MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains numerous embedded URLs, with one prominent URL leading to 'baarspo.ru'. The heuristic 'PDF_SEO_DISPOSABLE_LINK_FARM' indicates the PDF is designed as a link farm on disposable hosting, suggesting a malicious intent to redirect users. While no scripts were explicitly extracted, the presence of embedded URLs and the ML classifier's high confidence score point towards a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.6222
Heuristics 3
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/strik?utm_term=consumer+services+coordinator+job+description PDF link annotation
- http://leyloften.online/wawivepoxekowufarivuvrs9rw.pdfIn PDF document text
- http://tiwirodizefa.iblogger.org/how_to_calculate_certified_mail_return_receipt_requested.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370740/normal_5fd76f200bd17.pdfIn PDF document text
- http://nukobom.22web.org/nickel_alloys.pdfIn PDF document text
- http://educationonline.website/84601571856vk2sk.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4465269/normal_5ffeb5132a51d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368952/normal_6035eeede77c3.pdfIn PDF document text
- https://s3.amazonaws.com/nodetuxapabara/studio_r_bx_2700_manual.pdfIn PDF document text
- https://9eff4bf0-55a5-42b9-a65a-250f23c32afd.filesusr.com/ugd/80978b_338272f334f944e384b28ee667f99e70.pdf?index=trueIn PDF document text
- http://bodudubabafixe.rf.gd/nobreak_apc_ups_600_manual.pdfIn PDF document text
- http://budakofis.epizy.com/sadugep.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0d618f28-85a1-4b7d-8fd6-4a1f26a7cc5b/46004192221.pdfIn PDF document text
- https://s3.amazonaws.com/zatazewoz/statistical_process_control_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8c666292-3abb-4ab4-a713-740944b20f05/how_to_pair_my_apple_bluetooth_keyboard.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/40534901-f852-4658-9e92-3eb2c0d1e357/dagivokuzopoxiloxeza.pdfIn PDF document text
- https://edefa294-c65c-46c5-840b-8a4669b9fdfe.filesusr.com/ugd/e4a001_8b966d2ad5e042d280c22558c3419fad.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/gurupixabogivaz/how_much_does_it_cost_to_fix_a_transmission_on_a_honda_odyssey.pdfIn PDF document text
- http://vikijito.epizy.com/burda_shareef.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2cf09e37-1bfe-4a1a-9d03-8eb0d133b471/who_owns_the_ice_house_quotes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/43a74c0d-8f3c-4215-9892-b23c84712261/dometic_rv_air_conditioner_fan_not_running.pdfIn PDF document text
- https://s3.amazonaws.com/rutufokedizon/free_malayalam_christian_aradhana_songs.pdfIn PDF document text
- https://46d16763-6c5f-4e19-aa2c-3f4071fcbec2.filesusr.com/ugd/26f730_362392e91a574fd78aec270609df072d.pdf?index=trueIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.