Other security reports

Fundacja Trans-Fuzja is a Polish non-profit organization dedicated to supporting transgender, non-binary, intersex, and gender non-conforming individuals through advocacy, psychological and legal support, and education. Established in 2008, it is the first organization of its kind in Poland and operates primarily as a community-driven foundation. The website is hosted on Google Sites, leveraging Google Fonts and APIs, providing a moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced, but lacks advanced security headers and formal privacy or cookie policies. WHOIS data is unavailable, limiting domain trust verification. Overall, the site presents a professional and trustworthy front for a small non-profit entity focused on social advocacy.

A

Adhvai Deepak Menon

adhvai.com

64

The website represents a personal portfolio for Adhvai Deepak Menon, a student with interests and talents in art, poetry, writing, philosophy, and athletics. The site is hosted on Google Sites, leveraging Google's infrastructure and fonts, indicating a basic but reliable technical foundation. The content is well-structured and relevant to the individual's personal branding but lacks comprehensive business or organizational information. Security posture is adequate with HTTPS enabled, but the absence of security headers and privacy policies limits compliance and trust. The domain WHOIS data is unavailable, which raises questions about domain registration legitimacy, although the site content is accessible and benign. Overall, the site serves as a personal showcase rather than a commercial business platform.

S

Souper's site

souper.dev

52

The website souper.dev is currently under construction and contains minimal content, primarily a placeholder message indicating development status. The site uses modern web technologies such as React and Next.js, indicating a contemporary technical infrastructure, but lacks substantive content, business information, or user engagement features. There are no visible security policies, privacy statements, or contact details, which limits trust and credibility. The absence of HTTPS and security headers further weakens the security posture. Overall, the site is in an early stage of development with significant gaps in compliance, security, and content quality.

J

joinfreedomacademy.com

joinfreedomacademy.com

36

The website ww1.joinfreedomacademy.com appears to be a parked domain with minimal content primarily consisting of advertisements served via Google Adsense and Bodis. There is no substantive business information, contact details, or services described on the site. The domain WHOIS query returned no registration data, indicating the domain is either unregistered or parked, which undermines the legitimacy of any business claims. Technically, the site uses basic HTML, CSS, and JavaScript with no advanced frameworks or CMS detected. Security posture is weak due to lack of HTTPS and absence of security headers. Privacy compliance is minimal with only basic privacy and legal pages present but no cookie consent or GDPR indicators. Overall, the site lacks professionalism and trustworthiness, posing a low risk but also offering no business value or credible presence.

The website imeesa.com appears to be a personal homepage primarily serving as a hub for social links and community participation, such as a webring. The site does not represent a formal business entity and lacks detailed business information or commercial services. The content is minimal and focused on personal contact and community connections. Technically, the site is simple, built with basic HTML and CSS, hosted via Cloudflare, and does not employ advanced frameworks or CMS platforms. Mobile optimization and accessibility are basic but functional. Security posture is moderate due to HTTPS via Cloudflare and domain transfer protection, but lacks DNSSEC and security headers. No privacy or cookie policies are present, indicating low compliance with privacy regulations. The WHOIS data shows an anomalous domain creation date in the future, which reduces trust in domain legitimacy. Overall, the site is safe for general audiences with no adult or explicit content detected.

Squarebowl.club is a small personal blog website created in late 2022, focusing on computer-related topics and personal interests such as chicken. The site is built using the Hugo static site generator and presents basic content with minimal design and navigation features. The technical infrastructure is simple, with no detected CMS beyond Hugo, and no advanced frameworks or analytics tools in use. Hosting details are not explicitly disclosed, but DNS is managed via desec.io and desec.org name servers. Security posture is minimal, with no security headers detected and DNSSEC not enabled. The domain registration is privacy protected, which is consistent with the personal nature of the site. No privacy, cookie, or terms of service policies are published, and no contact information is provided, limiting compliance and trust indicators. Overall, the site is safe with no adult or explicit content, but lacks professional security and privacy practices.

P

Private by Design, LLC

critters.gay

61

Critters.gay is a niche social media platform targeting the 'critters' community, offering a small, focused alternative to mainstream social media. The platform is built on the Sharkey software and hosted with Cloudflare DNS services, reflecting a modern but minimalistic technical infrastructure. The website content is accessible and well-branded, with consistent theming and a clear community focus. However, it lacks formal privacy and cookie policies, which are important for compliance and user trust. Security posture is moderate, with domain registration protections in place but missing DNSSEC and security headers. Overall, the site is safe for general audiences and does not contain adult or explicit content.

L

Lunchbox Agency

lunchboxagencyinc.com

55

Lunchbox Agency is a small, Australia-based creative marketing and brand agency specializing in brand identity, website design, social media management, and event solutions. The company targets business founders and organizations seeking integrated marketing services with a focus on creative direction and storytelling. The website is built on the Squarespace platform, featuring professional design and good mobile optimization, but lacks comprehensive privacy and security policies. Security posture is moderate with HTTPS enabled but missing DNSSEC and security headers. Contact information is limited to a physical address in California and an Instagram profile, with no email or phone contacts provided. Overall, the website presents a professional image but would benefit from enhanced privacy compliance and security practices.

