Security Directory

N

Neatnik

discourse.lol

46

omg.lol is a small technology company operated by Neatnik, providing a modern authentication platform focused on passwordless sign-in using passkeys. The website demonstrates a commitment to modern security practices by integrating Passage authentication technology, enabling users to sign in securely without passwords or 2FA codes. The platform targets general users seeking secure and convenient login experiences. Technically, the site uses modern JavaScript and CSS, is mobile optimized, and hosted on a CDN for performance. However, some security best practices such as explicit security headers and cookie consent mechanisms are missing or not visible in the provided data. The domain uses privacy protection in WHOIS, which is common and justified for this business type. Overall, the site is professional and trustworthy but could improve privacy compliance and security posture.

K

Functional programming and javascript

korolr.dev

55

The website korolr.dev is a small-scale personal or technical blog focused on functional programming and JavaScript. It provides educational content primarily targeting developers and programming enthusiasts interested in these topics. The site has a simple structure with minimal content and no evident commercial or business operations. Technically, the site uses basic web technologies including HTML5, CSS, JavaScript, and jQuery, with Google Fonts for typography. There is no evidence of a CMS or advanced frameworks. The site appears to be moderately optimized for performance and mobile use but lacks advanced SEO and accessibility features. Security posture is weak or unknown due to lack of HTTPS information and absence of security headers or policies. No privacy, cookie, or terms of service policies are present, and no contact or business information is provided, limiting trust and compliance. Overall, the site is safe for general audiences with no adult or questionable content detected.

A

ajaxbits (Alex Jackson)

ajaxbits.com

53

ajaxbits is a personal blog operated by Alex Jackson, focusing on web development topics such as mkYarnModules and browser-native image conversion. The site targets web developers and technology enthusiasts, providing technical insights through blog posts. The business model is content publishing with a niche audience. The website is built using the Hugo static site generator and hosted on Hover nameservers, indicating a lightweight and modern technical infrastructure. The site is mobile optimized with good design and navigation but lacks advanced SEO and accessibility features. Security posture is moderate; domain registration includes transfer and update prohibitions, but DNSSEC is not enabled and no security headers are detected. There are no published privacy, cookie, or terms of service policies, and no contact or incident response information is provided. Overall, the site is safe and trustworthy but could improve compliance and security practices.

F

~fufexan.net

fufexan.net

49

The website fufexan.net is a minimal personal site owned by an individual named Mihai, primarily serving as a small blog or informational page related to the Nix community. It contains very limited content, mainly a greeting and a brief FAQ. The site uses the Zola static site generator and is hosted with Cloudflare DNS services, with HTTPS enabled but lacking advanced security headers or DNSSEC. There are no forms, contact details, or business-related information, indicating it is not a commercial or organizational site. From a security perspective, the site benefits from HTTPS and domain status protections but lacks DNSSEC and security headers, which are recommended for improved security posture. No privacy, cookie, or terms of service policies are present, which limits compliance with GDPR or other privacy regulations. No analytics or advertising technologies are detected, suggesting minimal user tracking. Overall, the site is safe for general audiences with no adult or questionable content. The domain registration is consistent with the site's nature and age, showing no suspicious patterns. The lack of business information and policies limits the site's credibility and compliance but is understandable given its personal nature. Strategic improvements include adding basic privacy and cookie policies, enabling DNSSEC, and implementing security headers to enhance security and trust.

The website gayest.dev is a personal developer portfolio site belonging to an individual named Ivy, who identifies with she/her pronouns. The site showcases several open-source projects primarily related to software development and fediverse services, including custom init systems, CI detection tools, and Lua-based utilities. It also highlights several related fediverse and git hosting services operated or affiliated with the owner. The site targets developers and fediverse users, positioning itself as a niche personal brand within the technology community. The business model is primarily personal branding and project showcasing without commercial transactions evident. Technically, the site is built with straightforward HTML and CSS, with no detected CMS or advanced frameworks. The site is moderately optimized for performance and mobile use but lacks advanced accessibility and SEO features. The technology stack is simple and appropriate for a personal portfolio, with links to related projects and services hosted on various domains. No analytics or advertising technologies are detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS as indicated by the URL, but no security headers were detected in the provided data. The only form present uses the GET method, which is not ideal for protecting user input. There are no privacy, cookie, or terms of service policies, nor any incident response or vulnerability disclosure information. The domain registration uses privacy protection, which is reasonable for a personal site. No suspicious patterns or vulnerabilities were identified, but security posture is basic and could be improved. Overall, the site is safe, with no adult or explicit content, and presents a moderate level of trustworthiness. The lack of formal policies and security best practices limits its compliance and security maturity. Strategic recommendations include adding privacy and cookie policies, improving form security, implementing security headers, and providing vulnerability disclosure and incident response information to enhance trust and compliance.

