Other security reports

E

Emnace.org

emnace.org

40

The website emnace.org serves as a personal online hub for Ian Emnace, featuring links to his professional and recreational blogs focused on software, theory, games, and fantasy. The site is minimalistic with basic content and limited business information, indicating it is not a commercial or corporate entity. The technical infrastructure is simple, relying on standard HTML and CSS with Google Fonts integration, and no advanced frameworks or CMS detected. Performance and mobile optimization are adequate but basic. Security posture is weak due to lack of HTTPS confirmation, absence of security headers, and no visible privacy or cookie policies. The WHOIS data is unavailable due to a malformed query response, which limits domain trust and legitimacy assessment. Overall, the site is safe for general audiences but lacks business credibility and security maturity.

P

Private by Design, LLC

estela.moe

68

The website estela.moe is a personal portfolio and blog site maintained by an individual known as estela ad astra. It focuses on personal interests such as computer science, linguistics, photography, and cultural reflections. The site is small-scale, non-commercial, and targets a general audience interested in these niche topics. The business entity behind the domain registration is Private by Design, LLC, a privacy-focused registrar, which aligns with the personal and privacy-conscious nature of the site. The website uses the Hugo static site generator and is hosted with DNS services provided by Cloudflare, ensuring good performance and reliability. The site is well-designed with good navigation and mobile optimization but intentionally limits SEO visibility via robots meta tags.

A

Avera - Landing

averagedood.xyz

55

The website averagedood.xyz is a minimal personal landing page primarily serving as a language selection gateway for a personal or creative online presence named 'Avera' or 'AverageDood'. The site offers content in Spanish and English and includes basic Open Graph metadata for social sharing. The domain is registered through Cloudflare with transparent WHOIS data indicating a registrant located in Murcia, Spain, and was created in May 2023, consistent with a new personal site. The technical infrastructure is simple, relying on basic HTML and CSS without any detected CMS or advanced frameworks. Hosting is via Cloudflare, providing HTTPS and domain transfer protection, but DNSSEC is not enabled. No security headers or privacy-related policies are present, and no contact information or forms are provided, limiting business credibility and privacy compliance. No analytics or advertising technologies are detected, and the site does not appear to collect user data.

H

Heatherhornses's Amazing Cyber Site – When you're here, you're family

heatherhorns.com

43

Heatherhornses.com is a small personal or hobby website created in 2020, featuring minimal content centered around a friendly theme. The site uses WordPress CMS hosted on WebHostingHub with basic technical infrastructure. The website lacks comprehensive business information, privacy policies, and contact details, indicating it is not a commercial or enterprise-grade site. Technically, the site is functional with HTTPS enabled but lacks advanced security headers and DNSSEC, which are recommended for improved security posture. The security posture is basic with no detected vulnerabilities but also no formal security or incident response policies. Overall, the site is low risk but also low in business credibility and privacy compliance.

M

Mem :3

mem451.com

53

The website mem451.com is a personal creative portfolio belonging to a 21-year-old non-binary individual focused on music and gaming. The site serves primarily as a hub linking to various social media and creative platforms, with minimal original content hosted directly. The business model is personal branding and creative expression rather than commercial enterprise. The domain is recently registered in 2023, consistent with the site's stated purpose. Technically, the site is simple, built with basic HTML and CSS, hosted with Cloudflare DNS services, and lacks advanced frameworks or CMS. Performance and mobile optimization are basic but functional. SEO and accessibility features are minimal. No analytics or tracking scripts are present, indicating a privacy-conscious or minimalistic approach. From a security perspective, the site lacks key security headers and does not enable DNSSEC, which could improve domain security. There is no visible HTTPS enforcement information, and no privacy or cookie policies are provided, which limits compliance with GDPR and other privacy regulations. No forms or data collection mechanisms are present, reducing attack surface but also limiting user engagement features. Overall, the site is low risk but also low in professional and security maturity. Strategic recommendations include enabling DNSSEC, adding security headers, implementing HTTPS enforcement, and publishing privacy and cookie policies to improve trust and compliance.

G

GOTH

goth.zip

56

The website goth.zip is a personal blog operated by an individual named Selene. It serves as a homepage with links to related sites and includes a music track display component. The site is built using the Astro framework, indicating a modern technical approach, but it remains a work in progress with minimal business or compliance information. The target audience appears to be general visitors interested in the author's content and related projects. The site is part of a webring associated with staydown.money, suggesting a small network of related personal or niche sites. Technically, the site uses modern web technologies including Astro v3.2.3, JavaScript modules, CSS, and WebP images. The site appears to be mobile optimized and has basic SEO and accessibility features. However, no CMS or hosting provider information is evident. Performance is moderate based on the use of modern but minimalistic design and external scripts. From a security perspective, the site lacks visible security headers and does not provide privacy, cookie, or terms of service policies. No contact information or incident response details are provided, limiting trust and compliance. The site uses an external hit counter from websiteout.com, which may raise privacy concerns. No WAF or blocking mechanisms are detected, and the content is fully accessible. No adult or explicit content is present, making the site safe for general audiences. Overall, the site scores moderately on AI evaluation due to its basic content quality and technical implementation but scores low on privacy compliance and security posture. Strategic improvements include adding privacy and cookie policies, implementing security headers, providing contact and incident response information, and auditing external scripts for privacy and security risks.