P

Private by Design, LLC

rez.bio

54

rez.bio is a small, informal personal or community website operated under the privacy-focused registrant Private by Design, LLC. The site features playful content including ASCII art, friend links, and a Discord user link, but lacks formal business descriptions or commercial services. Technically, the site is built using the modern SvelteKit framework and uses Cloudflare for DNS, indicating a contemporary but minimal infrastructure. Security posture is basic with no DNSSEC or security headers detected, and no privacy or cookie policies published, which limits compliance and trust. Overall, the site is safe with no adult or explicit content, but lacks business credibility and formal security or privacy measures.

The website at puzzle.com is currently inaccessible, returning only a minimal 'Bad Request' message with no meaningful content or metadata. The domain is long-standing, registered since 1992 with Key-Systems GmbH, and uses Cloudflare DNS servers, indicating a legitimate registration and hosting setup. However, the presence of Cloudflare nameservers combined with the minimal HTML response suggests that the site is behind a Web Application Firewall or security mechanism that is blocking access or filtering requests. Due to this, no business information, privacy policies, or contact details are available for analysis. From a technical perspective, the site appears to be protected by Cloudflare, but no further details on technology stack, CMS, or performance can be determined. The lack of security headers and absence of SSL configuration details in the provided data limit the ability to assess the security posture fully. The domain's WHOIS data shows multiple domain status locks, which is a positive indicator against unauthorized domain transfers. Security-wise, the site currently lacks visible security best practices such as security headers or incident response contact information. The absence of privacy and cookie policies also indicates non-compliance with GDPR and related regulations. Overall, the site scores very low on content quality, technical implementation, security posture, privacy compliance, and business credibility due to the lack of accessible content and policies. Strategically, it is recommended to resolve the access issues to allow proper content delivery and policy disclosures. Implementing security headers, enabling DNSSEC, and publishing privacy and cookie policies will improve compliance and trust. Adding clear contact and incident response information will enhance transparency and security readiness.

The website sehta.co.uk currently presents only a security verification page employing Google reCAPTCHA v3 to prevent automated access. No substantive business content, contact information, or policies are accessible, indicating that the main site content is blocked behind this verification mechanism. The domain is well-established, registered since 2006 with EuroSolve Ltd, suggesting legitimacy and consistency in registration data. However, the lack of accessible content limits the ability to assess the company's business model, services, or compliance posture. Technically, the site uses modern Bootstrap CSS and JavaScript frameworks and integrates Google reCAPTCHA for bot mitigation, but no further security headers or HTTPS confirmation were observed in the provided data. Privacy and cookie policies are absent, and no contact or business details are visible, which negatively impacts trust and compliance assessments.

The website www.scan.co.uk is currently inaccessible beyond a Cloudflare Turnstile security challenge page, which prevents direct content access and analysis. The domain WHOIS lookup failed with an error indicating the domain name contains too many parts and cannot be registered, resulting in no registrar or registrant data available. Due to these access restrictions, no business information, contact details, or privacy policies are visible. The site is hosted behind Cloudflare's security infrastructure, indicating a focus on protection but limiting external analysis. The security posture cannot be fully assessed, but the presence of Cloudflare WAF and Turnstile captcha suggests a baseline security mechanism is in place. Overall, the site quality and trustworthiness are low due to lack of accessible content and missing transparency information.

S

spax.zone

spax.zone

64

The website spax.zone is a personal hobby site maintained by an individual known as Spax, also referred to as Claire and Nahua. It serves as a personal blog and social hub linking to various social media platforms and community webrings. The site content is informal and community-focused, with no commercial business model or corporate presence. The site is hosted behind Cloudflare, ensuring HTTPS and basic security protections. The technical infrastructure is simple, relying on standard HTML, CSS, and JavaScript, with no CMS detected. Security posture is adequate for a personal site, with no visible vulnerabilities or sensitive data exposure. However, the site lacks formal privacy, cookie, and terms of service policies, which impacts compliance and trust. Overall, the site is safe, with no adult or explicit content, targeting a general audience interested in personal blogs and social communities.

B

Bambosh Internet Website

bambosh.dev

57

The website bambosh.dev serves as a personal online presence for an individual known as Bambosh, providing links to their projects, social media profiles, and a donation channel via PayPal. The site is minimalistic, primarily informational, and targets a general audience interested in the individual's work or online persona. The business model is personal branding and community engagement rather than commercial enterprise. Technically, the site is built with basic HTML and CSS, enhanced with Font Awesome icons, and hosted on GitHub Pages, indicating a lightweight and fast-loading infrastructure with good mobile optimization but limited advanced features or frameworks. Security posture is minimal; no HTTPS status was explicitly provided, no security headers or policies are present, and no forms or data collection mechanisms exist, reducing the attack surface but also limiting user interaction. Privacy and compliance measures are absent, with no privacy or cookie policies, and no contact information for incident response or data protection officers. Overall, the site is low risk but lacks professional security and compliance maturity. Strategic improvements in security headers, privacy policies, and contact transparency are recommended to enhance trust and compliance.

The Association for Computational Heresy operates the SIGBOVIK conference, an annual event celebrating humorous and eclectic computational research inspired by Harry Quechua Bovik. The website serves as a hub for conference proceedings, announcements, and livestreams, targeting academics and enthusiasts in computational humor and parody research. The business model is non-commercial, relying on community participation and optional sales of bound volumes through Lulu.com. Technically, the site uses basic HTML, CSS, and JavaScript with Google Analytics and Tag Manager for tracking. Hosting appears to be affiliated with Carnegie Mellon University, indicated by the nameservers. Security posture is modest, with no DNSSEC, no visible security headers, and no published security or privacy policies. The domain is privacy protected but longstanding and consistent with the conference's history. Overall, the site is functional and trustworthy but lacks modern security and privacy best practices.

