URL: https://bugcrowd.com/acex
Submission: On November 07 via api from US

Summary

This website contacted 12 IPs in 1 countries across 9 domains to perform 22 HTTP transactions. The main IP is 2606:4700:10::6814:4ef, located in United States and belongs to CLOUDFLARENET, US. The main domain is bugcrowd.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on November 3rd 2020. Valid for: a year.
This is the only time bugcrowd.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 2606:4700:10:... 13335 (CLOUDFLAR...)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
1 13.226.156.92 16509 (AMAZON-02)
2 2600:1901:0:7... 15169 (GOOGLE)
1 13.226.155.149 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 35.160.159.121 16509 (AMAZON-02)
1 1 13.226.132.70 16509 (AMAZON-02)
3 13.226.132.112 16509 (AMAZON-02)
1 13.226.132.59 16509 (AMAZON-02)
1 34.235.226.198 14618 (AMAZON-AES)
1 99.83.219.81 16509 (AMAZON-02)
22 12
Domain Requested by
7 bugcrowd.com d2wy8f7a9ursnm.cloudfront.net
bugcrowd.com
3 js.intercomcdn.com bugcrowd.com
widget.intercom.io
3 assets.bugcrowdusercontent.com bugcrowd.com
2 sessions.bugsnag.com d2wy8f7a9ursnm.cloudfront.net
1 api-iam.intercom.io js.intercomcdn.com
1 heapanalytics.com bugcrowd.com
1 cdn.heapanalytics.com cdn.segment.com
1 widget.intercom.io 1 redirects
1 api.segment.io cdn.segment.com
1 crowdicons.bugcrowdusercontent.com bugcrowd.com
1 cdn.segment.com bugcrowd.com
1 d2wy8f7a9ursnm.cloudfront.net bugcrowd.com
22 12

This site contains links to these domains. Also see Links.

Domain
www.bugcrowd.com
forum.bugcrowd.com
www.linkedin.com
twitter.com
www.facebook.com
www.youtube.com
Subject Issuer Validity Valid
bugcrowd.com
DigiCert SHA2 Extended Validation Server CA
2020-11-03 -
2021-12-03
a year crt.sh
bugcrowdusercontent.com
DigiCert SHA2 Extended Validation Server CA
2020-09-16 -
2021-01-06
4 months crt.sh
*.cloudfront.net
DigiCert Global CA G2
2020-05-26 -
2021-04-21
a year crt.sh
*.bugsnag.com
Sectigo RSA Domain Validation Secure Server CA
2020-05-18 -
2021-05-18
a year crt.sh
*.segment.com
DigiCert SHA2 Secure Server CA
2020-06-12 -
2021-07-27
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-10 -
2021-08-10
a year crt.sh
*.intercomcdn.com
Amazon
2020-03-29 -
2021-04-29
a year crt.sh
cdn.heapanalytics.com
Amazon
2020-09-24 -
2021-10-26
a year crt.sh
heapanalytics.com
Amazon
2020-01-21 -
2021-02-21
a year crt.sh
*.intercom.com
Amazon
2020-05-13 -
2021-06-13
a year crt.sh

This page contains 2 frames:

Primary Page: https://bugcrowd.com/acex
Frame ID: 01397D9E868CDDD86486436A8AE5DAA2
Requests: 21 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.e40a3073.js
Frame ID: 36F4A672031666FFC09E188C33496365
Requests: 3 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i

Overall confidence: 50%
Detected patterns
  • meta csrf-param /^authenticity_token$/i

Overall confidence: 100%
Detected patterns
  • script /\/bugsnag.*\.js/i

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Overall confidence: 100%
Detected patterns
  • script /heap-\d+\.js/i

Overall confidence: 100%
Detected patterns
  • script /cdn\.segment\.com\/analytics\.js/i

Page Statistics

22
Requests

100 %
HTTPS

33 %
IPv6

9
Domains

12
Subdomains

12
IPs

1
Countries

1892 kB
Transfer

6285 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://widget.intercom.io/widget/ovg5emkk HTTP 302
  • https://js.intercomcdn.com/shim.latest.js

