MALICIOUS
192
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a link that redirects to a known malicious URL, disguised with a seemingly innocuous keyword. This indicates a phishing or malware distribution attempt. The presence of numerous other links to PDF files hosted on cloud storage suggests a link farm or SEO poisoning tactic to improve search engine ranking for malicious content. No scripts were extracted, but the PDF structure itself facilitates the redirection.
Machine Learning
- Nyx PDF Classifier malicious score 0.9981
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/123?keyword=food+safety+guidelines+childcare In PDF document text
- https://s3.amazonaws.com/tetazino/xojosanelonupolisobugeri.pdfIn PDF document text
- https://s3.amazonaws.com/zirojopemup/4545740298.pdfIn PDF document text
- https://s3.amazonaws.com/leguvefu/mariadb_commands.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7b5e0ec6-4ad3-46bf-901a-13cf650a36f9/jufap.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d2769440-6e1a-4537-8145-1f1dbd6b8a36/bakobadasakitod.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/088da94e-e004-4df9-939e-602ab430f39e/2835521395.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/069ebf22-f0a3-4972-a467-b1166dc80740/ginaviwinujunaru.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0501/1973/7544/files/farmers_lab_seeds_blue_dream.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0497/2688/1972/files/48571045641.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/3683/4981/files/septa_airport_line_sunday.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/0957/1990/files/16303832355.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/5007/2214/files/denby_high_school_mi.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/1727/1453/files/gta_5_mobile_android_aptoide.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0432/3357/5075/files/30429022797.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0439/6898/7294/files/windows_10_hotkeys.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0496/9100/1021/files/gesafozibovome.pdfIn PDF document text
- https://s3.amazonaws.com/pazifetanegapu/babylon_mystery_religion_1966.pdfIn PDF document text
- https://s3.amazonaws.com/felasorarabipis/information_technology_business_plan_sample.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.