuine? i
> thought adobe website ends in '.com' not'.G'
>
> Adobe - Flash Player 10 Accessibility overview
>
> thanks
>

From: Jukka K. Korpela
Date: Sat, Aug 21 2010 11:18PM
Subject: Re: Fw: is it a fake adobe site?
← Previous message | Next message →

Tania wrote:

> here it is. i received all emails in txt format; maybe it affected
> the link when i forwarded it.
>
> http://www.adobe.ge/accessibility/products/flashplayer/overview.html

It looks suspicious: Adobe has country sites like www.adobe.fr but they
normally get redirected to adobe.com (e.g. http://www.adobe.com/fr/ ) and
appear in the main language of the country. Also note that the www.adobe.com
sites or even the www.adobe.ge page does not contain Georgia in the country
selection dropdown.

But how does this relate to web accessibility, the topic of this discussion
list?

--
Yucca, http://www.cs.tut.fi/~jkorpela/

From: Chris Price
Date: Sun, Aug 22 2010 5:21AM
Subject: Re: Fw: is it a fake adobe site?
← Previous message | Next message →

On 22 August 2010 06:16, Jukka K. Korpela < = EMAIL ADDRESS REMOVED = > wrote:

> Tania wrote:
>
> > here it is. i received all emails in txt format; maybe it affected
> > the link when i forwarded it.
>

> >But how does this relate to web accessibility, the topic of this
> discussion
> list?
>

This is a wild goose chase and totally irrelevant. The link is obviously
spurious. Was the intent of the original question, 'where do I find: Adobe -
Flash Player 10 Accessibility overview'?

--
Chris Price
0777 629 0227

follow me at http://twitter.com/hypergossip_uk
and http://facebook.com/chris.t.price

From: Tania
Date: Sun, Aug 22 2010 5:24AM
Subject: Re: Fw: is it a fake adobe site?
← Previous message | Next message →

oops! i forwarded the email thinking andrew would know best. did not
consider accessibility bit. i'll keep that in mind next time. thanks for the
reminder.
smile,
tania

----- Original Message -----
From: "Jukka K. Korpela" < = EMAIL ADDRESS REMOVED = >
To: "WebAIM Discussion List" < = EMAIL ADDRESS REMOVED = >
Sent: Sunday, August 22, 2010 1:16 PM
Subject: Re: [WebAIM] Fw: is it a fake adobe site?

> Tania wrote:
>
>> here it is. i received all emails in txt format; maybe it affected
>> the link when i forwarded it.
>>
>> http://www.adobe.ge/accessibility/products/flashplayer/overview.html
>
> It looks suspicious: Adobe has country sites like www.adobe.fr but they
> normally get redirected to adobe.com (e.g. http://www.adobe.com/fr/ ) and
> appear in the main language of the country. Also note that the
> www.adobe.com
> sites or even the www.adobe.ge page does not contain Georgia in the
> country
> selection dropdown.
>
> But how does this relate to web accessibility, the topic of this
> discussion
> list?
>
> --
> Yucca, http://www.cs.tut.fi/~jkorpela/
>
>

From: Tania
Date: Sun, Aug 22 2010 5:33AM
Subject: Re: Fw: is it a fake adobe site?
← Previous message | Next message →

well, yess the intent was to get the accessibility info from genuine site.
but also to verify the site was genuine or not.
thanks
tania
http://jumblebox.webs.com/
An Online Asian Magazine
----- Original Message -----
From: "Chris Price" < = EMAIL ADDRESS REMOVED = >
To: "WebAIM Discussion List" < = EMAIL ADDRESS REMOVED = >
Sent: Sunday, August 22, 2010 7:18 PM
Subject: Re: [WebAIM] Fw: is it a fake adobe site?

> On 22 August 2010 06:16, Jukka K. Korpela < = EMAIL ADDRESS REMOVED = > wrote:
>
>> Tania wrote:
>>
>> > here it is. i received all emails in txt format; maybe it affected
>> > the link when i forwarded it.
>>
>
>
>> >But how does this relate to web accessibility, the topic of this
>> discussion
>> list?
>>
>
> This is a wild goose chase and totally irrelevant. The link is obviously
> spurious. Was the intent of the original question, 'where do I find:
> Adobe -
> Flash Player 10 Accessibility overview'?
>
> --
> Chris Price
> 0777 629 0227
>
> follow me at http://twitter.com/hypergossip_uk
> and http://facebook.com/chris.t.price
>

From: Chris Price
Date: Sun, Aug 22 2010 5:57AM
Subject: Re: Fw: is it a fake adobe site?
← Previous message | Next message →

On 22 August 2010 12:31, Tania < = EMAIL ADDRESS REMOVED = > wrote:

> well, yess the intent was to get the accessibility info from genuine site.
> but also to verify the site was genuine or not.
> thanks
>

Did you get the information you required?