22 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request acex
bugcrowd.com/
18 KB
8 KB
Document
General
Full URL
https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ee34e58e7102f0070594d7013c004d3018fa932627c88b62043b6f5790a941c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self' d6tizftlrpuof.cloudfront.net; block-all-mixed-content; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com d6tizftlrpuof.cloudfront.net; img-src 'self' data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com assets.pentesterlab.com *.usabilla.com; media-src js.intercomcdn.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net 'nonce-2vP3nRErIl6noSD9QDjMJf7isLmyzCiDGPDt6ScADLM=' 'unsafe-inline'; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; upgrade-insecure-requests; report-uri /csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
bugcrowd.com
:scheme
https
:path
/acex
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Sat, 07 Nov 2020 20:03:38 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d42ddab2854bafbca318a8253aaad10fa1604779417; expires=Mon, 07-Dec-20 20:03:37 GMT; path=/; domain=.bugcrowd.com; HttpOnly; SameSite=Lax _crowdcontrol_session=QVF0UHhnYnU0b3JMZFZ5UUc5MmNsSWd4NmRYV3Q3eERFbzE5VExxU0k5aHlCVXhwNXdRVVR6alZpeFllV3pUbHlHTGV0Rm5odTZNcEVHWUtOMUpSTlVCMzZMMWFZTjFyT3dEZlVDMm5FVEtCQ1hBWDFOeGU1eUFKMEFMMklYZ2ppZ2hWbjg5WGRqYjU4djVsQXJlR2hBPT0tLUc5MXZLQ3VuZVNuUm81bnB0OUZOZlE9PQ%3D%3D--2835e101693a76613abb7da36c0945a018b030ce; path=/; secure; HttpOnly; SameSite=Lax
etag
W/"7ee34e58e7102f0070594d7013c004d3"
cache-control
max-age=0, private, must-revalidate
x-request-id
28e2fb3b-3056-4510-90c0-500bbbd47743
x-runtime
0.173211
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-download-options
noopen
x-permitted-cross-domain-policies
none
referrer-policy
strict-origin-when-cross-origin
content-security-policy
default-src 'none'; base-uri 'self' d6tizftlrpuof.cloudfront.net; block-all-mixed-content; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com d6tizftlrpuof.cloudfront.net; img-src 'self' data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com assets.pentesterlab.com *.usabilla.com; media-src js.intercomcdn.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net 'nonce-2vP3nRErIl6noSD9QDjMJf7isLmyzCiDGPDt6ScADLM=' 'unsafe-inline'; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; upgrade-insecure-requests; report-uri /csp
x-varnish
231187
age
0
cf-cache-status
DYNAMIC
cf-request-id
0645e7b81d000097908c37d000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5ee9a8a02e5d9790-FRA
content-encoding
gzip
application-055a446e.css
assets.bugcrowdusercontent.com/packs/css/
617 KB
91 KB
Stylesheet
General
Full URL
https://assets.bugcrowdusercontent.com/packs/css/application-055a446e.css
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a39ce210462904f61d45e7050994bc208b984602f04c4fbd340fed8b105ae2c

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:03:38 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 06 Nov 2020 19:27:52 GMT
server
cloudflare
age
2656
etag
W/"084b5235701f994c7ec91d0832d20c84"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
status
200
cache-control
max-age=14400
cf-ray
5ee9a8a46e1e0eb3-FRA
cf-request-id
0645e7babe00000eb3b8877000000001
bugsnag.min.js
d2wy8f7a9ursnm.cloudfront.net/v4/
37 KB
11 KB
Script
General
Full URL
https://d2wy8f7a9ursnm.cloudfront.net/v4/bugsnag.min.js
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.226.156.92 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-156-92.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b25a37870e2a2df1197250f5e9befbbcc689663262ffacd7f53ccd0693411525

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 10 Sep 2020 01:33:00 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Wed, 01 Aug 2018 09:43:25 GMT
Server
AmazonS3
Age
5077838
ETag
W/"bcae2fab7aadf79a0f44f171109e4a9e"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript; charset=UTF-8
Via
1.1 3b811cf25a4fdc818f7cfcb16b38d622.cloudfront.net (CloudFront)
Cache-Control
public, max-age=315360000
Transfer-Encoding
chunked
X-Amz-Cf-Pop
DUS51-C1
X-Amz-Cf-Id
TsF9dT4Qs6_JgONQLFeXu8bJfnolMyHY_xafKouHR8QWUS-kOn4fHA==
logo-full.min-ffef5e4dc1c44a8705ad8947f770bdd4.svg
assets.bugcrowdusercontent.com/packs/media/images/
5 KB
2 KB
Image
General
Full URL
https://assets.bugcrowdusercontent.com/packs/media/images/logo-full.min-ffef5e4dc1c44a8705ad8947f770bdd4.svg
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f97006dcf19add73b5e13c546156587a79b449417c6c2581bfb92fc4aae1bbcc

