And now I realize that this is a fishbowl wiki. https://am.wikimedia.org/wiki/%D5%8D%D5%BA%D5%A1%D5%BD%D5%A1%D6%80%D5%AF%D5%B8%D5%B2:%D5%86%D5%A5%D6%80%D5%A4%D6%80%D5%B8%D6%82%D5%B4%D5%B6%D5%A5%D6%80%D5%A8/David_Saroyan appears to the person who added the CSS/JS.

CC @Ladsgroup and @SusikMkr based on T176042.

David is a staff in WMAM, probably an oversight. I will talk to him tomorrow. In the mean time I fixed the privacy issue in this edit
cc. @DavidSaroyan

This is not a UBN as that means the site is down.

In T194614#4203448, @Ladsgroup wrote:

David is a staff in WMAM, probably an oversight. I will talk to him tomorrow. In the mean time I fixed the privacy issue in this edit
cc. @DavidSaroyan

Thanks! The spenden.wikimedia.de request is lower priority but would still be good to figure out.

In T194614#4203451, @Paladox wrote:

This is not a UBN as that means the site is down.

For security bugs, severe or immediate security/privacy issues meet the definition of ubn.

In order to reduce the priority, is there any need to do more actions?

In T194614#4203507, @Ladsgroup wrote:

In order to reduce the priority, is there any need to do more actions?

There's an AJAX request to spenden.wikimedia.de, which I assume is under WMDE controlled, not WMF. I didn't spend time yesterday trying to find where it was coming from.

@Ladsgroup there's one more thing if you could fix, on https://am.wikimedia.org/wiki/MediaWiki:Common.js could you change

mw.loader.load('//wiki/MediaWiki:AnonymousI18N.js&action=raw&ctype=text/javascript');

to

mw.loader.load('//commons.wikimedia.org/MediaWiki:AnonymousI18N.js&action=raw&ctype=text/javascript');

Right now it's trying to make an external request to a non-existent wiki domain.