Windows Analysis Report
https://na4.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAA5tR3-VKwfTm2oK1ZFsGY4F1bMY0OocfkOty0_NR8WPsvGcqcPMX99hsfyAX0DyWSeccTdFVfZvOduC-3ChA5AMz28_30EDGfKA5OdbfA3lP90ySigWqVPyIMzXTGFx2E&

Overview

General Information

Sample URL: https://na4.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAA5tR3-VKwfTm2oK1ZFsGY4F1bMY0OocfkOty0_NR8WPsvGcqcPMX99hsfyAX0DyWSeccTdFVfZvOduC-3ChA5AMz28_30EDGfKA5OdbfA3lP90ySigWqVPyIMz
Analysis ID: 1500272
Infos:

Detection

Score: 2
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

HTML body contains low number of good links
HTML body contains password input but no form action
Stores files to the Windows start menu directory
Uses insecure TLS / SSL version for HTTPS connection

Classification

HTML body contains low number of good links
Source: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Caddi... HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Caddi... HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Caddi... HTTP Parser: <input type="password" .../> found
Source: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Caddi... HTTP Parser: No favicon
Source: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Caddi HTTP Parser: No <meta name="author".. found
Source: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Caddi... HTTP Parser: No <meta name="copyright".. found
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49725 version: TLS 1.2
Uses insecure TLS / SSL version for HTTPS connection
Source: unknown HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49741 version: TLS 1.0
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1724821684601 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://auth.services.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Cadditional_info.roles%2Caps.read.app_merchandising%2Csign_application_read%2Csign_application_write&state=8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866&relay=b0196ffe-89b0-4f67-9188-23574dbd1e17&locale=en_US&flow_type=code&ctx_id=Adobe_Sign&dctx_id=adobe_document_cloud&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft%2Cline&response_type=code&code_challenge_method=plain&redirect_uri=https%3A%2F%2Fgps.echosign.com%2Fpublic%2FadobeIDLogin%3Fserver%3Dna4.documents.adobe.com%26isAdobeSignAuth%3Dfalse%26port%3D443&use_ms_for_expiry=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1724821684601 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://auth.services.adobe.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Cadditional_info.roles%2Caps.read.app_merchandising%2Csign_application_read%2Csign_application_write&state=8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866&relay=b0196ffe-89b0-4f67-9188-23574dbd1e17&locale=en_US&flow_type=code&ctx_id=Adobe_Sign&dctx_id=adobe_document_cloud&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft%2Cline&response_type=code&code_challenge_method=plain&redirect_uri=https%3A%2F%2Fgps.echosign.com%2Fpublic%2FadobeIDLogin%3Fserver%3Dna4.documents.adobe.com%26isAdobeSignAuth%3Dfalse%26port%3D443&use_ms_for_expiry=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=08526324150224352671389424333924169464
Source: global traffic HTTP traffic detected: GET /clients/adobe-sign-2020/4x_f39219ea552b8fc1c7b42c6a2d0290c2.png HTTP/1.1Host: static.adobelogin.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Cadditional_info.roles%2Caps.read.app_merchandising%2Csign_application_read%2Csign_application_write&state=8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866&relay=b0196ffe-89b0-4f67-9188-23574dbd1e17&locale=en_US&flow_type=code&ctx_id=Adobe_Sign&dctx_id=adobe_document_cloud&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft%2Cline&response_type=code&code_challenge_method=plain&redirect_uri=https%3A%2F%2Fgps.echosign.com%2Fpublic%2FadobeIDLogin%3Fserver%3Dna4.documents.adobe.com%26isAdobeSignAuth%3Dfalse%26port%3D443&use_ms_for_expiry=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1724821684601 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=08526324150224352671389424333924169464
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=9E1005A551ED61CA0A490D45%40AdobeOrg&mid=08370380883362609411369326338878538358&ts=1724821687168 HTTP/1.1Host: sstats.adobe.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://auth.services.adobe.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Cadditional_info.roles%2Caps.read.app_merchandising%2Csign_application_read%2Csign_application_write&state=8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866&relay=b0196ffe-89b0-4f67-9188-23574dbd1e17&locale=en_US&flow_type=code&ctx_id=Adobe_Sign&dctx_id=adobe_document_cloud&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft%2Cline&response_type=code&code_challenge_method=plain&redirect_uri=https%3A%2F%2Fgps.echosign.com%2Fpublic%2FadobeIDLogin%3Fserver%3Dna4.documents.adobe.com%26isAdobeSignAuth%3Dfalse%26port%3D443&use_ms_for_expiry=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C08370380883362609411369326338878538358%7CMCAAMLH-1725426487%7C6%7CMCAAMB-1725426487%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1724828887s%7CNONE%7CvVersion%7C5.4.0
Source: global traffic HTTP traffic detected: GET /id?d_visid_ver=5.4.0&d_fieldgroup=A&mcorgid=9E1005A551ED61CA0A490D45%40AdobeOrg&mid=08370380883362609411369326338878538358&ts=1724821687168 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C08370380883362609411369326338878538358; s_cc=true; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C08370380883362609411369326338878538358%7CMCAAMLH-1725426487%7C6%7CMCAAMB-1725426487%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1724828888s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0
