Other security reports

B

Bunch (voorheen JA!)

wijzijnja.nl

62

Bunch (voorheen JA!) is a small creative agency based in the Netherlands specializing in brand transformation services. Their website presents a professional and modern design, targeting businesses seeking to evolve their brand identity using their proprietary Bunch Blueprint™ methodology. The company positions itself as a creative partner in the Dutch market, focusing on delivering tailored brand transformation solutions. Technically, the website is built on Webflow and leverages modern JavaScript libraries such as GSAP and Split-Type for animations and user experience enhancements. It integrates Google Tag Manager and Cookiebot for analytics and privacy compliance, demonstrating a mature digital infrastructure. Security-wise, the site enforces HTTPS and provides a comprehensive cookie consent mechanism, but lacks explicit security headers and published security policies or incident response contacts, which are recommended for enhanced trust and compliance. Overall, the website is safe, professional, and privacy compliant, with no signs of blocking or WAF interference, but could improve transparency by publishing more detailed security and contact information.

M

MijnSelektHuis

mijnselekthuis.nl

49

MijnSelektHuis appears to be a small-scale website likely related to real estate or housing services, as suggested by the site title and domain name. The website content is minimal, with no visible business descriptions, contact information, or user-facing content beyond basic HTML structure and JavaScript framework usage. The site uses the Dojo Toolkit for its frontend and is hosted under the registrar Combell B.V., with DNSSEC enabled and HTTPS active, indicating basic security hygiene. However, the lack of privacy policies, cookie consent mechanisms, terms of service, and contact details limits the site's transparency and user trust. From a technical perspective, the site employs modern JavaScript but lacks visible SEO optimization, accessibility features, and performance indicators. Security posture is moderate due to HTTPS and DNSSEC but is weakened by the absence of security headers and visible secure forms. No analytics, advertising, or tracking technologies were detected, suggesting minimal user data collection. Overall, the website presents a low-risk profile with no adult or explicit content detected. However, the lack of comprehensive content, policies, and contact information reduces its credibility and compliance standing. Strategic improvements in transparency, security headers, and user engagement features are recommended to enhance trust and compliance.

L

LessWrong

lesswrong.com

58

LessWrong is a niche community platform dedicated to rationality and AI safety topics, serving enthusiasts and researchers in these fields. The website offers curated blog posts, community discussions, and event announcements, positioning itself as a key hub within the effective altruism and rationality communities. Technically, the site employs a modern React-based stack with Material-UI components, integrates reputable third-party services for analytics, error tracking, and payments, and demonstrates good mobile optimization and SEO practices. Security-wise, the site enforces HTTPS and uses tools like Sentry and LogRocket, but lacks some recommended security headers and explicit security policies. The absence of WHOIS data for the domain is a notable anomaly, though the website itself appears legitimate and professionally maintained. Overall, the site presents a solid digital presence with room for improvement in privacy compliance and security transparency.

A

Association of Illustrators

theaoi.com

73

The Association of Illustrators (AOI) is a well-established UK-based membership organization dedicated to supporting illustrators through contract advice, business support, campaigning, and industry events such as the World Illustration Awards. The website reflects a mature digital presence with comprehensive resources, active community engagement, and professional branding. Technically, the site is built on WordPress with modern plugins and integrations including WooCommerce, The Events Calendar, and analytics tools like Google Analytics and Facebook Pixel. Security posture is strong with HTTPS enforced, domain locking, and a SecurityMetrics certification, though DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms in place. Overall, the site demonstrates a high level of professionalism, trustworthiness, and technical maturity suitable for its audience of illustrators and creative professionals.

The domain demae.party is registered to Private by Design, LLC, a US-based entity, with a recent creation date in June 2024. The website currently returns a 404 Not Found error page served by nginx 1.22.1, indicating no accessible content or business presence online. There are no metadata, structured data, or contact details available, and no evidence of privacy or cookie policies. The technical infrastructure appears minimal with no detected CMS or frameworks, hosted via Porkbun's DNS services. Security posture cannot be assessed due to lack of HTTPS and security headers information. Overall, the site is non-functional and lacks any business or security maturity indicators.

M

en:start [mandarynki.eu]

mandarynki.eu

59

Mandarynki.eu operates a community wiki platform primarily serving its user base with both public and private content. The public wiki provides information about users, services, rules, and contact details, while private sections are restricted to authenticated users via LDAP. The platform is built on DokuWiki and hosted by Namecheap, Inc. The website targets a niche audience of community members and internal users, focusing on documentation and service information rather than commercial activities. Technically, the website uses PHP and jQuery within the DokuWiki framework. It employs HTTPS but lacks advanced security headers and privacy compliance mechanisms such as a privacy policy or cookie consent. The site has basic mobile optimization and accessibility features, with moderate performance. No analytics or advertising technologies are detected, indicating minimal user tracking. From a security perspective, the site benefits from LDAP authentication for private content and HTTPS encryption. However, it lacks security headers and formal security or incident response policies. No vulnerabilities or exposed sensitive data were detected in the provided content. The absence of privacy and cookie policies represents a compliance gap, especially under GDPR. Overall, mandarynki.eu is a small-scale, community-focused wiki with a moderate security posture and basic technical implementation. Strategic improvements in privacy compliance, security headers, and mobile accessibility would enhance its trustworthiness and user experience.

