This iframe was injected via the startsWith() bypass on the iframe parameter.
The browser address bar shows app.adroll.com —
but this content is served from the attacker's server.
A real attacker could use this to:
PoC for authorized security testing — Finding #6 iframe vector
Hosted at: embedded.improvado.io.nirvanahub.com