Praktijk voor Tandheelkunde & Implantologie J.J.M. Rijnties is a small dental healthcare provider based in The Hague, Netherlands, specializing in dental implantology and general dental services. The website presents a professional but basic online presence with clear contact information and a focus on personalized patient care. The domain is well-established since 2007 with DNSSEC enabled, supporting legitimacy and trustworthiness. Technically, the site uses simple HTML and CSS without modern frameworks or CMS, resulting in moderate performance and basic mobile optimization. Security posture is limited, with no HTTPS enforcement or security headers detected, and no privacy or cookie policies present, indicating gaps in compliance and best practices. Overall, the site is safe and suitable for general audiences but would benefit from enhanced security and privacy measures to improve trust and compliance.

M

Martin Magni

oddbotout.com

45

Odd Bot Out is an indie mobile puzzle game developed and promoted by Martin Magni. The website serves as a promotional platform linking to the iOS and Android app stores and features embedded video content and positive press reviews. The business operates in the technology sector, specifically mobile gaming, targeting casual gamers interested in physics-based puzzles. The site is small-scale and focused on a single product with no indication of a larger corporate structure. Technically, the website is built with basic HTML and CSS, uses Google Fonts, and embeds YouTube videos. It is mobile-optimized and provides a straightforward user experience. However, there is no evidence of advanced frameworks or CMS usage. SEO and accessibility are basic but adequate for the site's scope. From a security perspective, the site lacks visible HTTPS confirmation and security headers, and no privacy or cookie policies are present. The WHOIS data is missing or unavailable, which raises concerns about domain legitimacy and trustworthiness. No contact information or incident response details are provided, limiting transparency and user trust. Overall, the site is functional and content-rich for its purpose but has notable gaps in security, privacy compliance, and domain registration transparency. Strategic improvements in these areas would enhance trust and compliance.

M

Martin Magni

mekorama.com

48

Mekorama is an indie mobile puzzle game developed by Martin Magni, offering a unique experience with mechanical dioramas and user-generated content via QR codes. The game is available across multiple platforms including iOS, Android, Nintendo Switch, PlayStation, Xbox, and web browsers, positioning it as a niche but well-regarded title in the indie gaming market. The website provides rich content about the game, including links to app stores, console versions, and social media channels, but lacks formal business contact details and privacy-related policies. Technically, the website uses standard web technologies such as HTML5, CSS, and JavaScript, with Google Adsense for monetization and Google Fonts for typography. The site is mobile-optimized and has good SEO practices but lacks advanced security headers and explicit privacy or cookie policies. No forms are present, reducing attack surface but also limiting user interaction on the site. From a security perspective, the site uses HTTPS, but no additional security headers were detected in the provided data. The absence of privacy and cookie policies indicates potential compliance gaps with GDPR and other privacy regulations. The WHOIS data is unavailable, which reduces trust slightly but is not uncommon for small indie projects. No vulnerabilities or malicious content were detected, and the content is safe for general audiences. Overall, Mekorama's website is professionally presented with good content quality and business credibility for an indie game. However, improvements in privacy compliance, security headers, and WHOIS transparency are recommended to enhance trust and regulatory adherence.

P

Piet Terheyden

oni-icons.com

40

Oni Icons is a small technology-focused business founded in 2021 by Piet Terheyden, offering customizable icon packs primarily targeting designers and mobile users who want to personalize their iPhone and Android home screens. The website provides vector icon packs with easy color customization and instructions for use, positioning itself as a niche provider in the design tools market. Technically, the site uses standard web technologies including HTML5, CSS, JavaScript, jQuery, and integrates privacy-conscious analytics via Plausible. The site is mobile optimized with good navigation and professional design, though accessibility features are basic. Security posture is moderate with HTTPS enforced and domain registration protections in place, but lacks DNSSEC and security headers. Privacy compliance is limited, with no cookie consent mechanism and only a basic privacy policy present. Overall, the site is legitimate and functional but could improve in security and privacy transparency.

