Static-first checklist to quickly classify phishing PDFs, extract redirects, and identify exploit indicators.