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:03:38 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 25 May 2020 04:53:25 GMT
server
cloudflare
age
14395482
etag
W/"ffef5e4dc1c44a8705ad8947f770bdd4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
status
200
cache-control
public, max-age=31536000
cf-ray
5ee9a8a4aeb70eb3-FRA
cf-request-id
0645e7baec00000eb3af26e000000001
application-7cd295eff016db675da3.js
assets.bugcrowdusercontent.com/packs/js/
4 MB
944 KB
Script
General
Full URL
https://assets.bugcrowdusercontent.com/packs/js/application-7cd295eff016db675da3.js
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:3b23 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0974aee3ad132c265c806a0edb20fe98572af013b35464f382b1dc76cc4d848

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:03:38 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 06 Nov 2020 19:27:52 GMT
server
cloudflare
age
47998
etag
W/"cdd33a266f2c13de4b50e25efbd83c30"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=31536000
cf-ray
5ee9a8a4cf020eb3-FRA
cf-request-id
0645e7bafc00000eb3eb9eb000000001
/
sessions.bugsnag.com/ Frame
0
0
Other
General
Full URL
https://sessions.bugsnag.com/
Protocol
H2
Server
2600:1901:0:7a0b:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
bugsnag-api-key,bugsnag-payload-version,bugsnag-sent-at,content-type
Origin
https://bugcrowd.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

status
200
access-control-allow-headers
Origin, Content-Type, Accept, Authorization, User-Agent, Referer, X-Forwarded-For, Bugsnag-Api-Key, Bugsnag-Payload-Version, Bugsnag-Sent-At
access-control-allow-methods
POST
access-control-allow-origin
*
date
Sat, 07 Nov 2020 20:03:38 GMT
content-length
0
via
1.1 google
alt-svc
clear
/
sessions.bugsnag.com/
21 B
140 B
XHR
General
Full URL
https://sessions.bugsnag.com/
Requested by
Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v4/bugsnag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:7a0b:: , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a

Request headers

Bugsnag-Payload-Version
1.0
Referer
https://bugcrowd.com/
Bugsnag-Sent-At
2020-11-07T20:03:38.454Z
Bugsnag-Api-Key
1abbd896a93c9cf3e0784ea585f4c690
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 07 Nov 2020 20:03:38 GMT
via
1.1 google
status
202
content-type
application/json
access-control-allow-origin
*
bugsnag-session-uuid
df3de054-a036-4da2-ab57-820b768899ad
alt-svc
clear
content-length
21
analytics.min.js
cdn.segment.com/analytics.js/v1/7iC2Ms9O4Tlb7fMJtg8R9glrGmIPhuFy/
359 KB
66 KB
Script
General
Full URL
https://cdn.segment.com/analytics.js/v1/7iC2Ms9O4Tlb7fMJtg8R9glrGmIPhuFy/analytics.min.js
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.155.149 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-149.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9b0b5b2ed4e2679b4218b9caeb629b0b964e442ef19153894920a28e7fd641c9

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
wxGZVKnPE9OZShlE2DhZdqEclyZ4BJL6
content-encoding
gzip
etag
"ca7093d78f95618b45e889749ba64913"
age
225
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-length
66974
access-control-allow-origin
*
last-modified
Fri, 30 Oct 2020 17:21:01 GMT
server
AmazonS3
date
Sat, 07 Nov 2020 19:59:54 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
via
1.1 a67be963c7536322e9a591e428e62d28.cloudfront.net (CloudFront)
cache-control
public, max-age=300
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
BLjg-m1ChaplT01iWRtBaamsZaAsMOBv8yW4vv30Tsm-p0rPUvkreA==
truncated
/
168 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
96d044c8f6b997e4c075904080129d0e8890ebbcbacb0985bd783d1b07830f3f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
7 KB
7 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aa56d1d5705d9b14c79475c7aea45727c040ba78972bace4532ccf23a815650e

