Windows Analysis Report
https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImppbGwub2tlZWZmZUBhdGxhbnRpY2FyZS5vcmciLCJyZXF1ZXN0SWQiOiJhN2FlZTBmNS0xZDFkLTQxOTgtN2MwYi1jMGFhYzUwNmNhNTIiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF

Overview

General Information

Sample URL: https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImppbGwub2tlZWZmZUBhdGxhbnRpY2FyZS5vcmc
Analysis ID: 1438591
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

LLM detected suspicious URL
LLM detected suspicious webpage text
Phishing site or detected (based on various text indicators)
Drops files with a non-matching file extension (content does not match file extension)
HTML body contains low number of good links
HTML body contains password input but no form action
Phishing site detected (based on OCR NLP Model)

Classification

Source: chromecache_410.1.dr Binary or memory string: -----BEGIN PUBLIC KEY----- memstr_48e2e982-2

Phishing
barindex
LLM detected suspicious URL
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526fr LLM: Score: 7 Reasons: The URL provided shows signs of typosquatting, which is a type of cyber attack where a malicious domain is created to look similar to a legitimate one. In this case, the domain 'auth.services.adobe.com' appears to be a legitimate Adobe domain, but the rest of the URL contains several red flags. 1. The use of 'index.html' as the page path is unusual for a login endpoint. Legitimate login endpoints typically use a more specific path, such as '/login' or '/auth'. 2. The query parameter 'callback' is often used in OAuth flows, but the value 'https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526fr' is excessively long and convoluted. 3. The 'redirect_uri' parameter in the 'callback' value contains multiple suspicious-looking fragments, such as '%253D%2526fr'. These fragments could be used to obfuscate the true destination of the redirect. Overall, while the domain 'auth.services.adobe.com' may be legitimate, the rest of the URL shows signs of typosquatting and should be treated with caution. DOM: 8.10.pages.csv
LLM detected suspicious webpage text
Source: https://acrobat.adobe.com/dcpreviewdropin/3.0.2_2.748.1/printHelper.html LLM: Score: 7 Reasons: The text contains a call-to-action ('Access Document') that directs the user to log in with their email account to view a document sent via One Drive. The URL provided does not match the expected One Drive URL, indicating a potential phishing attempt. The lack of specificity about the sender and the document title also raises suspicion. DOM: 1.1.pages.csv
Phishing site or detected (based on various text indicators)
Source: Chrome DOM: 4.6 OCR Text: @ Edit Convert Q 6) E-sign A1 ASWnt Sign in Closing Docume... Welcome to Acrobat Sign in to do more with the file shared with you. SWI in O Office 365 YOU MAY LIKE Ask A1 Assistant Generate a summary Edit text & images A document has been sent through One Drive. Click theAccess Document button below and Log in with your email accountto Compress a PDF viewit. PDF to JPG Export a PDF z Access Document Fill & Sign c
Source: Chrome DOM: 3.3 OCR Text: O Office 365 A document has been sent through One Drive. Click theAccess Document button below and Log in with your email accountto viewit. Access Document
Source: Chrome DOM: 5.7 OCR Text: Edit Convert E-sign A1 AssWnt Sign in Closing Docume... PDF x Generative summary O Office 365 A document has been sent through One Drive. Click theAccess Document button below and Log in with your email accountto Get a document outline and summaries, automatically viewit. generated with A1. Quickly understand this document Get detailed summaries of key sections Access mcument Find and easily navigate to the information you Please double-check summaries and sources as they may not always be accurate. You shouldn't rely on summaries for professional advice. Leam more Adobe protects your dcKuments and content using c cesponsible practices. Sign in to start using A1 Assistant. gy clicking Get started, you agree to our User Guidelines. Get
HTML body contains low number of good links
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jsl... HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jsl... HTTP Parser: <input type="password" .../> found but no <form action="...