Y

yummypillow

yummypillow.art

61

The website 'yummypillow.art' is a personal artist portfolio and commission platform operated by an individual artist known as 'pillow'. The site serves as a digital presence for showcasing artwork, providing commission information, and linking to social media and art-related platforms. The business model is focused on individual art commissions and community engagement through platforms like Bluesky and GitHub. The domain is newly registered in 2024 and hosted on GitHub Pages, indicating a small-scale, personal operation. Technically, the site is built using the Astro framework with some Svelte components, hosted on GitHub Pages, and employs HTTPS with a clientTransferProhibited domain status. The site is performant and mobile-optimized but lacks advanced SEO and accessibility features. No analytics or tracking scripts are detected, reflecting a privacy-conscious approach. From a security perspective, the site uses HTTPS but lacks DNSSEC and security headers, which are recommended for enhanced protection. There is no privacy or cookie policy, which is a compliance gap, especially under GDPR. The domain registration is privacy protected, which is justified for a personal artist site. No vulnerabilities or malicious content were detected. Overall, the site is low risk, with good business credibility for a personal artist but needs improvements in privacy compliance and security best practices to enhance trust and regulatory adherence.

P

Private by Design, LLC

hl2.sh

52

The website hl2.sh is a personal portfolio and blog site operated by an individual or small entity named Private by Design, LLC, based in the US. The site primarily serves as a curated hub for the author's interests, including technology, gaming, and software tools, with links to various external resources. The business model is non-commercial and focused on personal expression and information sharing. The site uses the Astro framework and is hosted on bunny.net, indicating a modern but simple technical infrastructure. Performance and mobile optimization are basic but functional. Security posture is weak due to lack of visible HTTPS confirmation, absence of security headers, and no disclosed privacy or cookie policies. No contact or incident response information is provided, limiting trust and compliance. Overall, the site is safe for general audiences with no adult or explicit content detected.

U

uwu.dog | the dog ever

uwu.dog

55

The website uwu.dog appears to be a small personal or hobby site with minimal content focused on links to other personal or interest-related sites. The domain is registered with privacy protection through NameCheap and hosted with Cloudflare DNS services. The site lacks any formal business information, privacy or cookie policies, and contact details, indicating it is not a commercial or professional business site. Technically, the site uses basic HTML and CSS with no detected CMS or advanced frameworks. Security posture is minimal with no security headers or HTTPS enforcement details available, and no analytics or tracking scripts are present. Overall, the site is low risk but also low in professionalism and compliance.

A

lexd0g's website

alice.tf

54

The website alice.tf is a personal site representing an individual named Alice, also known as lexd0g. It serves as a personal portfolio and social hub showcasing interests in technology, music, and various hobbies. The site is simple, static, and non-commercial, targeting a general audience interested in the owner's personal projects and social profiles. The domain is recently registered and consistent with the personal nature of the site. Technically, the site is built with basic HTML and CSS, hosted via OVH with Cloudflare nameservers. There is no evidence of advanced frameworks, CMS, or analytics tools. The site is mobile-friendly and has good content quality but lacks advanced SEO and accessibility features. Security posture is minimal with no security headers detected and no privacy or cookie policies present. From a security perspective, the site does not expose sensitive data or use vulnerable libraries but lacks formal security policies and incident response information. The absence of privacy and cookie policies indicates low privacy compliance. No WAF or blocking mechanisms are detected, allowing full content access. Overall, the site is low risk due to its personal nature and lack of commercial transactions or sensitive data. Strategic recommendations include adding privacy and cookie policies, implementing security headers, and improving accessibility and SEO to enhance trust and compliance.

P

Private by Design, LLC

ioletsgo.gay

55

The website ioletsgo.gay is a personal site representing an individual known as Ivory / Ivy / Io, focusing on personal interests such as gaming, technology, art, and music. It serves primarily as a personal branding and social hub with links to various social media and friend sites. The site is small scale, recently created in 2024, and hosted via Porkbun with privacy protection on the domain registration. Technically, the site is built with basic HTML, CSS, and JavaScript without any detected CMS or frameworks. The performance and mobile optimization are basic but functional. Security posture is minimal with HTTPS enabled but lacking security headers and DNSSEC. No privacy or cookie policies are present, and no forms or data collection mechanisms are implemented. Security-wise, the site shows no critical vulnerabilities but lacks advanced protections and compliance features. The domain registration is consistent and legitimate, with privacy protection justified for a personal site. No adult or explicit content is present, making the site safe for general audiences. Overall, the site is a modest personal web presence with room for improvement in security, privacy compliance, and professional polish. Strategic enhancements could improve trust and security posture while maintaining the personal nature of the site.

The website daniela.lol is a personal portfolio and hobbyist site belonging to Daniela, a young trans woman from Germany who engages in coding, game modding, 3D modeling, and art. The site serves as a platform to showcase her creative projects, share social media links, and accept donations. The business model is informal and community-driven, targeting a general audience interested in gaming mods and creative content. The domain is very new, registered in September 2024, consistent with a recently launched personal site. Technically, the site is built with basic HTML and CSS, hosted behind Cloudflare DNS but without DNSSEC enabled. There is no evidence of advanced frameworks, CMS, or analytics tools. The site performance and mobile optimization are basic but functional. SEO and accessibility features are minimal. No security headers or privacy policies are present, indicating a low maturity level in security and compliance. From a security perspective, the site uses HTTPS (implied by Cloudflare DNS usage but SSL configuration details are unknown), but lacks security headers and privacy compliance mechanisms. No forms or data collection points are present, reducing attack surface but also limiting user engagement features. The WHOIS data shows a recent registration with no privacy protection, consistent with a personal site. No suspicious patterns or vulnerabilities were detected. Overall, the site is low risk but also low in professional security and compliance standards. It is suitable for personal use but would benefit from improvements in privacy policies, security headers, and contact transparency to enhance trust and compliance.