Request headers

Origin
https://bugcrowd.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
acex.json
bugcrowd.com/
4 KB
4 KB
Fetch
General
Full URL
https://bugcrowd.com/acex.json
Requested by
Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v4/bugsnag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d90d0f3c9d20f3a8466f2718b5af7751458ae8765d836bb512161f99a553d3cf
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self' d6tizftlrpuof.cloudfront.net; block-all-mixed-content; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com d6tizftlrpuof.cloudfront.net; img-src 'self' data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com assets.pentesterlab.com *.usabilla.com; media-src js.intercomcdn.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; upgrade-insecure-requests; report-uri /csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bugcrowd.com/acex
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:03:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
age
0
cf-ray
5ee9a8a86aad9790-FRA
status
200
x-xss-protection
1; mode=block
x-request-id
c58a7d06-b0ed-4c5b-b545-e39e8302ff3d
x-runtime
0.166080
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"d90d0f3c9d20f3a8466f2718b5af7751"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
x-varnish
426860
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self' d6tizftlrpuof.cloudfront.net; block-all-mixed-content; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com d6tizftlrpuof.cloudfront.net; img-src 'self' data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com assets.pentesterlab.com *.usabilla.com; media-src js.intercomcdn.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; upgrade-insecure-requests; report-uri /csp
cf-request-id
0645e7bd4100009790ae89c000000001
content-type
application/json; charset=utf-8
a56a1fd4-f794-41a6-942d-59ef0786e9d0.json
bugcrowd.com/researcher_profile/achievements/
11 KB
3 KB
Fetch
General
Full URL
https://bugcrowd.com/researcher_profile/achievements/a56a1fd4-f794-41a6-942d-59ef0786e9d0.json
Requested by
Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v4/bugsnag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f57107425021e092dc005bcbd184800ee7c74bad606e498f266636e3b14cbaf3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com; img-src 'self' data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com; media-src js.intercomcdn.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; upgrade-insecure-requests; report-uri /csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bugcrowd.com/acex
X-CSRF-Token
haxRX8JZ2XTce/tfNwByCu+YTP1nHQRfTak2Eoykr0rMpu32Gz00EPeFyGtU1PjA57/xKP8Q5Cd02VJst5kmSg==
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 07 Nov 2020 20:03:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
age
0
cf-ray
5ee9a8a86aae9790-FRA
status
200
x-xss-protection
1; mode=block
x-request-id
ae3ce819-eb9d-4841-a78f-1601f23ec497
x-runtime
0.667132
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"f57107425021e092dc005bcbd184800e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
x-varnish
165551
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com; img-src 'self' data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com; media-src js.intercomcdn.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; upgrade-insecure-requests; report-uri /csp
cf-request-id
0645e7bd41000097909106d000000001
content-type
application/json; charset=utf-8
a56a1fd4-f794-41a6-942d-59ef0786e9d0.json
bugcrowd.com/researcher_profile/statistics/
4 KB
3 KB
Fetch
General
Full URL
https://bugcrowd.com/researcher_profile/statistics/a56a1fd4-f794-41a6-942d-59ef0786e9d0.json
Requested by
Host: d2wy8f7a9ursnm.cloudfront.net
URL: https://d2wy8f7a9ursnm.cloudfront.net/v4/bugsnag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f6f946a747ad88fb95dd5bfdbfd2563c5ec7ba50425cfd194a53fa0a1fb0cfe
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com; img-src 'self' data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com; media-src js.intercomcdn.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; upgrade-insecure-requests; report-uri /csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bugcrowd.com/acex
X-CSRF-Token
haxRX8JZ2XTce/tfNwByCu+YTP1nHQRfTak2Eoykr0rMpu32Gz00EPeFyGtU1PjA57/xKP8Q5Cd02VJst5kmSg==
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 07 Nov 2020 20:03:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
age
0
cf-ray
5ee9a8a86aaf9790-FRA
status
200
x-xss-protection
1; mode=block
x-request-id
e45c50ad-9b82-40e5-920c-e3588a94cfd5
x-runtime
0.051895
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"1f6f946a747ad88fb95dd5bfdbfd2563"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
x-varnish
393715
cache-control
max-age=0, private, must-revalidate
content-security-policy
default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com; img-src 'self' data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com; media-src js.intercomcdn.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; upgrade-insecure-requests; report-uri /csp
cf-request-id
0645e7bd41000097908b951000000001
content-type
application/json; charset=utf-8
a56a1fd4f79441a6942d59ef0786e9d0.png
crowdicons.bugcrowdusercontent.com/c/
5 KB
6 KB
Image
General
Full URL
https://crowdicons.bugcrowdusercontent.com/c/a56a1fd4f79441a6942d59ef0786e9d0.png
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:22dc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75a0446fa1fbb53e48034e68c9e1dec4dd1b88384db4b3ec15366c5f06c1aca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:03:40 GMT
via
1.1 vegur
x-content-type-options
nosniff
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
status
200
cache-control
public, max-age=31556952
accept-ranges
bytes
cf-ray
5ee9a8a89f41dfb7-FRA
content-length
5442
cf-request-id
0645e7bd650000dfb7d2923000000001
default_banner-b2e8be1197e6ba1e88f912d3024172ba.png
bugcrowd.com/packs/media/images/researcher-profile/
552 KB
553 KB
Image
General
Full URL
https://bugcrowd.com/packs/media/images/researcher-profile/default_banner-b2e8be1197e6ba1e88f912d3024172ba.png
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5a411907e35530804aa2892379255ea84945d09478345e6833a0e1ed5913bae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bugcrowd.com/acex
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:03:38 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
39419
status
200
vary
Accept-Encoding
content-length
565553
cf-request-id
0645e7bd45000097908c3bd000000001
last-modified
Fri, 06 Nov 2020 19:27:54 GMT
server
cloudflare
etag
"b2e8be1197e6ba1e88f912d3024172ba"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-varnish
132167
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
5ee9a8a86ab19790-FRA
p
api.segment.io/v1/
21 B
140 B
XHR
General
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/7iC2Ms9O4Tlb7fMJtg8R9glrGmIPhuFy/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.160.159.121 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-160-159-121.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