--
Chris Price
0777 629 0227

follow me at http://twitter.com/hypergossip_uk
and http://facebook.com/chris.t.price

From: Tania
Date: Sun, Aug 22 2010 8:00PM
Subject: Re: Fw: is it a fake adobe site?
← Previous message | Next message →

yes, i checked this list and found the actual adobe website.
thank you
cheers
tania

From: "Chris Price" < = EMAIL ADDRESS REMOVED = >
To: "WebAIM Discussion List" < = EMAIL ADDRESS REMOVED = >
Sent: Sunday, August 22, 2010 7:56 PM
Subject: Re: [WebAIM] Fw: is it a fake adobe site?

> On 22 August 2010 12:31, Tania < = EMAIL ADDRESS REMOVED = > wrote:
>
>> well, yess the intent was to get the accessibility info from genuine
>> site.
>> but also to verify the site was genuine or not.
>> thanks
>>
>
> Did you get the information you required?
>
> --
> Chris Price
> 0777 629 0227
>
> follow me at http://twitter.com/hypergossip_uk
> and http://facebook.com/chris.t.price
>

From: Terrill Bennett
Date: Mon, Aug 23 2010 6:30AM
Subject: Re: Fw: is it a fake adobe site?, A Brief Analysis
← Previous message | Next message →

"Give a man a fish and you feed him for a day. Teach a man to fish
and you feed him for a lifetime." It's always better to provide a
"How To," don't you agree?

While any website can be spoofed or hijacked, large companies like
Adobe usually notice and fix it fast. That in mind, my short,
non-definative analysis is: adobe.ge belongs and redirects to adobe.com.

I used ping from my laptop, and two online tools (ipinfodb.com which
does a lookup, and traceroute via network-tools.com). The results are
below. Enjoy!

=== adobe.ge ==
C:> ping -n 1 adobe.ge

Pinging adobe.ge [192.150.18.117] with 32 bytes of data:

Reply from 192.150.18.117: bytes=32 time=125ms TTL=241

Ping statistics for 192.150.18.117:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 125ms, Maximum = 125ms, Average = 125ms

http://www.ipinfodb.com/ip_locator.php?ip=adobe.ge
* IP address : 192.150.18.117
* Country : United States
* State/Province : California
* City : San Jose
* Zip or postal code : 95110
* Latitude : 37.3422
* Longitude : -121.905
* Timezone : America/Los_Angeles
* Gmtoffset : -7
* Local time : August 23 04:58:52
* Hostname : 192.150.18.117

=== Adobe.com ==
C:> ping -n 1 adobe.com

Pinging adobe.com [192.150.18.117] with 32 bytes of data:

Reply from 192.150.18.117: bytes=32 time=123ms TTL=241

Ping statistics for 192.150.18.117:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 123ms, Maximum = 123ms, Average = 123ms

http://www.ipinfodb.com/ip_locator.php?ip=adobe.com

* IP address : 192.150.18.117
* Country : United States
* State/Province : California
* City : San Jose
* Zip or postal code : 95110
* Latitude : 37.3422
* Longitude : -121.905
* Timezone : America/Los_Angeles
* Gmtoffset : -7
* Local time : August 23 05:00:08
* Hostname : 192.150.18.117

================= TraceRoute ================
http://network-tools.com/default.asp?prog=express&;host=adobe.ge

IP address: 192.150.18.117
Host name: adobe.ge

Alias:
adobe.ge
192.150.18.117 is from United States(US) in region North America

TraceRoute to 192.150.18.117 [adobe.ge]
Hop (ms) (ms) (ms) IP Address Host name
1 174 173 212 72.249.128.109 -
2 178 229 234 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net
3 99 128 95 4.69.145.204 ae-4-90.edge2.dallas3.level3.net
4 151 149 113 4.68.63.226 ntt-level3-te.dallas3.level3.net
5 112 155 204 129.250.4.25 ae-4.r21.snjsca04.us.bb.gin.ntt.net
6 129 170 159 129.250.4.25 ae-4.r21.snjsca04.us.bb.gin.ntt.net
7 104 87 134 129.250.5.57 ae-2.r07.snjsca04.us.bb.gin.ntt.net
8 118 147 138 128.241.219.86 xe-0-2-0-3.r07.snjsca04.us.ce.gin.ntt.net
9 87 81 81 192.150.18.11 -
10 88 106 106 192.150.18.117 -

Trace complete

Retrieving DNS records for adobe.ge...

DNS servers
adobe-dns-3.adobe.com
adobe-dns.adobe.com
adobe-dns-2.adobe.com

Answer records
adobe.ge SOA
server: adobe-dns-3.adobe.com
email: = EMAIL ADDRESS REMOVED =
serial: 2008013025
refresh: 10800
retry: 1800
expire: 1036800
minimum ttl: 86400
86400s
adobe.ge MX
preference: 3
exchange: adobe.com.mail7.psmtp.com
86400s
adobe.ge MX
preference: 4
exchange: adobe.com.mail8.psmtp.com
86400s
adobe.ge MX
preference: 5
exchange: smtp-relay-man.adobe.com
86400s
adobe.ge MX
preference: 100
exchange: filter-relay-1.adobe.com
86400s
adobe.ge MX
preference: 100
exchange: filter-relay-2.adobe.com
86400s
adobe.ge MX
preference: 1
exchange: adobe.com.mail5.psmtp.com
86400s
adobe.ge MX
preference: 2
exchange: adobe.com.mail6.psmtp.com
86400s
adobe.ge A 192.150.18.117 86400s
adobe.ge NS adobe-dns-2.adobe.com 86400s
adobe.ge NS adobe-dns-3.adobe.com 86400s
adobe.ge NS adobe-dns.adobe.com 86400s