Web 1 Land is a niche website dedicated to celebrating and reviving the early internet era known as Web 1.0. It provides a platform for users to create simple HTML web pages reminiscent of the 1990s web experience, targeting enthusiasts and newcomers interested in retro web culture. The site is operated by Private by Design, LLC, a US-based small entity established in 2023. Technically, the website is built with basic HTML and CSS, with no advanced frameworks or CMS detected. It is hosted under a domain registered with Porkbun LLC and uses DNS Kitchen for name servers. The site is accessible without any WAF or security challenges and shows moderate performance and good mobile optimization. However, it lacks modern security headers, DNSSEC, and privacy or cookie policies, which are areas for improvement. No contact information or forms are provided, limiting direct user engagement and support channels. Overall, the security posture is basic, with no critical vulnerabilities detected but missing several best practices. The domain registration is transparent and consistent with the website's purpose, enhancing trustworthiness. Strategic recommendations include implementing security headers, enabling DNSSEC, adding privacy and cookie policies, and providing contact information to improve compliance and user trust.

The website puck.news is currently inaccessible beyond a Cloudflare security challenge page that verifies visitors are human using Turnstile CAPTCHA. No actual business content, contact information, or policies are visible on the page. The site appears to be protected by Cloudflare's WAF and bot mitigation services, which enhances security but prevents content analysis. Due to the lack of accessible content, no detailed business description or services can be determined. The technical infrastructure relies on Cloudflare's security and analytics services, but no CMS or other frameworks are detectable. Security posture benefits from Cloudflare protection, but visible security headers and compliance documentation are absent. Overall, the site cannot be fully assessed due to access restrictions, resulting in a low AI score and limited insights.

K

Kinghill Advertising Oy

kinghill.fi

45

Kinghill Advertising Oy is a Finnish digital marketing agency specializing in dynamic advertising and lead generation services. Established in 2007, the company positions itself as a partner for businesses seeking to enhance their online presence and customer acquisition, especially in challenging market conditions such as the pandemic. The website reflects a professional and modern digital infrastructure, leveraging WordPress with the Divi theme, integrated with multiple marketing and analytics tools including Google Analytics, Facebook Pixel, ManyChat, and ActiveCampaign. The technical setup supports a good user experience with mobile optimization and SEO best practices. Security posture is adequate with HTTPS enabled and cookie consent implemented; however, the absence of explicit security headers and privacy policy pages indicates room for improvement in compliance and security transparency. Overall, the domain registration data aligns well with the website content, supporting the legitimacy and trustworthiness of the business.

F

formel-skin.de

formel-skin.de

48

The website www4.formel-skin.de appears to be a parked or placeholder domain with minimal content primarily focused on advertising. There is no clear business description, contact information, or user engagement features. The site uses advertising platforms such as Google AdSense and Bodis to monetize traffic. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript with external ad scripts. No CMS or advanced frameworks are detected. Security posture is weak with no visible security headers or policies, and no evidence of HTTPS configuration was found in the provided data. Privacy compliance is minimal with only a basic privacy policy and no cookie consent mechanism. Overall, the site lacks business credibility and trust indicators, and the domain registration data suggests it is a redirect or parked domain without clear ownership details.

A

Aleksey Cherenkevich

roundnsquare.club

55

Round & Square is a specialized online platform launched in 2023 by Aleksey Cherenkevich, designed to help vinyl record collectors manage their collections and wishlists with ease and aesthetic appeal. The service offers features such as importing from Discogs, custom tagging, smart search, personal stats, and community-driven curated lists, positioning itself as a niche player in the music collector's digital space. The website is well-branded, consistent, and targets vinyl enthusiasts globally with a focus on user experience and community engagement. Technically, the site is hosted on DigitalOcean, uses modern web technologies including PWA support, and integrates Yandex.Metrika for analytics with privacy considerations. Security posture is solid with HTTPS enforced and domain protections in place, though some improvements like enabling DNSSEC and adding security headers are recommended. Privacy compliance is strong with clear policies and consent mechanisms. Overall, the platform demonstrates a good balance of business credibility, technical maturity, and user-focused design.

The website toucharcade.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) security challenge page that requires human verification via Turnstile captcha. This prevents access to the actual website content, limiting the ability to analyze business, security, and compliance details. The domain is registered since 2007 with NameCheap, Inc., indicating a mature and likely legitimate website. The use of Cloudflare services suggests a focus on security and performance. However, no privacy policies, contact information, or business details are visible in the provided content. The security posture is partially observable through the presence of Cloudflare protection but lacks visible security headers or policies in the HTML. Overall, the site is protected by modern security mechanisms but cannot be fully assessed due to access restrictions.

C

Coach van het Jaar

coachvanhetjaar.nl

61

Coach van het Jaar is a Dutch online fantasy football game focused on the Eredivisie league, allowing users to create virtual teams and compete based on real player performances. The website presents a professional and engaging platform with clear calls to action, user onboarding, and community features such as subleagues and prizes. Technically, the site uses modern JavaScript libraries, analytics tools like PostHog and Google Tag Manager, and is hosted on a specialized platform (osso.io). The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is solid with HTTPS enforced and CSRF protection on forms, though it lacks visible security headers and published security policies. Privacy compliance is partially addressed with privacy and cookie policies present but no explicit cookie consent mechanism. Overall, the domain registration data aligns well with the business, indicating legitimacy and trustworthiness.

Sponsorlink is a platform focused on sponsorship management, as evidenced by the presence of an admin login page. The website content is minimal and primarily serves as an access point for administrators. The technical infrastructure is based on Laravel Nova, a modern PHP framework for admin panels, with usage of Google Fonts and custom CSS. The site is mobile optimized with basic accessibility features but lacks SEO optimization and comprehensive content. Security posture shows some good practices such as CSRF token usage and HTTPS enforcement on the login form, but lacks visible security headers and formal security policies. Privacy and cookie policies are absent, which impacts compliance and trust. Overall, the website is functional for its purpose but requires enhancements in security, privacy compliance, and content richness to improve trust and professionalism.

