we receive threat intel in the form of a csv, and I would like to
- reverse the sanitization (evil[.]com)
- validate the URL is indeed bad (virustotal, etc)
- search logs for visitors to those sites
- remediate actions
on 1. I have some regex that should work for de-sanitization
but what do you all think?