There is SSRF vulnerability due to img tag injection in "Contact HackerOne Sales" form. Since vulnerability triggers after 18-20 minutes so I am not sure which site it affects. It might affect hackerone or marketo. So I thought it would be better to report it first on hackerone.
- Navigate to https://www.hackerone.com/product/features.
- Click on "Get Started".
- Fill FirstName, LastName, Company and Message by <img src=https://yourserver.com/f onerror=alert(1)>, <img src=https://yourserver.com/l onerror=alert(1)>, <img src=https://yourserver.com/c onerror=alert(1)> and <img src=https://yourserver.com/m onerror=alert(1)>.
- Fill the remaining details and submit the form.
- Wait 18-20 minutes and check server logs.
In this case ssrf triggers many times. Please check the screenshots.