The website deqik.com currently presents only a minimal maintenance notification with no additional content, metadata, or business information. The domain is registered with a Vietnamese registrar since 2018, indicating a stable registration history. However, the lack of visible content, contact details, or policies limits the ability to assess the business comprehensively. Technically, the site lacks detectable technologies, security headers, or SEO optimizations, suggesting a low digital maturity level. Security posture is weak due to missing SSL/security headers and absence of privacy or cookie policies. Overall, the site appears to be either under maintenance or not fully developed, resulting in a low trust and credibility score.

The website emo-mruczek.pet currently serves as a minimal placeholder that redirects visitors via a frameset to emo-mruczek.pl. There is no substantive content, metadata, or business information directly available on the site. The domain is registered through a privacy protection service based in the US, with a suspicious future creation date, which raises concerns about the legitimacy and transparency of the domain ownership. The lack of privacy, cookie, or terms of service policies and absence of contact information further limit the ability to assess the business or compliance posture. Technically, the site lacks modern web technologies, security headers, and SEO optimizations, indicating a low level of digital maturity. Security posture is weak due to missing HTTPS confirmation and no visible security best practices. Overall, the site appears to be a redirector or placeholder rather than a fully operational business website.

J

JustRafau

rafau.pl

56

The website rafau.pl is a personal homepage for an individual named Rafał, also known as JustRafau. It serves primarily as a personal branding and social presence platform, linking to various social media and code repositories such as GitHub and Codeberg. The site is simple and minimalistic, with no commercial or business services offered. The domain is recently registered in November 2023, consistent with the site's content and scope. Technically, the site is built using the Astro framework and employs modern web standards including SVG and WebP images, with good mobile optimization and basic SEO. Security posture is moderate; HTTPS is implied but no advanced security headers or DNSSEC are enabled. No privacy or cookie policies are present, indicating limited compliance with GDPR or similar regulations. Overall, the site is safe, with no adult or questionable content detected.

F

Fabryka jaboli

fabrykajabo.li

59

Fabryka jaboli is a small personal and community-focused website primarily hosting various self-maintained services by an individual named Nomza. The site offers a blog, IRC, federated social instance, and links to member pages, targeting a Polish-speaking general audience interested in niche community services. The business model is informal and self-hosted, with no commercial or enterprise positioning. Technically, the website is built with basic HTML, CSS, and JavaScript without any detected CMS or advanced frameworks. Hosting appears to be provided by Hetzner, inferred from footer text. The site has moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. From a security perspective, the site lacks critical security headers, privacy policies, cookie consent mechanisms, and contact information for incident response or data protection. No analytics or tracking scripts were detected, indicating minimal user tracking. The domain uses privacy protection for WHOIS data, which is appropriate for a small personal site. No vulnerabilities or suspicious patterns were identified, but security posture is minimal. Overall, the website is safe for general audiences but lacks formal compliance and security best practices. Strategic improvements in privacy, security headers, and contact transparency would enhance trust and compliance.

The website emo-mruczek.pl is a personal site created recently in 2024, featuring minimal content centered around personal interests and social links. It does not represent a commercial business or professional entity. The site includes a simple design with basic HTML and CSS, linking to personal GitHub and MyAnimeList profiles, and some hobbyist webrings. There is no evidence of business operations, e-commerce, or professional services. Technically, the site is basic with no advanced frameworks or CMS detected, and no analytics or tracking technologies in use. Security posture is weak due to lack of HTTPS information and absence of security headers. No privacy or cookie policies are present, and no contact information is provided, limiting trust and compliance. WHOIS data is transparent and consistent with a personal site, registered under an individual name with no privacy protection. Overall, the site is safe for general audiences but lacks professional and security maturity.

F

~fufexan.net

fufexan.net

49

The website fufexan.net is a minimal personal site owned by an individual named Mihai, primarily serving as a small blog or informational page related to the Nix community. It contains very limited content, mainly a greeting and a brief FAQ. The site uses the Zola static site generator and is hosted with Cloudflare DNS services, with HTTPS enabled but lacking advanced security headers or DNSSEC. There are no forms, contact details, or business-related information, indicating it is not a commercial or organizational site. From a security perspective, the site benefits from HTTPS and domain status protections but lacks DNSSEC and security headers, which are recommended for improved security posture. No privacy, cookie, or terms of service policies are present, which limits compliance with GDPR or other privacy regulations. No analytics or advertising technologies are detected, suggesting minimal user tracking. Overall, the site is safe for general audiences with no adult or questionable content. The domain registration is consistent with the site's nature and age, showing no suspicious patterns. The lack of business information and policies limits the site's credibility and compliance but is understandable given its personal nature. Strategic improvements include adding basic privacy and cookie policies, enabling DNSSEC, and implementing security headers to enhance security and trust.

The website netdesignbook.com currently displays only an error message with no accessible content, indicating it is either under development or improperly configured. The domain is very recently registered (August 19, 2024) and expires in 22 days, which raises concerns about its establishment and longevity. The site uses Cloudflare DNS hosting but lacks DNSSEC and any visible security headers or policies. No business or contact information is available, and no privacy or cookie policies are present, indicating poor compliance and trustworthiness. Overall, the website is not currently functional or informative, limiting any meaningful business or security assessment.

F

Fundalingua

fundalingua.com

43

Fundalingua is a small, specialized service provider offering German translation and localization services with a focus on tourism and recreation sectors. The business is led by a native German speaker with 20 years of experience, targeting Dutch-speaking clients who require culturally adapted German content. The website is built on WordPress using the Divi theme, with standard analytics tools such as Google Analytics and Matomo integrated. The technical infrastructure is moderate in performance and well-optimized for mobile devices. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the business credibility is high given the domain age and consistent content.

