This looks a great way to find internal server names and possibly access tokens. If you send or receive I’ve links with sign-in info in the URL, it could be leaked if they pass through an automated tool like urlscan. #infosec https://positive.security/blog/urlscan-data-leaks