Other security reports

C

Chuck Grimmett

cagrimmett.com

52

The website cagrimmett.com is a personal blog and digital garden maintained by Chuck Grimmett, featuring a variety of content including blog posts, microblogs, woodworking projects, reading lists, and likes. The site targets a general audience interested in personal reflections, woodworking, and curated reading. It operates on a WordPress platform with modern plugins and integrations such as Jetpack, ActivityPub, and Webmention, reflecting a mature digital infrastructure. The domain is well-established, registered since 2007, and uses Cloudflare DNS services, indicating a stable hosting environment. From a security perspective, the site employs HTTPS and has domain transfer protections enabled, but lacks DNSSEC and security headers, which are recommended for enhanced security. No privacy, cookie, or terms of service policies are published, which presents compliance gaps, especially regarding GDPR. Contact information and incident response channels are not explicitly provided, limiting direct communication for security or privacy concerns. Overall, the website demonstrates good content quality, technical implementation, and business credibility for a personal blog. However, privacy compliance and security posture could be improved by adding relevant policies, security headers, and vulnerability disclosure mechanisms. The site is safe for general audiences with no adult or explicit content detected.

M

Michael Warren

mwarrenarts.com

53

Michael Warren is a multi-disciplinary creative professional specializing in design, music, and sculpture. His website serves as a personal brand platform showcasing his experience, projects, and creative pursuits. The site highlights his role in the FinTech sector as a senior designer and his founding of Designed Space, a creative writing and interview platform. The business operates as a small personal brand targeting creative and professional audiences. Technically, the website is built on the Kirby CMS, hosted on DigitalOcean, and uses modern web fonts and responsive design techniques. The site is accessible, well-structured, and optimized for mobile devices, though it lacks some advanced accessibility features and security headers. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. From a security perspective, the site benefits from HTTPS and domain registration protections but lacks DNSSEC and security headers that could enhance its security posture. There are no visible vulnerabilities or exposed sensitive data. However, the absence of privacy and cookie policies represents a compliance gap, especially regarding GDPR and similar regulations. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements in privacy compliance and security hardening would enhance its risk profile and user trust.

D

DomRobot UG (haftungsbeschraenkt)

muhh.lol

44

The website muhh.lol is a personal blog and notes repository maintained by Markus Heurung, a family man based in Hammelburg, Germany. It serves as a personal happy place on the internet with content focused on personal journaling, notes, and links to related social and personal projects. The site is small-scale and niche, targeting a general audience interested in personal blogs and technology notes. The domain is relatively new, registered in 2022, and hosted likely on a personal or small-scale server infrastructure.

Skyhold.org is a personal website operated by C Jackdaw, a writer and witch, serving as a platform for creative expression, personal blogging, and resource sharing. The site targets a niche audience interested in writing, witchcraft, solarpunk, ADHD, and related topics. It is a small-scale, non-commercial site with regular content updates and a modest but consistent brand presence. The business entity behind the domain is Private by Design, LLC, a US-based organization, which aligns with the website's personal and creative nature. Technically, the site is hand-coded with standard HTML, CSS, and JavaScript, leveraging modern IndieWeb protocols such as IndieAuth and Webmention. Analytics are implemented via privacy-conscious services like GoatCounter and Tinylytics, reflecting a minimal user tracking approach. The site demonstrates good mobile optimization and basic accessibility but lacks advanced SEO and security headers. Hosting details are not explicit, but DNS indicates use of messagingengine.com name servers, possibly related to email hosting. From a security perspective, the site uses HTTPS and has domain status protections against unauthorized transfer or deletion. However, it lacks DNSSEC and common security headers, which are recommended to enhance security posture. No privacy or cookie policies are present, indicating compliance gaps. No forms or input fields are present, reducing attack surface but also limiting user interaction. Overall, the security posture is moderate but could be improved with standard best practices. The overall risk is low given the personal nature and limited business impact of the site. Strategic recommendations include enabling DNSSEC, adding security headers, publishing privacy and cookie policies, and considering a security.txt file for vulnerability disclosure. These steps would improve trust, compliance, and security without significant overhead.

F

fLaMEd fury

flamedfury.com

55

fLaMEd fury is a personal website and blog operated by an individual known as fLaMEd, focusing on web culture, personal interests, and collections such as books and records. The site serves as a digital diary and a curated index of various personal content, targeting a general audience interested in web and personal storytelling. The website is small-scale and niche, with a consistent brand and good content quality. Technically, the site is built using modern web standards and the Eleventy static site generator, hosted with Cloudflare as registrar and DNS provider. The site demonstrates good performance, mobile optimization, and accessibility, with no detected tracking or advertising scripts, reflecting a privacy-conscious approach. Security-wise, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and security headers, and does not publish formal security or incident response policies. Overall, the site is trustworthy and well-maintained but could improve privacy compliance and security posture by adding cookie consent and security policies.

The website '𓆱 softlandings' appears to be a personal or thematic blog with dated posts and minimal business or commercial content. It does not present clear business information, contact details, or commercial services, indicating a small-scale or individual operation. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript without detectable CMS or advanced frameworks. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. Security posture is weak due to absence of HTTPS confirmation, security headers, and privacy policies. The WHOIS data is malformed and provides no registrar or registrant information, limiting trust and verification. Overall, the site is safe for general audiences but lacks professional business and security maturity.

