Claimed Allora price endpoint — not live, likely a subdomain-takeover PoC.
What it does
This endpoint is listed at https://mobile-independance.vercel.app/allora/price and was presumably intended to expose Allora network price predictions via the x402 payment protocol. However, probing the endpoint on both GET and POST returns HTTP 404 (not 402), meaning no x402 payment challenge is served and the endpoint is not operational.
More critically, the landing page of the hosting domain explicitly identifies itself as a "Subdomain Takeover PoC" by a researcher named gh0stfqce, referencing a Coinbase payments-mcp bug bounty. The page states the domain is present in the payments-mcp discovery registry and is served to all wallet installations. This strongly suggests the domain was claimed as part of a security vulnerability demonstration, not as a legitimate service. All other paths on the domain (/docs, /api, /pricing, /README) return Vercel 404 errors.
Given the combination of a non-functional endpoint and clear evidence that the domain is a proof-of-concept subdomain takeover, this listing should not be treated as a usable API. Consumers and agents should avoid sending any payment or credentials to this endpoint.
Capabilities
Use cases
- —Fetching Allora network price predictions (if it were live)
- —Querying crypto asset prices via x402 micropayment (if it were live)
- —Integrating decentralized ML price forecasts into trading bots (if it were live)
Fit
Best for
- —Nothing — endpoint is not live and domain is a security PoC
Not for
- —Any production use — endpoint returns 404
- —Any payment interaction — domain is a subdomain-takeover proof of concept
- —Trusting as a legitimate Allora data source
Quick start
# Endpoint is NOT live. Do not send payments.
curl -i https://mobile-independance.vercel.app/allora/price
# Returns 404, not 402Endpoint
Quality
The endpoint returns 404 on all methods (not a valid x402 402 challenge), and the hosting domain is explicitly self-identified as a subdomain-takeover proof-of-concept for a bug bounty. There is no documentation, no schema, no pricing info, and no evidence of a functioning service.
Warnings
- —Endpoint returns 404 on both GET and POST — not live, no x402 challenge served.
- —Domain landing page explicitly states this is a 'Subdomain Takeover PoC' by gh0stfqce for a Coinbase payments-mcp bug bounty.
- —All documentation and API paths return Vercel 404 errors.
- —Do NOT send payments or credentials to this endpoint.
- —This listing may have been injected into a discovery registry as part of a security vulnerability demonstration.
Citations
- —Landing page identifies itself as 'Subdomain Takeover PoC - gh0stfqce' referencing a Coinbase payments-mcp bug bountyhttps://mobile-independance.vercel.app
- —Endpoint returns 404 on both POST and GET, not a valid x402 402 challengehttps://mobile-independance.vercel.app/allora/price
- —All other paths (/docs, /api, /pricing, /README) return Vercel 404 errorshttps://mobile-independance.vercel.app/docs