Authority records

Additional records
smtp-relay-man.adobe.com A 192.150.11.200 86400s
filter-relay-1.adobe.com A 192.150.11.140 86400s
filter-relay-2.adobe.com A 192.150.11.141 86400s
adobe-dns.adobe.com A 192.150.11.30 86400s
adobe-dns-2.adobe.com A 192.150.11.247 86400s
adobe-dns-3.adobe.com A 192.150.22.30 86400s

Whois query for adobe.ge...

Query error: No whois server known for the given domain

Network IP address lookup:

Whois query for 192.150.18.117...

Results returned from whois.arin.net:

#
# The following results may also be obtained via:
#
http://whois.arin.net/rest/nets;q=192.150.18.117?showDetails=true&showARIN=false
#

NetRange: 192.150.18.0 - 192.150.18.255
CIDR: 192.150.18.0/24
OriginAS:
NetName: ADOBE42
NetHandle: NET-192-150-18-0-1
Parent: NET-192-0-0-0-0
NetType: Direct Assignment
NameServer: ADOBE-DNS.ADOBE.COM
NameServer: ADOBE-DNS-3.ADOBE.COM
NameServer: ADOBE-DNS-2.ADOBE.COM
RegDate: 1992-06-25
Updated: 2008-11-10
Ref: http://whois.arin.net/rest/net/NET-192-150-18-0-1

OrgName: Adobe Systems Inc.
OrgId: ADOBES-Z
Address: 345 Park Avenue
City: San Jose
StateProv: CA
PostalCode: 95110
Country: US
RegDate: 2008-03-21
Updated: 2008-11-10
Ref: http://whois.arin.net/rest/org/ADOBES-Z

OrgTechHandle: INTER86-ARIN
OrgTechName: Internet Administrator
OrgTechPhone: +1-408-536-2800
OrgTechEmail: = EMAIL ADDRESS REMOVED =
OrgTechRef: http://whois.arin.net/rest/poc/INTER86-ARIN

OrgAbuseHandle: NOC3375-ARIN
OrgAbuseName: Network Operations Center
OrgAbusePhone: +1-408-536-2800
OrgAbuseEmail: = EMAIL ADDRESS REMOVED =
OrgAbuseRef: http://whois.arin.net/rest/poc/NOC3375-ARIN

OrgNOCHandle: NOC3375-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-408-536-2800
OrgNOCEmail: = EMAIL ADDRESS REMOVED =
OrgNOCRef: http://whois.arin.net/rest/poc/NOC3375-ARIN

RTechHandle: JF790-ARIN
RTechName: Fitzgerald, Jim
RTechPhone: +1-206-675-7286
RTechEmail: = EMAIL ADDRESS REMOVED =
RTechRef: http://whois.arin.net/rest/poc/JF790-ARIN

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

We return now to the Accessibility Topics already in progress...

From: Ro
Date: Mon, Aug 23 2010 8:24AM
Subject: Re: Fw: is it a fake adobe site?, A Brief Analysis
← Previous message | Next message →

Terrill, thank you for this. You are right and I appreciate your tact
and explanation. :)

~Randi and Guide Dog Jayden

Its an adventure, said Fred.

On Aug 23, 2010, at 5:29 AM, Terrill Bennett wrote:

