Responsible Disclosure Notice
Affected asset: test.bitflow.finance
Vulnerability type: Subdomain Takeover
Severity: High
Summary
The DNS record for test.bitflow.finance points to a Vercel deployment that no longer exists. The subdomain returns HTTP 404 with x-vercel-error: DEPLOYMENT_NOT_FOUND, indicating the Vercel project was deleted while the DNS CNAME record was not removed.
This allows an attacker to claim the orphaned Vercel project and serve arbitrary content under your domain — usable for phishing, credential theft, or impersonation of Bitflow.
Evidence
$ dig CNAME test.bitflow.finance +short
cname.vercel-dns.com.
$ curl -I https://test.bitflow.finance
HTTP/2 404
x-vercel-error: DEPLOYMENT_NOT_FOUND
server: Vercel
Recommended Fix
Remove the DNS CNAME record for test.bitflow.finance, or restore the Vercel deployment.
Disclosure Note
Reporting this responsibly. Please respond here or via DM to arrange proper disclosure and discuss eligibility for any bug bounty reward.
Responsible Disclosure Notice
Affected asset:
test.bitflow.financeVulnerability type: Subdomain Takeover
Severity: High
Summary
The DNS record for
test.bitflow.financepoints to a Vercel deployment that no longer exists. The subdomain returns HTTP 404 withx-vercel-error: DEPLOYMENT_NOT_FOUND, indicating the Vercel project was deleted while the DNS CNAME record was not removed.This allows an attacker to claim the orphaned Vercel project and serve arbitrary content under your domain — usable for phishing, credential theft, or impersonation of Bitflow.
Evidence
Recommended Fix
Remove the DNS
CNAMErecord fortest.bitflow.finance, or restore the Vercel deployment.Disclosure Note
Reporting this responsibly. Please respond here or via DM to arrange proper disclosure and discuss eligibility for any bug bounty reward.