The website pyrope.net currently serves as a minimal placeholder with only a simple 'hello, world' message and no substantive content or business information. The domain is registered through Squarespace Domains II LLC and uses Google Cloud DNS name servers, indicating a standard hosting setup. However, the lack of metadata, structured data, or any contact or policy pages limits the site's digital maturity and user engagement potential. From a security perspective, the site lacks essential security headers and DNSSEC is not enabled, which could be improved to enhance security posture. There are no indications of privacy compliance or incident response readiness. Overall, the site appears to be in an early or incomplete stage of development, with low trust and credibility signals.

J

Home | Jorian Woltjer

jorianwoltjer.com

64

Jorian Woltjer's website is a personal portfolio and blog established in 2021, presenting personal content, a blog, and links to a book and open source projects. The site targets a general audience interested in the author's work and writings. Technically, the site uses modern JavaScript technologies including Axum framework and FontAwesome icons, hosted behind Cloudflare DNS with HTTPS enabled, ensuring a secure and performant user experience. The website is well structured with good SEO and mobile optimization but lacks advanced accessibility features. Security posture is moderate with HTTPS and domain transfer protection in place, but missing security headers and privacy policies reduce compliance and security maturity. No contact information or incident response details are provided, limiting business credibility and user trust. Overall, the site is safe, professional, and trustworthy but would benefit from enhanced privacy compliance and security best practices.

T

tufo's site :3

tufo.dev

56

The website tufo.dev is a personal site belonging to an individual known as Tufo or Zoey. It serves as a personal blog and a space to share interests such as programming, cybersecurity, chemistry, and personal projects. The site is informal, with a focus on personal expression rather than commercial activity. The technical infrastructure is simple, using basic HTML, CSS, and JavaScript, with a self-hosted analytics script. There is no evidence of a CMS or advanced frameworks. Security posture is moderate with HTTPS implied but lacking explicit security headers and formal policies. Privacy compliance is minimal, with no privacy or cookie policies present. The site does not collect personal data via forms and has minimal user tracking. Overall, the site is safe, with no adult or explicit content detected, and no WAF or blocking mechanisms present.

F

FusionSid's Website

fusionsid.com

53

FusionSid's Website is a minimal web presence with very limited content and no substantive business information. The site appears to be a personal or small-scale project with no clear business model or market positioning. The technical infrastructure is basic, utilizing JavaScript and Font Awesome icons, and is served behind Cloudflare, which provides some level of hosting and analytics. However, the absence of WHOIS registration data raises significant concerns about domain legitimacy. The security posture is weak, with no visible HTTPS confirmation or security headers, and no privacy or cookie policies are present. Overall, the site lacks essential elements for trust and compliance, resulting in a low-risk profile primarily due to minimal content and no sensitive data exposure.

The website ees4.dev hosts a personal or community-oriented page titled 'imeesa.com' that primarily serves as a hub for social links and participation in a community webring. The site does not present any commercial business information, products, or services. The content is minimal but functional, focusing on personal contact via email and Discord, and linking to various community and personal sites. The technical infrastructure is simple, relying on static HTML and CSS without detectable CMS or advanced frameworks. The site appears moderately optimized for mobile and basic SEO but lacks advanced technical features or performance optimizations. Security posture is weak due to absence of visible HTTPS confirmation, security headers, and no privacy or cookie policies. No incident response or vulnerability disclosure information is present. Overall, the site is safe for general audiences with no adult or explicit content detected. The domain uses privacy protection for WHOIS data, which aligns with the personal nature of the site. The overall risk is low but the site would benefit from improved security and privacy compliance measures.

R

Royal Academy of Engineering

raeng.org.uk

80

The Royal Academy of Engineering is a well-established UK-based charity organization focused on leveraging engineering to promote a sustainable society and an inclusive economy. The website reflects a professional and consistent brand image, targeting engineering professionals, stakeholders, and the general public interested in sustainability and engineering advocacy. The domain age and WHOIS data confirm the organization's legitimacy and long-standing presence since 1997. Technically, the website employs a modern tech stack including Bootstrap, Google Analytics, Hotjar, and Cookiebot for cookie consent management, indicating a mature digital infrastructure. The site is mobile-optimized and accessible, with good SEO practices. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though security headers could be enhanced and explicit security policies published. Privacy compliance is supported by a comprehensive cookie consent mechanism, but explicit privacy and terms of service pages were not found in the provided content. Overall, the website is trustworthy, professional, and secure, with room for improvement in transparency around security policies and incident response.

R

redalpine | empowering game changers | venture capital

redalpine.com

58

The website www.redalpine.com appears to be a Wix-hosted site with minimal accessible content and no visible business or contact information. The absence of WHOIS data and registrant details raises concerns about domain legitimacy and transparency. Technically, the site uses standard Wix scripts and polyfills but lacks advanced SEO, accessibility, and security features. There is no evidence of privacy or cookie policies, nor any forms or data collection mechanisms. The security posture is weak due to missing HTTPS/SSL details and lack of security headers. Overall, the site presents a low trust profile and limited business information, suggesting it may be under development or not fully operational.