Source: global traffic HTTP traffic detected: GET /clients/adobe-sign-2020/4x_f39219ea552b8fc1c7b42c6a2d0290c2.png HTTP/1.1Host: static.adobelogin.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbadobeprototype/1/JS-2.22.4-LCS4/s55679924138630 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C08370380883362609411369326338878538358; s_cc=true; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C08370380883362609411369326338878538358%7CMCAAMLH-1725426487%7C6%7CMCAAMB-1725426487%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1724828888s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbadobeprototype/1/JS-2.22.4-LCS4/s57233740158599 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C08370380883362609411369326338878538358; s_cc=true; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C08370380883362609411369326338878538358%7CMCAAMLH-1725426487%7C6%7CMCAAMB-1725426487%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1724828888s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbadobeprototype/1/JS-2.22.4-LCS4/s57172779942856 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C08370380883362609411369326338878538358; s_cc=true; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C08370380883362609411369326338878538358%7CMCAAMLH-1725426487%7C6%7CMCAAMB-1725426487%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1724828888s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbadobeprototype/1/JS-2.22.4-LCS4/s55679924138630?AQB=1&pccr=true&vidn=3367585DC6438AFF-60001DD5895C9AC8&g=none&AQE=1 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C08370380883362609411369326338878538358; s_cc=true; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C08370380883362609411369326338878538358%7CMCAAMLH-1725426487%7C6%7CMCAAMB-1725426487%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1724828888s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; s_vi=[CS]v1|3367585DC6438AFF-60001DD5895C9AC8[CE]
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbadobeprototype/1/JS-2.22.4-LCS4/s57233740158599?AQB=1&pccr=true&vidn=3367585DCA53466F-600002B6AE777060&g=none&AQE=1 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C08370380883362609411369326338878538358; s_cc=true; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C08370380883362609411369326338878538358%7CMCAAMLH-1725426487%7C6%7CMCAAMB-1725426487%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1724828888s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; s_vi=[CS]v1|3367585DAE7FCA3C-40000C8A40CA7FB4[CE]
Source: global traffic HTTP traffic detected: GET /b/ss/adbims,adbadobenonacdcprod,adbadobeprototype/1/JS-2.22.4-LCS4/s57172779942856?AQB=1&pccr=true&vidn=3367585DAE7FCA3C-40000C8A40CA7FB4&g=none&AQE=1 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C08370380883362609411369326338878538358; s_cc=true; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C08370380883362609411369326338878538358%7CMCAAMLH-1725426487%7C6%7CMCAAMB-1725426487%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1724828888s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; s_vi=[CS]v1|3367585DAE7FCA3C-40000C8A40CA7FB4[CE]
Source: global traffic DNS traffic detected: DNS query: static.echocdn.com
Source: global traffic DNS traffic detected: DNS query: secure.na4.echocdn.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: use.typekit.net
Source: global traffic DNS traffic detected: DNS query: p.typekit.net
Source: global traffic DNS traffic detected: DNS query: secure.na4.adobesign.com
Source: global traffic DNS traffic detected: DNS query: ims-na1.adobelogin.com
Source: global traffic DNS traffic detected: DNS query: dpm.demdex.net
Source: global traffic DNS traffic detected: DNS query: static.adobelogin.com
Source: unknown HTTP traffic detected: POST /b/ss/adbims,adbadobenonacdcprod,adbadobeprototype/1/JS-2.22.4-LCS4/s55679924138630 HTTP/1.1Host: sstats.adobe.comConnection: keep-aliveContent-Length: 6552sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://auth.services.adobe.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fgps.echosign.com%252Fpublic%252FadobeIDLogin%253Fserver%253Dna4.documents.adobe.com%2526isAdobeSignAuth%253Dfalse%2526port%253D443%26state%3D8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2CAdobeID%2CDCAPI%2Cadditional_info.account_type%2Cskybox%2Cupdate_profile.first_name%2Cupdate_profile.last_name%2Cagreement_send%2Cagreement_sign%2Csign_library_write%2Csign_user_read%2Csign_user_write%2Cagreement_read%2Cagreement_write%2Cwidget_read%2Cwidget_write%2Cworkflow_read%2Cworkflow_write%2Csign_addressbook_read%2Csign_library_read%2Cadditional_info.projectedProductContext%2Csign_webhook_read%2Csign_webhook_write%2Csign_webhook_retention%2Csao.ACOM_ESIGN_TRIAL%2Cee.GROUP_SIGN_WEB%2Cadditional_info.ownerOrg%2Cadditional_info.roles%2Caps.read.app_merchandising%2Csign_application_read%2Csign_application_write&state=8660432c950d9e06b585396d4b2f1bad1cd7c9a50ae2ce0a50cf2260cfc55866&relay=b0196ffe-89b0-4f67-9188-23574dbd1e17&locale=en_US&flow_type=code&ctx_id=Adobe_Sign&dctx_id=adobe_document_cloud&idp_flow_type=login&s_p=google%2Cfacebook%2Capple%2Cmicrosoft%2Cline&response_type=code&code_challenge_method=plain&redirect_uri=https%3A%2F%2Fgps.echosign.com%2Fpublic%2FadobeIDLogin%3Fserver%3Dna4.documents.adobe.com%26isAdobeSignAuth%3Dfalse%26port%3D443&use_ms_for_expiry=trueAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: gpv=Account:IMS:GetStarted:OnLoad; AMCVS_9E1005A551ED61CA0A490D45%40AdobeOrg=1; s_ecid=MCMID%7C08370380883362609411369326338878538358; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=1176715910%7CMCMID%7C08370380883362609411369326338878538358%7CMCAAMLH-1725426487%7C6%7CMCAAMB-1725426487%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1724828887s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.4.0; s_cc=true
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: http://api.jqueryui.com/position/
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: http://eightmedia.github.com/hammer.js
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: http://flesler.blogspot.com
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: http://flesler.blogspot.com/2007/10/jqueryscrollto.html
Source: chromecache_145.2.dr, chromecache_158.2.dr String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: http://jquery.org/license
Source: chromecache_157.2.dr String found in binary or memory: http://jqueryui.com
