SUSPICIOUS
34
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0374
Heuristics 3
-
PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARMPDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/wYakulhehJGzskaadzvlxi16216985kxi.pdf PDF link annotation
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/kulbdzQoclmkJkvfYlc16257961_.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/suzPoaYtJGiona_aaJP16244729zQY.pdfIn PDF document text
- http://www.toledano.fr/images/Ps_wmJewQwinbJwrktbtQ15872262l.pdfIn PDF document text
- http://trinketsltd.com/linda/hbGJtYvGimYhrskdioGYztxesk12773682fle.pdfIn PDF document text
- http://www.toledano.fr/logs/buesGdQinYnsQh15872094nfh.pdfIn PDF document text
- http://kookhoekvandinie.com/towncause/doazQmGYiom15879690a.pdfIn PDF document text
- http://www.toledano.fr/logs/srmafJxs_rsaQhc15902142ufw.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/v_YiasdzwowhoQvQakPsQkzh_vx16244691tPmz.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/dskbhlxrrflbrmiuuflG_aGPG16244685wnzx.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/xvQrxnQoQxmcG_xQeikJl_w_zmQc16217137iaG.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/kYYr_iaelurQttowzYunGsQk_zcif16216624ufQt.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/YmuYGvlovlwob16217023ns.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/fcQhtvobncbnuwk_YdrdJ__JGcdYkl16216924zrG.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/ndmhzzJsrGYxenJhl_esYzu16217151b.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/iY_zcarizrsrieiPu16244720cmYc.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/lrQbJazQfhe_kb16217060hoYQ.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/boJivknxvsdYvtz_16216401b.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/wrGbiixaGYhaitzv_aurmQonft16216484ndP.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/udboekmt16216864f.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/askt_16244659Pre.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/soizdrkfkQcPdcYaYvekteckltvki16216710m.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/k_Yd_idxncoiG_nn16257882u.pdfIn PDF document text
- http://kookhoekvandinie.com/traineither/hJJuxPhlrscl16257114edor.pdfIn PDF document text
- http://kookhoekvandinie.com/traineither/uYutGboreoetiPhxvfkshwJkG16242212k.pdfIn PDF document text
- http://kookhoekvandinie.com/traineither/xobfPhibcGhhaoxtnwuovn16163212c.pdfIn PDF document text
- http://www.asconbs.dk/logs/YtYoGftJJku_xwfknvftYa_PflPucQ16208374osx.pdfIn PDF document text
- http://www.asconbs.dk/logs/csrbPawxfxllfsfuar_brGiYvmfQe16208388vkw.pdfIn PDF document text
- http://www.asconbs.dk/logs/raxkdoxxmolnxz16239075tGdl.pdfIn PDF document text
- http://permatatour.co.id/differentsure/G_QwtbP_nPcJalmhszseblx16210994fPxl.pdfIn PDF document text
- http://permatatour.co.id/differentsure/JxrkPswJsd_aowalPbuuJG16256506dx.pdfIn PDF document text
- http://permatatour.co.id/differentsure/_uioGosrmQfcQti16177874P.pdfIn PDF document text
- http://permatatour.co.id/differentsure/eQdouGheddltxfeYzucsQ_r16210981JJ_.pdfIn PDF document text
- http://permatatour.co.id/differentsure/vkYaQwJzJYurPinzeuxkxcb16177744a.pdfIn PDF document text
- http://permatatour.co.id/differentsure/zaQQkdx16184256fYaG.pdfIn PDF document text
- http://www.permatatour.co.id/officesure/PzYr_vo16166328dx.pdfIn PDF document text
- http://www.permatatour.co.id/officesure/_GQPd16251072Jbd.pdfIn PDF document text
- http://www.permatatour.co.id/officesure/fJaih_uwlQQatlklh16251033tmb.pdfIn PDF document text
- http://www.permatatour.co.id/officesure/ihxb16250847_ki.pdfIn PDF document text
- http://www.permatatour.co.id/officesure/ohxox_la16251017tGJP.pdfIn PDF document text
- http://www.permatatour.co.id/officesure/uvekYzvsQkYePsJbQ16250924i.pdfIn PDF document text
- http://www.permatatour.co.id/officesure/wrPdGJxblmzndrPltrmwenu16250951vrtn.pdfIn PDF document text
- http://www.permatatour.co.id/officesure/xfwiw_v16166304hzd.pdfIn PDF document text
- http://dubaipropertyrentals.net/departmentabove/departmentcarry.php/site_map.xmlIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00007396.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x7396 | 19984 bytes |
SHA-256: 7c9b833562f8a340856ba477450e53eb3a384ca9e0dc32cd01be4740f4b5e909 |
|||
font_01_sfnt_off0000a984.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA984 | 19964 bytes |
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8 |
|||
font_02_sfnt_off0000df3d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF3D | 20828 bytes |
SHA-256: 66ee5a421be874c2bf64758e212dcdc74f7e5fbd5b562db26553446e87a084f1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.