The website chrishannah.me is a personal blog and portfolio site maintained by Chris Hannah. It features a variety of content including essays, technical articles, photography, and personal updates. The site targets a general audience interested in technology, programming, and personal storytelling. The business model is primarily content publishing for personal branding and sharing knowledge. The site is small-scale and has been active since 2016, with consistent content updates and a clear personal identity. Technically, the site is well-structured with modern HTML5 and CSS3 standards, uses JavaScript libraries such as Highlight.js for code syntax highlighting, and Lightbox.js for image display. Hosting is via Vercel DNS, indicating a modern and performant infrastructure. The site is mobile-optimized and has good navigation clarity, although accessibility features are basic. SEO optimization is present but could be improved. From a security perspective, the site enforces HTTPS with good SSL configuration and has domain transfer protections enabled. However, it lacks DNSSEC and security headers such as Content Security Policy or HSTS. There are no published privacy or cookie policies, nor a security.txt or vulnerability disclosure page, which are areas for improvement. Analytics are minimal and privacy-respecting, using Tinylytics with no aggressive tracking. Overall, the site is trustworthy and professional for a personal blog but has gaps in privacy compliance and security best practices. Strategic recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and publishing a vulnerability disclosure policy to enhance trust and compliance.

Feadin.eu is a personal blog maintained by Paolo, an EU citizen and IT professional with interests in film and personal opinions. The site serves as a platform for sharing weekly film-related posts, lists, and links. It targets a general audience interested in cinema and personal reflections. The business model is non-commercial, focusing on content sharing rather than monetization or services. The website is built using the Hugo static site generator with the PaperMod theme, indicating a modern, lightweight technical infrastructure. The site is moderately optimized for mobile and SEO, with basic accessibility features. Security posture is minimal, lacking standard security headers and privacy policies, which presents compliance and trust challenges. No contact or business information is provided, limiting business credibility. Overall, the site is safe and suitable for general audiences but would benefit from enhanced security and privacy compliance measures.

T

Tangible Life

tangiblelife.net

49

Tangible Life is a personal blog established in 2021 that publishes reflective and experiential content focused on lifestyle, technology, and personal growth. The site targets readers interested in the IndieWeb community and thoughtful living. It operates as a small-scale personal publishing platform without commercial transactions or extensive business infrastructure. Technically, the website uses a simple tech stack including HTML5, CSS, JavaScript with jQuery and Galleria.js, and is likely hosted on Blot.im, a platform for personal blogs. The site demonstrates good design quality, mobile optimization, and clear navigation, though accessibility and SEO optimizations are basic. Security posture is moderate with HTTPS implied but lacking DNSSEC and security headers. No privacy or cookie policies are present, indicating compliance gaps. Analytics usage is minimal via Tinylytics, with no forms or personal data collection evident. The domain registration is consistent and appropriate for the site’s age and content, registered with Porkbun LLC since 2021 with no privacy protection. Overall, the website is trustworthy as a personal blog but would benefit from improved security and privacy compliance.

The website worldlit.org currently serves a security challenge page that blocks direct access to its content, indicating the presence of a Web Application Firewall or similar security mechanism. The domain is registered with privacy protection via Domains By Proxy, LLC, and uses Cloudflare DNS services. The visible metadata reveals the use of very outdated content management systems (Joomla 1.5 and WordPress 2.5), which pose significant security risks. No business or contact information, privacy policies, or terms of service are present on the accessible page, limiting the ability to assess the business or compliance posture. The site links externally only to bitninja.io, a security service provider, suggesting some level of security monitoring. Overall, the site appears minimal and likely inactive or under maintenance, with a poor security and compliance posture based on available data.

L

Language Creation Society

conlang.org

52

The Language Creation Society operates a well-established website dedicated to the art and community of language creation. Founded in 1999 and based in the US, it serves a niche audience of conlang enthusiasts by providing membership services, conferences, grants, and a variety of resources. The website is built on WordPress with a modern theme and plugins, hosted by DreamHost, and demonstrates good technical maturity with responsive design and clear navigation. Security posture is adequate with HTTPS and domain transfer protections, but lacks advanced DNS security and security headers. Privacy compliance is supported by a comprehensive privacy policy, though cookie consent mechanisms are absent. Overall, the site is trustworthy, professional, and serves its community effectively.

F

Finĉjejo

fincxjejo.com

62

The website fincxjejo.com is a personal site dedicated to sharing ideas, projects, and creations related to the Esperanto language by an individual named Fingtam (Finĉjo). It serves as a cultural and educational platform targeting Esperanto learners and enthusiasts. The site is hosted on Google Sites, leveraging Google's infrastructure and technologies such as Google Fonts and APIs. The content is primarily textual with links to social media channels including YouTube and Facebook. The site lacks formal business structure and operates as a small-scale personal project without commercial intent. From a technical perspective, the site is built on a modern, stable platform (Google Sites) ensuring reliable hosting and HTTPS security. The site demonstrates moderate performance and good mobile optimization but lacks advanced SEO and accessibility features. No custom frameworks or CMS beyond Google Sites are used. The absence of security headers beyond HTTPS is noted, and no forms or interactive data collection mechanisms are present. Security posture is adequate for a personal site with HTTPS enforced, but the lack of additional security headers and absence of privacy or terms of service pages indicate room for improvement. The WHOIS data is unavailable, raising concerns about domain registration legitimacy, although the site content and hosting platform suggest no malicious intent. Privacy compliance is minimal, with only a cookie consent banner present. Overall, the site is low risk but would benefit from improved transparency regarding domain registration, privacy policies, and enhanced security practices. Strategic recommendations include adding privacy and terms pages, implementing security headers, and clarifying domain registration status to improve trustworthiness.