Phishing site detected (based on OCR NLP Model)
Source: Chrome DOM: 4.6 ML Model on OCR Text: Matched 96.8% probability on "@ Edit Convert Q 6) E-sign A1 ASWnt Sign in Closing Docume... Welcome to Acrobat Sign in to do more with the file shared with you. SWI in O Office 365 YOU MAY LIKE Ask A1 Assistant Generate a summary Edit text & images A document has been sent through One Drive. Click theAccess Document button below and Log in with your email accountto Compress a PDF viewit. PDF to JPG Export a PDF z Access Document Fill & Sign c "
Source: Chrome DOM: 3.3 ML Model on OCR Text: Matched 99.9% probability on "O Office 365 A document has been sent through One Drive. Click theAccess Document button below and Log in with your email accountto viewit. Access Document "
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jsl... HTTP Parser: <input type="password" .../> found
Source: https://acrobat.adobe.com/dcpreviewdropin/3.0.2_2.748.1/printHelper.html HTTP Parser: No favicon
Source: https://documentcloud.adobe.com/proxy/pdfverbs-web/3.17.1_4.845.0/shared-storage.html HTTP Parser: No favicon
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jsl HTTP Parser: No <meta name="author".. found
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jsl HTTP Parser: No <meta name="author".. found
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jsl... HTTP Parser: No <meta name="copyright".. found
Source: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jsl... HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown TCP traffic detected without corresponding DNS query: 23.192.208.109
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /content/storage/id/urn:aaid:sc:VA6C2:3714f03d-8378-499c-988f-2b11077fcd8a/:rendition;page=0;size=1200;type=image%2Fjpeg?access_token=1715240663_urn%3Aaaid%3Asc%3AVA6C2%3A3714f03d-8378-499c-988f-2b11077fcd8a%3Bpublic_a8f1700bc0bbe68baa1f27b6d97497bd1f725dec&api_key=dc_sendtrack HTTP/1.1Host: cdn-sharing.adobecc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://acrobat.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://acrobat.adobe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /content/storage/id/urn:aaid:sc:VA6C2:3714f03d-8378-499c-988f-2b11077fcd8a/:rendition;page=0;size=1200;type=image%2Fjpeg?access_token=1715240663_urn%3Aaaid%3Asc%3AVA6C2%3A3714f03d-8378-499c-988f-2b11077fcd8a%3Bpublic_a8f1700bc0bbe68baa1f27b6d97497bd1f725dec&api_key=dc_sendtrack HTTP/1.1Host: cdn-sharing.adobecc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /content/storage/id/urn:aaid:sc:VA6C2:3714f03d-8378-499c-988f-2b11077fcd8a/:rendition;page=0;size=1200;type=image%2Fjpeg?access_token=1715240663_urn%3Aaaid%3Asc%3AVA6C2%3A3714f03d-8378-499c-988f-2b11077fcd8a%3Bpublic_a8f1700bc0bbe68baa1f27b6d97497bd1f725dec&api_key=dc_sendtrack HTTP/1.1Host: cdn-sharing.adobecc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://acrobat.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://acrobat.adobe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "NTIxNTM2YTUtMWNkMS00MjJmLWIzNDItYTZkYmNjN2Y3Yjg2L2pwZy8xMjAwLzAvdHJ1ZQ=="
Source: global traffic HTTP traffic detected: GET /content/storage/id/urn:aaid:sc:VA6C2:3714f03d-8378-499c-988f-2b11077fcd8a/:rendition;page=0;size=1200;type=image%2Fjpeg?access_token=1715240663_urn%3Aaaid%3Asc%3AVA6C2%3A3714f03d-8378-499c-988f-2b11077fcd8a%3Bpublic_a8f1700bc0bbe68baa1f27b6d97497bd1f725dec&api_key=dc_sendtrack HTTP/1.1Host: cdn-sharing.adobecc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "NTIxNTM2YTUtMWNkMS00MjJmLWIzNDItYTZkYmNjN2Y3Yjg2L2pwZy8xMjAwLzAvdHJ1ZQ=="
Source: global traffic HTTP traffic detected: GET /content/storage/id/urn:aaid:sc:VA6C2:3714f03d-8378-499c-988f-2b11077fcd8a/:rendition;page=0;size=1200;type=image%2Fjpeg?access_token=1715240663_urn%3Aaaid%3Asc%3AVA6C2%3A3714f03d-8378-499c-988f-2b11077fcd8a%3Bpublic_a8f1700bc0bbe68baa1f27b6d97497bd1f725dec&api_key=dc_sendtrack HTTP/1.1Host: cdn-sharing.adobecc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "NTIxNTM2YTUtMWNkMS00MjJmLWIzNDItYTZkYmNjN2Y3Yjg2L2pwZy8xMjAwLzAvdHJ1ZQ=="