C

c7.pm

c7.pm

44

The website c7.pm is a personal or community-oriented site established in 2018, serving as a hub for links to friends, communities, and miscellaneous related sites. It does not represent a commercial business and lacks formal business descriptions or commercial services. The site is hosted on a small hosting provider and uses basic web technologies such as HTML, CSS, and JavaScript without any major frameworks or CMS. The design is consistent and functional, with moderate performance and basic mobile optimization. Security posture is limited, with no detected security headers or HTTPS confirmation from the provided data, and no privacy or cookie policies present. No contact information or incident response details are provided, which limits trust and compliance. Overall, the site is safe for general audiences and does not contain adult or explicit content.

The website e2.pm is a small, informal personal webpage primarily featuring humorous and casual content without any clear business or professional focus. The site lacks formal business information, contact details, privacy policies, or terms of service, indicating it is not intended for commercial or enterprise use. The domain was registered in late 2019 and remains active, consistent with the site's informal nature. Technically, the website uses basic HTML, CSS, and JavaScript with external resources such as Google Fonts and a cookie consent library. Hosting and DNS are managed via Cloudflare, providing standard performance and security benefits. The site is moderately optimized for mobile and accessibility but lacks advanced SEO and security headers. From a security perspective, the site uses HTTPS and includes a cookie consent banner, showing some privacy awareness. However, it lacks explicit security policies, incident response contacts, and vulnerability disclosure mechanisms. No forms or data collection points are present, reducing attack surface but also limiting user engagement. Overall, the website poses low risk but also offers limited trust and professionalism. Strategic improvements include adding privacy and security policies, contact information, and enhancing technical and security best practices to improve credibility and compliance.

The website 'Mary's Internet Realm' is a personal and hobbyist site created in 2018, featuring casual content including a Tetris game and links to various personal projects and friends' websites. It targets general internet users interested in casual gaming and personal portfolios. The site is small-scale with basic content quality and moderate branding consistency. Technically, it uses standard HTML, CSS, and JavaScript with Cloudflare DNS hosting but lacks advanced frameworks or CMS. Mobile optimization is good, but accessibility and SEO are basic. Security posture is weak due to lack of security headers, DNSSEC, and privacy policies. The domain is privacy protected via a reputable registrar, which is typical for personal sites. Overall, the site is safe and suitable for general audiences but lacks professional security and privacy compliance features.

OpenDomain is a small US-based entity founded in 2004 that offers free use of domains they own but do not actively develop. Their business model is non-commercial, focusing on supporting open source communities by providing domain usage rights without transfer or sale. The website is built on WordPress and uses Cloudflare for DNS services. The technical infrastructure is moderate with basic mobile optimization and SEO. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers. Privacy compliance is weak due to absence of privacy and cookie policies. No contact information or incident response details are provided, limiting trust and compliance. Overall, the site is functional and safe but would benefit from enhanced security and compliance measures.

P

Porkbun LLC

yesterweb.org

55

The Yesterweb is a small, community-driven initiative founded in 2021, focused on reclaiming and transforming internet culture through a progressive countercultural movement. It operates various community spaces including forums, a Mastodon server, and a webring, emphasizing social responsibility, collective well-being, and rehumanizing online social relations. The website content is rich, well-structured, and reflects a mature understanding of online community dynamics and challenges. Technically, the site is built with standard web technologies (HTML, CSS, JavaScript) without a CMS, and uses minimal external scripts, notably GoatCounter for privacy-conscious analytics. Security posture is basic with HTTPS enabled but lacks advanced security headers and published security policies. Privacy compliance is weak due to absence of privacy and cookie policies. WHOIS data is consistent and domain registration legitimate, matching the community's founding timeline. Overall, the site is trustworthy and professional but would benefit from improved privacy and security disclosures.

The website annwfn.net serves as a personal placeholder domain primarily used by the individual Bastian Rieck for private email communication and hosting personal and friends' websites. The site content is minimal and non-commercial, focusing on providing information about the domain's purpose and links to related personal projects. The domain is well aged, registered since 2004, and the registrant information aligns with the website content, indicating a legitimate personal use case. From a technical perspective, the site uses basic HTML and CSS without advanced frameworks or CMS. Hosting and DNS are managed through Dynadot and messagingengine.com respectively, suggesting a stable but simple infrastructure. The site lacks modern security headers and does not implement DNSSEC, which could be improved. No analytics or advertising tools are detected, reflecting a privacy-conscious approach but also limiting insights into user engagement. Security posture is basic with no evident vulnerabilities or exposed sensitive data, but the absence of security headers and policies reduces the overall security maturity. Privacy compliance is minimal, with no privacy or cookie policies present, which is typical for a personal site but would be insufficient for commercial operations. Overall, the site is safe, with no adult or questionable content, and accessible without WAF or blocking mechanisms. The overall risk is low given the personal nature and limited scope of the site, but improvements in security headers, DNSSEC, and privacy disclosures would enhance trust and compliance. Strategic recommendations include enabling DNSSEC, publishing privacy and cookie policies, and implementing basic security headers to improve the security posture and user trust.

I

INARA

inara.cz

58

INARA is a specialized gaming community website established in 2015, serving as a companion resource for popular games such as Elite: Dangerous, Starfield, and Kingdom Come: Deliverance II. The site provides detailed game databases, news, and community tools aimed at gamers interested in these titles. Its market position is niche but well-defined, focusing on dedicated gaming audiences. The business model relies on community engagement, supported by donations and advertising revenue. Technically, the website employs a modern JavaScript stack including jQuery and jQuery UI, with Cloudflare DNS services and Google Tag Manager for analytics. The site shows moderate performance and good mobile optimization, though accessibility features are basic. The CMS appears custom or proprietary, with no major frameworks detected. From a security perspective, the site uses Cloudflare nameservers and anonymizes IPs in analytics, but lacks visible security headers and published security policies. No critical vulnerabilities or exposed sensitive data were detected. Cookie consent mechanisms exist but lack full transparency. Overall, the security posture is moderate but could benefit from enhanced policies and headers. The overall risk is moderate with no blocking or WAF detected. Recommendations include implementing comprehensive security policies, improving cookie consent transparency, adding security headers, and publishing vulnerability disclosure information to enhance trust and compliance.