> "Give a man a fish and you feed him for a day. Teach a man to fish
> and you feed him for a lifetime." It's always better to provide a
> "How To," don't you agree?
>
> While any website can be spoofed or hijacked, large companies like
> Adobe usually notice and fix it fast. That in mind, my short,
> non-definative analysis is: adobe.ge belongs and redirects to
> adobe.com.
>
> I used ping from my laptop, and two online tools (ipinfodb.com which
> does a lookup, and traceroute via network-tools.com). The results are
> below. Enjoy!
>
>
> === adobe.ge ==>
> C:> ping -n 1 adobe.ge
>
> Pinging adobe.ge [192.150.18.117] with 32 bytes of data:
>
> Reply from 192.150.18.117: bytes=32 time=125ms TTL=241
>
> Ping statistics for 192.150.18.117:
> Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 125ms, Maximum = 125ms, Average = 125ms
>
> http://www.ipinfodb.com/ip_locator.php?ip=adobe.ge
> * IP address : 192.150.18.117
> * Country : United States
> * State/Province : California
> * City : San Jose
> * Zip or postal code : 95110
> * Latitude : 37.3422
> * Longitude : -121.905
> * Timezone : America/Los_Angeles
> * Gmtoffset : -7
> * Local time : August 23 04:58:52
> * Hostname : 192.150.18.117
>
> === Adobe.com ==>
> C:> ping -n 1 adobe.com
>
> Pinging adobe.com [192.150.18.117] with 32 bytes of data:
>
> Reply from 192.150.18.117: bytes=32 time=123ms TTL=241
>
> Ping statistics for 192.150.18.117:
> Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 123ms, Maximum = 123ms, Average = 123ms
>
> http://www.ipinfodb.com/ip_locator.php?ip=adobe.com
>
> * IP address : 192.150.18.117
> * Country : United States
> * State/Province : California
> * City : San Jose
> * Zip or postal code : 95110
> * Latitude : 37.3422
> * Longitude : -121.905
> * Timezone : America/Los_Angeles
> * Gmtoffset : -7
> * Local time : August 23 05:00:08
> * Hostname : 192.150.18.117
>
> ==============> === TraceRoute ==> ==============>
> http://network-tools.com/default.asp?prog=express&;host=adobe.ge
>
> IP address: 192.150.18.117
> Host name: adobe.ge
>
> Alias:
> adobe.ge
> 192.150.18.117 is from United States(US) in region North America
>
>
> TraceRoute to 192.150.18.117 [adobe.ge]
> Hop (ms) (ms) (ms) IP Address Host name
> 1 174 173 212 72.249.128.109 -
> 2 178 229 234 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net
> 3 99 128 95 4.69.145.204 ae-4-90.edge2.dallas3.level3.net
> 4 151 149 113 4.68.63.226 ntt-level3-te.dallas3.level3.net
> 5 112 155 204 129.250.4.25
> ae-4.r21.snjsca04.us.bb.gin.ntt.net
> 6 129 170 159 129.250.4.25
> ae-4.r21.snjsca04.us.bb.gin.ntt.net
> 7 104 87 134 129.250.5.57
> ae-2.r07.snjsca04.us.bb.gin.ntt.net
> 8 118 147 138 128.241.219.86
> xe-0-2-0-3.r07.snjsca04.us.ce.gin.ntt.net
> 9 87 81 81 192.150.18.11 -
> 10 88 106 106 192.150.18.117 -
>
> Trace complete
>
>
> Retrieving DNS records for adobe.ge...
>
> DNS servers
> adobe-dns-3.adobe.com
> adobe-dns.adobe.com
> adobe-dns-2.adobe.com
>
> Answer records
> adobe.ge SOA
> server: adobe-dns-3.adobe.com
> email: = EMAIL ADDRESS REMOVED =
> serial: 2008013025
> refresh: 10800
> retry: 1800
> expire: 1036800
> minimum ttl: 86400
> 86400s
> adobe.ge MX
> preference: 3
> exchange: adobe.com.mail7.psmtp.com
> 86400s
> adobe.ge MX
> preference: 4
> exchange: adobe.com.mail8.psmtp.com
> 86400s
> adobe.ge MX
> preference: 5
> exchange: smtp-relay-man.adobe.com
> 86400s
> adobe.ge MX
> preference: 100
> exchange: filter-relay-1.adobe.com
> 86400s
> adobe.ge MX
> preference: 100
> exchange: filter-relay-2.adobe.com
> 86400s
> adobe.ge MX
> preference: 1
> exchange: adobe.com.mail5.psmtp.com
> 86400s
> adobe.ge MX
> preference: 2
> exchange: adobe.com.mail6.psmtp.com
> 86400s
> adobe.ge A 192.150.18.117 86400s
> adobe.ge NS adobe-dns-2.adobe.com 86400s
> adobe.ge NS adobe-dns-3.adobe.com 86400s
> adobe.ge NS adobe-dns.adobe.com 86400s
>
> Authority records
>
> Additional records
> smtp-relay-man.adobe.com A 192.150.11.200 86400s
> filter-relay-1.adobe.com A 192.150.11.140 86400s
> filter-relay-2.adobe.com A 192.150.11.141 86400s
> adobe-dns.adobe.com A 192.150.11.30 86400s
> adobe-dns-2.adobe.com A 192.150.11.247 86400s
> adobe-dns-3.adobe.com A 192.150.22.30 86400s
>
>
> Whois query for adobe.ge...
>
> Query error: No whois server known for the given domain
>
> Network IP address lookup:
>
>
> Whois query for 192.150.18.117...
>
> Results returned from whois.arin.net:
>
> #
> # The following results may also be obtained via:
> #
> http://whois.arin.net/rest/nets;q=192.150.18.117?showDetails=true&showARIN=false
> #
>
> NetRange: 192.150.18.0 - 192.150.18.255
> CIDR: 192.150.18.0/24
> OriginAS:
> NetName: ADOBE42
> NetHandle: NET-192-150-18-0-1
> Parent: NET-192-0-0-0-0
> NetType: Direct Assignment
> NameServer: ADOBE-DNS.ADOBE.COM
> NameServer: ADOBE-DNS-3.ADOBE.COM
> NameServer: ADOBE-DNS-2.ADOBE.COM
> RegDate: 1992-06-25
> Updated: 2008-11-10
> Ref: http://whois.arin.net/rest/net/NET-192-150-18-0-1
>
> OrgName: Adobe Systems Inc.
> OrgId: ADOBES-Z
> Address: 345 Park Avenue
> City: San Jose
> StateProv: CA
> PostalCode: 95110
> Country: US
> RegDate: 2008-03-21
> Updated: 2008-11-10
> Ref: http://whois.arin.net/rest/org/ADOBES-Z
>
> OrgTechHandle: INTER86-ARIN
> OrgTechName: Internet Administrator
> OrgTechPhone: +1-408-536-2800
> OrgTechEmail: = EMAIL ADDRESS REMOVED =
> OrgTechRef: http://whois.arin.net/rest/poc/INTER86-ARIN
>
> OrgAbuseHandle: NOC3375-ARIN
> OrgAbuseName: Network Operations Center
> OrgAbusePhone: +1-408-536-2800
> OrgAbuseEmail: = EMAIL ADDRESS REMOVED =
> OrgAbuseRef: http://whois.arin.net/rest/poc/NOC3375-ARIN
>
> OrgNOCHandle: NOC3375-ARIN
> OrgNOCName: Network Operations Center
> OrgNOCPhone: +1-408-536-2800
> OrgNOCEmail: = EMAIL ADDRESS REMOVED =
> OrgNOCRef: http://whois.arin.net/rest/poc/NOC3375-ARIN
>
> RTechHandle: JF790-ARIN
> RTechName: Fitzgerald, Jim
> RTechPhone: +1-206-675-7286
> RTechEmail: = EMAIL ADDRESS REMOVED =
> RTechRef: http://whois.arin.net/rest/poc/JF790-ARIN
>
> #
> # ARIN WHOIS data and services are subject to the Terms of Use
> # available at: https://www.arin.net/whois_tou.html
> #
>
> We return now to the Accessibility Topics already in progress...
>
>