Source: global traffic HTTP traffic detected: GET /utilnav/9.2/utilitynav.css HTTP/1.1Host: prod.adobeccstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://acrobat.adobe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /utilnav/9.2/utilitynav.js HTTP/1.1Host: prod.adobeccstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://acrobat.adobe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /6gNXXegDB6rtHARrNKRF8w.js HTTP/1.1Host: widget.uservoice.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://acrobat.adobe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /t2/496015/web/track.js?_=1715197503709&s=0&c=__uvSessionData0&d=eyJlIjp7InUiOiJodHRwczovL2Fjcm9iYXQuYWRvYmUuY29tL2lkL3VybjphYWlkOnNjOlZBNkMyOjM3MTRmMDNkLTgzNzgtNDk5Yy05ODhmLTJiMTEwNzdmY2Q4YT92aWV3ZXIlMjFtZWdhVmVyYj1ncm91cC1kaXNjb3ZlciIsInIiOiIifX0%3D HTTP/1.1Host: by2.uservoice.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://acrobat.adobe.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=PvL5A4Zl.lRiw7J4ozrgZ.U700pycvzzCeFqKKXWDPM-1715197484-1.0.1.1-O5H86VEdG030qmvuqnX46gPuSmEBsBvxkV_caac8hHAQXP0VH5bQVmwz_8GT4bZLGv2fQwcvVsNycyFOLlL8Pg
Source: global traffic HTTP traffic detected: GET /?q=dSMHmEUM9QSIKQm9iy0W HTTP/1.1Host: use1.fptls.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://commerce.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?q=dSMHmEUM9QSIKQm9iy0W HTTP/1.1Host: use1.fptls.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1715197531706 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://auth.services.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jslibver%2522%253A%2522v2-v0.40.0-17-g241fb07%2522%252C%2522nonce%2522%253A%25222998670356342859%2522%257D%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=dc-prod-virgoweb&scope=AdobeID%2Copenid%2CDCAPI%2Cadditional_info.account_type%2Cadditional_info.optionalAgreements%2Cagreement_sign%2Cagreement_send%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_library_read%2Csign_user_login%2Csao.ACOM_ESIGN_TRIAL%2Cee.dcweb%2Ctk_platform%2Ctk_platform_sync%2Cab.manage%2Cadditional_info.incomplete%2Cadditional_info.creation_source%2Cadditional_info.roles%2Cpps.read%2Cupdate_profile.first_name%2Cupdate_profile.last_name&state=%7B%22ac%22%3A%22adobe.com_acrobatweb_login%22%2C%22jslibver%22%3A%22v2-v0.40.0-17-g241fb07%22%2C%22nonce%22%3A%222998670356342859%22%7D&relay=dcea0849-1885-40ea-95ba-14ccb67644f1&locale=en_US&flow_type=token&dctx_id=v%3A2%2Cs%2C6eca5110-6cfa-11ed-b11c-3982bff8dfd0&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft&check_pba=true&response_type=token&code_challenge_method=plain&redirect_uri=https%3A%2F%2Facrobat.adobe.com%2Flink%2Fhome%2F%23old_hash%3D%26from_ims%3Dtrue%3Fclient_id%3Ddc-prod-virgoweb%26api%3Dauthorize%26scope%3DAdobeID%2Copenid%2CDCAPI%2Cadditional_inf
Source: global traffic HTTP traffic detected: GET /id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1715197531706 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://auth.services.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jslibver%2522%253A%2522v2-v0.40.0-17-g241fb07%2522%252C%2522nonce%2522%253A%25222998670356342859%2522%257D%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=dc-prod-virgoweb&scope=AdobeID%2Copenid%2CDCAPI%2Cadditional_info.account_type%2Cadditional_info.optionalAgreements%2Cagreement_sign%2Cagreement_send%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_library_read%2Csign_user_login%2Csao.ACOM_ESIGN_TRIAL%2Cee.dcweb%2Ctk_platform%2Ctk_platform_sync%2Cab.manage%2Cadditional_info.incomplete%2Cadditional_info.creation_source%2Cadditional_info.roles%2Cpps.read%2Cupdate_profile.first_name%2Cupdate_profile.last_name&state=%7B%22ac%22%3A%22adobe.com_acrobatweb_login%22%2C%22jslibver%22%3A%22v2-v0.40.0-17-g241fb07%22%2C%22nonce%22%3A%222998670356342859%22%7D&relay=dcea0849-1885-40ea-95ba-14ccb67644f1&locale=en_US&flow_type=token&dctx_id=v%3A2%2Cs%2C6eca5110-6cfa-11ed-b11c-3982bff8dfd0&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft&check_pba=true&response_type=token&code_challenge_method=plain&redirect_uri=https%3A%2F%2Facrobat.adobe.com%2Flink%2Fhome%2F%23old_hash%3D%26from_ims%3Dtrue%3Fclient_id%3Ddc-prod-virgoweb%26api%3Dauthorize%26scope%3DAdobeID%2Copenid%2CDCAPI%2Cadditional_
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=9E1005A551ED61CA0A490D45%40AdobeOrg&mid=39572486764476623773959463827199411905&ts=1715197534021 HTTP/1.1Host: sstats.adobe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://auth.services.adobe.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jslibver%2522%253A%2522v2-v0.40.0-17-g241fb07%2522%252C%2522nonce%2522%253A%25222998670356342859%2522%257D%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=dc-prod-virgoweb&scope=AdobeID%2Copenid%2CDCAPI%2Cadditional_info.account_type%2Cadditional_info.optionalAgreements%2Cagreement_sign%2Cagreement_send%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_library_read%2Csign_user_login%2Csao.ACOM_ESIGN_TRIAL%2Cee.dcweb%2Ctk_platform%2Ctk_platform_sync%2Cab.manage%2Cadditional_info.incomplete%2Cadditional_info.creation_source%2Cadditional_info.roles%2Cpps.read%2Cupdate_profile.first_name%2Cupdate_profile.last_name&state=%7B%22ac%22%3A%22adobe.com_acrobatweb_login%22%2C%22jslibver%22%3A%22v2-v0.40.0-17-g241fb07%22%2C%22nonce%22%3A%222998670356342859%22%7D&relay=dcea0849-1885-40ea-95ba-14ccb67644f1&locale=en_US&flow_type=token&dctx_id=v%3A2%2Cs%2C6eca5110-6cfa-11ed-b11c-3982bff8dfd0&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft&check_pba=true&response_type=token&code_challenge_method=plain&redirect_uri=https%3A%2F%2Facrobat.adobe.com%2Flink%2Fhome%2F%23old_hash%3D%26from_ims%3Dtrue%3Fclient_id%3Ddc-prod-virgoweb%26api%3Dauthorize%26scope%3DAdobeID%2Copenid%2CDCAPI%2Cadditional_
