Hello i want to report a text injection and a missconfiguration of the 404 page which can be used in phishing
the bug exists at :
As you can see attacker text is included "It has been changed by a new one https://www.crowdcurity.com so go to the new one since this one was not found on this server."
Fix : just use a 404 page that don't include attacker text just as : hackerone do (a 404 page that don't include any external text
Hope you fix it