D

Domains By Proxy, LLC

cactus.chat

62

Cactus Comments is an open source federated comment system built on the Matrix protocol, targeting web developers and website owners who want decentralized, privacy-respecting comment functionality. The project is small and community-funded, with source code openly available under LGPLv3 and AGPLv3 licenses. The website is professionally designed with good content quality and clear navigation, reflecting a mature open source project. Technically, it uses modern web standards and is hosted on Hetzner, a reputable provider. However, there are gaps in privacy compliance and security policies, with no visible privacy or cookie policies and no incident response information published. The security posture is moderate, with HTTPS implied but no explicit security headers detected. Overall, the domain registration is privacy protected but consistent with the nature of the project, and no suspicious patterns were found.

L

Language Creation Society

fiatlingua.org

52

Fiat Lingua is an educational and archival website dedicated to constructed language (conlang) articles, operated by the Language Creation Society, a US-based organization. The site serves a niche audience of linguists, conlang enthusiasts, and scholars by providing professionally authored content and downloadable resources. The business model is non-commercial, focusing on community and educational value rather than direct monetization. The website is built on WordPress and hosted by DreamHost, leveraging modern web technologies and providing a generally good user experience with clear navigation and mobile optimization. However, the site lacks explicit privacy and cookie policies, which impacts compliance and user trust. Security posture is solid with HTTPS enabled and domain transfer protections, but could be improved by enabling DNSSEC and adding security headers. No contact information or incident response details are provided, limiting direct communication channels. Overall, the site is trustworthy and professionally maintained but would benefit from enhanced privacy and security disclosures.

M

Matt Rutherford

mattrutherford.co.uk

58

Matt Rutherford operates a personal brand website focused on sharing weekly insights and tips related to career growth, personal development, and clarity in work and life. The site offers a newsletter subscription, blog articles, and various tools and resources aimed at individuals seeking to improve their professional and personal lives. The business model centers on content publishing and coaching services, positioning Matt Rutherford as a thought leader in this niche. The website is professionally designed, well-branded, and consistently updated with relevant content, targeting a general audience interested in self-improvement and career success. Technically, the website is built on the Ghost CMS platform, leveraging modern web technologies including JavaScript, CSS, and HTML5. It integrates third-party services such as Plausible Analytics for privacy-focused tracking and Ghostboard for engagement metrics. The site demonstrates good performance, mobile optimization, and SEO practices, although some security headers are missing. The use of structured data (JSON-LD) enhances search engine understanding and visibility. From a security perspective, the site enforces HTTPS and uses secure forms for newsletter subscription. However, it lacks explicit privacy and cookie policies, security.txt files, and incident response contact information, which are important for compliance and trust. No vulnerabilities or exposed sensitive data were detected in the analyzed content. The WHOIS lookup for the domain failed due to a naming rules error, which is unusual but the site is live and functional, indicating legitimacy despite the lack of WHOIS transparency. Overall, the website presents a low-risk profile with strong content quality and business credibility but would benefit from enhanced privacy compliance and security best practices to improve trust and regulatory adherence.

L

Leon Mika

lmika.org

55

The website lmika.org is a personal blog and portfolio site for Leon Mika, a software developer and occasional music writer based in Melbourne, Australia. The site features blog posts, photos, and links to various technology and personal interest sites. It is built using the Hugo static site generator and hosted on the Micro.blog platform, indicating a modern and lightweight technical infrastructure. The site includes JavaScript enhancements such as a service worker and lightbox functionality for images, and uses minimal third-party analytics via tinylytics.app. From a security perspective, the site uses HTTPS and registers a service worker, but lacks advanced security headers and does not have visible privacy or cookie policies, nor contact information for security incidents or data protection officers. The domain is privacy protected via Contact Privacy Inc., which is typical for personal sites, and the domain age aligns with the site's content history. No vulnerabilities or suspicious patterns were detected in the content or technical setup. Overall, the site presents a good level of content quality, technical implementation, and business credibility for a personal blog, but falls short on privacy compliance and security best practices. There is no evidence of adult or unsafe content, and the site is fully accessible without WAF or blocking mechanisms.

L

Lou Plummer

amerpie.lol

55

Amerpie.lol is a personal blog operated by Lou Plummer, focusing on topics such as technology (especially Mac-related), hiking, photography, music, and personal reflections. The site is hosted on the Micro.blog platform and uses a static site generator (Hugo), reflecting a modern and lightweight technical infrastructure. The blog targets general internet users interested in personal stories and cultural content, with no evident commercial or e-commerce activities. The domain is relatively new, registered in early 2024, and uses privacy protection services, which is appropriate for a personal blog.