Source: global traffic HTTP traffic detected: GET /id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1715197531706 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=39367284431000877193943532878156968527
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=9E1005A551ED61CA0A490D45%40AdobeOrg&mid=39572486764476623773959463827199411905&ts=1715197534021 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AKA_A2=A; platformMetaData=%7B%22isAndroidAppInstalled%22%3Afalse%7D; fg=YNYWDWTTFPP5EDEKFAQVYHAADQ======; gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C39572486764476623773959463827199411905; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C39572486764476623773959463827199411905%7CMCAAMLH-1715802334%7C9%7CMCAAMB-1715802334%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1715204734s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; s_cc=true
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbdcwebprod,adbadobeprototype/1/JS-2.22.4-LCS4/s44804192691288 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AKA_A2=A; platformMetaData=%7B%22isAndroidAppInstalled%22%3Afalse%7D; fg=YNYWDWTTFPP5EDEKFAQVYHAADQ======; gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C39572486764476623773959463827199411905; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C39572486764476623773959463827199411905%7CMCAAMLH-1715802334%7C9%7CMCAAMB-1715802334%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1715204734s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; s_cc=true
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbdcwebprod,adbadobeprototype/1/JS-2.22.4-LCS4/s46188062955399 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AKA_A2=A; platformMetaData=%7B%22isAndroidAppInstalled%22%3Afalse%7D; fg=YNYWDWTTFPP5EDEKFAQVYHAADQ======; gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C39572486764476623773959463827199411905; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C39572486764476623773959463827199411905%7CMCAAMLH-1715802334%7C9%7CMCAAMB-1715802334%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1715204734s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; s_cc=true
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbdcwebprod,adbadobeprototype/1/JS-2.22.4-LCS4/s44804192691288?AQB=1&pccr=true&vidn=331DEB30EBCFAF8B-6000016EE197A971&g=none&AQE=1 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AKA_A2=A; platformMetaData=%7B%22isAndroidAppInstalled%22%3Afalse%7D; fg=YNYWDWTTFPP5EDEKFAQVYHAADQ======; gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C39572486764476623773959463827199411905; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C39572486764476623773959463827199411905%7CMCAAMLH-1715802334%7C9%7CMCAAMB-1715802334%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1715204734s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; s_cc=true; s_vi=[CS]v1|331DEB30EBCFAF8B-6000016EE197A971[CE]
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbdcwebprod,adbadobeprototype/1/JS-2.22.4-LCS4/s46188062955399?AQB=1&pccr=true&vidn=331DEB30B2728AF3-4000062D62EDA4E4&g=none&AQE=1 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AKA_A2=A; platformMetaData=%7B%22isAndroidAppInstalled%22%3Afalse%7D; fg=YNYWDWTTFPP5EDEKFAQVYHAADQ======; gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C39572486764476623773959463827199411905; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C39572486764476623773959463827199411905%7CMCAAMLH-1715802334%7C9%7CMCAAMB-1715802334%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1715204734s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; s_cc=true; s_vi=[CS]v1|331DEB30B2728AF3-4000062D62EDA4E4[CE]
Source: global traffic DNS traffic detected: DNS query: adobe.tt.omtrdc.net
Source: global traffic DNS traffic detected: DNS query: widget.uservoice.com
Source: global traffic DNS traffic detected: DNS query: use.typekit.net
Source: global traffic DNS traffic detected: DNS query: static.adobelogin.com
