JD wrote:
> Rhonda Lea Kirk Fries wrote:
>> JD wrote:
>>> Anybody else get this little nugget as an e-mail? I received this
>>> e-mail this evening:
>>>
>>> The Header:
>>>
>>> Subject: Action Required : Download New Adobe Acrobat Reader For
>>> Your PC From: Adobe System Incorporated<adobe@news.mondino.de>
>>> Date: Tue, 12 Apr 2011 03:45:54 +0200 (CEST)
>>> To: JD
>>> X-Account-Key: account8
>>> X-UIDL: _TEG.Y76oNB.mxin5.lsn.net
>>> X-Mozilla-Status: 0001
>>> X-Mozilla-Status2: 00000000
>>> Return-Path:<return@news.mondino.de>
>>> Received: from mail17-43.srv2.de (mail17-43.srv2.de
>>> [193.169.180.43]) by mxin5.lsn.net (8.13.5/8.13.5)
>>> with ESMTP id p3C1jxtr024840 for<JD>; Mon, 11 Apr 2011 20:45:59
>>> -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mailing;
>>> d=news.mondino.de; h=Message-
>>> IDate:From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding;
>>> i=adobe@news.mondino.de; bh=SJh9qAsU5qQFqBcfVw8+8+6QlkI=;
>>> b=ApGSRTBhDUyYxvTaxfJSb00/pluigsyUBaf1+lqDb7FOVkPjs6AWAL8K4v/pe4V5KemAQ/OowmA+
>>> q4Evcx9dWTDBNsDH3bc8IajR31XGS7i4v8xUqGCOuo0Lg98f1w AoUbQlTTuZARlzT/uJY2BvFjMH
>>> eE+fR104TWIrFbL7c+c=
>>> DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mailing;
>>> d=news.mondino.de;
>>> b=KOzvjzQNr337Z8hyXhsTzmvdh1mZdG8aMoAqIst3p7f0jtSL pVS/BTfMfHUjtaE3MVIoLMbyvDMz
>>> xETp4pqQlTXgj6yUMxUqy7k+t1BZJu4YrSfl1nx7RkMMRuCAxL iwDLngq3SKbAqfcGGuTbjTW2wd
>>> Qvf4LDK75vsAX8///K4=;
>>> Received: by mail17-43.srv2.de id hkend60farc5 for<JD>; Tue, 12 Apr
>>> 2011 03:45:54 +0200 (envelope-from<return@news.mondino.de>)
>>> Message-ID:
>>> <re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
>>> news.mondino.de>
>>> Reply-To: re-EGBXOR2-1UYSX2Z-5Z81EJT@news.mondino.de
>>> MIME-Version: 1.0
>>> Content-Type: text/html; charset=ISO-8859-1
>>> Content-Transfer-Encoding: 7bit
>>> X-ulpe:
>>> re-pN_5FX6wx3ClsIviABerb7H7_5FiwLrngh1pj4JZkD-EGBXOR2-1UYSX2ZAMD9PL@
>>> news.mondino.de X-Virus-Scanned: clamav-milter 0.95.2 at ns2.lsn.net
>>> X-Virus-Status: Clean
>>>
>>> The body of the e-mail:
>>>
>>> INTRODUCING UPGRADED ADOBE ACROBAT READER
>>> Dear Customers,
>>> Adobe is pleased to announce new version upgrades for Adobe Acrobat
>>> Reader. Download Now To Try Us Out (hxxp://www.adobe-download6.com/)
>>> Advanced features include:
>>> - Collaborate across borders
>>> - Create rich, polished PDF files from any application that prints
>>> - Ensure visual fidelity
>>> - Encrypt and share PDF files more securely
>>> - Use the standard for document archival and exchange
>>> To upgrade and enhance your work productivity today, go to:
>>> Action Required : Download New Adobe Acrobat Reader For Your PC
>>> Adobe Acrobat Reader Upgrade Center
>>> (hxxp://www.adobe-download6.com/) Start downloading the update
>>> right now and let us know what you think about it.
>>> We're working on making Adobe Acrobat Reader better all the time !
>>> Copyright 2011 Adobe Systems Incorporated. All rights reserved.
>>> Adobe Systems Incorporated
>>> 343 Preston Street
>>> Ottawa, ON K1S 1N4
>>> Canada
>>> Action Required : Download New Adobe Acrobat Reader For Your PC
>>>
>>> There were two places to click on the following link, as I've added
>>> in the above message:
>>>
>>> (hxxp://www.adobe-download6.com/) Munged to be non-active links.
>>>
>>> Of course I didn't try either link but how would I report this to
>>> Adobe? It can't be real, right?
>>
>> IP address: 91.220.62.56
>> Host name: adobe-download6.com
>> Alias: adobe-download6.com
>> 91.220.62.56 is from Russian Federation(RU) in region Eastern Europe
>>
>>
>>
>
> How did you find the IP address?
Go to http://network-tools.com/
Tick the "Express" radio button (usually it's already selected)
Input "adobe-download6.com" (or any other site name)
Click "Go"
Wait for the results
> Searching http://www.dnsstuff.com/ for adobe-download6.com returns
> information regarding a person in China.
>
> Searching http://www.mywot.com/ adobe-download6.com returns
> information similar to what you posted.
Reply With Quote