They probably wouldn't act immediately as there's no way for them to enable signing without breaking their client's site. The only cleanup you could do without that would be having google pull that subdomain I guess?

(Fiverr itself uses Bugcrowd but is private, having to first email their SOC as I did.)