status
200
date
Sat, 07 Nov 2020 20:03:39 GMT
access-control-allow-origin
https://bugcrowd.com
content-length
21
vary
Origin
content-type
application/json
shim.latest.js
js.intercomcdn.com/
Redirect Chain
  • https://widget.intercom.io/widget/ovg5emkk
  • https://js.intercomcdn.com/shim.latest.js
12 KB
5 KB
Script
General
Full URL
https://js.intercomcdn.com/shim.latest.js
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-112.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06dc4815c7e9a340e479d4a94f86200133053c3e958c8768bcd898467e922336

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:01:29 GMT
content-encoding
gzip
age
131
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
content-length
4356
last-modified
Thu, 05 Nov 2020 15:51:24 GMT
server
AmazonS3
etag
"7b554492b6ea66f84cc29cd82f45736e"
content-type
application/javascript; charset=UTF-8
via
1.1 498cdb7d5db845f8fbb098d88d764204.cloudfront.net (CloudFront)
cache-control
max-age=300, s-maxage=300, public
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
yPHQ4k1EE0jZ0_seoZGZPB2uIuiJLhXM_jmui_JB1WeUMLMTam-X-w==

Redirect headers

date
Mon, 02 Nov 2020 19:27:57 GMT
via
1.1 f6bd96409cae11d77ed75457d756ef80.cloudfront.net (CloudFront)
server
AmazonS3
age
434143
status
302
x-cache
Hit from cloudfront
location
https://js.intercomcdn.com/shim.latest.js
x-amz-cf-pop
DUS51-C1
content-length
0
x-amz-cf-id
O4tRR7NJ9g1_pd6rM5zR3DLAaz_EwVlb3w00NQpAfhwtGdqbu-RTwQ==
heap-351079185.js
cdn.heapanalytics.com/js/
96 KB
39 KB
Script
General
Full URL
https://cdn.heapanalytics.com/js/heap-351079185.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/7iC2Ms9O4Tlb7fMJtg8R9glrGmIPhuFy/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.59 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-59.dus51.r.cloudfront.net
Software
nginx /
Resource Hash
63c3c701001a1da6fc0feb2d5da1a467679a91354bc29517f6d53f0c5f81b6f6