Source: global traffic DNS traffic detected: DNS query: prod.adobeccstatic.com
Source: global traffic DNS traffic detected: DNS query: p.typekit.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: l.betrad.com
Source: global traffic DNS traffic detected: DNS query: ims-na1.adobelogin.com
Source: global traffic DNS traffic detected: DNS query: files-download2.acrocomcontent.com
Source: global traffic DNS traffic detected: DNS query: dc-api-v2.adobecontent.io
Source: global traffic DNS traffic detected: DNS query: dc-api.adobecontent.io
Source: global traffic DNS traffic detected: DNS query: c.evidon.com
Source: global traffic DNS traffic detected: DNS query: by2.uservoice.com
Source: global traffic DNS traffic detected: DNS query: assets.adobedtm.com
Source: global traffic DNS traffic detected: DNS query: api.echosign.com
Source: global traffic DNS traffic detected: DNS query: cdn-sharing.adobecc.com
Source: global traffic DNS traffic detected: DNS query: detect.adobedccdn.com
Source: global traffic DNS traffic detected: DNS query: _19292._https.detect.adobedccdn.com
Source: global traffic DNS traffic detected: DNS query: _39691._https.detect.adobedccdn.com
Source: global traffic DNS traffic detected: DNS query: _49100._https.detect.adobedccdn.com
Source: global traffic DNS traffic detected: DNS query: cdnssl.clicktale.net
Source: global traffic DNS traffic detected: DNS query: js-agent.newrelic.com
Source: global traffic DNS traffic detected: DNS query: 8a81eebba889.cdn4.forter.com
Source: global traffic DNS traffic detected: DNS query: use1.fptls.com
Source: global traffic DNS traffic detected: DNS query: stun.fpapi.io
Source: global traffic DNS traffic detected: DNS query: stun.l.google.com
Source: global traffic DNS traffic detected: DNS query: use1-turn.fpjs.io
Source: global traffic DNS traffic detected: DNS query: dpm.demdex.net
Source: unknown HTTP traffic detected: POST /b/ss/adbims,adbadobenonacdcprod,adbdcwebprod,adbadobeprototype/1/JS-2.22.4-LCS4/s44804192691288 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveContent-Length: 11143sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://auth.services.adobe.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/index.html?callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2Fdc-prod-virgoweb%2FAdobeID%2Ftoken%3Fredirect_uri%3Dhttps%253A%252F%252Facrobat.adobe.com%252Flink%252Fhome%252F%2523old_hash%253D%2526from_ims%253Dtrue%253Fclient_id%253Ddc-prod-virgoweb%2526api%253Dauthorize%2526scope%253DAdobeID%252Copenid%252CDCAPI%252Cadditional_info.account_type%252Cadditional_info.optionalAgreements%252Cagreement_sign%252Cagreement_send%252Csign_library_write%252Csign_user_read%252Csign_user_write%252Cagreement_read%252Cagreement_write%252Cwidget_read%252Cwidget_write%252Cworkflow_read%252Cworkflow_write%252Csign_library_read%252Csign_user_login%252Csao.ACOM_ESIGN_TRIAL%252Cee.dcweb%252Ctk_platform%252Ctk_platform_sync%252Cab.manage%252Cadditional_info.incomplete%252Cadditional_info.creation_source%252Cadditional_info.roles%252Cpps.read%252Cupdate_profile.first_name%252Cupdate_profile.last_name%26state%3D%257B%2522ac%2522%253A%2522adobe.com_acrobatweb_login%2522%252C%2522jslibver%2522%253A%2522v2-v0.40.0-17-g241fb07%2522%252C%2522nonce%2522%253A%25222998670356342859%2522%257D%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=dc-prod-virgoweb&scope=AdobeID%2Copenid%2CDCAPI%2Cadditional_info.account_type%2Cadditional_info.optionalAgreements%2Cagreement_sign%2Cagreement_send%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_library_read%2Csign_user_login%2Csao.ACOM_ESIGN_TRIAL%2Cee.dcweb%2Ctk_platform%2Ctk_platform_sync%2Cab.manage%2Cadditional_info.incomplete%2Cadditional_info.creation_source%2Cadditional_info.roles%2Cpps.read%2Cupdate_profile.first_name%2Cupdate_profile.last_name&state=%7B%22ac%22%3A%22adobe.com_acrobatweb_login%22%2C%22jslibver%22%3A%22v2-v0.40.0-17-g241fb07%22%2C%22nonce%22%3A%222998670356342859%22%7D&relay=dcea0849-1885-40ea-95ba-14ccb67644f1&locale=en_US&flow_type=token&dctx_id=v%3A2%2Cs%2C6eca5110-6cfa-11ed-b11c-3982bff8dfd0&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft&check_pba=true&response_type=token&code_challenge_method=plain&redirect_uri=https%3A%2F%2Facrobat.adobe.com%2Flink%2Fhome%2F%23old_hash%3D%26from_ims%3Dtrue%3Fclient_id%3Ddc-prod-virgoweb%26api%3Dauthorize%26scope%3DAdobeID%2Copenid%2CDCAPI%2Cadditional_info.account_type%2Cadditiona
Source: chromecache_456.1.dr String found in binary or memory: http://feross.org
Source: chromecache_582.1.dr String found in binary or memory: http://github.com/janl/mustache.js
