MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains numerous embedded URLs, many pointing to compromised WordPress sites or disposable hosting, suggesting a link farm designed to redirect users to malicious content. The ML classifier also strongly indicated maliciousness. The document body text is heavily corrupted, preventing a clear understanding of its specific lure, but the overall pattern points to a phishing or redirection scheme.
Machine Learning
- Nyx PDF Classifier malicious score 0.9729
Heuristics 4
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://irlanc.ru/uplcv?utm_term=examples+of+tender+submissions
- http://arch-teh.com/pic/userfile/vukepiroxenumonabola.pdf
- http://sqx.cc/upImgFile/file/20210513083629.pdf
- https://burmesecatclub.nz/wp-content/plugins/super-forms/uploads/php/files/3b69702c3fcc1e9929a3c45d76593918/vekazujow.pdf
- http://amoy-art.com/Upload/file/6043480507.pdf
- https://mziagroup.com/wp-content/plugins/super-forms/uploads/php/files/096fr3e00e7uc9het4p6ceujhs/suvero.pdf
- http://aldara-latinoamerica.com/userfiles/file/61119667367.pdf
- https://urbanplace.me/wp-content/plugins/super-forms/uploads/php/files/99321933014dd2ebf08338b606cb66b0/lavoluluxogaw.pdf
- http://www.stratcareerservices.com/wp-content/plugins/formcraft/file-upload/server/content/files/16072cee9aa319---13517437351.pdf
- https://www.wflorlando.com/wp-content/plugins/super-forms/uploads/php/files/24cfe7e03ec0e3977408782035d8dca0/96407076917.pdf
- https://adlinefor.com/home/webagen/public_html/korn/data/file/mutejazebak.pdf
- https://pankalconstructora.com/wp-content/plugins/formcraft/file-upload/server/content/files/16090e6061368e---20521691383.pdf
- http://mirandatutoringcentre.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/16074b8238644e---majetujalifagozaworo.pdf
- https://aartipalette.com/userfiles/file/weziwuvomofu.pdf
- https://www.vedaaz.com/wp-content/plugins/super-forms/uploads/php/files/dc70465de45791fb0a514d8f87f362bf/1655398567.pdf
- http://www.victorian-manor.co.za/wp-content/plugins/formcraft/file-upload/server/content/files/1607ed680c9082---gasilebesalizonapunalosu.pdf
- https://lion-trading.co.uk/wp-content/plugins/super-forms/uploads/php/files/43k757dn5tmmmg2du0scrig73i/29669670477.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.