P

Private by Design, LLC

lipukule.org

58

Lipukule.org is a niche cultural and linguistic website dedicated to the toki pona language and related content. It provides articles and posts that explore various themes in toki pona, targeting enthusiasts and learners of this constructed language. The website operates under the ownership of Private by Design, LLC, a US-based entity, with domain registration consistent with the site's scale and focus. The business model centers on content publication and community engagement via Discord and Telegram channels, without evident commercial transactions or e-commerce features. Technically, the website is built using the modern SvelteKit framework with JavaScript and CSS, delivering a good user experience with responsive design and clear navigation. Performance is moderate, and accessibility is basic but functional. No major technical debt or outdated technologies were detected. However, the site lacks advanced SEO optimization and accessibility features. From a security perspective, the site uses HTTPS but lacks security headers and published security policies. No privacy or cookie policies are present, and no contact information is provided, which limits compliance with GDPR and other privacy regulations. No vulnerability disclosure or incident response information is available. The domain registration is transparent and consistent with the website's purpose, supporting legitimacy. Overall, the website is safe, with no adult or explicit content detected. The content quality and business credibility are good, but privacy compliance and security posture need improvement. Strategic recommendations include implementing privacy and cookie policies, adding security headers, publishing a vulnerability disclosure policy, and enhancing accessibility and SEO.

P

Privacy service provided by Withheld for Privacy ehf

wikipesija.org

41

Wikipesija is a niche community-driven wiki platform focused on the toki pona language, providing an open content knowledge base for speakers and learners. The website operates on the MediaWiki platform and hosts over 3,000 pages, emphasizing educational and cultural content. The technical infrastructure is basic but functional, with moderate performance and limited mobile optimization. Security posture is minimal, lacking advanced security headers and published policies, and the domain uses privacy protection services typical for small community projects. Overall, the site is safe, trustworthy, and serves a specialized audience with no commercial intent or advertising.

The website 'lipamanka.gay' is a personal site primarily focused on sharing essays, stories, and linguistic resources related to the creator's interests. It is a small-scale, niche site without commercial intent or business contact information. The site is hosted likely on GitHub Pages with domain registration through NameCheap, protected by privacy services. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript, with minimal external dependencies. Analytics are implemented via GoatCounter, providing lightweight user tracking without aggressive data collection. From a security perspective, the site uses HTTPS and has domain transfer protection enabled, but lacks DNSSEC and security headers, which could be improved to enhance security posture. There are no privacy or cookie policies, nor terms of service, which limits compliance with GDPR and other privacy regulations. No contact or incident response information is provided, reducing transparency and trustworthiness from a security standpoint. Overall, the site is safe for general audiences, containing no adult or explicit content. The domain registration is recent and privacy protected, appropriate for a personal website. The lack of business information and policies limits the site's credibility and compliance maturity. Strategic improvements in security headers, privacy disclosures, and contact transparency would enhance trust and compliance.

P

Private Registry Authority

ranaseme.org

43

The website 'ranaseme.org' serves as a cultural and linguistic resource focused on the choral libretto 'suno sama', supporting multiple constructed and minority languages such as Esperanto, Tokipona, and Guosa. It targets linguistic communities and enthusiasts, offering free downloadable content and promoting international language collaboration. The site is small-scale, non-commercial, and community-oriented. Technically, it uses modern frontend technologies like Bootstrap and Google Fonts, hosted by Dreamscape Networks. However, the domain WHOIS data shows an anomalous future creation date and uses privacy protection, which slightly reduces trustworthiness. Security posture is minimal with no visible security headers or policies, and privacy compliance is lacking due to absence of privacy or cookie policies. Overall, the site is safe, educational, and accessible but would benefit from improved transparency and security practices.

P

pona.la: a domain for Toki Pona

pona.la

59

pona.la is a niche community website dedicated to hosting and curating projects related to the constructed language Toki Pona. It serves as a hub for educational resources, community news, cultural events, and creative contests, targeting enthusiasts and speakers of Toki Pona. The site leverages modern web technologies such as the Astro framework and uses privacy-conscious analytics via GoatCounter. The domain is relatively new, registered in 2022, and shows consistent registration data with no suspicious indicators. Security posture is adequate with HTTPS enabled and domain transfer protections, but lacks advanced security headers and DNSSEC. Privacy compliance is limited due to absence of privacy and cookie policies. Overall, the website is safe, well-structured, and serves its community effectively, though improvements in compliance and security practices are recommended.

P

Private Registry Authority

sunosama.org

43

The website sunosama.org represents a niche cultural and linguistic community project focused on international choirbooks supporting languages such as Esperanto, Guosa, and Tokipona. It provides free downloadable choirbook PDFs and promotes collaboration among language communities. The site is small-scale and non-commercial, targeting enthusiasts and speakers of these constructed and minority languages. Technically, the site uses modern frontend technologies like Bootstrap and Google Fonts, hosted on Vodien infrastructure. However, it lacks advanced SEO, accessibility features, and comprehensive privacy or security policies. Security posture is minimal with no DNSSEC and no visible security headers. The WHOIS data shows privacy protection but contains a suspicious domain creation date in the future, which reduces trust. Overall, the site is safe, with no adult or malicious content detected, but lacks business transparency and compliance documentation.