The website keeri.place is a personal creative portfolio belonging to an individual named Keeri. It primarily showcases creative projects including a turn-based racing game called Raesonic, with additional links to social media profiles on the Fediverse and gaming platforms such as NameMC. The site targets a general audience interested in personal creative content and indie game development. The business model is personal and project-focused without commercial or enterprise scale operations. Technically, the website is built with basic HTML and CSS, featuring moderate performance and good mobile optimization. There is no evidence of a CMS or advanced frameworks. SEO and accessibility are basic but functional. No analytics or advertising technologies are detected, indicating minimal user tracking. From a security perspective, the site lacks visible security headers, privacy policies, cookie consent mechanisms, and incident response information. The domain uses privacy protection for WHOIS data, which is typical for personal websites. No WAF or blocking mechanisms are detected, and the site content is fully accessible and safe for general audiences. Overall, the website presents a low-risk profile but would benefit from improved security and privacy compliance measures to enhance trust and professionalism.

Loveshock.xyz is a small personal website operated by the Digital Star System, serving as a cozy online space focused on music, technology, and curated interests. The site offers blog content and links to related interests but does not represent a commercial business. The technical infrastructure is simple, using basic HTML, CSS, and JavaScript, hosted likely on Neocities with domain registration via Squarespace Domains. The site is accessible, mobile responsive at a basic level, and uses Cloudflare DNS without DNSSEC enabled. Security posture is moderate with HTTPS enabled but lacking security headers and formal policies. Privacy and compliance documentation are absent, and no contact information is provided, limiting business credibility. Overall, the site is safe and family-friendly with no adult content or suspicious elements.

P

Private by Design, LLC

alia.science

60

The website alia.science is a personal portfolio and blog site titled 'Alia Lescoulie', operated by an entity registered as Private by Design, LLC in the US. The site features sections about the author, projects, and blog posts focused on science, technology, and games. It serves a general audience interested in these topics and functions primarily as a personal showcase and content platform. The domain is newly registered in 2024, consistent with the site's content and scope. Technically, the site is built with basic HTML and CSS without advanced frameworks or CMS detected. Hosting and DNS services appear to be provided by Porkbun, the registrar. The site shows moderate performance and basic mobile optimization but lacks modern security headers and DNSSEC. No analytics or advertising technologies are present, indicating minimal tracking and a privacy-conscious approach. From a security perspective, the site uses HTTPS (assumed but not explicitly confirmed), but no security headers or policies are implemented. There are no privacy or cookie policies, no contact or incident response information, and no vulnerability disclosure mechanisms. The WHOIS data is transparent and consistent with the website content, with no suspicious patterns. Overall, the security posture is basic and could be improved with standard best practices. The overall risk is low given the personal nature and limited data collection, but the site would benefit from adding privacy and security policies, enabling DNSSEC, and improving security headers to enhance trust and compliance.

X

Echorridoors

xxiivv.com

53

The website 'Echorridoors' hosted at xxiivv.com is an artistic and experimental project with a focus on ambient and creative content. It references artists and collaborators but does not present itself as a commercial business. The site is minimalistic, with a black background, SVG logo, ambient audio, and links to a wiki and a webring, indicating a niche community or collective. The domain is well established, created in 2008, and hosted on Media Temple servers, suggesting stable infrastructure. Technically, the site uses basic HTML5, CSS3, and SVG graphics with audio autoplay. There is no evidence of modern frameworks or CMS platforms. The site has basic mobile optimization and accessibility but lacks advanced SEO and security headers. No analytics or tracking scripts were detected, indicating minimal user tracking. From a security perspective, the site uses HTTPS (implied by domain and hosting but not explicitly confirmed), but DNSSEC is not enabled. No privacy or cookie policies are present, and no contact or incident response information is provided. The absence of security headers and policies reduces the overall security posture. However, no vulnerabilities or malicious content were detected. Overall, the site is low risk but lacks many standard compliance and security features expected for commercial or data-sensitive websites. Strategic improvements include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and providing contact information to enhance trust and compliance.

The website ilovetrans.men is a newly registered domain with minimal content primarily consisting of a simple hexagonal navigation grid linking to a D&D section and an About page. The site appears to be personal or hobbyist in nature, with no clear commercial or business services offered. The domain is registered through Porkbun with privacy protection by Private by Design, LLC, consistent with privacy concerns typical for adult content sites. The technical infrastructure is basic, relying on standard HTML and CSS without advanced frameworks or CMS. Security posture is weak, with no detected security headers or privacy policies, and no contact or incident response information provided. The site likely targets an adult audience interested in transgender men content, but lacks age verification or disclaimers. Overall, the site scores low on content quality, privacy compliance, and business credibility, reflecting its minimal and private nature.

The website easrng.net is a personal site belonging to a programmer who identifies as a trans girl. It serves primarily as a personal homepage with social contact information and links to related personal projects and friends. The site does not represent a commercial business entity and lacks formal business information or policies. Technically, the site is built with basic HTML, CSS, and JavaScript, hosted behind Cloudflare DNS services, but lacks advanced security headers and privacy compliance documentation. The security posture is minimal with no visible vulnerabilities but also no formal security or privacy policies. Overall, the site is safe for general audiences and functions as a personal digital presence rather than a business platform.

