Adobe Acrobat contacted certain URL in antivirus test
I uploaded a PDF to Virustotal to make sure it had no malware. NO vendors flagged it as malicious. However, the PDF file contacted a certain URL that is flagged as malicious by 2/91 vendors:
dunamis-ethos508-prod-va6-856defacfb833db1[.]elb[.]us-east-1[.]amazonaws[.]com
This URL appears to have once been used by scammers in a “domain fronting” scheme that blended malicious traffic within legitimate cloud service communications, which might be why the 2 vendors flagged the URL as malicious.
The URL in question seems to be tied to two other domains that I believe are legitimate Adobe domains:
cc-api-data[.]adobe[.]io
ethos[.]dunamis[.]ethos508-prod-va6[.]ethos[.]adobe.net
If you look at the SSL reports below, they all connect to the very same IP addresses.
https://www.ssllabs.com/ssltest/analyze.html?d=cc-api-data.adobe.io
https://www.ssllabs.com/ssltest/analyze.html?d=ethos.dunamis.ethos508-prod-va6.ethos.adobe.net
https://www.ssllabs.com/ssltest/analyze.html?d=dunamis-ethos508-prod-va6-856defacfb833db1.elb.us-east-1.amazonaws.com
Can anyone here please let me know whether this URL is legitimately used by Adobe services or not?
(PS. I added the hook parentheses to the URLs just in case)
