The host in your log is legitimate (get3.adobe.com). The host you referenced from your security tool (get3adobe.com) -- notice the critical missing dot -- is an impostor domain. Our installer logs do not make reference to the impostor domain. I believe that you got tricked by a really good impostor pop-up. There's no guarantee that the malicious payload would have written to our log if executed, but our installer does not appear to have accessed it based on the information you've provided.
I've already escalated the issue with the impostor domain to our legal and fraud teams, and they're actively pursuing a takedown request. As you noted, going to the domain directly doesn't result in a malicious payload, but they may be employing some creative techniques to avoid automatic detection. I don't think there's any additional stuff we can do about this beyond the actions already underway.
Both Google Chrome and Internet Explorer (on Win8 and higher) include Flash Player as a built-in component. This avoids the necessity of a separate download (and all of these kinds of headaches) entirely, because Flash Player updates are handled through the Chrome updater and Windows Update respectively. For users on other platforms, our primary recourse is education. Like most commercial applications, Adobe binaries are signed with a cryptographic publisher certificate that confirms that they were published by Adobe. That's over the head of the average end-user, but it's an available option. What we tend to recommend is to just come to adobe.com directly and grab the download, instead of clicking through any website-generated popups or notifications.
Again, thanks for alerting us to this and providing great in-depth details.
AdChoices