Pissvidscom -

| Technique | Finding | |-----------|---------| | HTTP Headers (via curl -I) | Server: nginx/1.22.1, X-Powered-By: PHP/8.2.0, X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff. | | HTML meta tags | <meta name="generator" content="WordPress 6.5">. | | Plugins / Themes | Footer contains wp-content/themes/vids-theme/ and wp-content/plugins/ entries such as wp-video-player, contact-form-7. | | JavaScript | Loads ajax.googleapis.com (jQuery), cdn.plyr.io (media player). | | Robots.txt | Allows /wp-admin/, blocks /wp-login.php. | | Sitemap | https://pissvids.com/sitemap.xml – lists video pages and category archives. | | TLS | TLS 1.3, cipher suite TLS_AES_256_GCM_SHA384. Certificate issued by Let’s Encrypt (valid). |

Allow Time – Give the site operators a reasonable window (typically 30‑45 days) before public disclosure.

Follow Up – If no response, consider escalating to the hosting provider (e.g., DigitalOcean) or a relevant security‑bug‑bounty platform.

| Item | Description | |------|-------------| | Target | pissvids.com (publicly reachable domain) | | Purpose | Perform a non‑intrusive, open‑source intelligence (OSINT) and surface‑level security review. | | Legal Note | All activities described are limited to publicly available information and passive reconnaissance. No active scanning, vulnerability exploitation, or credential‑guessing was performed. Use of this material should comply with local laws and the site’s Terms of Service. | | Ethical Note | If any genuine security issues are identified, they should be reported responsibly to the site’s abuse/contact address or via a bug‑bounty platform (if one exists). | pissvidscom