P

Private by Design, LLC

yugoslavia.best

6

The website yugoslavia.best is a personal or hobbyist site themed around Yugoslavia and meme culture, offering interactive content such as games, music, and jokes. It does not represent a formal business entity and lacks professional contact or business information. The technical infrastructure uses standard web technologies including HTML5, CSS3, JavaScript, jQuery, and Matomo analytics, hosted with DNS via Cloudflare and registered through Porkbun with privacy protection. Security posture is weak with no visible security headers, no DNSSEC, and a credit card form lacking visible security measures. Privacy compliance is minimal with only a basic cookie consent banner and no privacy or terms of service pages. Overall, the site is accessible with no WAF or blocking detected but presents low business credibility and questionable content safety due to crude language and tobacco references.

The website at pythons.site appears to be a personal or hobbyist project launched recently in April 2024. It features minimal content focused on creative expression, including an autoplaying audio file and animated images, but lacks any clear business or commercial purpose. The site does not provide privacy, cookie, or terms of service policies, nor does it offer any contact information or business details. Technically, the site uses basic HTML, CSS, and JavaScript without modern frameworks or CMS platforms. Hosting is provided by Namecheap, but no HTTPS or security headers were detected in the provided data, indicating a weak security posture. The presence of a suspicious executable download link hosted on a Discord CDN raises potential security concerns. WHOIS data shows the domain is privacy-protected and very new, consistent with a non-commercial or experimental site. Overall, the site scores low on content quality, security, and business credibility, with no indicators of tracking or advertising.

P

Private by Design, LLC

msx.gay

56

The website msx.gay is a personal portfolio and social presence site belonging to an individual known as msxdotgay, a neurodivergent young adult from rural Iowa. The site serves as a platform to share personal projects, photography, writings, and interests including LGBTQ+ identity and cats. The business model is non-commercial and focused on personal expression and community engagement. The domain is registered under Private by Design, LLC, a privacy-focused registrar, consistent with the personal nature of the site. Technically, the site is hosted on Neocities, uses basic HTML, CSS, and JavaScript, and includes a small external script for a cat animation. The site is served over HTTPS but lacks advanced security headers and modern CMS or frameworks. Performance and mobile optimization are basic but functional. No analytics or tracking scripts are present, indicating a privacy-conscious approach. From a security perspective, the site benefits from HTTPS and domain transfer protections but lacks DNSSEC and security headers. There are no forms or data collection points, reducing attack surface. However, the absence of privacy and cookie policies, security.txt, and vulnerability disclosure mechanisms indicates room for improvement in compliance and security transparency. Overall, the site is safe, family-friendly, and trustworthy as a personal website. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and publishing a security.txt file to enhance security posture and compliance.

The website futacockinside.me operates as a personal game archive titled "Lea's Game Archive". It hosts various directories of game files across multiple platforms, accessible only after password authentication. The site is clearly intended for personal use rather than commercial purposes, with no evident business or contact information provided. The domain is relatively new, registered in 2022, and the hosting setup includes suspicious nameservers that may pose security concerns. The site uses a custom analytics script but lacks standard privacy and cookie policies, which impacts its compliance posture. Technically, the site is built with basic HTML, CSS, and JavaScript, including Google Fonts for styling. It is moderately optimized for mobile devices but lacks advanced SEO and accessibility features. No CMS or major frameworks are detected. The hosting provider is not clearly identified beyond the registrar and suspicious DNS configuration. Performance appears moderate with no major errors or broken elements. From a security perspective, the site lacks DNSSEC, security headers, and visible HTTPS enforcement details, which lowers its security posture. The use of suspicious nameservers and absence of privacy or security policies further reduce trustworthiness. However, no WAF or blocking mechanisms are detected, and the content is safe with no adult or explicit material. Overall, the site is functional but has significant gaps in security and compliance best practices. The overall risk assessment suggests caution due to DNS and security configuration concerns. Strategic recommendations include improving DNS security, implementing HTTPS and security headers, adding privacy and cookie policies, and providing clear contact information to enhance trust and compliance.

P

Privacy service provided by Withheld for Privacy ehf

corru.observer

59

The website corru.observer is a niche interactive narrative experience centered around speculative technology and immersive storytelling. It does not represent a traditional business but rather a creative project supported by a community of active supporters and merchandise sales. The technical infrastructure relies on modern JavaScript libraries and Cloudflare hosting, providing moderate performance and good mobile optimization. Security posture is basic with HTTPS enforced and domain transfer protection, but lacks DNSSEC and explicit security headers. Privacy and cookie policies are absent, and no contact or business information is provided, limiting compliance and trust indicators. Overall, the site is functional and engaging for its target audience but would benefit from improved privacy and security disclosures.

The website bigrat.monster is a minimal content site celebrating its 5-year anniversary. It is registered under a privacy protection service, Private by Design, LLC, based in the US. The site lacks business-related content, contact information, or any commercial services, indicating it is likely a personal or niche hobby site rather than a commercial business. The technical infrastructure is basic, with Cloudflare DNS hosting but no DNSSEC enabled and no visible CMS or frameworks. Security posture is moderate with HTTPS enabled and domain transfer protections, but lacks security headers and privacy policies. Overall, the site poses low risk but also offers limited trust signals or business credibility.