E

Ernst Kalbfleisch Projecten

ernstkalbfleisch.com

55

Ernst Kalbfleisch Projecten is a small Dutch consulting business specializing in creating and activating partnerships and relationships, with a focus on sports and organizational strengthening. The company offers services including partnerships, strategy, communication, and activation, targeting organizations seeking to enhance their partnerships and market presence. The website is professionally designed using WordPress with modern SEO practices and structured data, reflecting a solid digital presence. The technical infrastructure includes common WordPress plugins and themes, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers, indicating room for improvement. Privacy compliance is basic but includes a privacy policy and cookie consent mechanism. Overall, the website is trustworthy and professional, with clear contact information and social media presence.

V

VerzekeringsPlatform | schadeverzekeringen voor particulieren

verzekeringsplatform.nl

53

The website www.verzekeringsplatform.nl appears to be a small-scale insurance platform built using the Wix website builder. The site content is minimal with no visible privacy, cookie, or terms of service policies, and lacks contact information such as emails, phone numbers, or physical addresses. The technical infrastructure relies on Wix's standard scripts and hosting, with HTTPS enabled but missing important security headers. The site shows basic mobile optimization and limited SEO and accessibility features. Security posture is weak due to missing headers and lack of incident response or security policies. Overall, the site presents a low level of business credibility and privacy compliance, limiting trustworthiness and user confidence.

S

Synanta B.V.

synanta.nl

58

Synanta B.V. is a Dutch consulting company specializing in certification advisory services including ISO 9001, VCA, HKZ-KO, and RI&E. They also offer a proprietary SaaS solution, Cross Approach, to support QHSE process management. The company targets businesses seeking practical, expert guidance to achieve and maintain certifications, positioning itself as a trusted partner with a personalized approach. The website reflects a professional and modern digital presence built on WordPress, integrating multiple analytics and marketing tools while maintaining GDPR compliance. Security posture is solid with HTTPS, DNSSEC, and cookie consent mechanisms, though explicit security policies and incident response contacts are absent. Overall, Synanta presents a credible, well-structured business with a clear market niche and digital maturity appropriate for a small enterprise.

T

Trustoo

trustoo.nl

69

Trustoo is a well-established Dutch online platform founded in 2018 that specializes in connecting consumers and businesses with local service providers across a wide range of categories including legal, home improvement, personal services, and events. The platform positions itself as the leading service comparison site in the Netherlands, offering users the ability to compare companies based on reviews and pricing, facilitating informed decision-making. Trustoo operates subsidiaries in Belgium, Germany, and Spain, indicating a regional expansion strategy. Technically, the website is built on modern web technologies such as Next.js and React, ensuring fast performance and excellent mobile optimization. The use of Cookiebot for cookie consent and integration with Google Tag Manager and Bing Ads reflects a mature digital marketing and privacy compliance approach. The platform leverages structured data (JSON-LD) for SEO and maintains a professional, user-friendly design with clear navigation. From a security perspective, the site uses HTTPS and employs cookie consent mechanisms, but lacks DNSSEC and explicit security headers, which are recommended for enhanced protection. No direct contact emails or phone numbers are publicly listed, and no formal privacy policy or terms of service were found in the provided content, which could be improved to strengthen compliance and user trust. Overall, Trustoo presents a high-quality, trustworthy service platform with strong market presence in the Netherlands. Strategic improvements in security policies and transparency would further enhance its credibility and compliance posture.

The website at arcticicestudio.com currently serves a standard 404 error page hosted on the Netlify platform, indicating the site content is inaccessible or missing. There is no visible business information, contact details, or policy documentation available on the page. The domain is registered with IONOS SE since 2014 and uses privacy protection for registrant details, which is typical for business domains. However, the lack of accessible content severely limits the ability to assess the company's market position, services, or technical maturity. From a technical perspective, the site is hosted on Netlify but lacks any detectable scripts, tracking, or modern web technologies in the provided HTML snapshot. The absence of security headers and SSL configuration details in the data provided suggests potential gaps in security best practices, although this cannot be fully confirmed without live site testing. Security posture is weak due to the lack of visible security policies, privacy compliance documentation, and contact information. No forms or data collection mechanisms are present, reducing immediate data exposure risks but also indicating a lack of engagement or business functionality. The domain WHOIS data is consistent and legitimate, but the site itself does not currently present a professional or trustworthy front. Overall, the site is non-functional from a user perspective and scores very low on content quality, technical implementation, security posture, privacy compliance, and business credibility. Strategic recommendations include restoring website content, publishing essential policies, implementing security headers and HTTPS, and providing clear contact information to improve trust and compliance.

M

Martin Magni

mekorama.com

48

Mekorama is an indie mobile puzzle game developed by Martin Magni, offering a unique experience with mechanical dioramas and user-generated content via QR codes. The game is available across multiple platforms including iOS, Android, Nintendo Switch, PlayStation, Xbox, and web browsers, positioning it as a niche but well-regarded title in the indie gaming market. The website provides rich content about the game, including links to app stores, console versions, and social media channels, but lacks formal business contact details and privacy-related policies. Technically, the website uses standard web technologies such as HTML5, CSS, and JavaScript, with Google Adsense for monetization and Google Fonts for typography. The site is mobile-optimized and has good SEO practices but lacks advanced security headers and explicit privacy or cookie policies. No forms are present, reducing attack surface but also limiting user interaction on the site. From a security perspective, the site uses HTTPS, but no additional security headers were detected in the provided data. The absence of privacy and cookie policies indicates potential compliance gaps with GDPR and other privacy regulations. The WHOIS data is unavailable, which reduces trust slightly but is not uncommon for small indie projects. No vulnerabilities or malicious content were detected, and the content is safe for general audiences. Overall, Mekorama's website is professionally presented with good content quality and business credibility for an indie game. However, improvements in privacy compliance, security headers, and WHOIS transparency are recommended to enhance trust and regulatory adherence.