S

Sebastian De Deyne

sebastiandedeyne.com

62

sebastiandedeyne.com is a personal professional blog and portfolio site of Sebastian De Deyne, a web developer and designer. The site features a rich collection of blog posts focused on web development, programming, design, and related technology topics. It targets developers, designers, and tech enthusiasts, positioning itself as a trusted source of knowledge and inspiration in the web technology niche. The business model is primarily content-driven personal branding and knowledge sharing. The domain has been active since 2013, reflecting a mature and stable online presence.

J

Jarrod Blundy

heydingus.net

51

HeyDingus is a personal blog operated by Jarrod Blundy, focusing on technology, outdoor activities, and curated internet content. The site serves a niche audience of technology enthusiasts and outdoor lovers, offering blog posts, shortcuts, and digital products. The business model is primarily content-driven with monetization through tips, affiliate marketing, and a small store. The website is well-branded, professionally designed, and regularly updated, reflecting a small but engaged community presence. Technically, the website is hosted on Blot.im, leveraging a simple but effective tech stack including HTML5, CSS, JavaScript, and integrations with Micro.blog and Carbon Ads. The site is mobile-optimized and performs well, with fast loading times and good SEO practices. Accessibility is basic but functional. The site uses HTTPS with a strong SSL configuration, though it lacks DNSSEC and some recommended security headers. From a security perspective, the site demonstrates good baseline practices such as HTTPS enforcement and domain transfer/update protections. However, it lacks explicit privacy and cookie policies, security.txt files, and vulnerability disclosure mechanisms, which are important for compliance and transparency. No critical vulnerabilities or exposed sensitive data were detected. The domain registration is consistent with the website content and shows no suspicious patterns. Overall, HeyDingus is a trustworthy, well-maintained personal blog with solid technical foundations but could improve its privacy compliance and security posture by adding formal policies and security headers. The risk level is low, but enhancements in compliance and security best practices are recommended to maintain trust and meet evolving standards.

N

Numeric Citizen Space

numericcitizen.me

48

Numeric Citizen Space is a personal technology blog operated by an individual contributor focused on Apple products, software, apps, photography, and personal stories. The site targets Apple enthusiasts, digital nomads, and technology readers, offering regularly updated articles and a subscription-based newsletter model. The business model is content-driven with donation support and subscription options. Technically, the website is built on the Ghost CMS platform, hosted and DNS managed by Cloudflare, and uses modern web technologies including JavaScript and CSS. The site is mobile-optimized, fast-loading, and includes privacy-focused analytics services such as Plausible and Cloudflare Web Analytics. Security posture is good with HTTPS enforced and domain transfer protection, but lacks some security headers and DNSSEC. Privacy compliance is limited due to absence of privacy and cookie policies. Overall, the website is professional and trustworthy but could improve compliance and security transparency.

The website fabiensauser.ch is a personal blog primarily in French, focusing on literature, technology, and personal reflections. It is built using the Hugo static site generator and contains a series of well-written blog posts with clear navigation and moderate mobile optimization. The site targets general internet users interested in thoughtful content rather than commercial services. There is no evidence of monetization or business operations beyond content publishing. Technically, the site uses a simple tech stack with Hugo and CSS, lacks advanced frameworks or analytics, and shows basic SEO and accessibility features. No forms or tracking scripts are present, indicating minimal data collection. However, there is no visible HTTPS/SSL confirmation or security headers, which reduces the security posture. Privacy and cookie policies are absent, limiting compliance with GDPR and related regulations. Security-wise, the site does not expose sensitive data or show signs of vulnerabilities but lacks formal security policies or incident response contacts. The domain uses privacy protection in WHOIS, typical for personal blogs, with no suspicious patterns detected. Overall, the site is safe and trustworthy for general audiences but could improve in security and privacy compliance. The overall risk is low given the non-commercial nature and limited data collection, but strategic improvements in HTTPS implementation, security headers, and privacy disclosures are recommended to enhance trust and compliance.

C

Cory Gibbons

corygibbons.com

59

Cory Gibbons is an individual freelance developer and designer focused on creating fast, scalable, and enjoyable digital experiences. The website serves as a personal portfolio and contact point for limited freelance opportunities. The business model is straightforward, targeting clients seeking development and design services. The market position is that of a small-scale independent professional without broader corporate affiliations. Technically, the website is built using modern JavaScript frameworks, specifically React with React Router, and is hosted on Vercel, ensuring fast performance and good mobile optimization. The site uses module preloading and modern ES modules, indicating a contemporary tech stack. However, accessibility and SEO optimizations are basic, and no CMS or analytics tools are detected. From a security perspective, the site benefits from HTTPS and domain registrar protections but lacks DNSSEC and security headers, which are recommended for enhanced security. There are no privacy or cookie policies, which limits compliance with GDPR and related regulations. No incident response or vulnerability disclosure mechanisms are present, which could be improved to enhance trust and security posture. Overall, the website is professional and functional for its purpose but could benefit from improved privacy compliance and security best practices to increase trustworthiness and reduce risk.