The website transgendersurgeri.es serves as a personal archive platform titled "Lexi's Archive" that hosts various directories and files intended for private use. It employs a password-protected mechanism to restrict downloads, indicating a focus on controlled access rather than public business operations. The site lacks any business branding, contact information, or commercial content, positioning it as a personal or small group resource rather than a commercial entity. Technically, the site is built with basic HTML, CSS, and JavaScript, utilizing the Fira Mono font and a third-party analytics script from lea.pet. The design is minimalistic with basic mobile responsiveness and limited SEO optimization. No CMS or advanced frameworks are detected. The site does not display any privacy or cookie policies, nor does it provide contact or legal information, which limits its compliance posture. From a security perspective, the site uses a numeric key-based password protection for downloads and sets cookies with SameSite=Strict attributes, which is a positive practice. However, there is no visible enforcement of HTTPS or security headers, and no privacy or cookie consent mechanisms are present. The WHOIS data is inaccessible due to Red.es restrictions, preventing verification of domain registration details and reducing trustworthiness. No WAF or blocking mechanisms are detected, and the content is accessible without challenge. Overall, the site scores low on business credibility and privacy compliance, with moderate technical implementation and security posture. It is safe in terms of content, containing no adult or explicit material. Strategic recommendations include implementing HTTPS, publishing privacy and cookie policies, adding contact information, and enhancing security headers to improve trust and compliance.

Aquamarine.gay is a personal website serving as a digital aquarium for the owner, aquamarine, who identifies with unique personal and gender identities and has interests in mathematics, programming, music, art, and meteorology. The site functions primarily as a personal blog and contact point, with links to source code repositories and social media. The website is small-scale, niche, and non-commercial, targeting a general audience interested in the owner's content and persona. Technically, the site is hosted on a dedicated server running Arch Linux with the Caddy HTTP server, indicating a modern and stable infrastructure. The site is well-designed with good accessibility and mobile optimization, though it lacks advanced frameworks or CMS. Performance is moderate, and SEO is adequately addressed through meta tags and Open Graph data. From a security perspective, the site uses HTTPS and has domain transfer protection but lacks DNSSEC and explicit security headers. No privacy or cookie policies are published, and no vulnerability disclosure or incident response information is provided. The domain registration uses privacy protection, which aligns with the personal nature of the site. No WAF or blocking mechanisms are detected, and no analytics or tracking scripts are present, indicating a privacy-conscious approach. Overall, the site is trustworthy and professionally maintained for a personal project but would benefit from enhanced security headers, published privacy and cookie policies, and vulnerability disclosure mechanisms to improve compliance and security posture.

Arcane Sorrows is a personal website operated by an individual known as mossweaver, presenting a cozy, artistic corner of the internet focused on personal interests and curated content. The site is small-scale, non-commercial, and currently under construction with limited content. The target audience appears to be general internet users interested in personal blogs, art, and niche communities. Technically, the site is built with basic HTML, CSS, and JavaScript, hosted on Hover's infrastructure, and includes external scripts for a webring widget. The site lacks advanced frameworks or CMS platforms and shows basic mobile optimization and accessibility. Security posture is minimal with no DNSSEC, no security headers, and no visible HTTPS enforcement details. Privacy and compliance policies are absent, and no contact or incident response information is provided. The domain registration is consistent with the site's personal nature and shows no suspicious patterns. Overall, the site is safe for general audiences but lacks professional security and compliance features.

A

The personal garden of a broken doll. - Aphrodite.dev

aphrodite.dev

48

Aphrodite.dev is a personal creative website operated by an individual named Artémis, serving as a blog and portfolio for writings, projects, and photo galleries. The site targets a mature audience with explicit NSFW content warnings and offers financial support options via BuyMeACoffee. The website is a niche personal project rather than a commercial business, emphasizing creative expression and community links. Technically, the site is built with simple HTML and CSS, uses Atom feeds for content syndication, and references AGE encryption for secure communication. The site is lightweight, fast, and mobile-optimized but lacks advanced frameworks or CMS. Security posture is moderate with HTTPS implied but missing explicit security headers and policies. Privacy compliance is low due to absence of privacy and cookie policies. No forms or user data collection mechanisms are present, reducing attack surface. Overall, the site is trustworthy for its purpose but could improve security and compliance documentation.

The website 1a-insec.net presents minimal content, primarily serving as a placeholder with references to a related domain and an AT Protocol identity. There is no clear business description or detailed service information, indicating an early-stage or low-activity web presence. The domain is relatively new, registered in late 2022, with no privacy protection and standard domain status flags, suggesting legitimate registration but limited business maturity. Technically, the site lacks modern SEO, accessibility, and security features such as DNSSEC, security headers, and published policies. No contact or incident response information is provided, limiting user trust and compliance posture. Security posture is basic with no detected vulnerabilities but also no advanced protections. Overall, the site scores low on content quality, privacy compliance, and business credibility, reflecting a need for significant improvements to establish trust and professionalism.

M

My Abandonware

myabandonware.com

61

My Abandonware is a niche website offering a comprehensive database of over 35,000 abandonware video games spanning from 1965 to 2014. It targets retro gaming enthusiasts and nostalgia seekers by providing free downloads of classic games along with detailed metadata, screenshots, user comments, and ratings. The site operates on an ad-supported model with optional user accounts for enhanced experience. Technically, the website employs modern web technologies including JavaScript, CSS3, and uses multiple third-party ad and analytics services with GDPR-compliant consent management. Hosting is supported by Fastly CDN ensuring moderate performance and good mobile optimization. Security posture is solid with HTTPS enforced and standard security headers present, though explicit security policies and incident response information are absent. The WHOIS data is unavailable, which slightly reduces trust but the active content-rich site and social media presence support legitimacy. Overall, the site is well-positioned in its niche with good content quality and user engagement features.

The website doubledouble.top serves as a simple region selection landing page directing users to USA or Europe subdomains. It lacks substantive business information, contact details, or policy documents, indicating a minimal online presence likely for a small or new business. The domain is privacy protected and registered in Saint Kitts and Nevis, which is common for privacy but reduces transparency. Technically, the site uses modern web standards with a clean, mobile-optimized design and is hosted behind Cloudflare, providing basic performance and security benefits. However, the absence of DNSSEC, security headers, and privacy or cookie policies indicates room for improvement in security and compliance. No analytics or advertising scripts were detected, suggesting minimal tracking or marketing activity. Overall, the site is safe with no adult or questionable content but lacks trust signals and business credibility.