E

East Sweden Game

eastswedengame.se

52

East Sweden Game is a small Swedish organization or community focused on gaming, as indicated by the website title and content. The website is built on WordPress using the Divi theme, hosted by Loopia AB, a Swedish hosting provider. The technical infrastructure is standard with moderate performance and good mobile optimization. However, the website lacks critical compliance documents such as privacy and cookie policies, and no contact information is explicitly provided. Security posture is basic with HTTPS enabled but missing DNSSEC and security headers. Overall, the website is functional but has room for improvement in security and compliance to enhance trust and user confidence.

F

Fidlerówna

fidlerowna.com

51

The website www.fidlerowna.com is a personal portfolio site for Joasia Fidler-Wieruszewska, a Polish brand designer, art director, and illustrator based in Berlin. The site showcases her creative work and services including brand design, art direction, illustration, creative direction, exhibition design, and campaigns. The website is built on the Framer platform and hosted via framerusercontent.com, indicating a modern and visually oriented technical infrastructure. The site is mobile optimized and presents a professional design with clear navigation and relevant content for creative professionals and potential clients. Security posture is basic with no advanced security headers detected and no privacy or cookie policies present, which could be improved to enhance compliance and trust. The domain WHOIS data is unavailable, raising questions about domain registration legitimacy, but the site content itself is professional and safe. Overall, the website scores moderately on content quality, technical implementation, and business credibility but lacks in privacy compliance and security best practices.

J

Error

jonasfriedrich.co

50

The domain jonasfriedrich.co is registered since 2019 with privacy protection and hosted on Wix platform. Currently, the website content is an error page indicating the domain is not connected to an active Wix website. The site uses outdated AngularJS 1.2.28 and jQuery 2.0.3 libraries and lacks any business or contact information. No privacy, cookie, or terms of service policies are present, and no security headers or DNSSEC are enabled, reflecting a basic security posture. The domain registration is legitimate but the lack of active content and policies reduces trustworthiness and business credibility. Overall, the website is non-functional and provides no business or security assurances.

F

Fuck I Wish I Knew That

fuckiwishiknewth.at

41

The website 'Fuck I Wish I Knew That' is a personal curated link list managed by Piet Terheyden, targeting general internet users interested in educational and interesting content. It offers a monthly newsletter and an RSS feed to keep subscribers updated. The business model is simple content curation without commercial transactions or complex services. The site is built on WordPress CMS with modern versions of jQuery and integrates third-party services like Mailerlite for newsletter management and Plausible Analytics for privacy-focused user tracking. Hosting appears to be managed via the domain registrar's name servers, with no explicit hosting provider identified. From a security perspective, the site enforces HTTPS and uses deferred JavaScript loading, but lacks explicit security headers such as Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options. No privacy or cookie policies are present, which is a compliance gap. The contact information is limited to an email address and a newsletter subscription form, with no phone numbers or physical addresses. WHOIS data is privacy protected, which aligns with the personal nature of the site. No WAF or blocking mechanisms are detected, and the site content is fully accessible. Overall, the website demonstrates good content quality and user experience with clear navigation and consistent branding. However, it lacks formal privacy and security policies, which impacts its privacy compliance score. The security posture is moderate due to missing security headers and lack of vulnerability disclosure mechanisms. The site is safe for general audiences with no adult or explicit content detected. Strategic improvements in privacy compliance and security headers would enhance trust and compliance.

N

Netlify Inc

smalltribe.studio

55

smalltribe.studio is a boutique branding and digital design studio focused on creating humane digital products, services, and experiences. The company operates as a small entity founded in 2019, leveraging modern design tools such as Framer and hosting on Netlify. The website reflects a professional and consistent brand image with good design quality and user experience, targeting a general audience interested in branding and digital design services. Technically, the site uses modern web fonts and frameworks but lacks advanced CMS or complex backend technologies. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks security headers and DNSSEC. Privacy and compliance documentation such as privacy and cookie policies are absent, which is a compliance gap. No contact or social media information is explicitly provided on the site, limiting direct communication channels. Overall, the site is legitimate and professionally presented but would benefit from enhanced security practices and compliance documentation.

S

Schwartzco, Inc. d/b/a Commercial Type

commercialtype.com

68

Commercial Type is a specialized font foundry and licensing company established in 2007, offering a wide range of professional fonts and custom font design services. Their business model revolves around e-commerce font licensing with detailed legal agreements and secure payment processing via Stripe. The website is professionally designed with good navigation and mobile optimization, reflecting a mature digital presence. Technically, the site uses modern web technologies including Ruby on Rails, Hotwired Turbo, and Stimulus, with a custom CMS named GrayMatter. Security posture is solid with HTTPS and CSRF protections, but lacks some security headers and explicit security policies. Privacy compliance is a notable gap, with no privacy or cookie policies detected. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the business.

L

Language Creation Society

fiatlingua.org

52

Fiat Lingua is an educational and archival website dedicated to constructed language (conlang) articles, operated by the Language Creation Society, a US-based organization. The site serves a niche audience of linguists, conlang enthusiasts, and scholars by providing professionally authored content and downloadable resources. The business model is non-commercial, focusing on community and educational value rather than direct monetization. The website is built on WordPress and hosted by DreamHost, leveraging modern web technologies and providing a generally good user experience with clear navigation and mobile optimization. However, the site lacks explicit privacy and cookie policies, which impacts compliance and user trust. Security posture is solid with HTTPS enabled and domain transfer protections, but could be improved by enabling DNSSEC and adding security headers. No contact information or incident response details are provided, limiting direct communication channels. Overall, the site is trustworthy and professionally maintained but would benefit from enhanced privacy and security disclosures.

