Skip to main content
Participant
July 8, 2026
Question

Adobe Acrobat contacted certain URL in antivirus test

  • July 8, 2026
  • 1 reply
  • 42 views

I uploaded a PDF to Virustotal to make sure it had no malware. NO vendors flagged it as malicious. However, the PDF file contacted a certain URL that is flagged as malicious by 2/91 vendors:

 

dunamis-ethos508-prod-va6-856defacfb833db1[.]elb[.]us-east-1[.]amazonaws[.]com

 

This URL appears to have once been used by scammers in a “domain fronting” scheme that blended  malicious traffic within legitimate cloud service communications, which might be why the 2 vendors flagged the URL as malicious.

 

The URL in question seems to be tied to two other domains that I believe are legitimate Adobe domains:
 

cc-api-data[.]adobe[.]io
ethos[.]dunamis[.]ethos508-prod-va6[.]ethos[.]adobe.net

 

If you look at the SSL reports below, they all connect to the very same IP addresses.

https://www.ssllabs.com/ssltest/analyze.html?d=cc-api-data.adobe.io 
https://www.ssllabs.com/ssltest/analyze.html?d=ethos.dunamis.ethos508-prod-va6.ethos.adobe.net 
https://www.ssllabs.com/ssltest/analyze.html?d=dunamis-ethos508-prod-va6-856defacfb833db1.elb.us-east-1.amazonaws.com

 

Can anyone here please let me know whether this URL is legitimately used by Adobe services or not?

 

(PS. I added the hook parentheses to the URLs just in case)

    1 reply

    Anand Sri Bhattacharya
    Community Manager
    Community Manager
    July 8, 2026

    Hello @darby-1886,


    I hope you are doing well, and thanks for reaching out and sharing the details.


    We'll get this checked internally and will get back to you with an update.


    Regards,

    Anand Sri.