| url.rw/?https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe | 188.166.2.160 | 200 OK | 1.4 kB |
URL User Request GET HTTP/1.1url.rw/?https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe IP188.166.2.160:443 ASN#14061 DIGITALOCEAN-ASN
CertificateIssuerLet's Encrypt Subjecturl.rw Fingerprint86:AB:FD:2C:A0:9B:81:FA:BE:EF:2A:84:65:55:D5:83:80:DE:3A:44 ValidityWed, 27 Mar 2024 04:07:52 GMT - Tue, 25 Jun 2024 04:07:51 GMT
File typeHTML document, Unicode text, UTF-8 text Hash6952c1c1efe0ac0b5ad7700f20d81049 d6ecd54bd534e49f15218b821e6c0c1ff14148b8 7d2134cead56a68e056c387a4a6a000e7555c16112e50ae2d4ffb1a5efac1ab3
GET /?https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe HTTP/1.1
Host: url.rw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 08:56:30 GMT
Server: Apache/2.4.52 (Ubuntu)
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6InR2YVpaV2Z2dVM2d2NVT2d3dmd6OVE9PSIsInZhbHVlIjoiT2JGQlFIMngyRTArUTBndm1YeTQ4bVNUZndtOXRqVDhzZUI3VFZUak5YMWF3YUUvVXNnbzlYTGNFYjdPOWptMGNkV3hDVU1Sby9Dd1ZRVmR1V2hJS2h3SmIvNmRTK2V1amFYeEdPREZMcTZKckNBR1dxWk91dUdtWkRRaXFIWkMiLCJtYWMiOiJiM2FkODMwYWRkNWYzMzcwMzljNDhmMmJjZWE5NzczMjExNWVmYmFlNzQzOGY1OGU2YTk4N2RiM2VmNGRmYzQ1IiwidGFnIjoiIn0%3D; expires=Tue, 07-May-2024 10:56:30 GMT; Max-Age=7200; path=/
urlrw_session=eyJpdiI6ImZZQTg0ejNhT3Y5bS9CcVlSelJxaEE9PSIsInZhbHVlIjoiMFFjRHFmUThuTmNLNEtCRFNnQTg2eERCQ08zRk42YnBldksxZTFYWUtzTFFqUTMwS0ZPWVdRWjd6R2Z5YTcvN3phc1RQb0Z5cU1TYkNQWWNQMFRsSkRHWHBvV042UEx2UDZ1ZUp3ZFk2UUo4WG5mM2M5cUZVekY3d3QzNHl2NW4iLCJtYWMiOiIwNmIzYTJjZjY1OWI5MzBjYzNjNDk5MDIzNjQ4ZjUyZWFkY2Y2YzM3ZWU2MDMyMzBjN2NiZTg3YzlkNzdiN2I4IiwidGFnIjoiIn0%3D; expires=Tue, 07-May-2024 10:56:30 GMT; Max-Age=7200; path=/; httponly
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| url.rw/images/favicon.png | 188.166.2.160 | 200 OK | 521 B |
URL GET HTTP/1.1url.rw/images/favicon.png IP188.166.2.160:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://url.rw/?https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe CertificateIssuerLet's Encrypt Subjecturl.rw Fingerprint86:AB:FD:2C:A0:9B:81:FA:BE:EF:2A:84:65:55:D5:83:80:DE:3A:44 ValidityWed, 27 Mar 2024 04:07:52 GMT - Tue, 25 Jun 2024 04:07:51 GMT
File typePNG image data, 16 x 16, 8-bit colormap, non-interlaced Hash8609ea8630e26bcba97c5cdce96a1feb 3ca1c91e6ef89911a8ee6c5709798b35aa2c4592 396da1c97d616b29b8875dd6e35559fff0f2d0655594fbc1dfb4b3afb9a1a365
GET /images/favicon.png HTTP/1.1
Host: url.rw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://url.rw/?https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe
Cookie: XSRF-TOKEN=eyJpdiI6InR2YVpaV2Z2dVM2d2NVT2d3dmd6OVE9PSIsInZhbHVlIjoiT2JGQlFIMngyRTArUTBndm1YeTQ4bVNUZndtOXRqVDhzZUI3VFZUak5YMWF3YUUvVXNnbzlYTGNFYjdPOWptMGNkV3hDVU1Sby9Dd1ZRVmR1V2hJS2h3SmIvNmRTK2V1amFYeEdPREZMcTZKckNBR1dxWk91dUdtWkRRaXFIWkMiLCJtYWMiOiJiM2FkODMwYWRkNWYzMzcwMzljNDhmMmJjZWE5NzczMjExNWVmYmFlNzQzOGY1OGU2YTk4N2RiM2VmNGRmYzQ1IiwidGFnIjoiIn0%3D; urlrw_session=eyJpdiI6ImZZQTg0ejNhT3Y5bS9CcVlSelJxaEE9PSIsInZhbHVlIjoiMFFjRHFmUThuTmNLNEtCRFNnQTg2eERCQ08zRk42YnBldksxZTFYWUtzTFFqUTMwS0ZPWVdRWjd6R2Z5YTcvN3phc1RQb0Z5cU1TYkNQWWNQMFRsSkRHWHBvV042UEx2UDZ1ZUp3ZFk2UUo4WG5mM2M5cUZVekY3d3QzNHl2NW4iLCJtYWMiOiIwNmIzYTJjZjY1OWI5MzBjYzNjNDk5MDIzNjQ4ZjUyZWFkY2Y2YzM3ZWU2MDMyMzBjN2NiZTg3YzlkNzdiN2I4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 07 May 2024 08:56:30 GMT
Server: Apache/2.4.52 (Ubuntu)
Last-Modified: Tue, 29 Aug 2023 10:00:10 GMT
ETag: "209-6040ce0543e80"
Accept-Ranges: bytes
Content-Length: 521
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png
|
|
| www.googletagmanager.com/gtag/js?id=G-JJFL3Y4WJS | 142.250.74.168 | 200 OK | 102 kB |
URL GET HTTP/2www.googletagmanager.com/gtag/js?id=G-JJFL3Y4WJS IP142.250.74.168:443
Requested byhttps://url.rw/?https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe CertificateIssuerGoogle Trust Services LLC Subject*.google-analytics.com Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT
File typeJavaScript source, ASCII text, with very long lines (5955) Size102 kB (101785 bytes) Hashb7a5f05d2069a8d2201174b67f4a0437 53471f774812322d020c479e06140e8c403ac3a5 9ab184d27bce464dc8e6d5737ac53c0c22f110ccb6dd0fe156f64f72faf55183
GET /gtag/js?id=G-JJFL3Y4WJS HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://url.rw/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 08:56:30 GMT
expires: Tue, 07 May 2024 08:56:30 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 101785
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| url.rw/favicon.ico | 188.166.2.160 | 404 Not Found | 6.6 kB |
IP188.166.2.160:443 ASN#14061 DIGITALOCEAN-ASN
Requested byhttps://url.rw/?https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe CertificateIssuerLet's Encrypt Subjecturl.rw Fingerprint86:AB:FD:2C:A0:9B:81:FA:BE:EF:2A:84:65:55:D5:83:80:DE:3A:44 ValidityWed, 27 Mar 2024 04:07:52 GMT - Tue, 25 Jun 2024 04:07:51 GMT
File typeHTML document, ASCII text, with very long lines (5391) Hash543ac81966d87ac815e08eb0e436d719 e35bb4e32ccf08c11a3935084b50660feb835350 8cbc10ee9755ef972000f666711a5c4d0e025d3cedf53079ba3bfd8f2b19a968
GET /favicon.ico HTTP/1.1
Host: url.rw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://url.rw/?https://ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe
Cookie: XSRF-TOKEN=eyJpdiI6InR2YVpaV2Z2dVM2d2NVT2d3dmd6OVE9PSIsInZhbHVlIjoiT2JGQlFIMngyRTArUTBndm1YeTQ4bVNUZndtOXRqVDhzZUI3VFZUak5YMWF3YUUvVXNnbzlYTGNFYjdPOWptMGNkV3hDVU1Sby9Dd1ZRVmR1V2hJS2h3SmIvNmRTK2V1amFYeEdPREZMcTZKckNBR1dxWk91dUdtWkRRaXFIWkMiLCJtYWMiOiJiM2FkODMwYWRkNWYzMzcwMzljNDhmMmJjZWE5NzczMjExNWVmYmFlNzQzOGY1OGU2YTk4N2RiM2VmNGRmYzQ1IiwidGFnIjoiIn0%3D; urlrw_session=eyJpdiI6ImZZQTg0ejNhT3Y5bS9CcVlSelJxaEE9PSIsInZhbHVlIjoiMFFjRHFmUThuTmNLNEtCRFNnQTg2eERCQ08zRk42YnBldksxZTFYWUtzTFFqUTMwS0ZPWVdRWjd6R2Z5YTcvN3phc1RQb0Z5cU1TYkNQWWNQMFRsSkRHWHBvV042UEx2UDZ1ZUp3ZFk2UUo4WG5mM2M5cUZVekY3d3QzNHl2NW4iLCJtYWMiOiIwNmIzYTJjZjY1OWI5MzBjYzNjNDk5MDIzNjQ4ZjUyZWFkY2Y2YzM3ZWU2MDMyMzBjN2NiZTg3YzlkNzdiN2I4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Date: Tue, 07 May 2024 08:56:30 GMT
Server: Apache/2.4.52 (Ubuntu)
Cache-Control: no-cache, private
Set-Cookie: XSRF-TOKEN=eyJpdiI6InNwZFQ4YVhkZEpxSmluZzJoV1NJdFE9PSIsInZhbHVlIjoiVXBNMGVseStXU20zRVdrSm1GZGJLYjlKNUk0bUlrRlE2Rk80K3haRXJIckU5aEhtL09vZjVPekplcWd6LzZ0OGREWXhrcW1xZTZ1T20vMTBRZ3Jhamk5MDBLYzZnSnczU3lHWTRyWEI4Tll4RE9CbThTVUNXRTZFOFJRVmZ2c2IiLCJtYWMiOiIzZDViY2VkMjNjNjZlZjM1YzYwZGU0YmEwNTUyOTRkNzZiMTY2ODY5NGEwMDU4M2RlODRmMDczZTEzMTkyYjgwIiwidGFnIjoiIn0%3D; expires=Tue, 07-May-2024 10:56:30 GMT; Max-Age=7200; path=/
urlrw_session=eyJpdiI6IldkQVR4UzJNNVgxemhJY01IM2hXQmc9PSIsInZhbHVlIjoicmVDTVBhNHM1Ykh5ekhtY1htV0hoQ2V2YWRTT0NLMjA1ZHlqcEh1Y2RDSXRUellwTjM5NjRmWkxrZ1FzRENueTdoR3lXL0VvWi84TnI4aGNuY25FWmlHOVdvTHo4WTBNakJKZUt5SFplTU9SdUFic0FiYU8wUmxhOFN4TmZiazUiLCJtYWMiOiJjNjE4NmM0ZjVkNWViNzRiMTBhYjAxYzJjMzdjYWJhNzFmYzJhMjVhZDg1MWUyMWNiYjdkYzBlYzY2ZDk2ZTJiIiwidGFnIjoiIn0%3D; expires=Tue, 07-May-2024 10:56:30 GMT; Max-Age=7200; path=/; httponly
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
|
|
| ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe | 184.24.44.138 | 200 OK | 786 kB |
URL User Request GET HTTP/2ardownload2.adobe.com/pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe IP184.24.44.138:443
CertificateIssuerDigiCert Inc Subject*.adobe.com FingerprintEF:F1:BB:08:E5:D8:6E:F3:9F:01:83:DB:70:5D:59:99:D2:79:30:F2 ValiditySun, 31 Mar 2024 00:00:00 GMT - Wed, 02 Apr 2025 23:59:59 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, 5 sections Size786 kB (786432 bytes) Hash9e117abaded160900ab4a4e62d1b10cc cea18e45e47f1d13eac10431ede7bb8869fb5a3a d422a875c8256077f6d6f7aacf86a0330bfddef1418fe59bb041ab4fb48a54eb
Analyzer | Verdict | Alert | YARAhub by abuse.ch | malware | files - file ~tmp01925d3f.exe |
GET /pub/adobe/acrobat/win/AcrobatDC/2400220736/AcroRdrDCx642400220736_en_US.exe HTTP/1.1
Host: ardownload2.adobe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: Apache
accept-ranges: bytes
content-type: application/octet-stream
last-modified: Sun, 05 May 2024 08:46:45 GMT
etag: "183063a0-617b0fe190740"
content-length: 405824416
date: Tue, 07 May 2024 08:56:32 GMT
X-Firefox-Spdy: h2
|
|