Source: chromecache_410.1.dr, chromecache_457.1.dr String found in binary or memory: http://iso.org/pdf/ssn
Source: chromecache_410.1.dr, chromecache_457.1.dr String found in binary or memory: http://iso.org/pdf2/ssn
Source: chromecache_514.1.dr String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_635.1.dr, chromecache_626.1.dr String found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: chromecache_635.1.dr, chromecache_626.1.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: chromecache_626.1.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017702
Source: chromecache_635.1.dr, chromecache_626.1.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: chromecache_626.1.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017704
Source: chromecache_626.1.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017706
Source: chromecache_610.1.dr String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f83
Source: chromecache_610.1.dr String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f85
Source: chromecache_610.1.dr String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f86
Source: chromecache_610.1.dr String found in binary or memory: http://typekit.com/eulas/00000000000000003b9b3f88
Source: chromecache_373.1.dr, chromecache_514.1.dr, chromecache_579.1.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/button
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/fedcm.json
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/fedcmcsp?client_id=
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/iframe/select
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/log
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/revoke
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/select
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/status
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/gsi/style
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/o/oauth2/iframe
Source: chromecache_472.1.dr String found in binary or memory: https://accounts.google.com/o/oauth2/v2/auth
Source: chromecache_593.1.dr String found in binary or memory: https://adobereview.uservoice.com/forums/598411-document-review
Source: chromecache_472.1.dr String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#cross_origin)
Source: chromecache_472.1.dr String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#display_moment
Source: chromecache_472.1.dr String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#layout
Source: chromecache_472.1.dr String found in binary or memory: https://developers.google.com/identity/gsi/web/guides/fedcm-migration?s=dc#skipped_moment
Source: chromecache_593.1.dr String found in binary or memory: https://download.adobeprerelease.com/public/resource/1482219688/PreReleaseAgmt%20License-en_US-20160
Source: chromecache_654.1.dr String found in binary or memory: https://fingerprint.com)
Source: chromecache_545.1.dr String found in binary or memory: https://ims-na1.adobelogin.com/
Source: chromecache_472.1.dr String found in binary or memory: https://oauth2.googleapis.com/revoke
Source: chromecache_635.1.dr, chromecache_626.1.dr String found in binary or memory: https://p.typekit.net/p.gif
Source: chromecache_394.1.dr, chromecache_415.1.dr String found in binary or memory: https://sso.behance.net/ims
Source: chromecache_505.1.dr, chromecache_359.1.dr String found in binary or memory: https://static.adobelogin.com/imslib/imslib.min.js
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/a?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/d?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/l?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_635.1.dr, chromecache_626.1.dr String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: chromecache_626.1.dr String found in binary or memory: https://use.typekit.net/af/4b3e87/000000000000000000017706/27/
Source: chromecache_626.1.dr String found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/a?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/d?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_626.1.dr String found in binary or memory: https://use.typekit.net/af/a2527e/000000000000000000017704/27/
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/a?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/d?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/aa41d0/00000000000000003b9b3f86/27/l?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/a?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/d?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_610.1.dr String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=7fa3915bdafdf03041871920a205b
