This host is operated for authorised security research. If you are a defender, network operator, or bug bounty triage reviewer who has reached this page from a callback URL or DNS query in your logs, this is intended behaviour.
Crabby is the out-of-band receiver for the Crabber security research platform. It accepts callbacks from bug bounty research targets to confirm blind-class vulnerabilities (SSRF, XXE, blind XSS, log4j-class exfil, etc.). Each callback is bound to an operator-registered research engagement with explicit safe-harbor authorisation from the target's bug bounty program.
This host does not execute exploits, does not target third parties,
and does not retain data beyond the immediate research engagement that
triggered the callback. Payloads served from this domain are
research-identifiable by design — see the
X-Crabby-Research: true header on every response.
For questions, abuse reports, or coordinated disclosure, reach
the operator at: io (swansm3009@gmail.com) - Authorized bug bounty research