so on the other side of the fence, they are sending URLs that are hidden in other … URLs… Here is an example
hxxps://www.google.com/url?blah=blah&url=hxxps://www.evil.com/ (hxxps added so it would show this full url string)
When I run this through the Extract plugin to grab 2 urls it only gets 1. I want to scan both URLs in my workflow.
A lot of times this first URL leads to the second URL and the second URL leads to another site…