From: ejp10
Date: Mon, Aug 23 2010 2:06PM
Subject: Re: Fw: is it a fake adobe site?, A Brief Analysis
← Previous message | Next message →

FWIW - I went to the homepage of http://www.adobe.ge and checked to see where the shopping/purchasing links went to, and they did indeed go to the same location as they would have from http://www.adobe.com. However the rotating front pages were different.

It is possible that Adobe is maintaining a series of English language mirrors for globalization purposes. It could be that technologists in Georgia are accustomed to working in English, but want a local domain. Or maybe it's a test bed.

It is an interesting mystery...,

Elizabeth

>
>
>
> From: Terrill Bennett < = EMAIL ADDRESS REMOVED = >
> Date: August 23, 2010 8:29:44 AM EDT
> To: = EMAIL ADDRESS REMOVED =
> Subject: Re: [WebAIM] Fw: is it a fake adobe site?, A Brief Analysis
> Reply-To: WebAIM Discussion List < = EMAIL ADDRESS REMOVED = >
>
>
> "Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime." It's always better to provide a "How To," don't you agree?
>
> While any website can be spoofed or hijacked, large companies like Adobe usually notice and fix it fast. That in mind, my short, non-definative analysis is: adobe.ge belongs and redirects to adobe.com.
>
> I used ping from my laptop, and two online tools (ipinfodb.com which does a lookup, and traceroute via network-tools.com). The results are below. Enjoy!
>
>
> === adobe.ge ==>
> C:> ping -n 1 adobe.ge
>
> Pinging adobe.ge [192.150.18.117] with 32 bytes of data:
>
> Reply from 192.150.18.117: bytes=32 time=125ms TTL=241
>
> Ping statistics for 192.150.18.117:
> Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 125ms, Maximum = 125ms, Average = 125ms
>
> http://www.ipinfodb.com/ip_locator.php?ip=adobe.ge
> * IP address : 192.150.18.117
> * Country : United States
> * State/Province : California
> * City : San Jose
> * Zip or postal code : 95110
> * Latitude : 37.3422
> * Longitude : -121.905
> * Timezone : America/Los_Angeles
> * Gmtoffset : -7
> * Local time : August 23 04:58:52
> * Hostname : 192.150.18.117
>
> === Adobe.com ==>
> C:> ping -n 1 adobe.com
>
> Pinging adobe.com [192.150.18.117] with 32 bytes of data:
>
> Reply from 192.150.18.117: bytes=32 time=123ms TTL=241
>
> Ping statistics for 192.150.18.117:
> Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 123ms, Maximum = 123ms, Average = 123ms
>
> http://www.ipinfodb.com/ip_locator.php?ip=adobe.com
>
> * IP address : 192.150.18.117
> * Country : United States
> * State/Province : California
> * City : San Jose
> * Zip or postal code : 95110
> * Latitude : 37.3422
> * Longitude : -121.905
> * Timezone : America/Los_Angeles
> * Gmtoffset : -7
> * Local time : August 23 05:00:08
> * Hostname : 192.150.18.117
>
> ==============> === TraceRoute ==> ==============>
> http://network-tools.com/default.asp?prog=express&;host=adobe.ge
>
> IP address: 192.150.18.117
> Host name: adobe.ge
>
> Alias:
> adobe.ge
> 192.150.18.117 is from United States(US) in region North America
>
>
> TraceRoute to 192.150.18.117 [adobe.ge]
> Hop (ms) (ms) (ms) IP Address Host name
> 1 174 173 212 72.249.128.109 -
> 2 178 229 234 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net
> 3 99 128 95 4.69.145.204 ae-4-90.edge2.dallas3.level3.net
> 4 151 149 113 4.68.63.226 ntt-level3-te.dallas3.level3.net
> 5 112 155 204 129.250.4.25 ae-4.r21.snjsca04.us.bb.gin.ntt.net
> 6 129 170 159 129.250.4.25 ae-4.r21.snjsca04.us.bb.gin.ntt.net
> 7 104 87 134 129.250.5.57 ae-2.r07.snjsca04.us.bb.gin.ntt.net
