Current base URL: https://poc.dhkdarkhorse.com

What happened?
1. Clicking launches the APP. After injecting the Cookie, the internal component (AnnieX) crashes.
2. The APP automatically falls back and sends the link back to the system browser.
3. The browser requests /starbucks, the server automatically serves the second stage Payload, launching the APP's normal WebView again.
4. The normal WebView initiates a /steal request, carrying the injected Cookie, completing the theft!