B

Ben Werdmuller

werd.io

57

Werd I/O is an independent media and blogging platform authored by Ben Werdmuller, focusing on topics at the intersection of technology, media, and democracy. The website operates on a reader-supported subscription model, providing thoughtful essays and articles to a general audience interested in societal and technological issues. The market position is niche but credible, with a small but engaged audience. The business is small-sized, US-based, and founded in 2013, reflecting a mature presence in independent digital media. Technically, the site is built on the Ghost CMS platform, leveraging modern web technologies including JavaScript, CSS, and Cloudflare DNS services. The site demonstrates good performance, mobile optimization, and SEO practices. However, accessibility is basic and could be improved. The technical infrastructure is modern and well-maintained, supporting a smooth user experience. From a security perspective, the site enforces HTTPS and uses clientTransferProhibited status on the domain, indicating domain transfer protection. However, DNSSEC is not enabled, and no security headers are detected, which are areas for improvement. There is no visible privacy or cookie policy, nor incident response or vulnerability disclosure information, which impacts compliance and trust. No critical vulnerabilities or exposed sensitive data were found. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance and security best practices. Strategic recommendations include enabling DNSSEC, publishing privacy and cookie policies, adding security headers, and providing incident response contacts to improve user trust and regulatory compliance.

Skyhold.org is a personal website operated by C Jackdaw, a writer and witch, serving as a platform for creative expression, personal blogging, and resource sharing. The site targets a niche audience interested in writing, witchcraft, solarpunk, ADHD, and related topics. It is a small-scale, non-commercial site with regular content updates and a modest but consistent brand presence. The business entity behind the domain is Private by Design, LLC, a US-based organization, which aligns with the website's personal and creative nature. Technically, the site is hand-coded with standard HTML, CSS, and JavaScript, leveraging modern IndieWeb protocols such as IndieAuth and Webmention. Analytics are implemented via privacy-conscious services like GoatCounter and Tinylytics, reflecting a minimal user tracking approach. The site demonstrates good mobile optimization and basic accessibility but lacks advanced SEO and security headers. Hosting details are not explicit, but DNS indicates use of messagingengine.com name servers, possibly related to email hosting. From a security perspective, the site uses HTTPS and has domain status protections against unauthorized transfer or deletion. However, it lacks DNSSEC and common security headers, which are recommended to enhance security posture. No privacy or cookie policies are present, indicating compliance gaps. No forms or input fields are present, reducing attack surface but also limiting user interaction. Overall, the security posture is moderate but could be improved with standard best practices. The overall risk is low given the personal nature and limited business impact of the site. Strategic recommendations include enabling DNSSEC, adding security headers, publishing privacy and cookie policies, and considering a security.txt file for vulnerability disclosure. These steps would improve trust, compliance, and security without significant overhead.

F

fLaMEd fury

flamedfury.com

55

fLaMEd fury is a personal website and blog operated by an individual known as fLaMEd, focusing on web culture, personal interests, and collections such as books and records. The site serves as a digital diary and a curated index of various personal content, targeting a general audience interested in web and personal storytelling. The website is small-scale and niche, with a consistent brand and good content quality. Technically, the site is built using modern web standards and the Eleventy static site generator, hosted with Cloudflare as registrar and DNS provider. The site demonstrates good performance, mobile optimization, and accessibility, with no detected tracking or advertising scripts, reflecting a privacy-conscious approach. Security-wise, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and security headers, and does not publish formal security or incident response policies. Overall, the site is trustworthy and well-maintained but could improve privacy compliance and security posture by adding cookie consent and security policies.

The website '𓆱 softlandings' appears to be a personal or thematic blog with dated posts and minimal business or commercial content. It does not present clear business information, contact details, or commercial services, indicating a small-scale or individual operation. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript without detectable CMS or advanced frameworks. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. Security posture is weak due to absence of HTTPS confirmation, security headers, and privacy policies. The WHOIS data is malformed and provides no registrar or registrant information, limiting trust and verification. Overall, the site is safe for general audiences but lacks professional business and security maturity.