> 8 118 147 138 128.241.219.86 xe-0-2-0-3.r07.snjsca04.us.ce.gin.ntt.net
> 9 87 81 81 192.150.18.11 -
> 10 88 106 106 192.150.18.117 -
>
> Trace complete
>
>
> Retrieving DNS records for adobe.ge...
>
> DNS servers
> adobe-dns-3.adobe.com
> adobe-dns.adobe.com
> adobe-dns-2.adobe.com
>
> Answer records
> adobe.ge SOA
> server: adobe-dns-3.adobe.com
> email: = EMAIL ADDRESS REMOVED =
> serial: 2008013025
> refresh: 10800
> retry: 1800
> expire: 1036800
> minimum ttl: 86400
> 86400s
> adobe.ge MX
> preference: 3
> exchange: adobe.com.mail7.psmtp.com
> 86400s
> adobe.ge MX
> preference: 4
> exchange: adobe.com.mail8.psmtp.com
> 86400s
> adobe.ge MX
> preference: 5
> exchange: smtp-relay-man.adobe.com
> 86400s
> adobe.ge MX
> preference: 100
> exchange: filter-relay-1.adobe.com
> 86400s
> adobe.ge MX
> preference: 100
> exchange: filter-relay-2.adobe.com
> 86400s
> adobe.ge MX
> preference: 1
> exchange: adobe.com.mail5.psmtp.com
> 86400s
> adobe.ge MX
> preference: 2
> exchange: adobe.com.mail6.psmtp.com
> 86400s
> adobe.ge A 192.150.18.117 86400s
> adobe.ge NS adobe-dns-2.adobe.com 86400s
> adobe.ge NS adobe-dns-3.adobe.com 86400s
> adobe.ge NS adobe-dns.adobe.com 86400s
>
> Authority records
>
> Additional records
> smtp-relay-man.adobe.com A 192.150.11.200 86400s
> filter-relay-1.adobe.com A 192.150.11.140 86400s
> filter-relay-2.adobe.com A 192.150.11.141 86400s
> adobe-dns.adobe.com A 192.150.11.30 86400s
> adobe-dns-2.adobe.com A 192.150.11.247 86400s
> adobe-dns-3.adobe.com A 192.150.22.30 86400s
>
>
> Whois query for adobe.ge...
>
> Query error: No whois server known for the given domain
>
> Network IP address lookup:
>
>
> Whois query for 192.150.18.117...
>
> Results returned from whois.arin.net:
>
> #
> # The following results may also be obtained via:
> # http://whois.arin.net/rest/nets;q=192.150.18.117?showDetails=true&showARIN=false
> #
>
> NetRange: 192.150.18.0 - 192.150.18.255
> CIDR: 192.150.18.0/24
> OriginAS:
> NetName: ADOBE42
> NetHandle: NET-192-150-18-0-1
> Parent: NET-192-0-0-0-0
> NetType: Direct Assignment
> NameServer: ADOBE-DNS.ADOBE.COM
> NameServer: ADOBE-DNS-3.ADOBE.COM
> NameServer: ADOBE-DNS-2.ADOBE.COM
> RegDate: 1992-06-25
> Updated: 2008-11-10
> Ref: http://whois.arin.net/rest/net/NET-192-150-18-0-1
>
> OrgName: Adobe Systems Inc.
> OrgId: ADOBES-Z
> Address: 345 Park Avenue
> City: San Jose
> StateProv: CA
> PostalCode: 95110
> Country: US
> RegDate: 2008-03-21
> Updated: 2008-11-10
> Ref: http://whois.arin.net/rest/org/ADOBES-Z
>
> OrgTechHandle: INTER86-ARIN
> OrgTechName: Internet Administrator
> OrgTechPhone: +1-408-536-2800
> OrgTechEmail: = EMAIL ADDRESS REMOVED =
> OrgTechRef: http://whois.arin.net/rest/poc/INTER86-ARIN
>
> OrgAbuseHandle: NOC3375-ARIN
> OrgAbuseName: Network Operations Center
> OrgAbusePhone: +1-408-536-2800
> OrgAbuseEmail: = EMAIL ADDRESS REMOVED =
> OrgAbuseRef: http://whois.arin.net/rest/poc/NOC3375-ARIN
>
> OrgNOCHandle: NOC3375-ARIN
> OrgNOCName: Network Operations Center
> OrgNOCPhone: +1-408-536-2800
> OrgNOCEmail: = EMAIL ADDRESS REMOVED =
> OrgNOCRef: http://whois.arin.net/rest/poc/NOC3375-ARIN
>
> RTechHandle: JF790-ARIN
> RTechName: Fitzgerald, Jim
> RTechPhone: +1-206-675-7286
> RTechEmail: = EMAIL ADDRESS REMOVED =
> RTechRef: http://whois.arin.net/rest/poc/JF790-ARIN
>
> #
> # ARIN WHOIS data and services are subject to the Terms of Use
> # available at: https://www.arin.net/whois_tou.html
> #
>
> We return now to the Accessibility Topics already in progress...
>
>
>