The website vepurovk.xyz is currently inaccessible to users due to a Cloudflare Turnstile CAPTCHA challenge page, which blocks direct access to any substantive content. The domain is registered with privacy protection in Russia since 2022, with no visible business or contact information on the site. The website title is generic ('Just a moment...'), and no metadata, privacy policies, or terms of service are present. The technical infrastructure relies on Cloudflare for security and hosting, but no CMS or additional frameworks are detected. The security posture is basic with HTTPS enabled but lacks DNSSEC and security headers. Overall, the site appears to be a placeholder or protected site rather than an active business presence.

The website openvk.su is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block, which prevents access to any substantive content. The domain is registered with BEGET-SU since 2020 and uses Cloudflare nameservers, indicating some level of infrastructure maturity. However, the lack of accessible content, absence of privacy or cookie policies, and no visible contact or business information severely limit the ability to assess the business or security posture. The site appears to be protected against online attacks but at the cost of blocking legitimate access, which impacts trust and usability. Overall, the site’s digital maturity and security posture cannot be fully evaluated due to this blocking mechanism.

C

Call me by my gender

callmebymygender.top

54

The website 'Call me by my gender' is a small educational platform focused on promoting respectful and inclusive language regarding gender identity. It provides detailed explanations on why certain terms like “female” or “male” can be problematic and offers alternatives for respectful communication. The site targets a general audience interested in gender inclusivity and language sensitivity. The business model is informational without commercial transactions or services. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, and Google Fonts. It is hosted with DNS services provided by Cloudflare and uses Plausible Analytics for privacy-conscious visitor tracking. The site is mobile optimized with good SEO practices but lacks advanced accessibility features. Performance is moderate with no CMS detected. From a security perspective, the site uses HTTPS and has domain transfer protections enabled. However, it lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options, which are recommended for enhanced security. There are no privacy or cookie policies present, representing compliance gaps. The domain registration is recent (2023) and privacy protected, which is reasonable for this type of small educational site. Overall, the website is safe, professional, and trustworthy for its niche educational purpose. Key recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and considering a vulnerability disclosure policy to improve security posture and compliance.

Children of Kefentse is a niche fan community website dedicated to the game 'Twilight Sparkle's Secret Shipfic Folder' (TSSSF). It provides various community resources including news, forums, card generators, and databases to support players and fans. The site is small in scale and primarily serves as a hub for engagement and content sharing among enthusiasts. Technically, the website is built using standard web technologies including HTML5, CSS3, JavaScript, and the Foundation framework, hosted on DigitalOcean. It incorporates Google Analytics and Tag Manager for user tracking but lacks advanced SEO and accessibility features. Security-wise, the site uses HTTPS but does not implement DNSSEC or security headers, and lacks formal privacy or cookie policies, indicating room for improvement in compliance and security posture. Overall, the site is functional and trustworthy for its intended audience but would benefit from enhanced privacy and security measures.

The website artsandculture.google.com/opengalleryinfo is a subdomain of Google LLC, serving as an informational page for the Google Arts & Culture Open Gallery tools. It provides users with links to mobile apps on Android and iOS platforms and invites cultural organizations to partner with Google. The site is professionally designed, consistent with Google's branding, and offers high-quality cultural content aggregated from over 2000 museums and archives worldwide. The platform positions itself as a leading digital cultural resource with a broad general audience. Technically, the site leverages modern web technologies including JavaScript and Google Analytics for user interaction tracking. It is hosted on Google's infrastructure, ensuring fast performance and reliable uptime. The site is mobile-optimized and accessible, though some accessibility features could be enhanced. SEO is basic but sufficient for the informational nature of the page. From a security perspective, the site uses HTTPS with excellent SSL configuration. However, explicit security headers such as Content Security Policy and HSTS are not detected on this page, and no cookie consent mechanism is present, which could be improved for compliance and security hardening. No forms or sensitive data collection points are present, reducing attack surface. The WHOIS data for the subdomain is not available, which is expected for a Google subdomain, and the domain is legitimate and trustworthy. Overall, the website demonstrates a strong business credibility and security posture with minor areas for improvement in privacy compliance and security headers. It is safe for general audiences and aligns with Google's standards for digital cultural content delivery.

L

Le collectif du « Conseil du Langage Neutre »

pronoms.fr

30

Pronoms.fr is a French-based, volunteer-driven, open-source project focused on promoting inclusive and non-binary language through examples of personal pronouns and neutral language usage. It offers users the ability to create and share personalized pronoun cards, supports multiple languages, and fosters community engagement through social media and a dedicated queer calendar. The project is positioned as a niche educational and social inclusion resource within the LGBTQ+ community and language activism space. Technically, the website is built using modern frameworks such as Nuxt.js and Vue.js, with integration of Shopify for e-commerce functionalities. It leverages Cloudflare for DNS and possibly CDN services, uses Google Fonts and Font Awesome for UI, and employs Plausible Analytics for privacy-respecting visitor tracking. The site is well-optimized for mobile devices, accessible, and SEO-friendly, reflecting a mature digital infrastructure for a small community project. From a security perspective, Pronoms.fr enforces HTTPS, implements key security headers, and avoids exposing sensitive data. However, it lacks a visible cookie consent mechanism and formal security or incident response policies, which are recommended for compliance and transparency. No vulnerabilities or suspicious activities were detected, indicating a strong security posture for its scale. Overall, Pronoms.fr presents a trustworthy, professional, and community-oriented platform with excellent content quality and technical implementation. Strategic improvements in privacy compliance and formal security documentation would further enhance its credibility and user trust.

