This domain is operated for authorized security research and bug bounty programs.
This is the expected destination. The PoC is meant to demonstrate that data could be exfiltrated to a researcher-controlled domain.
Researcher contact: tarik2380 (via HackerOne)
Domain purpose: CORS PoCs, callback URLs, redirect testing for authorized programs only.