Source: chromecache_635.1.dr, chromecache_626.1.dr String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: chromecache_635.1.dr, chromecache_626.1.dr String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/
Source: chromecache_601.1.dr, chromecache_657.1.dr String found in binary or memory: https://views7closingdocument.weebly.com)
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50218
Source: unknown Network traffic detected: HTTP traffic on port 50229 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50132
Source: unknown Network traffic detected: HTTP traffic on port 50202 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50094 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50214
Source: unknown Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown Network traffic detected: HTTP traffic on port 50234 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50229
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50188
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50220
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50224
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50234
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50233
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 50203 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 50188 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50220 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50203
Source: unknown Network traffic detected: HTTP traffic on port 50224 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50202
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50132 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50094
Source: unknown Network traffic detected: HTTP traffic on port 50030 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 50218 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown Network traffic detected: HTTP traffic on port 50214 -> 443
Source: unknown HTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.4:49752 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.192.208.109:443 -> 192.168.2.4:49758 version: TLS 1.2
Source: classification engine Classification label: mal52.phis.win@23/586@104/22
Source: chromecache_657.1.dr Initial sample: https://views7closingdocument.weebly.com
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2256,i,11820377760458234647,11349647309860300442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImppbGwub2tlZWZmZUBhdGxhbnRpY2FyZS5vcmciLCJyZXF1ZXN0SWQiOiJhN2FlZTBmNS0xZDFkLTQxOTgtN2MwYi1jMGFhYzUwNmNhNTIiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjozNzE0ZjAzZC04Mzc4LTQ5OWMtOTg4Zi0yYjExMDc3ZmNkOGEiLCJsYWJlbCI6IjEyIiwibG9jYWxlIjoiZW5fVVMifQ.cHka_UyRufdl2FWExn4qK06yf5bY5SzHk_Dl30luv6TNezuMfluGHXeuU150Kj9T8ZluD7HZilv5699deMPC-g"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4800 --field-trial-handle=2256,i,11820377760458234647,11349647309860300442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=2256,i,11820377760458234647,11349647309860300442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 --field-trial-handle=2256,i,11820377760458234647,11349647309860300442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4800 --field-trial-handle=2256,i,11820377760458234647,11349647309860300442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=2256,i,11820377760458234647,11349647309860300442,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Drops files with a non-matching file extension (content does not match file extension)
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 601 Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 657
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: Chrome Cache Entry: 657 Jump to dropped file
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1438591 URL: https://postoffice.adobe.co... Startdate: 08/05/2024 Architecture: WINDOWS Score: 52 19 use1-turn.fpjs.io 2->19 21 stun.l.google.com 2->21 23 stun.fpapi.io 2->23 37 Phishing site or detected (based on various text indicators) 2->37 39 LLM detected suspicious webpage text 2->39 41 LLM detected suspicious URL 2->41 7 chrome.exe 1 2->7         started        10 chrome.exe 2->10         started        signatures3 process4 dnsIp5 25 192.168.2.17 unknown unknown 7->25 27 192.168.2.4, 138, 19302, 3478 unknown unknown 7->27 29 239.255.255.250 unknown Reserved 7->29 12 chrome.exe 7->12         started        15 chrome.exe 7->15         started        17 chrome.exe 6 7->17         started        process6 dnsIp7 31 www.google.com 142.251.215.228, 443, 49749, 50094 GOOGLEUS United States 12->31 33 stun.l.google.com 74.125.250.129, 19302, 65520 GOOGLEUS United States 12->33 35 45 other IPs or domains 12->35
