The transmission of documents over HTTP may be normal activity, but could also indicate exploitation or data exfiltration.
Network users may download documents and media files in formats such as Adobe PDF; Microsoft Word, PowerPoint, or Excel; or ZIP archives from third-party websites as part of normal operations. However, the transmission of documents via HTTP could also indicate malicious activity. Documents downloaded from malicious sites could contain malicious software or embedded code. HTTP transmissions out of the network could indicate that data is leaving the network.
Users should verify that unsolicited links are safe to follow.