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:01:46 GMT
content-encoding
gzip
server
nginx
age
113
etag
W/"17f63-rXT21gEth3alEd/WVTfq/A"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
status
200
cache-control
public, max-age=120
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
W7NWBoy4rgB3_stGR_xrX10o23LeOC_TkFowlOhynsfyYMQBz97BNw==
via
1.1 987c00b911316df568db602f83876a8e.cloudfront.net (CloudFront)
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9977e78ecd8b8dfcb37e94811b914ea13b9f661403386b05352b8ec8cb79034

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
h
heapanalytics.com/
37 B
213 B
Image
General
Full URL
https://heapanalytics.com/h?a=351079185&u=6812049120309368&v=8349224491835699&s=5672631056878422&b=web&tv=4.0&z=0&h=%2Facex&d=bugcrowd.com&t=Your%20Elastic%20Security%20Team%2C%20better%20security%20testing%20through%20bug%20bounties%20and%20managed%20security%20programs%20%7C%20Bugcrowd&ts=1604779419497&st=1604779419498
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.235.226.198 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-235-226-198.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://bugcrowd.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 07 Nov 2020 20:03:39 GMT
server
nginx
etag
W/"25-PqzQEyMQ6kTK11azeKO8Bw"
content-type
image/gif
status
200
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-length
37
frame-modern.e40a3073.js
js.intercomcdn.com/ Frame 36F4
233 KB
63 KB
Script
General
Full URL
https://js.intercomcdn.com/frame-modern.e40a3073.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/ovg5emkk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-112.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6470b6fbf08b722e0e43d866b10f488e02a44adac3187073654938bd8feb9a07

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 19:51:29 GMT
content-encoding
gzip
age
731
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
content-length
64356
last-modified
Thu, 05 Nov 2020 15:39:27 GMT
server
AmazonS3
etag
"7b4d422f38d6afe390a594d3079cda66"
content-type
application/javascript; charset=UTF-8
via
1.1 498cdb7d5db845f8fbb098d88d764204.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
EuHd2IpjK4H8fEaWQA_ew79d_ULrxtwWrzhREgp2yF1MOOBxjA_M_g==
vendor-modern.f585e527.js
js.intercomcdn.com/ Frame 36F4
123 KB
38 KB
Script
General
Full URL
https://js.intercomcdn.com/vendor-modern.f585e527.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/ovg5emkk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.132.112 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-132-112.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f2115d67889ef9ee779fd47c169d0057c076767844771a2eb6fe918f09760e61

