 So I have a phishing PDF here and with PDFID taking a look, okay, here you can see that it contains stream objects, OBGSTM, so the URL, the URI here is 0 and that's because it is hidden in the stream object here, one of them. So what I did in the past was use PDFParser to decompress the stream object and then pipe this again into PDFID. This is no longer necessary starting from PDFParser version 070 because there's a new option, let me show you. So with PDFParser, option A gives you statistics and then option O, uppercase O, will make PDFParser decompress and parse the stream objects like this. And now here you can see indeed that there is one URI and that is in object 43. So I can say object 43 and here you see that you have the URI and here is the URL. And as you can see here, object 43 is contained in stream object 16. If you don't use that uppercase O, then PDFParser will not look inside the stream objects and object 43 will not be found. So if you do the statistics, you have no URI because we don't look into the stream objects. And one final thing, if you are looking for URIs, you can use the K option and that will search for keys inside dictionaries and give you the values. And so we are looking for keys URI and of course we want to look inside stream objects too. And like this you also get the URL.