SUSPICIOUS
32
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0355
Heuristics 2
-
PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARMPDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://dubaipropertyrentals.net/perhapsactual/momentfield.php/hQwmfPhtk_hwax16204095o_k.pdf In PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/xfeQckcbxh_vvQQeocQxJnGhox16203817mx.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/txelf16203815GeQP.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/mxcxe16203800PG.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YeGakQbz_PowxzikGlo16203812_G.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/coh_dakPavlJvaQnJb_xdf16204094isG.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/sufeJevQmxnlQwwfuc16203792d.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/kcPfdbGhboufeGa_mPnurJ_tG16204577PxfP.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/lv__vwJvtemzlPnsmrokPnfctm16204096bkJ.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/rnvPYronu__Qkzubfkcizrh16204184_wJ.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/_hmushrlttrQl16204085df.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/xvtanhtY_flzJzrlkrYkezhwdP16203790cz.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/hkk_snzuzbYfQmaaeQ16204022Y.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ifhnG16204157al.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/dbGaYsrdGrcecQaPc16204652z.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/odfwQcmbbreGzxkwwJr_vhmrGmnr16203965mY.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/rPvbtuhvauhJQ16203851JkY.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/JmhvhrGzGQmhuzuwsowdvJeuihYtb16203953_.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/tvQtimomGGmnnhlbzhsvoGw16204456Pkhh.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ewovzbta16203898rrci.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/km_a_Pdrtdx16204524_d.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wbvkavbuJehGPxmYufvtwet16204168nac.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/Qln_s16204653PJ.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/erlkeJlYsctYhkkmw16204623Jb.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YmxtnucGGQl16203841la.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/uvafGrzoQJob16204521uYam.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/tkuGczfsYotu16204752o.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/o_th16203833w.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wtxoazxred_kPbchvoak16204014d.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/oei_kskahodehb16204540m.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ddJ16204665to.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/rfrGoYPvYPQ_fsczhGxJhobf_kei16204686c.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ebivoeQe_sxx_oPlGhv16204350nd.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wicuzhtrvuGQGrf_PerztleJoeYxo16204207G.pdfIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00005f61.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x5F61 | 19856 bytes |
SHA-256: a930245e90be17a336a7679d31e9d416ddec66c65020bec75b59b2e2bfc19120 |
|||
font_01_sfnt_off000094f3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x94F3 | 19964 bytes |
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8 |
|||
font_02_sfnt_off0000caac.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCAAC | 20828 bytes |
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.