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 19:45:38 GMT
content-encoding
gzip
age
1082
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
status
200
content-length
38303
last-modified
Fri, 06 Nov 2020 10:50:40 GMT
server
AmazonS3
etag
"af39b5792e8c69d67c99c9ff6155bb17"
content-type
application/javascript; charset=UTF-8
via
1.1 498cdb7d5db845f8fbb098d88d764204.cloudfront.net (CloudFront)
cache-control
max-age=31536000, s-maxage=7200, public
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
x-amz-cf-id
EzW-jnv3Vw1W8cpmQqUCy4BSAp5wzMPduYcvZ4PrgUEtinng99CfZA==
ping
api-iam.intercom.io/messenger/web/ Frame 36F4
5 KB
2 KB
XHR
General
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.e40a3073.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.83.219.81 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad8b87a22ce463223.awsglobalaccelerator.com
Software
nginx /
Resource Hash
5ba686e7182b549acbd552f6fb8068517b0c2fb8f582351c60a9c1f637bd7bda
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Sat, 07 Nov 2020 20:03:40 GMT
content-encoding
gzip
x-ami-version
ami-0b41427035008f71d
status
200, 200 OK
strict-transport-security
max-age=31556952; includeSubDomains; preload
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
003064kvciapcepnl0h0
x-runtime
0.395058
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5ba686e7182b549acbd552f6fb806851"
x-ratelimit-remaining
19974
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bugcrowd.com
x-intercom-version
b39eb8bce516444828643f71fc21757a5b7ef913
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-ratelimit-reset
1604779440
x-ratelimit-limit
20000
access-control-allow-headers
Content-Type
x-content-type-options
nosniff
level-1-debba8ae3859aa3b8c9ddfcaee510b3a.svg
bugcrowd.com/packs/media/images/achievements/bounty-bee/
5 KB
2 KB
Image
General
Full URL
https://bugcrowd.com/packs/media/images/achievements/bounty-bee/level-1-debba8ae3859aa3b8c9ddfcaee510b3a.svg
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
35967ecdff1db40b02b07b5ccfbf604e5a0ad9796359c62b44d2035c06b5140a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bugcrowd.com/acex
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:03:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
34106
status
200
vary
Accept-Encoding
cf-request-id
0645e7c18000009790910a6000000001
x-varnish
459229
last-modified
Fri, 06 Nov 2020 19:27:53 GMT
server
cloudflare
etag
W/"debba8ae3859aa3b8c9ddfcaee510b3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/svg+xml
cache-control
public, max-age=31536000
cf-ray
5ee9a8af3ea89790-FRA
level-1-c2111c250727cfbceebb3862fd41f138.svg
bugcrowd.com/packs/media/images/achievements/submission-shogun/
66 KB
44 KB
Image
General
Full URL
https://bugcrowd.com/packs/media/images/achievements/submission-shogun/level-1-c2111c250727cfbceebb3862fd41f138.svg
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/acex
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa59e6159f2b8382be4943ce055af3e97bdb4780aa8eb7c5edff3287c2b400ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bugcrowd.com/acex
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 07 Nov 2020 20:03:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
34106
status
200
vary
Accept-Encoding
cf-request-id
0645e7c18000009790ac172000000001
x-varnish
328564
last-modified
Fri, 06 Nov 2020 19:27:53 GMT
server
cloudflare
etag
W/"c2111c250727cfbceebb3862fd41f138"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/svg+xml
cache-control
public, max-age=31536000
cf-ray
5ee9a8af3ea99790-FRA

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| bugsnag object| bugsnagClient object| analytics function| setImmediate function| clearImmediate object| regeneratorRuntime function| jQuery function| $ boolean| _rails_loaded object| __SECRET_EMOTION__ object| core function| Mousetrap function| SVGPathSeg function| SVGPathSegClosePath function| SVGPathSegMovetoAbs function| SVGPathSegMovetoRel function| SVGPathSegLinetoAbs function| SVGPathSegLinetoRel function| SVGPathSegCurvetoCubicAbs function| SVGPathSegCurvetoCubicRel function| SVGPathSegCurvetoQuadraticAbs function| SVGPathSegCurvetoQuadraticRel function| SVGPathSegArcAbs function| SVGPathSegArcRel function| SVGPathSegLinetoHorizontalAbs function| SVGPathSegLinetoHorizontalRel function| SVGPathSegLinetoVerticalAbs function| SVGPathSegLinetoVerticalRel function| SVGPathSegCurvetoCubicSmoothAbs function| SVGPathSegCurvetoCubicSmoothRel function| SVGPathSegCurvetoQuadraticSmoothAbs function| SVGPathSegCurvetoQuadraticSmoothRel function| SVGPathSegList object| d3 object| __REDUX_GLOBAL_STORE__ function| Intercom object| heap function| normalize function| __intercomAssignLocation

5 Cookies

Domain/Path Name / Value
bugcrowd.com/ Name: _crowdcontrol_session
Value: UkYxbWFSNExxZjJKWFlKdHR1czdNOEQ4SGoxVzJkNXpNZk1mdTRxUWw4dU1oNzlJL25rYkkvWGw1RC9MSTl4RkpDaGxNU1E4MGxJcE05alQwMU1yWlZzTFJUTWNnY1dvc3VMWGw3OHE0a2JLZHlsV0NhRHJ5a0g0aC82VFRkK0QzZVpQaG5sS1JIUzc4NmUra3M3SG1nPT0tLWNFQ2h5a3dtY1F4RGJwRVh6c1VVZVE9PQ%3D%3D--3b35b4578bcff9a56b3478d776f11d7d3a3a0798
.bugcrowd.com/ Name: _hp2_ses_props.351079185
Value: %7B%22ts%22%3A1604779419497%2C%22d%22%3A%22bugcrowd.com%22%2C%22h%22%3A%22%2Facex%22%7D
.bugcrowd.com/ Name: _hp2_id.351079185
Value: %7B%22userId%22%3A%226812049120309368%22%2C%22pageviewId%22%3A%228349224491835699%22%2C%22sessionId%22%3A%225672631056878422%22%2C%22identity%22%3Anull%2C%22trackerVersion%22%3A%224.0%22%7D
.bugcrowd.com/ Name: ajs_anonymous_id
Value: %22401aaf59-52b4-4526-9a48-e61fe50c700f%22
.bugcrowd.com/ Name: __cfduid
Value: d42ddab2854bafbca318a8253aaad10fa1604779417