K

Kitty Cat

kitty.social

57

Kitty.social is a niche social networking platform focused on cat enthusiasts, including neko and furry communities, operating within the fediverse ecosystem. The platform offers a cozy, community-driven space for users to share content and interact, leveraging the Misskey software framework. The business model centers on providing a specialized social experience rather than commercial services, targeting a small but dedicated audience. Technically, the website employs modern JavaScript tooling with Vite and Misskey 2025.2.1, ensuring a contemporary and responsive user experience. The site uses HTTPS with reCAPTCHA integration to prevent bot registrations, and media proxying enhances user privacy. However, some standard security headers are missing, and no privacy or cookie policies are published, which limits compliance maturity. From a security perspective, the platform demonstrates good baseline practices such as HTTPS enforcement and bot mitigation but lacks comprehensive security policies and incident response contacts. No vulnerabilities or exposed sensitive data were detected. The absence of privacy and cookie policies is a notable compliance gap, especially for GDPR considerations. Overall, Kitty.social presents a well-implemented niche social platform with good technical foundations and a safe content environment. To enhance trust and compliance, the site should publish privacy and cookie policies, implement security headers, and provide incident response information. These steps will improve user confidence and regulatory adherence.

The website 'noololly.studio' is a personal portfolio site primarily showcasing a software project named 'Uno'. The site is minimalistic and informal, targeting a general audience likely familiar with the site owner. The business model is non-commercial, focusing on personal project display rather than a formal business offering. The domain registration data is inconsistent, showing a future creation date which undermines trust and raises questions about data accuracy or legitimacy. Technically, the site uses basic HTML, CSS, and minimal JavaScript with no detected CMS or advanced frameworks. Hosting appears to be via Name.com based on WHOIS data. Security posture is weak with no security headers, no DNSSEC, and no privacy or cookie policies. No contact information or incident response details are provided, limiting trust and compliance. Overall, the site is low risk but lacks professional security and privacy practices.

T

tnixc.space

tnixc.space

56

The website tnixc.space appears to be a small personal or portfolio site created recently in 2023. It is built using modern web technologies such as Astro and Tailwind CSS, hosted on Vercel, and includes minimal content primarily serving as an index or landing page. The site has a clean and responsive design with good navigation and performance characteristics. However, it lacks critical compliance elements such as privacy and cookie policies, terms of service, and contact information, which limits its business credibility and privacy compliance maturity. Security posture is moderate with HTTPS enabled but no DNSSEC or security headers detected. Analytics are implemented via Umami, indicating minimal user tracking. Overall, the site is safe for general audiences with no adult or explicit content detected.

The website duanin2.top currently presents no accessible content beyond an empty HTML skeleton. There is no metadata, no visible text, no forms, no contact information, and no business-related content. The domain is registered with HOSTINGER operations, UAB, with privacy protection enabled, and uses Cloudflare DNS servers. The domain age is approximately one year, consistent with a newly created or placeholder site. Due to the lack of content and contact details, the website does not provide any meaningful business information or user engagement opportunities. From a technical perspective, the site lacks any detectable technologies, scripts, or frameworks. There is no evidence of HTTPS or security headers, which are critical for secure web operations. The absence of privacy, cookie, or terms of service policies indicates non-compliance with common data protection regulations such as GDPR. No analytics or tracking mechanisms are present, suggesting minimal or no user data collection. Security posture is weak due to the absence of HTTPS and security headers, and no incident response or vulnerability disclosure information is available. The domain registration is privacy protected, which is common for small or new sites but reduces transparency. No suspicious patterns were detected, but the overall trustworthiness is low given the lack of content and business information. Overall, the website appears to be inactive or a placeholder with no substantive content or business presence. Strategic recommendations include implementing HTTPS, adding essential security headers, publishing privacy and cookie policies, providing clear contact information, and developing meaningful website content to improve trust, compliance, and user engagement.

The website zacharykai.net currently serves a bot verification page employing Google reCAPTCHA invisible to prevent automated access. This indicates a security mechanism or WAF challenge blocking direct content access, limiting visibility into the actual business or service offered. The domain is newly registered in early 2024 via NameCheap without privacy protection, suggesting transparency but also a nascent online presence. No business, contact, or policy information is publicly accessible on the landing page, and no SEO or analytics technologies are detected beyond the reCAPTCHA scripts. The security posture shows basic use of CAPTCHA but lacks DNSSEC and security headers, and HTTPS status is unknown from the provided data. Overall, the site is in an early stage with minimal content and limited trust signals, resulting in a low AI score primarily due to access restrictions and lack of business information.

J

Jan's Website

jan-osing.de

57

Jan's website is a personal portfolio and social presence site for a young developer from Germany. It focuses on personal interests such as gaming, anime, open source software, and Linux distributions. The site is simple, well-structured, and provides links to various social and community platforms. The technical infrastructure is basic, relying on static HTML and CSS with Cloudflare DNS services. There is no evidence of advanced frameworks or CMS usage. Security posture is minimal with no visible security headers or policies, but no critical vulnerabilities or malicious content were detected. Privacy compliance is lacking as no privacy or cookie policies are present. Overall, the site is low risk but would benefit from improved security and compliance documentation.

