This is an intentionally misconfigured static site used by
s32_security_scanner to exercise the DAST (OWASP ZAP)
stage. It serves only static files, runs as a non-root user and is
fully sandboxed, so it cannot harm the Docker host.