1 Console Messages

Source Level URL
Text
console-api debug URL: https://d2wy8f7a9ursnm.cloudfront.net/v4/bugsnag.min.js(Line 1)
Message:
[bugsnag] Loaded!

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; base-uri 'self' d6tizftlrpuof.cloudfront.net; block-all-mixed-content; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com d6tizftlrpuof.cloudfront.net; img-src 'self' data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com assets.pentesterlab.com *.usabilla.com; media-src js.intercomcdn.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net 'nonce-2vP3nRErIl6noSD9QDjMJf7isLmyzCiDGPDt6ScADLM=' 'unsafe-inline'; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; upgrade-insecure-requests; report-uri /csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
api.segment.io
assets.bugcrowdusercontent.com
bugcrowd.com
cdn.heapanalytics.com
cdn.segment.com
crowdicons.bugcrowdusercontent.com
d2wy8f7a9ursnm.cloudfront.net
heapanalytics.com
js.intercomcdn.com
sessions.bugsnag.com
widget.intercom.io
13.226.132.112
13.226.132.59
13.226.132.70
13.226.155.149
13.226.156.92
2600:1901:0:7a0b::
2606:4700:10::6814:3b23
2606:4700:10::6814:4ef
2606:4700:10::6816:22dc
34.235.226.198
35.160.159.121
99.83.219.81
06dc4815c7e9a340e479d4a94f86200133053c3e958c8768bcd898467e922336
0a39ce210462904f61d45e7050994bc208b984602f04c4fbd340fed8b105ae2c
0ba7c0356149946bf0642fab4ef85b95e7090f6f785d0fb84323d0c442e5190a
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1f6f946a747ad88fb95dd5bfdbfd2563c5ec7ba50425cfd194a53fa0a1fb0cfe
35967ecdff1db40b02b07b5ccfbf604e5a0ad9796359c62b44d2035c06b5140a
5ba686e7182b549acbd552f6fb8068517b0c2fb8f582351c60a9c1f637bd7bda
63c3c701001a1da6fc0feb2d5da1a467679a91354bc29517f6d53f0c5f81b6f6
6470b6fbf08b722e0e43d866b10f488e02a44adac3187073654938bd8feb9a07
75a0446fa1fbb53e48034e68c9e1dec4dd1b88384db4b3ec15366c5f06c1aca8
7ee34e58e7102f0070594d7013c004d3018fa932627c88b62043b6f5790a941c
96d044c8f6b997e4c075904080129d0e8890ebbcbacb0985bd783d1b07830f3f
9b0b5b2ed4e2679b4218b9caeb629b0b964e442ef19153894920a28e7fd641c9
aa56d1d5705d9b14c79475c7aea45727c040ba78972bace4532ccf23a815650e
b25a37870e2a2df1197250f5e9befbbcc689663262ffacd7f53ccd0693411525
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
d90d0f3c9d20f3a8466f2718b5af7751458ae8765d836bb512161f99a553d3cf
e5a411907e35530804aa2892379255ea84945d09478345e6833a0e1ed5913bae
e9977e78ecd8b8dfcb37e94811b914ea13b9f661403386b05352b8ec8cb79034
f0974aee3ad132c265c806a0edb20fe98572af013b35464f382b1dc76cc4d848
f2115d67889ef9ee779fd47c169d0057c076767844771a2eb6fe918f09760e61
f57107425021e092dc005bcbd184800ee7c74bad606e498f266636e3b14cbaf3
f97006dcf19add73b5e13c546156587a79b449417c6c2581bfb92fc4aae1bbcc
fa59e6159f2b8382be4943ce055af3e97bdb4780aa8eb7c5edff3287c2b400ac