R

Ráðið fyri nevtralt mál

fornovn.fo

58

fornøvn.fo is a community-driven, open-source platform dedicated to providing resources and information about non-binary and gender-neutral pronouns and language, primarily targeting the Faroese-speaking community. The project is managed by the collective 'Ráðið fyri nevtralt mál' and offers multilingual support through related domains. It serves as an educational and advocacy tool promoting freedom, respect, and inclusion in language use. The website features personal pronoun cards, a gender-neutral dictionary, cultural text sources, and community engagement tools.

K

Konsilio pri Neŭtrala Lingvo

pronomejo.net

10

Pronomejo.net is a volunteer-driven, open-source project dedicated to promoting gender-neutral and non-binary language through multilingual pronoun resources and personal pronoun cards. The project is positioned as a niche leader in inclusive language tools, targeting individuals interested in gender inclusivity, linguists, and the LGBTQ+ community. The website offers community engagement, terminology resources, and a public API, supported by a small but active team. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, hosted with reputable DNS and registrar services, and integrates Shopify for merchandise. The site demonstrates good performance, mobile optimization, and accessibility. Security posture is solid with HTTPS and domain transfer protections, though DNSSEC is not enabled and explicit security headers are not visible. Privacy compliance is generally good with a privacy policy and terms of service present, but lacks a cookie consent mechanism despite using analytics. Contact information is provided via multiple company emails and social media channels. Overall, the site is trustworthy, professional, and serves its community well.

C

Cooperativa “Consejo de Lenguaje Neutro”

pronombr.es

20

Pronombr.es is a community-driven cooperative project dedicated to promoting inclusive language and the correct use of personal pronouns. It offers educational resources, personalized pronoun cards, and fosters a supportive environment for the queer community and allies. The project is open source and supported by a small but active team, with a strong emphasis on respect, freedom, and inclusivity in language use. Technically, the website is built on modern frameworks such as Nuxt.js and Vue.js, leveraging CDN services for performance and Shopify for merchandise sales. The site is well-optimized for mobile and accessibility, with good SEO practices. Security posture is strong with HTTPS and public key cryptography, though it lacks some formal policies like a security.txt and cookie consent mechanisms. Overall, the site is trustworthy, professional, and serves a niche but important community function.

D

Das „Rat für neutrale Sprache“ Kollektiv

pronomen.net

10

Pronomen.net is a community-driven, multilingual platform dedicated to providing information and resources about non-binary and gender-neutral language, focusing on pronouns and inclusive communication. The website serves a niche audience interested in gender inclusivity and offers tools such as pronoun cards, cultural examples, and a queer calendar. It operates as a non-profit public source project supported by volunteers and offers merchandising to support its activities. Technically, the site is built on modern frameworks like Nuxt.js and Vue.js, hosted with Cloudflare DNS and uses Shopify's Buy SDK for merchandising. The site is well-optimized for mobile and accessibility, with good SEO practices and fast performance. Security-wise, the site enforces HTTPS and has domain transfer protections but lacks DNSSEC and some security headers. Privacy compliance is good with a clear privacy policy and GDPR adherence, though no cookie consent mechanism is present despite using Plausible Analytics. Contact information is available via multiple company emails, and the project maintains an active presence on Mastodon, Bluesky, Discord, and GitLab. Overall, the site is trustworthy, professional, and serves its community well, though it could improve security headers and cookie consent to enhance compliance and security posture.

O

@otomir23

otomir23.me

54

The website otomir23.me is a personal portfolio site for an individual named Damir, featuring links to various social media and gaming profiles. The site is currently under development and contains minimal content, primarily serving as a placeholder and personal branding platform. The domain is registered through Cloudflare with a creation date in early 2022, consistent with the site's developmental status. Technically, the site uses modern technologies such as Astro and JavaScript, hosted and protected by Cloudflare with HTTPS enabled, ensuring a secure connection. However, the absence of DNSSEC and security headers indicates room for improvement in security hardening. From a security perspective, the site shows basic good practices like HTTPS and domain transfer protection but lacks formal privacy, cookie, or security policies, and no contact or incident response information is provided. Analytics are limited to Cloudflare Insights with minimal tracking, and no advertising or affiliate marketing is present. Overall, the site is safe, with no adult or explicit content, targeting a general audience. The risk level is low but could be improved by adding compliance documentation and enhancing security headers.

K

kiffaknife

kiffaknife.space

54

The website kiffaknife.space is a personal creative portfolio and blog belonging to an individual named Kifa, a student from a small Siberian town with interests in music, drawing, and sewing. The site serves as a hub for personal projects, blog posts, and social media links, targeting a general audience interested in creative content. The business model is non-commercial and focused on personal expression rather than monetization or professional services. Technically, the site is a simple static HTML page with basic CSS and JavaScript for dynamic time display. There is no evidence of a CMS or advanced frameworks. The site lacks modern SEO optimization, accessibility features, and mobile responsiveness is basic. No analytics or advertising technologies are detected, indicating minimal data collection and tracking. From a security perspective, the site does not appear to use HTTPS or security headers, which is a significant risk for user data protection and trust. There are no privacy or cookie policies, nor any incident response or vulnerability disclosure mechanisms. The domain is privacy protected, which is reasonable for a personal site, and no suspicious WHOIS patterns are detected. Overall, the security posture is weak and should be improved to protect visitors and enhance credibility. The overall risk is low given the non-commercial nature and limited data collection, but the lack of HTTPS and security best practices could expose visitors to risks. Strategic recommendations include implementing HTTPS, adding privacy and cookie policies, improving security headers, and enhancing technical SEO and accessibility to improve user experience and trust.