S

Saahil

saahild.com

45

Saahild.com is a personal website owned by an individual named Saahil, currently under redevelopment. The site primarily serves as a personal portfolio or presence with minimal content and a link to a retro version of the site. The domain is relatively new, created in 2022, and hosted via Cloudflare with modern frontend technologies such as React and Animate.css. The site lacks comprehensive business information, privacy policies, or contact details, indicating it is not a commercial enterprise but rather a personal project. Technically, the site is moderately optimized with good mobile responsiveness but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but missing DNSSEC and security headers. No analytics or tracking scripts are present, reflecting a privacy-conscious or minimalistic approach. Overall, the site is safe, with no adult or explicit content detected.

M

MultiSport Australia

multisportaustralia.com.au

64

MultiSport Australia is a specialized sports timing service provider focused on delivering timing and tracking solutions for races and sporting events primarily within Australia. The company targets race organizers and participants, offering services such as race timing, a tracking app, and race postcards. The website is professionally designed, mobile-optimized, and provides clear navigation to key services and event listings. Technically, the site uses a modern tech stack including Bootstrap, jQuery, and various UI plugins, hosted on a CDN-backed infrastructure ensuring moderate performance and good user experience. Security posture is adequate with HTTPS enforced and no visible vulnerabilities, though the absence of security headers and cookie consent mechanisms indicates room for improvement. WHOIS data is limited due to auDA privacy policies, but the domain and website content appear legitimate and consistent with the business purpose. Overall, the website demonstrates a solid digital presence with moderate risk and good business credibility.

M

My Atlas Events

myatlasevents.com.au

59

My Atlas Events is a medium-sized Australian event management company specializing in organizing mass participation running festivals, marathons, triathlons, and multisport events. The company positions itself as a premium event organizer with a strong community and charity focus, having raised significant funds for local causes. The website reflects a professional and consistent brand image, targeting runners, athletes, sponsors, and community members interested in sports events. Technically, the site is built on WordPress using Oxygen Builder, with integrations such as Google Analytics and Cloudflare DNS services, indicating a modern and moderately optimized digital infrastructure. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and formal security policies. Privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms. Overall, the site is trustworthy and professional but would benefit from enhanced privacy and security practices.

The website micenest.xyz represents a nascent creative collective or idea incubation platform with minimal current content. The site serves primarily as a placeholder with a unique custom font and a promise of future content additions by 2025. The business behind the domain is registered under a privacy-protected entity, Private by Design, LLC, based in the US, consistent with the early-stage nature of the project. The lack of detailed business information, contact details, or policies indicates the site is not yet fully operational or publicly mature. From a technical perspective, the website employs basic HTML and CSS with a custom font and minimal external dependencies. Hosting is provided by Porkbun, LLC, the domain registrar. There is no evidence of advanced frameworks, CMS, or analytics tools. Performance and mobile optimization are basic but functional. SEO and accessibility features are minimal, reflecting the placeholder status. Security posture is limited; no security headers or DNSSEC are enabled, and no privacy or cookie policies are present. The domain uses privacy protection, which is reasonable for the business type and stage. No vulnerabilities or malicious indicators were detected. Overall, the site is safe but lacks maturity in security and compliance. The overall risk is low given the minimal content and no sensitive data handling. Strategic recommendations include implementing security best practices, adding privacy and cookie policies, and providing contact and incident response information to improve trust and compliance as the site develops.

The Catppuccin Webring is a community-driven website that aggregates links to various personal and developer websites themed around the Catppuccin aesthetic. It serves as a niche platform for enthusiasts and developers to connect and share their sites. The website is simple, primarily built with HTML and CSS, and uses the ringfairy framework to manage the webring functionality. There is no indication of commercial activity or a formal business entity behind the site. From a technical perspective, the site is lightweight and performs well with good mobile optimization and basic accessibility. However, it lacks advanced SEO features and does not implement security best practices such as HTTPS enforcement or security headers. No analytics or tracking technologies are present, indicating a privacy-conscious or minimalistic approach. Security posture is minimal; no security policies, incident response contacts, or vulnerability disclosures are provided. The absence of HTTPS confirmation and security headers lowers the security score. Privacy compliance is also lacking, with no privacy or cookie policies found. The site does not collect user data via forms or other means, reducing privacy risks but also limiting engagement. Overall, the site is safe and appropriate for general audiences, with no adult or explicit content detected. The lack of business information and policies suggests it is a hobbyist or community project rather than a commercial enterprise. Strategic recommendations include implementing HTTPS, adding privacy and cookie policies, and improving security headers to enhance trust and compliance.

D

Depositor Control Panel

depositorcontrol.com

64

DepositorControl.com appears to be a web-based control panel application, likely serving internal or registered users rather than the general public. The website uses modern Angular framework technology and is hosted on Amazon AWS infrastructure, indicating a moderate level of technical maturity. The presence of Google Analytics and Google Tag Manager scripts shows some level of user tracking and marketing analytics integration. However, the public-facing content is minimal, with no visible business descriptions, contact information, or legal policies such as privacy or cookie policies. Security posture is moderate with HTTPS enabled and domain transfer protections in place, but lacks DNSSEC and security headers which are recommended for enhanced protection. Overall, the site appears legitimate with a domain age of over a decade, but lacks transparency and compliance features expected for public-facing business websites.

