Copy link to clipboard
Copied
Recently we were informed about a potential issue with a .pdf that we were hosting. A partners IT dept flagged (using hybrid-analysis.com) an IP that may be malicious.
We ran our own hybrid-analysis test and used wireshark to observe the traffic and noticed similar ip ranges being used.
Can adobe confirm if ip's of or around 54.82.40.215 and 54.174.153.125 (whois'd to amazon web service) are adobe or is this a real threat?
It is public knowledge that AWS (Amazon Web Services) are used to host some of Adobe's services. Acrobat could be attempting logon with an Adobe ID to the Document Cloud or Creative Cloud, including searching for whether there are available updates for the software.
- Dov
Copy link to clipboard
Copied
Amazon offer web services to millions of companies, they are one of the largest providers of services. These will include some of the largest companies in the world and some shady customers too... Amazon do not reveal which of their customers is assigned (at any particular moment) an IP.
If all PDFs connect here, maybe it is indeed Adobe. If this is a single PDF, not under your control, maybe it uses a private connection scheme with someone, for example for digital rights management or for some multimedia.
Copy link to clipboard
Copied
It is public knowledge that AWS (Amazon Web Services) are used to host some of Adobe's services. Acrobat could be attempting logon with an Adobe ID to the Document Cloud or Creative Cloud, including searching for whether there are available updates for the software.
- Dov