A

Aleem Shaun

aleemshaun.com

60

Aleem Shaun's website is a personal blog and portfolio site focused on themes such as belonging, creativity, enterprise, faith, justice, leadership, and technology. The site features a large archive of blog posts dating back to 2000, indicating a long-term personal content creation effort. The business model is centered on personal branding and thought leadership rather than commercial services. The site is hosted on a custom Ruby on Rails platform with modern JavaScript frameworks and libraries, showing a moderate level of technical maturity. Performance and mobile optimization are good, though accessibility is basic. Security posture is adequate with HTTPS and CSRF protection but lacks DNSSEC and security headers, which are recommended for improvement. Privacy and cookie policies are absent, indicating compliance gaps. No contact emails or phone numbers are provided, limiting direct communication channels. Overall, the site is trustworthy as a personal blog but would benefit from enhanced security and privacy compliance measures.

M

Matt Rutherford

mattrutherford.co.uk

58

Matt Rutherford operates a personal brand website focused on sharing weekly insights and tips related to career growth, personal development, and clarity in work and life. The site offers a newsletter subscription, blog articles, and various tools and resources aimed at individuals seeking to improve their professional and personal lives. The business model centers on content publishing and coaching services, positioning Matt Rutherford as a thought leader in this niche. The website is professionally designed, well-branded, and consistently updated with relevant content, targeting a general audience interested in self-improvement and career success. Technically, the website is built on the Ghost CMS platform, leveraging modern web technologies including JavaScript, CSS, and HTML5. It integrates third-party services such as Plausible Analytics for privacy-focused tracking and Ghostboard for engagement metrics. The site demonstrates good performance, mobile optimization, and SEO practices, although some security headers are missing. The use of structured data (JSON-LD) enhances search engine understanding and visibility. From a security perspective, the site enforces HTTPS and uses secure forms for newsletter subscription. However, it lacks explicit privacy and cookie policies, security.txt files, and incident response contact information, which are important for compliance and trust. No vulnerabilities or exposed sensitive data were detected in the analyzed content. The WHOIS lookup for the domain failed due to a naming rules error, which is unusual but the site is live and functional, indicating legitimacy despite the lack of WHOIS transparency. Overall, the website presents a low-risk profile with strong content quality and business credibility but would benefit from enhanced privacy compliance and security best practices to improve trust and regulatory adherence.

Surplus Jouissance Projects ([S][J][P]) is a niche content publishing platform focused on psychoanalysis, intellectual discourse, and related topics. The website offers subscription-based access to exclusive articles and posts, targeting an audience interested in psychoanalytic theory and cultural studies. The business model centers on memberships and content delivery via a Ghost CMS platform. The site maintains a consistent brand identity and provides a good quality user experience with clear navigation and mobile optimization. Technically, the website leverages modern web technologies including Ghost CMS, Google Fonts, Stripe for payments, and CDN delivery via JSDelivr. The site is served over HTTPS with good SSL configuration, though it lacks explicit security headers and formal privacy or cookie policies. Performance is moderate with good mobile responsiveness and basic accessibility features. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data in its HTML content. However, it lacks visible security headers, privacy compliance documentation, and incident response contact information. The absence of WHOIS registration data raises concerns about domain legitimacy, though the accessible and professional content suggests a legitimate small-scale operation. No advertising or tracking beyond essential platform scripts is detected, indicating minimal user tracking. Overall, the website presents a moderate risk profile with room for improvement in privacy compliance, security best practices, and transparency. Strategic recommendations include publishing privacy and cookie policies, adding security headers, providing contact and incident response information, and clarifying domain registration details to enhance trustworthiness.

L

Lou Plummer

amerpie.lol

55

Amerpie.lol is a personal blog operated by Lou Plummer, focusing on topics such as technology (especially Mac-related), hiking, photography, music, and personal reflections. The site is hosted on the Micro.blog platform and uses a static site generator (Hugo), reflecting a modern and lightweight technical infrastructure. The blog targets general internet users interested in personal stories and cultural content, with no evident commercial or e-commerce activities. The domain is relatively new, registered in early 2024, and uses privacy protection services, which is appropriate for a personal blog.

A

Andrea Contino

gwtf.it

55

The website contino.com is a personal weblog operated by Andrea Contino, focusing on communication, gaming, technology, and lifestyle topics. It serves a niche audience interested in personal reflections and commentary on these subjects. The site has been active since 2009, supported by a domain registered since 1997, indicating a stable and long-term presence. The business model is non-commercial, with no advertising or paid content, emphasizing personal expression and community engagement. Technically, the website is built with standard HTML, CSS, and JavaScript, without reliance on major CMS platforms or frameworks. The site demonstrates good mobile optimization and SEO practices but lacks advanced accessibility features. Hosting and DNS services are managed by Porkbun LLC, with domain security measures such as clientDeleteProhibited and clientTransferProhibited status enabled, though DNSSEC is not implemented. From a security perspective, the site uses HTTPS (implied by URLs), but no explicit security headers or incident response policies are published. There is no privacy or cookie policy, which is a compliance gap especially under GDPR. No analytics or tracking technologies are detected, indicating minimal user tracking and good privacy by default. The domain registration data aligns well with the website content, supporting legitimacy and trustworthiness. Overall, the website is a well-maintained personal blog with good content quality and moderate technical implementation. Security and privacy compliance could be improved by adding relevant policies and security headers. The site poses low risk and is safe for general audiences.