P

Private by Design, LLC

fedi.gay

39

The website at fedi.gay is a minimal, non-commercial site containing only a literary poem themed on Elven lore from Tolkien's universe. There is no business description, contact information, or commercial content. The domain is registered to Private by Design, LLC, a US-based entity, but the website content does not reflect any business operations or services. The domain WHOIS data is suspicious due to a future creation date, which raises concerns about legitimacy. Technically, the site uses basic HTML and CSS with no advanced frameworks or scripts detected. There are no privacy, cookie, or terms of service policies, and no contact or incident response information is provided. Security posture is weak with no DNSSEC, no security headers, and unknown SSL status. Overall, the site appears to be a placeholder or personal page rather than a professional business site.

S

Stalwart Management

chpu.eu

42

The website 'Stalwart Management' appears to be a minimalistic login portal with no publicly available business description or contact information. The site uses modern web technologies such as WebAssembly and JavaScript ES modules, indicating a contemporary technical infrastructure. However, the lack of visible content beyond the login form limits the ability to fully assess the business model or market position. Security posture is moderate with HTTPS assumed but no explicit security headers or policies detected. Privacy compliance is lacking due to absence of privacy and cookie policies. Overall, the site presents a basic professional appearance but requires enhancements in transparency, security, and compliance to improve trustworthiness and user confidence.

P

Private by Design, LLC

symtrkl.gay

44

The website symtrkl.gay is a personal portfolio and creative hub for Jennifer (SymTrkl), a transfeminine artist and writer based in the United States. The site showcases her work in illustration, web design, FPV drone piloting, and writing, with links to various social media and creative platforms. The business model centers on personal branding, commissions, and community support through platforms like Ko-Fi and Patreon. The site targets a general audience with a mature content segment including erotica and adult social media links. Technically, the site is built with standard HTML, CSS, and JavaScript, hosted via Porkbun with domain privacy protection. The site is moderately optimized for mobile and performance but lacks advanced SEO and accessibility features. No CMS or major frameworks are detected, indicating a custom or static site approach. From a security perspective, the domain uses registrar locks to prevent unauthorized changes but lacks DNSSEC and security headers. There is no visible HTTPS enforcement information, no privacy or cookie policies, and no incident response contacts. The site does not use analytics or tracking scripts, minimizing privacy risks but also limiting business intelligence. Overall, the site is legitimate and consistent with a personal creative portfolio but would benefit from improved security practices, privacy compliance, and clearer contact information to enhance trust and professionalism.

S

🌸 Lily's Moon Garden 🌸

sapphicyearn.ing

48

The website 'Lily's Moon Garden' is a personal hobby site currently under construction, primarily serving as a stable host for a small 88x31 button image. The site is minimalistic with basic HTML and CSS, no dynamic content or forms, and no evident business operations. The owner appears to be an individual named Lily, with a personal Mastodon social link provided. The site content is safe, non-commercial, and targeted at a general audience. Technically, the site uses simple static web technologies with no detected CMS or advanced frameworks. There is no evidence of HTTPS or security headers, and no privacy or cookie policies are present, indicating a low level of privacy compliance and security posture. The domain WHOIS is privacy protected, which is reasonable for a personal site. Overall, the site has a basic design and limited content, with room for improvement in security and compliance.

The website floof.gay is a personal site belonging to an individual named Olivia, serving as a small corner of the internet to share personal interests, social media presence, and blog content. The site is positioned as a personal brand rather than a commercial business, targeting a general audience interested in the author's activities and social links. The site leverages modern web technologies such as Dev.css and web fonts to provide a clean and responsive user experience. The technical infrastructure is straightforward, hosted likely via NameCheap with privacy-protected WHOIS registration, reflecting a typical personal website setup. From a security perspective, the site uses HTTPS and has domain transfer protections enabled, but lacks DNSSEC and security headers, which are recommended for improved security posture. There are no privacy or cookie policies present, and no contact information or forms for data collection, indicating minimal compliance with privacy regulations. No analytics or advertising scripts were detected, suggesting limited tracking and data collection. Overall, the site is safe and appropriate for general audiences, with no adult or questionable content detected. The domain is recently registered and privacy protected, consistent with a personal site. The security posture is moderate but could be improved with additional headers and policies. The site’s business credibility is limited due to its personal nature and lack of formal business information. Strategic recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and considering a security.txt file for vulnerability disclosure to enhance trust and compliance.

The website nekomimi.party currently serves as a minimal placeholder page with very limited content and no clear business description or services. The domain is newly registered in early 2023 and uses Cloudflare as its registrar and hosting provider. There is no evidence of a mature or established business presence, and no contact or policy information is provided on the site. Technically, the site uses basic HTML and CSS with no advanced frameworks or CMS detected. Security posture is minimal with no security headers or DNSSEC enabled, and privacy compliance is absent due to missing policies. Overall, the site appears to be in an early or inactive stage of development with low trustworthiness and limited user engagement potential.

The website citrons.xyz is a personal website belonging to an individual named raven, featuring journal entries, podcasts, galleries, and personal anecdotes. It does not represent a commercial business or organization and lacks formal business information or contact details. The site is modest in technical sophistication, built with basic HTML and CSS, and hosted on Mythic Beasts servers. There is no evidence of advanced frameworks, CMS, or analytics tools. Security posture is minimal with no detected HTTPS or security headers, and no privacy or cookie policies are present, indicating low compliance with modern web security and privacy standards. The domain is privacy protected and registered in 2021, consistent with the personal nature of the site. Overall, the site is safe for general audiences but lacks professional and security maturity.

