SUSPICIOUS
40
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0002
Heuristics 5
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) or Microsoft license-boilerplate documents that carry no urgency or charge/dispute escalation.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.qatarairways.com/manage-booking PDF link annotation
- https://www.qatarairways.com/helpIn PDF document text
- https://www.qatarairways.com/help���In PDF document text
Extracted artifacts 8
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_020_off00025ad7.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x25AD7 | 18240 bytes |
SHA-256: 33e060654ed1208fc726f2323a8a9e7d9de6f6c8c2aedd340c7ed605b422fc95 |
|||
font_00_sfnt_off0001a344.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A344 | 43712 bytes |
SHA-256: 791b0c450eb4a8f1b610c189e1d868a07020d43504c092978c2206f380c61e80 |
|||
font_01_sfnt_off0001fbfb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1FBFB | 22064 bytes |
SHA-256: c9e5e90f05bf053a523d4b443bc912bb574a28270ed10165d76f477a4aa74b72 |
|||
font_02_sfnt_off00026edf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x26EDF | 14840 bytes |
SHA-256: 44b60cd8a8a629abddc193dff024136306c3bcd07944eeaeec0c858729228bb1 |
|||
font_03_sfnt_off00029469.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x29469 | 15416 bytes |
SHA-256: ef166f8d80a49afd2b4a65ef1521dcba6a1f1c82d2d39a1c0fc5fab70d771e89 |
|||
font_04_sfnt_off0002caa6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2CAA6 | 29092 bytes |
SHA-256: 287069d30a877ca9e109235a45f7627566091787a5a3a5aa3333bbb4f6887113 |
|||
font_05_sfnt_off0002d3ed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2D3ED | 28404 bytes |
SHA-256: 02a8e091f2d690e306f21b3b5b691301ea8d1f6090dacb10baa762b2b15651f8 |
|||
font_06_sfnt_off00032062.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x32062 | 16828 bytes |
SHA-256: d7a4c0a0ed077103373388c2e2b000b923b5d3ad342f6d9461ea5165007cb309 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.