urlscan.io logo urlscan.io
SecurityTrails logo

bugcrowd.com Open in urlscan Pro
2606:4700:10::6814:644  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ww2.bugcrowd.com/rs/453-IJC-858/images/Security
Effective URL: https://bugcrowd.com/404
Submission: On August 26 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 2 HTTP transactions. The main IP is 2606:4700:10::6814:644, located in United States and belongs to CLOUDFLARENET, US. The main domain is bugcrowd.com. The Cisco Umbrella rank of the primary domain is 398742.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 18th 2022. Valid for: a year.
This is the only time bugcrowd.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 104.17.72.206 13335 (CLOUDFLAR...)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2
Apex Domain
Subdomains		 Transfer
3 bugcrowd.com
ww2.bugcrowd.com
bugcrowd.com — Cisco Umbrella Rank: 398742
6 KB
2 1
Domain Requested by
2 bugcrowd.com bugcrowd.com
1 ww2.bugcrowd.com 1 redirects
2 2

This site contains no links.

Subject Issuer Validity Valid
bugcrowd.com
Cloudflare Inc ECC CA-3		 2022-04-18 -
2023-04-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://bugcrowd.com/404
Frame ID: B8AC9C072343F0ABF1AE26437E12C6F8
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bugcrowd | Error

Page URL History Show full URLs

  1. https://ww2.bugcrowd.com/rs/453-IJC-858/images/Security HTTP 302
    https://bugcrowd.com/404 Page URL

Page Statistics

2
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

2
Subdomains

2
IPs

2
Countries

6 kB
Transfer

9 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ww2.bugcrowd.com/rs/453-IJC-858/images/Security HTTP 302
    https://bugcrowd.com/404 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 404
bugcrowd.com/
Redirect Chain
  • https://ww2.bugcrowd.com/rs/453-IJC-858/images/Security
  • https://bugcrowd.com/404
6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bugcrowd.com/404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:644 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb176f7181c89e3833be6cbe4f57fe7477a18a59f19efc7b827018ccd13adae4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com cdn.segment.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com; img-src 'self' bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com; media-src 'self' js.intercomcdn.com bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; report-uri /csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cf-cache-status
DYNAMIC
cf-ray
740b8eadca2a91e7-FRA
content-encoding
gzip
content-security-policy
default-src 'none'; base-uri 'self'; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com cdn.segment.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com; img-src 'self' bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com; media-src 'self' js.intercomcdn.com bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; report-uri /csp
content-type
text/html; charset=UTF-8
date
Fri, 26 Aug 2022 09:31:56 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Thu, 25 Aug 2022 22:39:06 GMT
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
kong/2.8.1
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-kong-proxy-latency
1
x-kong-upstream-latency
5
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
740b8eac183d9be9-FRA
content-type
text/html; charset=UTF-8
date
Fri, 26 Aug 2022 09:31:56 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location
https://bugcrowd.com/404
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
csp
bugcrowd.com/ 		0
135 B 		Other
General
Check archive.org
Download Go to
Full URL
https://bugcrowd.com/csp
Requested by
Host: bugcrowd.com
URL: https://bugcrowd.com/404
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:644 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; base-uri 'self'; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com cdn.segment.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com; img-src 'self' bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com; media-src 'self' js.intercomcdn.com bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; report-uri /csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bugcrowd.com/404
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Fri, 26 Aug 2022 09:31:57 GMT
via
kong/2.8.1
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
x-kong-proxy-latency
0
x-kong-upstream-latency
83
x-xss-protection
1; mode=block
x-request-id
cbe9bce3-1d58-4b21-b9c9-0b4562aa2d23
x-runtime
0.075123
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-download-options
noopen
cache-control
no-cache
content-security-policy
default-src 'none'; base-uri 'self'; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com cdn.segment.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com; img-src 'self' bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com; media-src 'self' js.intercomcdn.com bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; report-uri /csp
cf-ray
740b8eb06da191e7-FRA
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e5d427d21a4d96a5fb1d7891047c01cf9dda6e70a391774da1e13681fb1ea1e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

3 Cookies

Domain/Path Name / Value
ww2.bugcrowd.com/ Name: BIGipServerab27web-nginx-app_https
Value: !ub4ub69NB+79B6hwj0+bx/SialTWb3rWhcz9IO6x5FHS97fN4BcT6a/IKt3vyI2zQsdKSOElZYAvT0I=
.ww2.bugcrowd.com/ Name: __cf_bm
Value: EzXhJ_yQKhTbht0yNJgqM6G1XX5Ti_DQoWNeWXMcuPM-1661506316-0-ASS5j2iykVGiBuIH5jkzLsqvbyisxy4sXmUi5HIA2oEi0BniHxJ1ENW63QVDE+LAXZaJ5XBgpC5o54m7lHRQvrQ=
.bugcrowd.com/ Name: __cf_bm
Value: qnAEwhMHMqBr76INaikp1IlpZ7oB24z_hQhMDSk4vrs-1661506316-0-AYe6BbmOjhIoJNq5DVGfi0RgL6XulU4nO9rgEPla1BvPqnbQBIY878sTw+iwtcuyhEvaMVPi8CvQ69ZfWk3tPnY=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; base-uri 'self'; connect-src 'self' *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com cdn.segment.com *.segment.io wss://*.intercom.io syndication.twitter.com notify.bugsnag.com sessions.bugsnag.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com bugcrowd-attachments-us-east-1-production.s3.amazonaws.com; font-src data: assets.bugcrowdusercontent.com *.heapanalytics.com heapanalytics.com *.intercomcdn.com; form-action 'self'; frame-src 'self' *.facebook.com *.twitter.com www.youtube.com; img-src 'self' bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com data: *.bugcrowdusercontent.com *.facebook.com *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercomassets.com *.intercomcdn.com *.twitter.com *.wp.com t.co platform.slack-edge.com notify.bugsnag.com; media-src 'self' js.intercomcdn.com bugcrowd.com bugcrowd-attachments-us-east-1-production.s3.us-east-1.amazonaws.com; script-src 'strict-dynamic' 'self' assets.bugcrowdusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.heapanalytics.com heapanalytics.com *.intercom.io *.intercomcdn.com *.segment.com *.twitter.com api.usemessages.com d2wy8f7a9ursnm.cloudfront.net; style-src 'unsafe-inline' assets.bugcrowdusercontent.com; report-uri /csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bugcrowd.com
ww2.bugcrowd.com
104.17.72.206
2606:4700:10::6814:644
1e5d427d21a4d96a5fb1d7891047c01cf9dda6e70a391774da1e13681fb1ea1e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fb176f7181c89e3833be6cbe4f57fe7477a18a59f19efc7b827018ccd13adae4