URL User Request GET HTTP/1.1 IP 185.27.134.34:443
ASN #34119 Wildcard UK Limited
Certificate IssuerGoogle Trust Services LLC
Subjectadobebrasil.wuaze.com
Fingerprint65:46:48:5B:8B:11:A3:0D:37:A2:89:81:D9:FA:5D:22:29:B1:35:BA
ValiditySun, 05 May 2024 14:01:58 GMT - Sat, 03 Aug 2024 14:01:57 GMT
File type HTML document, ASCII text, with very long lines (833), with no line terminators
Hash 7b4aa9f256155e55f1c9bf114a4de5d7
150f2ba90b047faf2f7fd5899d0b10288a2c9e62
50f8697fbb45c498828fe26e9dad6686578c70c94121fe75bc350fa088324c2e
GET / HTTP/1.1
Host: adobebrasil.wuaze.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 10:23:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: br
adobebrasil.wuaze.com/aes.js
185.27.134.34200 OK 4.9 kB URL GET HTTP/1.1 adobebrasil.wuaze.com/aes.js
IP 185.27.134.34:443
ASN #34119 Wildcard UK Limited
Requested by https://adobebrasil.wuaze.com/
Certificate IssuerGoogle Trust Services LLC
Subjectadobebrasil.wuaze.com
Fingerprint65:46:48:5B:8B:11:A3:0D:37:A2:89:81:D9:FA:5D:22:29:B1:35:BA
ValiditySun, 05 May 2024 14:01:58 GMT - Sat, 03 Aug 2024 14:01:57 GMT
File type ASCII text, with very long lines (13733), with no line terminators
Hash fc66e046447092c606f2587837f96874
fcf354a8044f494ee1f9fe868dde3f570f50e593
5069425b121346b36f730910d05402d50920fc2178b01e0c878b71af4ef1eb96
GET /aes.js HTTP/1.1
Host: adobebrasil.wuaze.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adobebrasil.wuaze.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 07 May 2024 10:23:22 GMT
Content-Type: application/javascript
Last-Modified: Mon, 30 Oct 2023 22:35:04 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"65402f98-35a5"
Content-Encoding: br
adobebrasil.wuaze.com/?i=1
185.27.134.34302 Found 260 B URL User Request GET HTTP/1.1 adobebrasil.wuaze.com/?i=1
IP 185.27.134.34:443
ASN #34119 Wildcard UK Limited
Certificate IssuerGoogle Trust Services LLC
Subjectadobebrasil.wuaze.com
Fingerprint65:46:48:5B:8B:11:A3:0D:37:A2:89:81:D9:FA:5D:22:29:B1:35:BA
ValiditySun, 05 May 2024 14:01:58 GMT - Sat, 03 Aug 2024 14:01:57 GMT
File type HTML document, ASCII text
Hash e40a238c7368a72b25bc4cd52cd7e22f
672fa80ae0637a49964b2cd962162f09e3bcbfe5
5f8525f11f7faaddf76d435d74bc121098bc016f40cf98646f5beee6e3954ddc
GET /?i=1 HTTP/1.1
Host: adobebrasil.wuaze.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://adobebrasil.wuaze.com/
Cookie: __test=53b2017bbd1ebc6576d9f4feb7500da8
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 07 May 2024 10:23:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://updateversion.su/AbrirDocumentoPDF.msi
Cache-Control: max-age=0
Expires: Tue, 07 May 2024 10:23:22 GMT
updateversion.su/AbrirDocumentoPDF.msi
188.114.96.1200 OK 3.0 MB URL User Request GET HTTP/2 updateversion.su/AbrirDocumentoPDF.msi
IP 188.114.96.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectupdateversion.su
Fingerprint41:96:19:D6:A6:60:FB:01:CF:36:D1:0A:A7:0D:00:84:6D:F7:94:1F
ValidityMon, 06 May 2024 01:58:02 GMT - Sun, 04 Aug 2024 01:58:01 GMT
File type Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
Size 3.0 MB (2994176 bytes)
Hash f430626ee8d6a50f4c34dd43ce9d700a
2fd87d25bf01317451669167c45fc024c2c9eefb
bc3988cf81aa35000c1aa17a2ff2f984730841d3b8d29dfa5a2b517e42573b3c
Analyzer Verdict Alert YARAhub by abuse.ch malware Detect files is `SliverFox` malware
VirusTotal suspicious
GET /AbrirDocumentoPDF.msi HTTP/1.1
Host: updateversion.su
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://adobebrasil.wuaze.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 07 May 2024 10:23:23 GMT
content-type: application/x-msi
content-length: 2994176
last-modified: Mon, 06 May 2024 03:59:03 GMT
etag: "2db000-617c1170ecb3e"
accept-ranges: bytes
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wkayISNidpO2nEEuXDDeTyhOceSQCTKa6EfwH1%2FSCxB46wlAgs1oDFrSwQdRNe08UNzE0%2BJAO6V1nydjcNMaSpZb%2BPACBrDnjjxN%2FunjpWRUISMaGtHPc57j9hcMKgU3VAJ5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88007e8cdd4956ca-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2