MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a malicious redirector link and a large number of embedded links, suggesting a link farm or phishing attempt. The document body, though partially corrupted, includes the URL 'https://ttraff.link/wix?keyword=neato+xv+21+manual' and the text 'Neato xv 21 manual', indicating a lure to trick the user into clicking the link. The presence of a callback phishing lure heuristic further supports the assessment of a scam or phishing campaign.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=neato+xv+21+manual
- https://cdn.shopify.com/s/files/1/0436/1682/9603/files/sevowomeba.pdf
- https://cdn.shopify.com/s/files/1/0436/1987/7026/files/pizupopisozel.pdf
- https://cdn.shopify.com/s/files/1/0432/5870/8136/files/diverticular_diet_sheet.pdf
- https://cdn.shopify.com/s/files/1/0435/3907/1125/files/83182414322.pdf
- https://cdn.shopify.com/s/files/1/0438/1786/1280/files/bajabudodez.pdf
- https://cdn.shopify.com/s/files/1/0436/1935/2740/files/39305103031.pdf
- https://cdn.shopify.com/s/files/1/0428/1024/5279/files/jawubos.pdf
- https://7adf3fbd-4205-452b-8c29-4f50b1357024.filesusr.com/ugd/33a2e4_9690595dcbf049a8845b7694d4f3de3e.pdf?index=true
- https://c7cfa863-b7ba-49de-8c98-a4ce8e7efdab.filesusr.com/ugd/74147a_34125ac9f9d94bb1a746c7552b39a651.pdf?index=true
- https://1bf10450-84e3-4c07-a57c-8a5c57bc7457.filesusr.com/ugd/622218_43205bb1cfae404e808dc14fb35ce4fd.pdf?index=true
- https://c9157a79-49c7-4af1-b396-8a90a47e1548.filesusr.com/ugd/d63aaf_899ffbfb26a84f079406b88de6062751.pdf?index=true
- https://c71c4c64-aaa6-41d2-ad68-33c119cc1668.filesusr.com/ugd/3d0627_8bbb7fe58ad74a95b59f021d65d60a71.pdf?index=true
- https://cf759eeb-96a7-426f-ba44-24de87064006.filesusr.com/ugd/46429b_832ac50472cf407a83c000b32bf19b71.pdf?index=true
- https://d1ba64f3-7723-41af-8b30-49f5483f58a0.filesusr.com/ugd/dcfb95_4377649e3f774268a6faeda709fea60b.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000653c.bin4bfe5b58c777e2572c12f3ce43c7024c2172c68e98b42469fe680f721bfb5cde |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x653C | 4836 bytes |
font_01_sfnt_off000075b2.bin49221ce94f8e1a0b633c25b6b3beb48eda248faa2409abcc7283733d5e44a4b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75B2 | 10552 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.