This domain is controlled by a security researcher. It is hosted as part of a coordinated disclosure to demonstrate a Content Security Policy trust-erosion finding. No data is captured from visitors. No active exploitation is performed against any third-party application.
pre-submission/poc.js — benign JavaScript that prints
to the browser console only. It does not capture or transmit any data.
Source is human-readable and stable.If you are an affected organisation and would like this artifact taken down, contact the researcher via the HackerOne report linked above.