The website 'mira's site' hosted on twoneis.site is a minimal personal presence site with a friendly and informal tone. It primarily serves as a placeholder with links to social platforms such as the Fediverse and Matrix, and provides a contact email. The site lacks substantive business content, policies, or commercial services, indicating a small-scale personal or community-oriented project. The domain WHOIS data is inconsistent, showing a future creation date and a registrant organization unrelated to the website content, which raises legitimacy concerns. Technically, the site is built with basic HTML and CSS, hosted via Porkbun, LLC. There is no evidence of advanced frameworks, CMS, or analytics tools. The site appears accessible without WAF or blocking mechanisms but lacks HTTPS confirmation and security headers, which weakens its security posture. Privacy and cookie policies are absent, and no forms or data collection mechanisms are present, limiting privacy compliance. Security-wise, the absence of HTTPS and security headers, combined with suspicious WHOIS data, lowers the trustworthiness and security score. No vulnerabilities or malware indicators were detected, but the site would benefit from implementing standard security best practices and compliance policies. Overall, the site is low risk but also low maturity in business and security terms. Strategic improvements in security, privacy compliance, and domain legitimacy verification are recommended to enhance trust and professionalism.

Chloe's Website is a personal and community-focused site that provides links to a blog, gallery, donation page, and visitor information. The site also features numerous external links to related personal and community websites, many of which reflect LGBTQ+ and transgender/non-binary themes. The website appears to serve as a hub for personal expression and community engagement rather than a commercial business. Technically, the site is built with straightforward HTML and CSS, validated by W3C badges, and hosted under a domain registered with Porkbun, LLC. However, the WHOIS data shows a suspicious future creation date, which raises concerns about the accuracy or legitimacy of the domain registration information. Security posture is minimal, with no detected security headers or privacy policies, and no analytics or tracking services are present, indicating a privacy-conscious but basic security setup. Overall, the site is safe for general audiences and provides a good user experience with clear navigation and consistent branding, but lacks formal business and compliance information.

A

Amy

amy.rip

47

Amy.rip is a personal website representing an individual named Amy, who identifies as a programmer and content creator sharing humorous and personal content. The site includes a link tree to a Git repository and integrates Discord OAuth2 for user reviews, indicating some community engagement. The website is small-scale, with a niche audience primarily composed of friends or followers interested in Amy's personal projects and content. Technically, the site uses modern JavaScript modules and React framework, suggesting a contemporary development approach, though performance and accessibility are basic. Security posture is minimal with no detected security headers or privacy policies, and no contact information is provided, limiting trust and compliance. The domain is privacy protected, which aligns with the personal nature of the site. Overall, the site is functional but lacks professional business features and security best practices.

G

Gen's Website

genshibe.ca

52

Gen's Website is a personal, non-commercial site run by an individual known as Gen, who self-identifies as a catgirl. The site serves as a personal homepage with minimal content, linking to related personal and community sites such as potatoe.ca and the Catppuccin Webring. The website does not represent a formal business entity and lacks professional business information or commercial services. Technically, the site is built with basic HTML and CSS, is mobile responsive, and includes some meta tags for social media previews. However, it lacks modern security features such as HTTPS and security headers, and no privacy or cookie policies are present. The WHOIS data for the domain is missing, raising questions about domain registration legitimacy. Overall, the site is a simple personal blog with limited technical sophistication and minimal security posture.

The website ww2.freshthyme.com is currently inaccessible due to a Cloudflare security block, which prevents any meaningful content or business information from being retrieved or analyzed. The WHOIS lookup for this subdomain failed, indicating that it may not be registered independently or is protected by privacy measures, which raises questions about the legitimacy or configuration of this subdomain. Without access to the actual website content, no metadata, structured data, or contact information could be extracted. The technical infrastructure appears to rely on Cloudflare for security and hosting, but no further details are available. The security posture cannot be properly assessed due to the block, but the absence of visible security headers and policies is a concern. Overall, the risk assessment is high due to lack of transparency and accessibility.

C

City-Bay Fun Run

city-bay.org.au

53

The City-Bay Fun Run website serves as an informational and registration platform for a community running event held in Adelaide, Australia. It targets fitness enthusiasts and the general public interested in participating in various race distances. The site is built on WordPress and integrates standard marketing and analytics tools such as Google Analytics, Google Tag Manager, and Facebook Pixel, indicating a moderate level of digital maturity. The design is professional and mobile-optimized, providing a good user experience. However, the absence of explicit privacy and cookie policies, as well as contact information, highlights gaps in privacy compliance and user trust facilitation. Security posture is adequate with HTTPS enabled but lacks advanced security headers and DNSSEC, which could be improved to enhance protection. Overall, the website is legitimate and consistent with its business purpose but would benefit from enhanced privacy and security practices to align with best practices and regulatory requirements.

S

Sole Motive

runmelbourne.com.au

56

Run Melbourne is a well-established Australian running event organizer managed by Sole Motive, a family-owned business founded in 1980. The website promotes multiple running events including a Half Marathon, 10K, and 5.5K races, with a strong emphasis on charity fundraising. The event has a solid market position with a history of raising over $20 million for charities, targeting runners and community participants in Melbourne. The website content is professionally presented, with clear navigation and relevant event information, supporting a positive user experience.