K

Kweak.org - Main

kweak.org

63

Kweak.org is a personal website operated by an individual known as Shakalitsa. The site hosts a variety of content including file storage, media such as music and videos, software downloads for Android and Windows, pictures, Minecraft skins, and community features like a guest book and blog. The website targets general internet users interested in personal and miscellaneous content sharing. The business model is non-commercial and primarily serves as a personal project or hobby site. The domain is relatively new, registered in late 2022, and uses privacy protection services, which is consistent with the nature of the site. Technically, the website uses standard HTML, CSS, and JavaScript with Cloudflare DNS services and NameCheap as the registrar. The site is moderately optimized with basic mobile responsiveness and accessibility. No advanced frameworks or CMS platforms are detected. Performance is moderate with no significant technical issues noted. However, the site lacks modern security headers and DNSSEC is not enabled, which could be improved. From a security perspective, the site uses HTTPS and has domain transfer protections enabled. There are no visible vulnerabilities or exposed sensitive data. However, the absence of privacy and cookie policies, security headers, and contact information reduces the overall security posture and compliance level. No incident response or vulnerability disclosure information is provided. The site does not use analytics or tracking technologies, which limits privacy concerns but also reduces business intelligence capabilities. Overall, the website is a small-scale personal project with basic technical and security implementations. It is safe for general audiences with no adult or explicit content. Strategic recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and providing contact and incident response information to improve trust and compliance.

M

motionarium.

motionarium.top

55

The website motionarium.top is a personal hobby portfolio site created by an individual named Брокля from Russia, focusing on UI/UX design and website layout as a hobby. The site showcases various versions of personal projects and links to social media and code repositories. It is a small-scale, non-commercial site with no evident business operations or commercial intent. Technically, the site is a simple static HTML/CSS/JavaScript implementation hosted with DNS services via Cloudflare and registered through Dynadot LLC with privacy protection. The site lacks advanced frameworks or CMS and shows basic mobile optimization and accessibility. No analytics or advertising technologies are detected, indicating minimal tracking and data collection. From a security perspective, the site does not present advanced security features such as security headers or DNSSEC, and no privacy or cookie policies are provided. The domain is privacy protected, which is appropriate for a personal hobby site. No vulnerabilities or malicious content are detected, but the security posture is basic. Overall, the site is safe and functional as a personal portfolio but lacks professional business and compliance features. Strategic recommendations include adding privacy and cookie policies, improving security headers and HTTPS enforcement, and providing contact information to enhance trust and compliance.

L

Lisikpng.com

lisikpng.com

59

Lisikpng.com appears to be a small personal or hobbyist website created in 2022, with minimal content welcoming visitors and linking to nostalgic computing resources. The site lacks formal business information, contact details, and privacy or security policies, indicating it is not a commercial or enterprise-level operation. The technical infrastructure is basic, utilizing standard HTML and CSS with Google Fonts and Cloudflare DNS services, but lacks advanced frameworks or CMS platforms. Security posture is minimal with no DNSSEC enabled and no visible security headers or policies. There are no forms or data collection mechanisms, reducing privacy risks but also limiting user engagement. Overall, the site is safe for general audiences but lacks professional and compliance features expected in business websites.

The domain mlr.press currently hosts a GitHub Pages 404 error page indicating that no active website content is published. The site lacks any business-related information, contact details, privacy or cookie policies, and security incident response data. The domain is registered with privacy protection through WhoisGuard, Inc., and has been active since 2015, but the absence of content suggests the site is either abandoned or misconfigured. The technical infrastructure is minimal, relying on GitHub Pages hosting with a basic Content-Security-Policy header. No analytics, advertising, or tracking technologies are present. Security posture is limited but benefits from the CSP header; however, no HTTPS or SSL details are available from the content. Overall, the site has very low business credibility and privacy compliance, with critical issues due to lack of content and policies.

I

icometrix

icometrix.com

64

The website www.icometrix.com appears to be a healthcare technology-related site built on the Wix platform. However, the absence of WHOIS registration data raises concerns about the domain's legitimacy and registration status. The site uses Google Analytics with some consent management scripts but lacks visible privacy or cookie policies, which is a compliance gap. The content is minimal and lacks detailed business or contact information, limiting trust and credibility. Technically, the site uses standard Wix scripts and polyfills but does not demonstrate advanced security configurations or SEO optimizations. Overall, the security posture is weak due to missing HTTPS confirmation and security headers. Strategic recommendations include verifying domain registration, implementing comprehensive privacy and cookie policies, adding clear contact information, and enhancing security headers and HTTPS enforcement.