J

Jarrod Blundy

heydingus.net

51

HeyDingus is a personal blog operated by Jarrod Blundy, focusing on technology, outdoor activities, and curated internet content. The site serves a niche audience of technology enthusiasts and outdoor lovers, offering blog posts, shortcuts, and digital products. The business model is primarily content-driven with monetization through tips, affiliate marketing, and a small store. The website is well-branded, professionally designed, and regularly updated, reflecting a small but engaged community presence. Technically, the website is hosted on Blot.im, leveraging a simple but effective tech stack including HTML5, CSS, JavaScript, and integrations with Micro.blog and Carbon Ads. The site is mobile-optimized and performs well, with fast loading times and good SEO practices. Accessibility is basic but functional. The site uses HTTPS with a strong SSL configuration, though it lacks DNSSEC and some recommended security headers. From a security perspective, the site demonstrates good baseline practices such as HTTPS enforcement and domain transfer/update protections. However, it lacks explicit privacy and cookie policies, security.txt files, and vulnerability disclosure mechanisms, which are important for compliance and transparency. No critical vulnerabilities or exposed sensitive data were detected. The domain registration is consistent with the website content and shows no suspicious patterns. Overall, HeyDingus is a trustworthy, well-maintained personal blog with solid technical foundations but could improve its privacy compliance and security posture by adding formal policies and security headers. The risk level is low, but enhancements in compliance and security best practices are recommended to maintain trust and meet evolving standards.

The website fabiensauser.ch is a personal blog primarily in French, focusing on literature, technology, and personal reflections. It is built using the Hugo static site generator and contains a series of well-written blog posts with clear navigation and moderate mobile optimization. The site targets general internet users interested in thoughtful content rather than commercial services. There is no evidence of monetization or business operations beyond content publishing. Technically, the site uses a simple tech stack with Hugo and CSS, lacks advanced frameworks or analytics, and shows basic SEO and accessibility features. No forms or tracking scripts are present, indicating minimal data collection. However, there is no visible HTTPS/SSL confirmation or security headers, which reduces the security posture. Privacy and cookie policies are absent, limiting compliance with GDPR and related regulations. Security-wise, the site does not expose sensitive data or show signs of vulnerabilities but lacks formal security policies or incident response contacts. The domain uses privacy protection in WHOIS, typical for personal blogs, with no suspicious patterns detected. Overall, the site is safe and trustworthy for general audiences but could improve in security and privacy compliance. The overall risk is low given the non-commercial nature and limited data collection, but strategic improvements in HTTPS implementation, security headers, and privacy disclosures are recommended to enhance trust and compliance.

T

Thord D. Hedengren

tdh.se

56

The website tdh.se is a personal site owned and operated by Thord D. Hedengren, primarily serving as a platform for blogging, sharing personal projects, and promoting a fantasy novel. The site targets a general audience interested in literature and personal content. It is a small-scale, niche personal brand site with a long domain history dating back to 2003, indicating stable ownership and consistent presence. Technically, the site is built using the Astro static site generator and uses Cloudflare for DNS services, resulting in fast performance and good mobile optimization. The site employs minimal tracking with a privacy-respecting analytics service (Umami) and explicitly states no cookies or tracking, enhancing user privacy. Security posture is generally good with HTTPS enforced, but lacks DNSSEC and security headers, which are recommended for improvement. No privacy or cookie policies are published, which is a compliance gap. Contact information is not explicitly provided, limiting direct communication channels. Overall, the site is safe, professional, and trustworthy for general audiences with room for security and compliance enhancements.

M

Mattia Compagnucci

mattiacompagnucci.com

41

Mattia Compagnucci's website serves as a personal portfolio and creative outlet showcasing his work as a product designer, photographer, and writer. The site offers various sections including a journal, photography portfolio, shop, newsletters, and curated web links, targeting individuals interested in design, storytelling, and mindful living. The business model is primarily personal branding with monetization through shop sales and donations. Technically, the website employs a moderate tech stack including jQuery 2.0.0, Flickity for image sliders, Simple Lightbox, Font Awesome icons, Google Fonts, and Plausible Analytics for tracking. Hosting is provided by JustHost, and the site is HTTPS enabled. However, the use of an outdated jQuery version and lack of DNSSEC and security headers indicate areas for improvement. The site is mobile optimized with good SEO and accessibility basics. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and security headers. No privacy or cookie policies are present, and no contact information or incident response details are provided. The site does not collect data via forms and uses minimal tracking through Plausible Analytics, indicating a low privacy risk but also low compliance with GDPR best practices. Overall, the website is safe, professional, and well-structured for its purpose but would benefit from enhanced security measures, privacy compliance, and clearer contact information to improve trust and compliance posture.

The website andzuck.com is a personal blog and project showcase site for Andrew Zuckerman, featuring a variety of essays, blog posts, and multimedia projects. The site targets a general audience interested in thoughtful content and personal insights. It operates on a small scale with a business model centered on content publishing and audience engagement through blog posts and a newsletter subscription. The domain has been active since 2015, consistent with the content timeline. Technically, the site is built using the Hugo static site generator, styled with Tachyons and Tufte CSS, and hosted on Netlify. It uses modern web technologies including jQuery and integrates Google Analytics for visitor tracking. The site performs well with good mobile optimization and basic accessibility features, though SEO optimization is basic. From a security perspective, the site uses HTTPS and has domain status protections clientDeleteProhibited and clientTransferProhibited, enhancing domain security. However, DNSSEC is not enabled, and no explicit security headers are present in the HTML content. Privacy and cookie policies are absent, and no contact information for security or general inquiries is provided, which limits compliance and trust. Overall, the website is safe, professional, and functional but would benefit from improved privacy compliance, enhanced security headers, and clearer contact information to strengthen trust and security posture.