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: http://sizzlejs.com/
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: http://trentrichardson.com/examples/timepicker
Source: chromecache_96.2.dr, chromecache_105.2.dr String found in binary or memory: http://typekit.com/eulas/0000000000000000000149e7
Source: chromecache_162.2.dr, chromecache_96.2.dr, chromecache_122.2.dr, chromecache_105.2.dr String found in binary or memory: http://typekit.com/eulas/0000000000000000000176ff
Source: chromecache_162.2.dr, chromecache_96.2.dr, chromecache_122.2.dr, chromecache_105.2.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017701
Source: chromecache_96.2.dr, chromecache_105.2.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017702
Source: chromecache_162.2.dr, chromecache_96.2.dr, chromecache_122.2.dr, chromecache_105.2.dr String found in binary or memory: http://typekit.com/eulas/000000000000000000017703
Source: chromecache_145.2.dr, chromecache_158.2.dr String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_135.2.dr, chromecache_155.2.dr, chromecache_97.2.dr, chromecache_157.2.dr String found in binary or memory: http://www.mozilla.org/MPL/
Source: chromecache_145.2.dr, chromecache_158.2.dr String found in binary or memory: https://github.com/facebook/regenerator/blob/main/LICENSE
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: https://github.com/gabceb
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: https://github.com/gabceb/jquery-browser-plugin
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: https://github.com/jquery/jquery-color
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: https://github.com/websanova/mousestop
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: https://jquery.com/
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: https://jquery.org/license
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: https://jqueryvalidation.org/
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: https://js.foundation/
Source: chromecache_145.2.dr, chromecache_158.2.dr String found in binary or memory: https://lodash.com/
Source: chromecache_145.2.dr, chromecache_158.2.dr String found in binary or memory: https://lodash.com/license
Source: chromecache_145.2.dr, chromecache_158.2.dr String found in binary or memory: https://openjsf.org/
Source: chromecache_162.2.dr, chromecache_96.2.dr, chromecache_122.2.dr, chromecache_105.2.dr String found in binary or memory: https://p.typekit.net/p.gif
Source: chromecache_135.2.dr, chromecache_157.2.dr String found in binary or memory: https://sizzlejs.com/
Source: chromecache_137.2.dr, chromecache_154.2.dr String found in binary or memory: https://sso.behance.net/ims
Source: chromecache_152.2.dr, chromecache_129.2.dr String found in binary or memory: https://static.adobelogin.com/clients/adobe-sign-2020/1x_f39219ea552b8fc1c7b42c6a2d0290c2.png
Source: chromecache_152.2.dr, chromecache_129.2.dr String found in binary or memory: https://static.adobelogin.com/clients/adobe-sign-2020/2x_f39219ea552b8fc1c7b42c6a2d0290c2.png
Source: chromecache_152.2.dr, chromecache_129.2.dr String found in binary or memory: https://static.adobelogin.com/clients/adobe-sign-2020/4x_f39219ea552b8fc1c7b42c6a2d0290c2.png
Source: chromecache_152.2.dr, chromecache_129.2.dr String found in binary or memory: https://static.adobelogin.com/clients/adobe-sign-2020/f39219ea552b8fc1c7b42c6a2d0290c2.png
Source: chromecache_162.2.dr, chromecache_96.2.dr, chromecache_122.2.dr, chromecache_105.2.dr String found in binary or memory: https://use.typekit.net/af/40207f/0000000000000000000176ff/27/
Source: chromecache_96.2.dr, chromecache_105.2.dr String found in binary or memory: https://use.typekit.net/af/74ffb1/000000000000000000017702/27/
Source: chromecache_162.2.dr, chromecache_96.2.dr, chromecache_122.2.dr, chromecache_105.2.dr String found in binary or memory: https://use.typekit.net/af/cb695f/000000000000000000017701/27/
Source: chromecache_96.2.dr, chromecache_105.2.dr String found in binary or memory: https://use.typekit.net/af/e301c6/0000000000000000000149e7/27/
Source: chromecache_162.2.dr, chromecache_96.2.dr, chromecache_122.2.dr, chromecache_105.2.dr String found in binary or memory: https://use.typekit.net/af/eaf09c/000000000000000000017703/27/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: classification engine Classification label: clean2.win@17/129@30/9
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2080,i,4616497776670431106,16504508632005767747,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://na4.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAA5tR3-VKwfTm2oK1ZFsGY4F1bMY0OocfkOty0_NR8WPsvGcqcPMX99hsfyAX0DyWSeccTdFVfZvOduC-3ChA5AMz28_30EDGfKA5OdbfA3lP90ySigWqVPyIMzXTGFx2E&"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2080,i,4616497776670431106,16504508632005767747,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1500272 URL: https://na4.documents.adobe... Startdate: 28/08/2024 Architecture: WINDOWS Score: 2 5 chrome.exe 9 2->5         started        8 chrome.exe 2->8         started        dnsIp3 13 192.168.2.5, 443, 49248, 49295 unknown unknown 5->13 15 239.255.255.250 unknown Reserved 5->15 10 chrome.exe 5->10         started        process4 dnsIp5 17 63.140.62.222, 443, 49818, 49830 OMNITUREUS United States 10->17 19 www.google.com 142.250.185.68, 443, 49723, 49840 GOOGLEUS United States 10->19 21 20 other IPs or domains 10->21
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
13.224.189.15
 unknown United States
16509 AMAZON-02US false
34.253.116.68
 unknown United States
16509 AMAZON-02US false
63.140.62.222
 unknown United States
15224 OMNITUREUS false
13.224.189.8
 dd20fzx9mj46f.cloudfront.net United States
16509 AMAZON-02US false
142.250.185.68
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
63.140.36.51
 adobe.com.ssl.d1.sc.omtrdc.net United States
4134 CHINANET-BACKBONENo31Jin-rongStreetCN false
52.50.19.120
 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com United States
16509 AMAZON-02US false

