Mal modifies the post-creation URL to include a malicious payload. Now he has to find some way to get a victim to visit the URL in their browser.
