SUSPICIOUS
34
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0355
Heuristics 3
-
PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARMPDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://dubaipropertyrentals.net/perhapsactual/momentfield.php/tfcwwfJtiaa16204125bdu.pdf PDF link annotation
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/nhei16251828uid.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/crYbmvQdzJkskhnnnkaJtzzbrsvis16204488nt.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/YvuirdJrf_Grluvw16204703vkaw.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/dvofidewrtnmk_nlaxocP16204664omhs.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/uoxbGuhtYsGG16251758fcwQ.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/G_bi16203975d_.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/aJhv16203870h_.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/fmclf_tu16251962lmG.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/oei_kskahodehb16204540m.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/banuazJhokwPbc16236550mh.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/zu_zrztGi_enwPxrrklYY16203814leQr.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/wazPb_ddPhlfavuebcofdbG16251813uJ.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/zfJtevPl16236595lb.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/nsehwu16236614Qt.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/e_taoYczwxnmikoxzfdYc16204012k.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/iwesrcxoacwQzfszmxf16251836os.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/fGbtdatdYniviYfvPtiszPss16203998hG.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/btPsbwwefaJx16204513xs.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/_mcrnet16203958Prz.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/Q_xawkzhlohkfJQkxm_hhbYwa16204515d_.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/Q_kczwmYPlfhG_fJethboir16203820_eoc.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/GuGlYYa16203840Y_z.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/tbJvnGaPfYekGuJiu16203813nhff.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ohJxiPGPQYsGfiPncdGibGG16203806hGo.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/kuhtQut16203948ctG.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/PQkYzvfwPcsJkkQlxzd16204151ibPn.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ecutPwG_PJoP_YPcbs16236526a.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/rPiY_xdrzGmmdrevbz16204502hsv.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/kanc_helmuo_lboaJleczkdnJdnffc16236632h_ub.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/PzzJaho16203981f_sk.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/iJJGfGmllaePGoQYGddchJkQs16236599hGJP.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/_hmushrlttrQl16204085df.pdfIn PDF document text
- http://dubaipropertyrentals.net/perhapsactual/momentfield.php/ozxiiadPauhsdwk_GJYvklolki16251971rezb.pdfIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00005bdd.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x5BDD | 19780 bytes |
SHA-256: 4fa1e1f62893db1504b694ba157ca733dbc9a64fe6775bec7c5c9e8d41f3a745 |
|||
font_01_sfnt_off00009131.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9131 | 19964 bytes |
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8 |
|||
font_02_sfnt_off0000c6ea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC6EA | 20828 bytes |
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.