Served from an origin containing buzzfeed.com, so it passes BuzzFeed's
broken postMessage origin gate. Click to open BuzzFeed and inject the malicious
dfpNativeTemplate card. If the payload executes in the BuzzFeed origin
it beacons proof back here.