J

Jaga Santagostino

jagasantagostino.com

54

The website jagasantagostino.com serves as a personal digital garden for Jaga Santagostino, featuring minimal content and primarily acting as a landing page directing visitors to a newer version at 2024.jagasantagostino.com. The site is built using the Astro framework and utilizes Google Fonts, hosted on infrastructure associated with Zeit (now Vercel). The technical setup is modern but basic, with no detected CMS or advanced platform integrations. The website is mobile optimized with basic accessibility and SEO features but lacks comprehensive content and navigation clarity. From a security perspective, the site uses HTTPS and has domain status protections to prevent unauthorized changes. However, it lacks DNSSEC, security headers, privacy and cookie policies, and any contact or incident response information. No analytics or tracking scripts are present, indicating minimal data collection and user tracking. The domain registration is consistent and appropriate for a personal or small business website, with no suspicious patterns detected. Overall, the website presents a low-risk profile but is limited in content, security posture, and compliance features. It is suitable as a personal digital garden but would benefit from enhanced security practices, privacy compliance, and richer content to improve trust and professionalism.

G

Nikita Galaiko

galaiko.rocks

46

The website nikita.galaiko.rocks serves as a personal homepage for an individual named Nikita Galaiko. It primarily functions as a personal portfolio and contact point, sharing curated lists of interests such as vinyl records, restaurants, cocktails, movies, and blogrolls. The site targets a general audience interested in these personal interests and provides contact options via email and scheduling calls. The business model is informational and personal, with no commercial or corporate presence evident. Technically, the website is built with standard HTML5 and CSS3, utilizing custom fonts loaded via WOFF2. There is no evidence of a CMS or advanced frameworks. The site appears moderately optimized for performance and mobile devices, with basic accessibility and SEO features. No advanced analytics or tracking technologies are detected, indicating a privacy-conscious approach. From a security perspective, the site lacks visible HTTPS enforcement and security headers, which lowers its security posture. There are no published security policies, incident response contacts, or cookie consent mechanisms, which are typical for personal sites but represent areas for improvement. The WHOIS data is unavailable or privacy protected, which is common for personal domains and does not raise immediate concerns. No vulnerabilities or suspicious patterns were detected. Overall, the website is a safe, personal informational site with moderate technical quality but limited security and privacy compliance features. Strategic recommendations include implementing HTTPS, adding security headers, publishing privacy and security policies, and introducing cookie consent mechanisms to enhance trust and compliance.

B

Brad Barrish

bradbarrish.com

58

Brad Barrish's website is a personal blog featuring content primarily about music, technology, and personal experiences. The site is built using the Hugo static site generator and is hosted with DNS managed by Cloudflare. The content is well-structured and regularly updated, targeting a general audience interested in cultural and technological topics. The site includes affiliate marketing links but lacks formal business or corporate structure indications. Technically, the website demonstrates moderate digital maturity with a clean design, good mobile optimization, and basic SEO practices. The use of GoatCounter analytics indicates a minimal approach to user tracking, aligning with privacy-conscious practices. However, the absence of privacy and cookie policies, as well as missing security headers, suggests room for improvement in compliance and security hardening. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and security headers that could enhance its security posture. No vulnerability disclosure or incident response information is provided, which could be a concern for transparency and trust. Overall, the domain registration is consistent and legitimate, supporting the site's credibility. The overall risk is moderate with no critical vulnerabilities detected, but improvements in privacy compliance and security best practices are recommended to enhance trust and protect user data.

Lars-Christian.com is a personal website and blog operated by Lars-Christian Simonsen from Oslo, Norway. The site features a collection of longer posts and shorter notes covering various personal interests, including reading and workout logs. The website targets a general audience interested in personal reflections and curated content. It operates as a small-scale personal publishing platform without commercial business operations or extensive user engagement features. Technically, the website is built with clean HTML and CSS, featuring responsive design and basic accessibility. It uses Atom feeds and supports Webmention for social interactions. Hosting is managed through Hover.com, with domain registration dating back to 2005, indicating a mature and stable online presence. However, no CMS or advanced frameworks are detected, reflecting a minimalist and self-managed technical infrastructure. From a security perspective, the website benefits from domain transfer protections but lacks DNSSEC and visible security headers. There is no evidence of HTTPS enforcement or cookie consent mechanisms, which limits privacy compliance. No forms or scripts that collect user data are present, reducing attack surface but also limiting interactivity. The site does not publish a security policy or incident response contacts, which is typical for personal blogs but could be improved for trust. Overall, the website is safe, trustworthy, and professionally maintained for a personal blog. Strategic recommendations include enabling DNSSEC, adding security headers, enforcing HTTPS, and implementing privacy compliance features such as cookie consent. These improvements would enhance security posture and user trust without compromising the site's simplicity.

Ivan Moreale's website is a personal portfolio showcasing graphic design services with a casual and informal tone. The site targets a general audience interested in creative design work, emphasizing personal branding rather than corporate presence. The business model appears to be freelance or individual service provision with a niche market position. The website is minimalistic, with limited content and contact information, primarily an email and Instagram link. Technically, the site is built with basic HTML, CSS, and JavaScript without any detected CMS or frameworks. Hosting is managed via Hover, a common domain and DNS provider. The site shows moderate performance and good mobile optimization but lacks advanced SEO and accessibility features. No analytics or tracking technologies are present, indicating minimal data collection. From a security perspective, the site lacks critical security headers and does not indicate HTTPS enforcement explicitly. DNSSEC is not enabled, and no privacy or cookie policies are published, which impacts compliance posture. The WHOIS data shows a stable domain registration with appropriate protections against unauthorized transfers, consistent with a legitimate personal brand site. No vulnerabilities or incident response information is available. Overall, the website presents a low-risk profile but would benefit from improved security practices, privacy compliance, and richer content to enhance trust and professionalism.