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
54.191.71.158
 unknown United States
16509 AMAZON-02US false
151.101.1.138
 cdn-sharing.adobecc.map.fastly.net United States
54113 FASTLYUS false
18.238.217.50
 dd20fzx9mj46f.cloudfront.net United States
16509 AMAZON-02US false
18.238.217.93
 d1xbuscas8tetl.cloudfront.net United States
16509 AMAZON-02US false
3.163.165.96
 prod.adobeccstatic.com United States
16509 AMAZON-02US false
63.140.36.145
 unknown United States
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
99.83.173.21
 use1.fptls.com United States
16509 AMAZON-02US false
104.17.29.92
 widget.uservoice.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
52.71.63.232
 api.echosign.com United States
14618 AMAZON-AESUS false
3.163.189.78
 8a81eebba889.cdn4.forter.com United States
16509 AMAZON-02US false
34.231.53.248
 unknown United States
14618 AMAZON-AESUS false
54.244.73.56
 dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com United States
16509 AMAZON-02US false
104.17.28.92
 by2.uservoice.com United States
13335 CLOUDFLARENETUS false
142.251.215.228
 www.google.com United States
15169 GOOGLEUS false
162.247.243.39
 js-agent.newrelic.com United States
13335 CLOUDFLARENETUS false
74.125.250.129
 stun.l.google.com United States
15169 GOOGLEUS false
151.101.129.138
 unknown United States
54113 FASTLYUS false
63.140.37.206
 adobetarget.data.adobedc.net United States
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false

Private

IP
192.168.2.4
127.0.0.1
192.168.2.17

Contacted Domains

Name IP Active
dd20fzx9mj46f.cloudfront.net 18.238.217.50 true
privacycollector-production-457481513.us-east-1.elb.amazonaws.com 52.200.151.143 true
use1-turn.fpjs.io 18.212.47.155 true
widget.uservoice.com 104.17.29.92 true
api.echosign.com 52.71.63.232 true
detect.adobedccdn.com 127.0.0.1 true
js-agent.newrelic.com 162.247.243.39 true
dcs-public-edge-usw2-219535174.us-west-2.elb.amazonaws.com 54.244.73.56 true
cdn-sharing.adobecc.map.fastly.net 151.101.1.138 true
fp2e7a.wpc.phicdn.net 192.229.211.108 true
adobetarget.data.adobedc.net 63.140.37.206 true
bg.microsoft.map.fastly.net 199.232.214.172 true
adobe.com.ssl.d1.sc.omtrdc.net 63.140.37.206 true
use1.fptls.com 99.83.173.21 true
www.google.com 142.251.215.228 true
8a81eebba889.cdn4.forter.com 3.163.189.78 true
by2.uservoice.com 104.17.28.92 true
prod.adobeccstatic.com 3.163.165.96 true
stun.l.google.com 74.125.250.129 true
d1xbuscas8tetl.cloudfront.net 18.238.217.93 true
c.evidon.com unknown unknown
ims-na1.adobelogin.com unknown unknown
dc-api-v2.adobecontent.io unknown unknown
adobe.tt.omtrdc.net unknown unknown
cdn-sharing.adobecc.com unknown unknown
cdnssl.clicktale.net unknown unknown
dpm.demdex.net unknown unknown
static.adobelogin.com unknown unknown
_49100._https.detect.adobedccdn.com unknown unknown
use.typekit.net unknown unknown
assets.adobedtm.com unknown unknown
_39691._https.detect.adobedccdn.com unknown unknown
l.betrad.com unknown unknown
p.typekit.net unknown unknown
_19292._https.detect.adobedccdn.com unknown unknown
stun.fpapi.io unknown unknown
dc-api.adobecontent.io unknown unknown
files-download2.acrocomcontent.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
about:blank false
  • Avira URL Cloud: safe
 low
https://cdn-sharing.adobecc.com/content/storage/id/urn:aaid:sc:VA6C2:3714f03d-8378-499c-988f-2b11077fcd8a/:rendition;page=0;size=1200;type=image%2Fjpeg?access_token=1715240663_urn%3Aaaid%3Asc%3AVA6C2%3A3714f03d-8378-499c-988f-2b11077fcd8a%3Bpublic_a8f1700bc0bbe68baa1f27b6d97497bd1f725dec&api_key=dc_sendtrack false
  • Avira URL Cloud: safe
 unknown
https://widget.uservoice.com/6gNXXegDB6rtHARrNKRF8w.js false
    		high
    https://use1.fptls.com/?q=dSMHmEUM9QSIKQm9iy0W false
    • Avira URL Cloud: safe
    		 unknown
    https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1715197531706 false
      		high
      https://prod.adobeccstatic.com/utilnav/9.2/utilitynav.js false
      • URL Reputation: safe
      		 unknown
      https://prod.adobeccstatic.com/utilnav/9.2/utilitynav.css false
      • URL Reputation: safe
      		 unknown
      https://by2.uservoice.com/t2/496015/web/track.js?_=1715197503709&s=0&c=__uvSessionData0&d=eyJlIjp7InUiOiJodHRwczovL2Fjcm9iYXQuYWRvYmUuY29tL2lkL3VybjphYWlkOnNjOlZBNkMyOjM3MTRmMDNkLTgzNzgtNDk5Yy05ODhmLTJiMTEwNzdmY2Q4YT92aWV3ZXIlMjFtZWdhVmVyYj1ncm91cC1kaXNjb3ZlciIsInIiOiIifX0%3D false
        		high
        https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1715197531706 false
          		high