=-=-=-=-=-=-=-=-=-=-=-=-Elizabeth J. Pyatt, Ph.D.
Instructional Designer
Education Technology Services, TLT/ITS
Penn State University
= EMAIL ADDRESS REMOVED = , (814) 865-0805 or (814) 865-2030 (Main Office)

210 Rider Building (formerly Rider II)
227 W. Beaver Avenue
State College, PA 16801-4819
http://www.personal.psu.edu/ejp10/psu
http://tlt.psu.edu

From: Tania
Date: Mon, Aug 23 2010 9:30PM
Subject: Re: Fw: is it a fake adobe site?, A Brief Analysis
← Previous message | No next message

wow, cool! thanks a lot Terrill

regards
tania
----- Original Message -----
From: "Terrill Bennett" < = EMAIL ADDRESS REMOVED = >
To: < = EMAIL ADDRESS REMOVED = >
Sent: Monday, August 23, 2010 8:29 PM
Subject: Re: [WebAIM] Fw: is it a fake adobe site?, A Brief Analysis

> "Give a man a fish and you feed him for a day. Teach a man to fish
> and you feed him for a lifetime." It's always better to provide a
> "How To," don't you agree?
>
> While any website can be spoofed or hijacked, large companies like
> Adobe usually notice and fix it fast. That in mind, my short,
> non-definative analysis is: adobe.ge belongs and redirects to adobe.com.
>
> I used ping from my laptop, and two online tools (ipinfodb.com which
> does a lookup, and traceroute via network-tools.com). The results are
> below. Enjoy!
>
>
> === adobe.ge ==>
> C:> ping -n 1 adobe.ge
>
> Pinging adobe.ge [192.150.18.117] with 32 bytes of data:
>
> Reply from 192.150.18.117: bytes=32 time=125ms TTL=241
>
> Ping statistics for 192.150.18.117:
> Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 125ms, Maximum = 125ms, Average = 125ms
>
> http://www.ipinfodb.com/ip_locator.php?ip=adobe.ge
> * IP address : 192.150.18.117
> * Country : United States
> * State/Province : California
> * City : San Jose
> * Zip or postal code : 95110
> * Latitude : 37.3422
> * Longitude : -121.905
> * Timezone : America/Los_Angeles
> * Gmtoffset : -7
> * Local time : August 23 04:58:52
> * Hostname : 192.150.18.117
>
> === Adobe.com ==>
> C:> ping -n 1 adobe.com
>
> Pinging adobe.com [192.150.18.117] with 32 bytes of data:
>
> Reply from 192.150.18.117: bytes=32 time=123ms TTL=241
>
> Ping statistics for 192.150.18.117:
> Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 123ms, Maximum = 123ms, Average = 123ms
>
> http://www.ipinfodb.com/ip_locator.php?ip=adobe.com
>
> * IP address : 192.150.18.117
> * Country : United States
> * State/Province : California
> * City : San Jose
> * Zip or postal code : 95110
> * Latitude : 37.3422
> * Longitude : -121.905
> * Timezone : America/Los_Angeles
> * Gmtoffset : -7
> * Local time : August 23 05:00:08
> * Hostname : 192.150.18.117
>
> ==============> === TraceRoute ==> ==============>
> http://network-tools.com/default.asp?prog=express&;host=adobe.ge
>
> IP address: 192.150.18.117
> Host name: adobe.ge
>
> Alias:
> adobe.ge
> 192.150.18.117 is from United States(US) in region North America
>
>
> TraceRoute to 192.150.18.117 [adobe.ge]
> Hop (ms) (ms) (ms) IP Address Host name
> 1 174 173 212 72.249.128.109 -
> 2 178 229 234 8.9.232.73 xe-5-3-0.edge3.dallas1.level3.net
> 3 99 128 95 4.69.145.204 ae-4-90.edge2.dallas3.level3.net
> 4 151 149 113 4.68.63.226 ntt-level3-te.dallas3.level3.net
> 5 112 155 204 129.250.4.25 ae-4.r21.snjsca04.us.bb.gin.ntt.net
> 6 129 170 159 129.250.4.25 ae-4.r21.snjsca04.us.bb.gin.ntt.net
> 7 104 87 134 129.250.5.57 ae-2.r07.snjsca04.us.bb.gin.ntt.net
> 8 118 147 138 128.241.219.86
