SUSPICIOUS
40
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0469
Heuristics 3
-
PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARMPDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://uncpbisdegree.com/download3.php?q=the-cell-cycle-pogil-answer-key-extension-questions.pdf In PDF document text
- http://uncpbisdegree.com/download4.php?q=the-cell-cycle-pogil-answer-key-extension-questions.pdfIn PDF document text
- http://shutupbill.com/pdfs/cell-cycle-pogil-extension-questions-answer-key.pdfIn PDF document text
- http://announcerexpressonline.com/online/cell-cycle-answer-key-pogil-extension-questions.pdfIn PDF document text
- http://www.bookfeeder.com/pogil-cell-cycle-extension-question-answer-key.htmlIn PDF document text
- http://grappi.de/the/cell/the_cell_cycle_pogil_answer_key_extension_questions.pdfIn PDF document text
- http://peterh.de/cell/cycle/cell_cycle_pogil_extension_questions_answer_key.pdfIn PDF document text
- http://dramma.de/cell/cycle/cell_cycle_answer_key_pogil_extension_questions.pdfIn PDF document text
- http://castlevillez.com/pdf-reader/cell-cycle-pogil-extension-questions-answer-key.pdfIn PDF document text
- https://hjagroup.co.uk/books/32474d/cell_cycle_pogil_extension_questions_answer_key.pdfIn PDF document text
- http://riverside-resort.net/1/the-saint-a-gaunts-ghosts-omnibus-gaunts-ghosts-novels.pdfIn PDF document text
- http://riverside-resort.net/1/shifting-gears-on-a-motorcycle-without-clutch.pdfIn PDF document text
- http://riverside-resort.net/1/the-more-i-see-a-western-romance-texas-hearts-book-3.pdfIn PDF document text
- http://riverside-resort.net/1/the-real-mother-goose-dover-read-and-listen.pdfIn PDF document text
- http://riverside-resort.net/1/the-avr-microcontroller-embedded-systems-solutions-manual.pdfIn PDF document text
- http://riverside-resort.net/1/the-cat-who-saw-red.pdfIn PDF document text
- http://riverside-resort.net/1/stocks-for-the-long-run-jeremy-j-siegel.pdfIn PDF document text
- http://riverside-resort.net/1/the-function-of-the-orgasm-discovery-of-the-orgone-vol-1.pdfIn PDF document text
- http://riverside-resort.net/1/stars-technical-manual-20.pdfIn PDF document text
- http://riverside-resort.net/1/singapore-math-practice-level-6a-grade-7.pdfIn PDF document text
- https://hjagroup.co.uk/books/32474d/cell_cycle_pogil_extensionIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/nu17/cellIn PDF document text
- https://www.youtube.com/watch?v=0iC4bxFxN2sIn PDF document text
- http://www.upsd.wednet.edu/cms/lib07/WA01000687/Centricity/Domain/898/TheIn PDF document text
- https://view.officeapps.live.com/op/view.aspx?src=http%3A%2F%2Fwww.upsd.wednet.edu%2Fcms%2Flib07%2FWA01000687%2FCentricity%2FDomain%2F898%2FThe%2520Cell%2520Cycle%2520Answers.pptxIn PDF document text
- http://go.microsoft.com/fwlink/?LinkID=617350In PDF document text
- http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
- http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
- https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
- http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
- http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
- https://www.bing.com/aclk/?ld=d3OfC1KZrnHLLJkhbvJJ-AyTVUCUwpbN1omoYP0GbvuTYie2VBDzX_-qmkr3pfHObHdRp_TcnHKt2vF-1WdK09C_kGBw0mSfR6Z3EeKXPgjj5cIb7MHjxG-Oql-sQOYPtXnxXVpc7hB18D527-uDg_kONPKhfnKPyUoXrdazhdNg86GSE2&u=http%3a%2f%2fclickserve.dartsearch.net%2flink%2fclick%3flid%3d43700009085592785%26ds_s_kwgid%3d58700000917848828%26%26ds_e_adid%3d9426198590%26%26ds_url_v%3d2%26ds_dest_url%3dhttp%3a%2f%2fwww.cellsignal.com%2fcommon%2fcontent%2fcontent.jsp%3fid%3dscience-pathways-cell-cycle%26utm_source%3dbing%26utm_medium%3dcpc%26utm_term%3dcell%2bcycle%2bpathway%26utm_content%3dCell%2bCycle%2b-%2bGeneric%26utm_campaign%3dEN%2b-%2bPathways%26msclkid%3d%7bmsclkid%7d%26utm_source%3dbing%26utm_medium%3dcpc%26utm_campaign%3dEN%2520-%2520Pathways%26utm_term%3dcell%2520cycle%26utm_content%3dCell%2520Cycle%2520-%2520GenericIn PDF document text
- https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000963b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x963B | 14464 bytes |
SHA-256: b9015b902010279bc3a573f2588efc34448d944897e0b278f801ac084a87014a |
|||
font_01_sfnt_off0000c289.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC289 | 9764 bytes |
SHA-256: 33cd52e9d0347d83e9698f20d77d4212e665a0156467e8ec55cc5a2e5750b7da |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.