G

.:: dscp46 ～ 幻想郷 ::.

gensokyo.tf

53

The website gensokyo.tf is a personal blog and link collection site maintained by an individual named Celestine, who identifies as a network and phone system enthusiast. The site serves as a portfolio and a hub for sharing blog articles and links to other interesting users and pages within niche communities. The domain has been registered since 2014 with OVH, indicating a stable and long-term presence. The website's market position is niche and personal, targeting general audiences interested in the author's content and network-related topics. From a technical perspective, the site uses basic HTML5 and CSS with vanilla JavaScript, hosted on OVH infrastructure. The performance is moderate with basic mobile optimization and accessibility features. SEO optimization is minimal, and no CMS or advanced frameworks are detected. The site lacks modern security headers and does not display evidence of HTTPS enforcement in the provided data, which limits its security posture. Security-wise, the website does not provide privacy, cookie, or terms of service policies, nor does it offer contact information or incident response channels. No forms or data collection mechanisms are present, reducing the attack surface but also limiting user engagement. The absence of security headers and HTTPS (not confirmed but no evidence of SSL) lowers the security score. No vulnerabilities or suspicious patterns were detected, and the domain registration data supports legitimacy. Overall, the website is low risk but could benefit from improved security practices, privacy compliance, and enhanced technical implementation. Strategic recommendations include implementing HTTPS, adding security headers, publishing privacy and cookie policies, and providing contact information to improve trust and compliance.

C

Contact Privacy Inc. Customer 0169240283

pony.directory

38

Pony.directory is a niche community directory website dedicated to the My Little Pony fandom. It aggregates and categorizes a wide variety of fan-related websites including blogs, art boards, fanfiction, games, conventions, and community forums. The site targets MLP fans seeking a centralized resource for fandom content and community engagement. Technically, the site is built using modern web technologies such as SvelteKit and modular JavaScript, hosted with DNS services from NS1 and Squarespace DNS. The site is mobile optimized and offers clear navigation and well-structured content. Security posture is moderate; the site uses HTTPS but lacks DNSSEC and security headers, and does not publish privacy or cookie policies. The domain is recently registered with privacy protection, which is typical for small community sites. Overall, the site is functional, safe, and serves its community well but would benefit from improved privacy and security disclosures.

The website 'Twilight Sparkle's Secret Shipfic Folder Online' is a niche community platform dedicated to hosting and playing the TSSSF game online. It provides resources such as rulebooks, FAQs, card references, and community links to Discord and Reddit, fostering player engagement. The site is small-scale and community-driven, with a focus on fan interaction rather than commercial enterprise. The domain is relatively new, registered in 2020, consistent with the site's beta status and niche audience. Technically, the site uses basic HTML, CSS, and JavaScript without advanced frameworks or CMS. Hosting details are not explicit but the domain registrar is Squarespace Domains II LLC, and DNS is managed via Google Cloud DNS. The site is mobile-optimized with good navigation and design quality but lacks advanced SEO and accessibility features. No analytics or tracking scripts were detected, indicating minimal user tracking. From a security perspective, the site lacks visible HTTPS enforcement details and security headers, and DNSSEC is not enabled. The domain status includes protections against unauthorized transfer or deletion, which is positive. However, the absence of privacy, cookie, and terms of service policies indicates compliance gaps. No contact or incident response information is provided, limiting transparency and trust. Overall, the website is functional and serves its community well but should improve security posture and compliance documentation to enhance trust and protect users. Strategic recommendations include enabling DNSSEC, implementing HTTPS with security headers, publishing privacy and cookie policies, and providing clear contact information for support and security incidents.

The website bam.moe is a minimalistic site with no substantive content or business information. The domain is registered through a privacy protection service, Private by Design, LLC, based in the US, with a creation date in 2020. The site appears to be static and decorative, featuring multiple CSS stylesheets and SVG graphics but lacking textual content, contact details, or any business description. There are no forms, external links, or social media profiles present. The technical infrastructure includes Cloudflare DNS but no DNSSEC or security headers are detected from the provided data. No HTTPS status was confirmed, and no analytics or tracking scripts are present. From a security perspective, the site lacks fundamental security best practices such as visible HTTPS enforcement, security headers, and privacy or cookie policies. The absence of contact information and incident response channels further reduces transparency and trustworthiness. The domain registration privacy protection is common for small or personal projects but without business context, it lowers legitimacy. Overall, the site scores low on content quality, technical implementation, security posture, privacy compliance, and business credibility. Strategically, the site requires significant improvements in content provision, transparency, and security to be considered trustworthy or business-ready. Adding clear business information, contact details, privacy and cookie policies, and implementing HTTPS with security headers would greatly enhance its posture. Without these, the site remains minimal and of limited business value.

The website owo.me is a personal site titled 'erin on the interwebs' owned by General Programming LLC, a US-based entity. The site serves as a personal blog or informal community hub with links to social media profiles and a webring of related sites. It does not represent a commercial business or provide professional services. The content is informal, with humorous and casual language, targeting a general audience. The domain is well-established since 2013, indicating a stable presence. Technically, the site is built using the Hugo static site generator and hosted via Cloudflare, ensuring good performance and HTTPS security. The site uses JavaScript for some interactive elements and includes Cloudflare Insights for minimal analytics. The design and navigation are basic but functional and mobile-optimized. However, the site lacks advanced SEO and accessibility features. From a security perspective, HTTPS is enabled and domain transfer is protected, but no DNSSEC or security headers are present. There are no privacy, cookie, or terms of service policies published, and no contact or incident response information is provided. The site does not collect user data via forms. Tracking is minimal and limited to Cloudflare's beacon. No vulnerabilities or suspicious patterns were detected. Overall, the site is low risk with moderate trustworthiness but lacks formal privacy and security documentation. Strategic recommendations include adding privacy and cookie policies, implementing security headers, and providing contact and incident response details to improve compliance and trust.