B

brr

brr.fyi

9

The website brr.fyi is a personal blog focused on observations and anecdotes related to US Antarctic infrastructure, specifically McMurdo Station and Amundsen-Scott South Pole Station. It targets USAP support staff and enthusiasts interested in Antarctic life. The business model is content sharing through blog posts with subscription options, positioning itself as a niche informational resource. The site is small in scale, founded in 2022, and maintains consistent branding and good content quality. Technically, the site uses standard web technologies including HTML5, CSS3, and JavaScript with Ionicons for icons. It features a responsive design with a dark mode toggle and basic accessibility features. Hosting details are limited but the domain is registered via Amazon Registrar with privacy protection. Performance is moderate with good SEO practices including meta tags and structured data. From a security perspective, the site uses HTTPS and has domain status protections but lacks DNSSEC and security headers such as CSP or HSTS. No privacy, cookie, or terms policies are present, indicating compliance gaps. No analytics or advertising scripts are detected, suggesting minimal user tracking. The domain registration is privacy protected, which is appropriate for a personal blog, and no suspicious patterns are found. Overall, the site is safe, professional, and trustworthy for its niche audience but would benefit from improved privacy and security policies to enhance compliance and user trust.

Miifox.net is a personal and hobbyist website primarily focused on language projects, game development, and miscellaneous personal content. The site features informal language and a variety of technical and creative topics, targeting a general audience interested in conlangs and retro game development. The website is small-scale with limited professional business information or commercial intent. Technically, the site is built with basic HTML and CSS without advanced frameworks or CMS. It is hosted under a domain registered with Metaregistrar BV, but the WHOIS data is inconsistent, showing a future creation date, which raises concerns about domain legitimacy. No advanced security features, analytics, or marketing tools are detected, and the site lacks privacy, cookie, or terms of service policies. From a security perspective, the site does not implement DNSSEC, security headers, or visible HTTPS enforcement, which lowers its security posture. No contact or incident response information is provided, and no vulnerabilities or malware indicators are found. Overall, the site is safe for general audiences but lacks professional security and compliance measures. The overall risk is low due to the non-commercial nature of the site, but the inconsistent WHOIS data and lack of security best practices suggest improvements are needed to enhance trust and compliance.

The website wolfyja.de is a personal site belonging to an individual named jade, a 21-year-old non-binary transfeminine person from Germany who identifies as a wolfy. The site serves as a personal blog and portfolio showcasing interests in vintage computing, Linux, trains, photography, and social engagement within hacker and maker communities. The site also promotes social media presence and community participation but does not represent a commercial business entity. Technically, the site is built with basic HTML and CSS, hosted with Cloudflare DNS services, and shows moderate performance and mobile optimization. However, it lacks advanced security headers and formal privacy or cookie policies, which are important for compliance and trust. Security posture is basic with no visible vulnerabilities but also no formal security disclosures or incident response information. Overall, the site is safe, non-commercial, and targeted at a general audience interested in personal tech and social topics.

The website natalieee.net is a personal site owned by natalie[ee] (roentgen connolly), serving as a platform for personal blogging, technical content, and site information. It is a small-scale, niche personal website with a consistent branding approach and a focus on technical and personal expression. The site is actively maintained with a custom static site generator and HTTP server built using Python and Hy, demonstrating a high level of technical maturity for a personal project. From a technical perspective, the site employs modern technologies such as asyncio and a custom static site generator, indicating a strong technical infrastructure. The site performance is fast, with basic mobile optimization and accessibility features. However, SEO and accessibility could be improved further. The hosting provider is not explicitly stated, but the domain registrar is Spaceship, Inc. Security posture shows some strengths such as domain transfer protection and anti-bot measures in the comment form, but lacks critical elements like DNSSEC, HTTPS confirmation, security headers, and published privacy or cookie policies. No vulnerability disclosure or incident response information is provided, which limits transparency and security readiness. Overall, the security score is moderate but could be significantly improved. The overall risk is moderate with no critical vulnerabilities detected in the content or domain registration. Strategic recommendations include enabling HTTPS and DNSSEC, publishing privacy and cookie policies, adding security headers, and improving spam and bot protections. These steps would enhance trust, compliance, and security posture, aligning the site with best practices for personal websites.

The website lifeless.space presents minimal content with a simple heading and a short descriptive phrase. There is no indication of a commercial business or services offered. The domain is newly registered in October 2024 with privacy protection, which obscures registrant details. The site is hosted via Cloudflare DNS but lacks DNSSEC and security headers, indicating a basic security posture. No privacy, cookie, or terms policies are present, and no contact information is provided, limiting trust and compliance. Overall, the site appears to be a placeholder or personal project rather than a professional business presence.

N

ninee's webbed site

ninee.xyz

62

The website ninee.neocities.org is a personal homepage primarily serving as a curated links page to various social, development, and personal interest sites. It does not represent a commercial business or organization and lacks detailed business information or contact data. The site is hosted on Neocities, a platform popular for personal and hobbyist web projects. The technical infrastructure is minimal, relying on basic HTML and CSS without advanced frameworks or CMS. Security posture is limited, with no detected security headers or privacy policies, and no HTTPS status information available from the data. The site content is safe, general audience appropriate, and free from adult or questionable material. Overall, the site is functional but basic, with room for improvement in security and privacy compliance.

