Usually, you can find contacts instead of writing to random admins in abuse or security info. Helps them make money, so most should know low-hanging fruit like this.
Hi. System Owner here. Funny to see this pop up on ycombinator and thanks for pointing out a security.txt was missing. Fair point. I've added it with a clearer note not to report "open directory", specifically. Never forget to have a wonderful day, everyone.
