Adobe.com has been penetrated by hackers?

plz look at the screen shot, where do you see the "header"?

Thanks!

[ private information removed by forum host ]

Thank you for posting that screenshot but you actually need to post the full headers.  In Gmail you have to click on a button called "Show Original" as shown in this picture:

By clicking on that button/text, another screen will open with lots of raw data and that will tell us everything we need to know about the original sender and where he/she is residing.

Thnaks!

Please see attachment

Delivered-To:******@gmail.com Received: by 10.68.73.72 with SMTP id j8csp242824pbv;         Thu, 27 Jun 2013 17:16:48 -0700 (PDT) X-Received: by 10.68.98.33 with SMTP id ef1mr8653774pbb.59.1372378607934;         Thu, 27 Jun 2013 17:16:47 -0700 (PDT) Return-Path: <me@adobe.com> Received: from goolop.1net ([184.105.237.231])         by mx.google.com with ESMTP id tw4si2597255pbc.31.2013.06.27.17.16.47         for <*****198@gmail.com>;         Thu, 27 Jun 2013 17:16:47 -0700 (PDT) Received-SPF: pass (google.com: domain of me@adobe.com designates 184.105.237.231 as permitted sender) client-ip=184.105.237.231; Authentication-Results: mx.google.com;        spf=pass (google.com: domain of me@adobe.com designates 184.105.237.231 as permitted sender) smtp.mail=me@adobe.com Date: Thu, 27 Jun 2013 17:16:47 -0700 (PDT) Received: from 64.18.1.77 (127.0.0.1) by goolop.1net id hpjauu16lt0u for <****@gmail.com>; Thu, 27 Jun 2013 20:16:47 -0400 (envelope-from <me@adobe.com>) MIME-Version: 1.0 Precedence: Normal From: <carlnsurance-Notice@adobe.com> To: *****@gmail.com Subject: =?utf-8?q?_BreakingNews,huge_2013`Autolnsurance_savings_arrived_?= Message-ID: <ODQ51ca321f.6492420a.46a4.BROKEN@adobe.com> Content-Type : text/plain Hi ***8@gmail.com ,

Content removed by forum host. Do NOT re-post spam messages to a public forum, this only serves to promote the malicious web links they contain.

OK the email came from:

1 184.105.237.231 Succeed USA - California HURRICANE-11 Hurricane Electric, Inc. 184.104.0.0 184.105.255.255 Yes Hurricane Electric, Inc. 760 Mission Court, Fremont hostmaster@he.net abuse@he.net +1-510-580-4100   ARIN  aerogift.net

You can send complaints to:

abuse@he.net

Telephone: +1 510 580 4100

You need to forward the entire message including the headers (you have posted here) so that they can track down who was responsible by looking at the time in the e-mail.

Curt Y wrote: Just for my own education which line did you pull "1 184.105.237.231 Succeed USA - California HURRICANE-11 Hurricane Electric, Inc. 184.104.0.0 184.105.255.255 Yes Hurricane Electric, Inc. 760 Mission Court, Fremont" from? I have scanned message in post # 4 several times and it just does not jump out at me. THanks

7th line from top.....then line 11, 12, 14

The line says that Google received the message from IP 184.105.237.231.  Now one needs to find exactly who owns that IP.

You can report them to Google to block them and you can also send an abuse e-mail to their ISP.  I normally write to their ISP.

Ignore the me@adobe.com stuff because they have just made it up.  In fact the "me" refers to the the owner of the e-mail account.  The spammer have used the same e-mail address as the person who it was meant to be sent.  Google calls it "me".  If you have a Google account, try sending an e-mail to your self using the Google e-mail address as the FROM field and see what you see.

No you are not as illiterate as I am but anyway the answer to your question is that I look it up on Arin.net and I got this:

<http://whois.arin.net/rest/net/NET-184-104-0-0-1/pft>

1) Go to http://arin.net and then look for the search box on the right side that looks like this:

2) plug in the IP address you want to see and you get this box:

You need to scroll down the page to get other info as well.

Another way is to download a tool that can run from your disk without installing it.  The tool is at this link:

<http://www.nirsoft.net/utils/ipnetinfo.html>

Scroll down the page after reading what it can do and you will see the download page.  Unzip it and run the executable file and plug in the box your IP address and it will tell you who owns it.  DOWNLOAD THE ZIP FILE NOT THE INSTALLER EXE FILE.

NOTE: Some anti-virus programs might alert you that this is a hacking tool or something like that but just ignore it because it is completely safe.  Run it as a limited user on your machine so that you are protected if you are still in doubt.