Private

IP
192.168.2.5

Contacted Domains

Name IP Active
dd20fzx9mj46f.cloudfront.net 13.224.189.8 true
adobe.com.ssl.d1.sc.omtrdc.net 63.140.36.51 true
www.google.com 142.250.185.68 true
secure.na4.adobesign.com 52.35.253.84 true
dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com 52.50.19.120 true
secure.na4dc2.echosign.com 52.35.253.84 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
windowsupdatebg.s.llnwi.net 87.248.204.0 true
use.typekit.net unknown unknown
p.typekit.net unknown unknown
ims-na1.adobelogin.com unknown unknown
secure.na4.echocdn.com unknown unknown
dpm.demdex.net unknown unknown
static.adobelogin.com unknown unknown
static.echocdn.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://static.adobelogin.com/clients/adobe-sign-2020/4x_f39219ea552b8fc1c7b42c6a2d0290c2.png false
  • Avira URL Cloud: safe
 unknown
https://dpm.demdex.net/id/rd?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1724821684601 false
  • Avira URL Cloud: safe
 unknown
https://dpm.demdex.net/id?d_visid_ver=5.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=9E1005A551ED61CA0A490D45%40AdobeOrg&d_nsid=0&ts=1724821684601 false
  • Avira URL Cloud: safe
 unknown