T

TCS Sydney Marathon | Run Sydney’s Iconic Marathon

tcssydneymarathon.com

56

The website www.tcssydneymarathon.com represents an event-focused platform for the TC Sydney Marathon, likely targeting runners and sports enthusiasts interested in marathon participation. The site is built on the Wix platform, leveraging Wix's hosting and content management capabilities. The technical infrastructure is standard for Wix sites, including JavaScript libraries and tracking tools such as Google Analytics and Facebook Pixel. However, the absence of WHOIS registration data raises concerns about domain legitimacy and registration status. Security posture is basic with HTTPS enabled but lacking advanced security headers and policies. Privacy compliance is minimal with no visible privacy or cookie policies, and no contact information is provided, which impacts business credibility. Overall, the site serves its informational purpose but requires improvements in transparency, security, and compliance to enhance trust and professionalism.

I

IRONMAN

ironman.com

65

IRONMAN is a globally recognized brand specializing in organizing world-class triathlon events and providing training resources for athletes. The website serves as a comprehensive platform for race information, athlete community engagement, and merchandise sales. The brand holds a strong market position as a leader in triathlon sports, targeting athletes and enthusiasts worldwide. Technically, the website is built on Drupal 10, leveraging modern web technologies and third-party services such as Google Tag Manager and Cloudflare Zaraz for analytics and performance. The site is well-optimized for mobile and accessibility, with good SEO practices in place. Security posture is strong with HTTPS enforcement and security headers, though there is room for improvement in publishing explicit privacy policies and incident response contacts. Overall, the website is professional, trustworthy, and content-rich, but the absence of publicly available WHOIS data slightly reduces domain trustworthiness. Strategic recommendations include enhancing privacy disclosures, publishing security policies, and providing clear contact information for security incidents.

T

The Forest

theforest.link

51

The Forest website is a small-scale creative project launched in 2021, designed to offer users an unpredictable and exploratory web experience. It encourages users to 'walk the forest' of the internet and includes a link to a tree planting initiative, reflecting a creative and environmentally conscious theme. The site is simple, with minimal content and no commercial business model or extensive services. Technically, the site uses modern HTML5 and CSS3 with custom variable fonts and is hosted on Hover.com. It is mobile-optimized and performs well with a clean, consistent design. Security posture is basic; the domain is privacy protected and has domain status flags to prevent unauthorized changes, but lacks DNSSEC and security headers. No privacy or cookie policies are present, and no contact or incident response information is provided, limiting compliance and trust signals. Overall, the site is safe, free of adult or questionable content, and accessible without WAF or blocking mechanisms.

M

Minimalism Life

minimalism.com

52

Minimalism.com is a well-established lifestyle brand focused on promoting minimalism through content, art, design, and e-commerce. Founded in 2003, it targets a general audience interested in simplifying life and sustainable design. The website offers diverse content including a journal, projects, and a shop, supported by a newsletter with over 40,000 subscribers. The brand maintains a consistent and professional online presence with active social media channels. Technically, the site uses standard web technologies with moderate performance and good mobile optimization but lacks advanced CMS or frameworks indications. Security posture is basic with HTTPS enabled but missing key security headers and DNSSEC. Privacy compliance is partial with a privacy policy present but no cookie consent mechanism or GDPR indicators. Contact information is limited to a general email and newsletter form, with no phone or physical address provided. Overall, the site is trustworthy and professionally maintained but could improve security and privacy practices.

F

FormFeelingFunction®

formfeelingfunction.com

54

FormFeelingFunction® is a newly established creative lab specializing in digital and analog product design, architectural and interior design websites, and branded merchandise. Led by Carl Barenbrug and Manu Moreale, the company emphasizes simplicity, taste, and purpose, targeting creative professionals and design enthusiasts. The business operates a small-scale e-commerce platform integrated via Shopify Buy Button, offering products such as apparel, wallpapers, and desk accessories. The website reflects a consistent and professional brand identity with good design quality and user experience. Technically, the website employs modern web standards including HTML5, CSS3, and JavaScript, with Shopify integration for commerce. Hosting is managed via Hover, and the site uses HTTPS for secure content delivery. However, there is a lack of advanced security headers and no DNSSEC enabled, which are areas for improvement. The site is mobile optimized and performs moderately well, though accessibility and SEO optimizations are basic. From a security perspective, the site lacks published privacy and cookie policies, which impacts GDPR compliance and user trust. No incident response or vulnerability disclosure information is provided. The domain is newly registered with Tucows Domains Inc., with protective domain status flags, indicating legitimate registration consistent with the business profile. No WAF or blocking mechanisms are detected, and content is safe for general audiences. Overall, the website scores moderately well in content quality and business credibility but requires enhancements in privacy compliance and security posture to improve trust and regulatory adherence.

The website we-saas.com currently displays only a minimal placeholder message indicating that the domain or subdomain is not configured on the server. This suggests the site is either under development or improperly configured. The domain is registered with GoDaddy.com, LLC since December 2021 and is set to expire in December 2025. DNS is managed via Cloudflare, but DNSSEC is not enabled. There is no accessible website content, metadata, or business information to analyze. Consequently, the technical infrastructure appears minimal with no visible CMS, frameworks, or analytics tools in use. Security posture is limited to basic SSL with no advanced headers or policies detected. Privacy and compliance documentation are absent. Overall, the site lacks content and operational presence, resulting in a low trust and quality rating.