> xe-0-2-0-3.r07.snjsca04.us.ce.gin.ntt.net
> 9 87 81 81 192.150.18.11 -
> 10 88 106 106 192.150.18.117 -
>
> Trace complete
>
>
> Retrieving DNS records for adobe.ge...
>
> DNS servers
> adobe-dns-3.adobe.com
> adobe-dns.adobe.com
> adobe-dns-2.adobe.com
>
> Answer records
> adobe.ge SOA
> server: adobe-dns-3.adobe.com
> email: = EMAIL ADDRESS REMOVED =
> serial: 2008013025
> refresh: 10800
> retry: 1800
> expire: 1036800
> minimum ttl: 86400
> 86400s
> adobe.ge MX
> preference: 3
> exchange: adobe.com.mail7.psmtp.com
> 86400s
> adobe.ge MX
> preference: 4
> exchange: adobe.com.mail8.psmtp.com
> 86400s
> adobe.ge MX
> preference: 5
> exchange: smtp-relay-man.adobe.com
> 86400s
> adobe.ge MX
> preference: 100
> exchange: filter-relay-1.adobe.com
> 86400s
> adobe.ge MX
> preference: 100
> exchange: filter-relay-2.adobe.com
> 86400s
> adobe.ge MX
> preference: 1
> exchange: adobe.com.mail5.psmtp.com
> 86400s
> adobe.ge MX
> preference: 2
> exchange: adobe.com.mail6.psmtp.com
> 86400s
> adobe.ge A 192.150.18.117 86400s
> adobe.ge NS adobe-dns-2.adobe.com 86400s
> adobe.ge NS adobe-dns-3.adobe.com 86400s
> adobe.ge NS adobe-dns.adobe.com 86400s
>
> Authority records
>
> Additional records
> smtp-relay-man.adobe.com A 192.150.11.200 86400s
> filter-relay-1.adobe.com A 192.150.11.140 86400s
> filter-relay-2.adobe.com A 192.150.11.141 86400s
> adobe-dns.adobe.com A 192.150.11.30 86400s
> adobe-dns-2.adobe.com A 192.150.11.247 86400s
> adobe-dns-3.adobe.com A 192.150.22.30 86400s
>
>
> Whois query for adobe.ge...
>
> Query error: No whois server known for the given domain
>
> Network IP address lookup:
>
>
> Whois query for 192.150.18.117...
>
> Results returned from whois.arin.net:
>
> #
> # The following results may also be obtained via:
> #
> http://whois.arin.net/rest/nets;q=192.150.18.117?showDetails=true&showARIN=false
> #
>
> NetRange: 192.150.18.0 - 192.150.18.255
> CIDR: 192.150.18.0/24
> OriginAS:
> NetName: ADOBE42
> NetHandle: NET-192-150-18-0-1
> Parent: NET-192-0-0-0-0
> NetType: Direct Assignment
> NameServer: ADOBE-DNS.ADOBE.COM
> NameServer: ADOBE-DNS-3.ADOBE.COM
> NameServer: ADOBE-DNS-2.ADOBE.COM
> RegDate: 1992-06-25
> Updated: 2008-11-10
> Ref: http://whois.arin.net/rest/net/NET-192-150-18-0-1
>
> OrgName: Adobe Systems Inc.
> OrgId: ADOBES-Z
> Address: 345 Park Avenue
> City: San Jose
> StateProv: CA
> PostalCode: 95110
> Country: US
> RegDate: 2008-03-21
> Updated: 2008-11-10
> Ref: http://whois.arin.net/rest/org/ADOBES-Z
>
> OrgTechHandle: INTER86-ARIN
> OrgTechName: Internet Administrator
> OrgTechPhone: +1-408-536-2800
> OrgTechEmail: = EMAIL ADDRESS REMOVED =
> OrgTechRef: http://whois.arin.net/rest/poc/INTER86-ARIN
>
> OrgAbuseHandle: NOC3375-ARIN
> OrgAbuseName: Network Operations Center
> OrgAbusePhone: +1-408-536-2800
> OrgAbuseEmail: = EMAIL ADDRESS REMOVED =
> OrgAbuseRef: http://whois.arin.net/rest/poc/NOC3375-ARIN
>
> OrgNOCHandle: NOC3375-ARIN
> OrgNOCName: Network Operations Center
> OrgNOCPhone: +1-408-536-2800
> OrgNOCEmail: = EMAIL ADDRESS REMOVED =
> OrgNOCRef: http://whois.arin.net/rest/poc/NOC3375-ARIN
>
> RTechHandle: JF790-ARIN
> RTechName: Fitzgerald, Jim
> RTechPhone: +1-206-675-7286
> RTechEmail: = EMAIL ADDRESS REMOVED =
> RTechRef: http://whois.arin.net/rest/poc/JF790-ARIN
>
> #
> # ARIN WHOIS data and services are subject to the Terms of Use
> # available at: https://www.arin.net/whois_tou.html
> #
>
> We return now to the Accessibility Topics already in progress...
>
>