MALICIOUS
148
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link that redirects to known malicious infrastructure, disguised with a keyword relevant to professional registration. The document also exhibits characteristics of a link farm, with numerous external PDF links, and includes a call-to-action phrase and a callback lure, suggesting a phishing or scam attempt. The primary malicious URL identified is https://ttraff.link/wix?keyword=ahpra+nursing+registration+requirements+pdf.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=ahpra+nursing+registration+requirements+pdf
- https://cdn.shopify.com/s/files/1/0431/6112/5013/files/pukujimezunit.pdf
- https://cdn.shopify.com/s/files/1/0432/2931/5229/files/five_steps_to_risk_assessment_hse.pdf
- https://cdn.shopify.com/s/files/1/0427/8507/9452/files/28516108651.pdf
- https://static.usrfiles.com/ugd/b8c837_6b1e24127d5c4175b889c175a960c520.pdf
- https://static.usrfiles.com/ugd/b9801a_fa0ba50e73074971b7b9111cede09248.pdf
- https://static.usrfiles.com/ugd/43d598_2d7e9d063cfa4f008bb73d592c7e0926.pdf
- https://static.usrfiles.com/ugd/cf79db_8a30dad2652d473b9453b7b4ece96bec.pdf
- https://static.usrfiles.com/ugd/09273f_5fe10efb9b584acc9b63dc1aedf5ff37.pdf
- https://static.usrfiles.com/ugd/b9801a_a0243c3b6a4f4eb1b1b244a8137351ea.pdf
- https://static.usrfiles.com/ugd/5e81b9_0abdeec48c3d4d4eaf504a3b1a869ca5.pdf
- https://static.usrfiles.com/ugd/724fb5_f12f98f587c34f8aa5891b2a77087301.pdf
- https://cdn.shopify.com/s/files/1/0431/0679/5686/files/mobumed.pdf
- https://cdn.shopify.com/s/files/1/0433/1234/9334/files/bacteriologia_y_virologia_veterinaria_merchant_gratis.pdf
- https://cdn.shopify.com/s/files/1/0431/9802/1793/files/absolute_sandman_volume_1.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006017.binae52010da4e2ce3aeb3009e44c0f714ce6f5828f27cc0afc02d6d323a482e35c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6017 | 5540 bytes |
font_01_sfnt_off000072b8.bin2b580db68dbf302065862465d79f79364091b9317555372ab23b9189ac0601b5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72B8 | 10636 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.