D

deepy site!

deepy.me

50

The website deepy.me is a newly created personal portfolio site with minimal content and no clear business presence. It uses the Astro framework and is hosted with DNS services provided by NS1, with domain registration through NameCheap and privacy protection enabled. The site lacks essential business and compliance information such as privacy policies, cookie consent, terms of service, and contact details. Technically, the site is lightweight and fast but lacks security headers and advanced security configurations. The domain is very new, consistent with the minimal content and absence of established business operations. Overall, the security posture is weak due to missing policies and security best practices, and the site does not collect user data or use analytics or advertising tools. The content is safe for general audiences with no adult or questionable material.

ALTGO is a small community-focused organization providing support groups, local resources, legal help, and trans boxes for transgender and gender diverse individuals in Alabama. The website serves as an informational hub with a clear focus on the local transgender community. The technical infrastructure is minimal, relying on static HTML and CSS hosted on NearlyFreeSpeech.net, with no detected CMS or advanced frameworks. The site is accessible and moderately optimized for mobile devices but lacks advanced SEO and accessibility features. Security posture is basic, with no security headers or DNSSEC enabled, and no privacy or cookie policies published. The domain registration is consistent with the organization's stated purpose and geographic focus, indicating legitimacy. Overall, the site is functional but would benefit from enhanced security and compliance measures.

The website onenetbeyond.org is currently inaccessible or blocked, presenting only a minimal placeholder page with the message: 'You have reached this page because your request could not be properly identified.' This prevents any meaningful extraction of business or service information from the site itself. The domain is registered to Associazione AI ODV, a French organization, with a long registration history dating back to 2005, indicating an established entity. However, the lack of accessible content and absence of privacy, cookie, or contact information significantly limit the ability to assess the business model or market position. From a technical perspective, no information about the technology stack, CMS, or hosting beyond the nameservers is available. The site appears to be hosted on servers related to investici.org. No security headers or SSL configuration details were provided, and no analytics or tracking technologies were detected. The minimal content and lack of metadata suggest poor SEO and user experience. Security posture evaluation is constrained by the lack of accessible content and technical data. No privacy policies, incident response contacts, or security frameworks are evident. The domain registration data is consistent and legitimate, but the absence of website content and security best practices lowers the overall trust and security score. The site is likely behind a generic blocking mechanism or misconfigured server, resulting in a low AI score and high risk for users seeking information. Overall, the website requires significant improvements in accessibility, content provision, security policies, and compliance documentation to be considered trustworthy and professional.

P

Pronouns.page

pronouns.page

65

Pronouns.page is a specialized educational platform providing usage examples of personal pronouns and promoting gender neutral language. It serves a general audience interested in linguistics and inclusivity, offering multilingual support through various language-specific subdomains. The website is positioned as a niche resource with a focus on accessibility and educational content rather than commercial services. Technically, the site is built on modern frameworks such as Nuxt.js and Vue.js, hosted on Cloudflare infrastructure with CDN support, ensuring good performance and mobile optimization. The use of privacy-conscious analytics tools like Plausible and error monitoring via Sentry indicates a mature approach to technical operations. Security posture is strong with HTTPS enforcement and standard security headers, though the absence of explicit privacy and cookie policies suggests room for improvement in compliance. Overall, the site is trustworthy and professional but would benefit from enhanced transparency and formal policies to strengthen user trust and regulatory adherence.

S

saursvepur

saursvepur.xyz

48

The website saursvepur.xyz is a personal portfolio and content platform for an individual named Slava, a 23-year-old streamer, musician, and IT enthusiast from Russia. The site showcases personal projects, music tracks, and social media links, targeting a general audience interested in streaming and music content. The domain is relatively new, registered in early 2023, and uses privacy protection common for personal sites. Technically, the site uses modern web technologies including custom WebGL shaders for visual effects, but lacks advanced frameworks or CMS. Performance and mobile optimization are moderate, with basic accessibility and SEO features. Security posture is weak due to absence of HTTPS enforcement details, security headers, and privacy policies. No forms or data collection mechanisms are present, reducing attack surface but also limiting user interaction. Overall, the site is functional and visually appealing but requires improvements in security and compliance to enhance trust and professionalism.

S

Silver4ok "Cheat Engine" Olo4eka

pastcard.su

43

Pastcard.su is a personal blog operated by Silver4ok "Cheat Engine" Olo4eka, focusing on gaming, personal stories, and music content primarily for a Russian-speaking audience. The site is built using the Hugo static site generator and hosted by BEGET-SU, with a domain registered recently in December 2024. The blog features regular posts with a moderate level of content quality and user engagement through social media links. Technically, the site is moderately optimized with basic mobile responsiveness and SEO, but lacks advanced security headers and privacy compliance mechanisms. No privacy or cookie policies are present, and no direct contact information is provided, which limits business credibility and privacy compliance. Security posture is basic, with no detected vulnerabilities but also no advanced protections. Overall, the site is safe for general audiences and does not contain adult or explicit content.