MALICIOUS
130
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9431
Heuristics 4
-
Fake 'free download' SEO-poisoning PDF critical PDF_SEO_FAKE_DOWNLOADThe ML classifier flagged this PDF AND it carries a visual download/call-to-action lure AND an off-domain server-side download-gateway link whose query string names a document payload. This three-signal conjunction is the fake-document / 'free PDF download' SEO-poisoning delivery pattern: the page is padded with benign decoy links to dilute classifier scores while funnelling the victim through the gateway to malware/scareware. Acting only on the conjunction keeps benign download-bearing PDFs from being misflagged.
-
PDF carries a PHP-gateway SEO-spam PDF link farm medium PDF_SEO_PHP_GATEWAY_LINK_FARMPDF contains four or more clickable links whose target is a `.php` gateway with a multi-word search-PHRASE document slug embedded after it (e.g. 'index.php?.../binary+options+trading+nz.pdf' or 'pdf.php/cialis-dosage-side-effects.pdf'). Legitimate PHP-served documents use a filename or numeric id, not a search-query phrase, so this is the generated SEO link-farm shape — pharma / binary-options / 'free download' spam that ranks for queries and routes users into payload/redirect chains. The PDF itself carries no exploit — the risk is the linked destinations.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://uncpbisdegree.com/download3.php?q=vienna-superautomatica-saeco.pdf In PDF document text
- http://uncpbisdegree.com/download4.php?q=vienna-superautomatica-saeco.pdfIn PDF document text
- http://www.saecoalkatresz.hu/In PDF document text
- http://partsguru.com/MaintenanceofEspressomachines.htmlIn PDF document text
- http://www.ersatzteile-direkt.com/hersteller_s/saeco_top.htmlIn PDF document text
- http://www.kavegepszerviz.hu/kavegep-hasznalati-utmutatok/saeco-hasznalati-utmutatokIn PDF document text
- http://www.servis-coffee.ru/prodaja/saeco.htmlIn PDF document text
- https://www.jura-ersatzteile-shop.de/In PDF document text
- https://www.jura-ersatzteile-shop.de/saeco-ersatzteile-26In PDF document text
- http://www.macchinadelcaffe.it/philips-saeco-poemia-hd842311-recensione/In PDF document text
- http://www.ricambivas.it/pagina-989/DISEGNI-TECNICI-ED-ESPLOSI-MACCHINE-DA--CAFFESNACKS-E-VENDING.aspxIn PDF document text
- http://www.qvinho.com.br/cafes-especiais/maquinas-de-cafe-espresso-20-dicas/In PDF document text
- https://www.transistornet.de/In PDF document text
- http://riverside-resort.net/1/tennis-mastery.pdfIn PDF document text
- http://riverside-resort.net/1/toro-20622-repair-manual.pdfIn PDF document text
- http://riverside-resort.net/1/tangent-and-secant-angles.pdfIn PDF document text
- http://riverside-resort.net/1/troy-bilt-riding-mower-manual.pdfIn PDF document text
- http://riverside-resort.net/1/the-war-against-germany-and-italy-mediterranean-and-adjacent-areas-by.pdfIn PDF document text
- http://riverside-resort.net/1/springboard-5-22-schoolworld-an-edline-solution.pdfIn PDF document text
- http://riverside-resort.net/1/the-boy-who-loved-batman-michael-e-uslan.pdfIn PDF document text
- http://riverside-resort.net/1/ss2-ict-third-term-exam-question.pdfIn PDF document text
- http://riverside-resort.net/1/the-guided-reading-classroom-how-to-keep-all-students-working-constructively.pdfIn PDF document text
- http://riverside-resort.net/1/stimulus-material-for-year-7-narrative-writing.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://www.manualslib.com/manual/1001911/Saeco-Vienna-Superautomatica.htmlIn PDF document text
- https://www.manualslib.com/brand/saeco/coffee-maker.htmlIn PDF document text
- https://www.manualslib.com/products/Saeco-Vienna-Superautomatica-3967580.htmlIn PDF document text
- https://www.ebay.es/sch/sis.html?_nkw=Cafetera+Saeco+Vienna+SuperautomaticaIn PDF document text
- https://www.manualslib.com/manual/821644/Saeco-Vienna-Plus-Sup-018m.htmlIn PDF document text
- https://www.manualslib.com/products/Saeco-Vienna-Plus-Sup-018m-3591797.htmlIn PDF document text
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=DE_EN&a=http%3a%2f%2fwww.ersatzteile-direkt.com%2fhersteller_s%2fsaeco_top.htmlIn PDF document text
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=RU_EN&a=http%3a%2f%2fwww.servis-coffee.ru%2fprodaja%2fsaeco.htmlIn PDF document text
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=DE_EN&a=https%3a%2f%2fwww.jura-ersatzteile-shop.de%2fIn PDF document text
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=DE_EN&a=https%3a%2f%2fwww.jura-ersatzteile-shop.de%2fsaeco-ersatzteile-26In PDF document text
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=IT_EN&a=http%3a%2f%2fwww.macchinadelcaffe.it%2fphilips-saeco-poemia-hd842311-recensione%2fIn PDF document text
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=IT_EN&a=http%3a%2f%2fwww.ricambivas.it%2fpagina-989%2fDISEGNI-TECNICI-ED-ESPLOSI-MACCHINE-DA--CAFFESNACKS-E-VENDING.aspxIn PDF document text
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=PT_EN&a=http%3a%2f%2fwww.qvinho.com.br%2fcafes-especiais%2fmaquinas-de-cafe-espresso-20-dicas%2fIn PDF document text
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=DE_EN&a=https%3a%2f%2fwww.transistornet.de%2fIn PDF document text
- http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409In PDF document text
- http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409In PDF document text
- https://go.microsoft.com/fwlink/?linkid=868922In PDF document text
- http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409In PDF document text
- http://go.microsoft.com/fwlink/?LinkID=617297In PDF document text
- https://fedoraproject.org/wiki/Licensing/LiberationFontLicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004bd5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4BD5 | 10628 bytes |
SHA-256: 71be6cca4bfbf078e0f9fa7b5f5e3b67bb7992bf8a845f8da995c78678b68aeb |
|||
font_01_sfnt_off00006d82.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D82 | 6768 bytes |
SHA-256: 6f43722af5366c1df0e63a0a6e921c8183282c092117d3315f1889ce2c2140e9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.