P

Private by Design, LLC

moth.monster

60

moth.monster is a small personal and creative website operated by Private by Design, LLC, based in the US. The site features a blog, projects, art portfolio, an online shop, and contact information, targeting a general audience interested in creative content and merchandise. The business model appears to be content sharing combined with merchandise sales through an external shop platform. The website is modest in scale and positioned as a niche personal digital presence rather than a commercial enterprise. Technically, the website is built with standard HTML, CSS, and JavaScript without any detected CMS or advanced frameworks. Hosting and DNS services are provided by Porkbun, LLC. The site shows basic mobile optimization and SEO features but lacks advanced accessibility and performance enhancements. No analytics or advertising technologies are detected, indicating minimal user tracking and a privacy-conscious approach. From a security perspective, the domain is privacy protected and has domain status flags that prevent unauthorized transfers or deletions, which is positive. However, DNSSEC is not enabled, and no security headers are detected, which are areas for improvement. The site lacks privacy and cookie policies, vulnerability disclosure information, and incident response contacts, indicating gaps in compliance and security transparency. No WAF or blocking mechanisms are present, and the content is safe for general audiences. Overall, moth.monster is a modest, privacy-conscious personal website with basic technical and security posture. Strategic improvements in security headers, privacy compliance, and vulnerability disclosure would enhance trust and resilience. The site is low risk but would benefit from formalizing privacy and security practices to align with best practices.

P

Privacy service provided by Withheld for Privacy ehf

nia.dog

57

The website nia.dog is a personal site belonging to an individual named Nia, who identifies as a transfeminine nerd based in Pittsburgh. The site focuses on personal interests such as retro games, niche content, music, and writing. It is a small-scale, non-commercial personal blog hosted likely on Neocities with domain registration through NameCheap. The site content is basic but relevant to its niche audience, with moderate branding consistency and no commercial business model or professional business information provided. Technically, the site uses basic HTML and CSS without advanced frameworks or CMS. Hosting appears to be on a simple platform with moderate performance and basic mobile optimization. There is no evidence of analytics, tracking, or advertising technologies. Security posture is minimal with no DNSSEC, no security headers, and no visible HTTPS enforcement confirmation. Privacy and cookie policies are absent, and no contact or incident response information is provided. Overall, the security posture is weak but typical for a personal site. The domain is privacy protected, which is justified given the personal nature of the site. No suspicious or malicious indicators were found. The site is safe for general audiences with no adult or explicit content. The overall AI score reflects a basic but functional personal website with room for improvement in security and compliance. Strategic recommendations include enabling DNSSEC, adding security headers, enforcing HTTPS, publishing privacy and cookie policies, and providing contact information to improve trust and compliance.

S

The Barkzone

sugrstrz.com

56

SugrStrz.com is a personal website and blog maintained by an individual gamer and technology enthusiast. The site focuses on sharing personal interests including gaming, music, and social media engagement. It serves a niche audience of gaming and retro game fans as well as followers of the owner's social profiles. The business model is non-commercial, primarily a hobby/personal branding platform with no direct revenue streams or commercial services. The website is hosted on Neocities with DNS managed by Cloudflare and domain registration through GoDaddy, reflecting a modest but stable technical infrastructure. The site uses basic HTML, CSS, and JavaScript with some outdated elements such as the deprecated marquee tag, indicating room for modernization. Security posture is basic with no DNSSEC enabled and no visible security headers or HTTPS enforcement in the HTML content, though the domain registration status includes protective flags. Privacy and cookie policies are absent, and no contact or incident response information is provided, limiting compliance and trust signals. Overall, the site is safe for general audiences with no adult content detected. Recommendations include improving security configurations, adding privacy and cookie policies, and enhancing mobile and accessibility features to improve user experience and compliance.

P

Privacy service provided by Withheld for Privacy ehf

catgirl.global

55

The website catgirl.global appears to be a small, personal or niche project centered around the 'Sharkey' platform and related technology. The site content is minimal, primarily serving as a front for a Misskey instance or similar social platform, with a focus on a user named 'maya' and their activities. The domain is very new, registered in July 2024, and uses privacy protection services, indicating a small or personal scale operation without extensive business infrastructure. Technically, the site uses modern JavaScript frameworks and tools such as Vite and Phosphor Icons, but the content and SEO optimization are basic. Security posture is moderate with HTTPS enabled but lacking DNSSEC and security headers. Privacy and cookie policies are absent, and no incident response or vulnerability disclosure information is provided, which limits compliance and trust. Overall, the site is accessible without WAF or blocking mechanisms and contains safe content suitable for general audiences.

F

fawnover.fun

fawnover.fun

45

fawnover.fun is a personal website operated by an individual named June, focusing on sharing media reviews, personal art, and social engagement across various platforms including Fediverse, Twitter, YouTube, Bluesky, Twitch, and Git.gay. The site features artistic SVG graphics and interactive elements such as theme switching and audio playback, reflecting a creative and personal brand. The domain is newly registered in December 2024 and uses privacy protection services, consistent with a personal blog rather than a commercial enterprise. Technically, the site is hosted behind Cloudflare DNS with HTTPS enabled, but lacks advanced security headers and formal privacy or cookie policies. No analytics or tracking scripts are detected, indicating a privacy-conscious approach.

The website ielenia.lgbt is a personal homepage for Luna Aria Ielenia, a young transfeminine individual from the United States studying music and electronics engineering technology. The site primarily serves as a personal presence with links to social profiles on the fediverse and a partner site. It is a small-scale personal site without commercial business operations or complex services. The technical infrastructure is minimal, relying on static HTML and CSS, hosted under a domain registered with Porkbun LLC. The domain WHOIS data shows an unusual future creation date, which is inconsistent with the current date and website content, raising questions about data accuracy but not necessarily legitimacy. Security posture is basic with no advanced headers or policies implemented, and no privacy or cookie policies are present. The site does not use analytics or advertising technologies, indicating minimal user tracking and a focus on privacy. Overall, the site is safe for general audiences and serves as a personal digital identity hub.