P

Pedro Corá

pcora.eu

41

The website pcora.eu serves as a personal professional profile for Pedro Corá, an IT Analyst based in the Netherlands. It primarily functions as a hub linking to various personal blogs, photoblogs, and social media profiles, emphasizing personal branding rather than commercial business operations. The site content is straightforward, professional, and targeted at a general audience interested in Pedro's IT expertise and personal content. Technically, the website uses standard HTML5 and CSS with FontAwesome icons and Open Graph metadata for social sharing. It is hosted on or uses services from omg.lol and cache.lol domains, indicating a lightweight, possibly static or semi-static site architecture. The site is moderately optimized for mobile and accessibility but lacks advanced SEO and security headers. From a security perspective, the site uses HTTPS, but no additional security headers were detected. There are no forms collecting sensitive data, reducing attack surface. However, the absence of privacy and cookie policies, security.txt, or vulnerability disclosure mechanisms indicates limited formal security and compliance posture. No WAF or blocking mechanisms were detected, and the site is fully accessible. Overall, the site is low risk with a moderate trust level, suitable for personal branding. Strategic improvements include adding privacy and cookie policies, implementing security headers, and enhancing SEO and accessibility to improve professionalism and compliance.

T

Tangible Life

tangiblelife.net

49

Tangible Life is a personal blog established in 2021 that publishes reflective and experiential content focused on lifestyle, technology, and personal growth. The site targets readers interested in the IndieWeb community and thoughtful living. It operates as a small-scale personal publishing platform without commercial transactions or extensive business infrastructure. Technically, the website uses a simple tech stack including HTML5, CSS, JavaScript with jQuery and Galleria.js, and is likely hosted on Blot.im, a platform for personal blogs. The site demonstrates good design quality, mobile optimization, and clear navigation, though accessibility and SEO optimizations are basic. Security posture is moderate with HTTPS implied but lacking DNSSEC and security headers. No privacy or cookie policies are present, indicating compliance gaps. Analytics usage is minimal via Tinylytics, with no forms or personal data collection evident. The domain registration is consistent and appropriate for the site’s age and content, registered with Porkbun LLC since 2021 with no privacy protection. Overall, the website is trustworthy as a personal blog but would benefit from improved security and privacy compliance.

N

nix webring

nixwebr.ing

54

The website 'nixwebr.ing' serves as a community-driven webring platform focused on Nix and NixOS enthusiasts. It provides a curated list of member websites, many linking to their NixOS configuration repositories, fostering collaboration and sharing within the niche technical community. The site operates on an open contribution model via pull requests, emphasizing transparency and community involvement. Technically, the site is built with standard HTML, CSS, and JavaScript, featuring a clean and responsive design with fast performance and basic accessibility. It uses HTTPS and includes Plausible Analytics for privacy-conscious visitor tracking. However, it lacks formal privacy, cookie, and terms of service policies, and does not provide direct contact emails or phone numbers, relying instead on external profile links for contact. Security posture is generally good with HTTPS and minimal external scripts, but could be improved by adding security headers and formal security policies. Overall, the site is trustworthy and safe, with no adult or questionable content detected.

B

Bitwarden, Inc.

bitwarden.com

85

Bitwarden, Inc. operates a leading open source password management platform trusted by millions globally, serving individuals, families, businesses, and enterprises. Their product suite includes password management, secrets management, passwordless authentication, and developer tools, positioning them strongly in the cybersecurity technology market. The company emphasizes transparency, security, and compliance, supported by certifications such as SOC 2 and ISO 27001. Their business model is primarily SaaS with free and paid tiers, including self-hosting options for enterprises. Technically, Bitwarden employs a modern React-based web platform, leveraging Cloudflare for hosting and CDN services, and integrates analytics tools like Google Tag Manager and Plausible Analytics. The website demonstrates excellent performance, mobile optimization, accessibility, and SEO practices, reflecting a mature digital infrastructure. Security posture is robust, with enforced HTTPS, comprehensive security headers, a bug bounty program, and regular compliance audits. However, DNSSEC is not enabled, and a security.txt file is absent, representing areas for improvement. Privacy compliance is strong, with clear privacy and cookie policies and GDPR adherence. Contact information is available primarily via contact forms, with no explicit phone numbers or emails disclosed. Overall, Bitwarden presents a high-trust, professional, and secure online presence with minimal risk. Strategic recommendations include enabling DNSSEC, publishing a security.txt file, and enhancing incident response transparency to further strengthen their security and compliance posture.

D

Dracula Team

draculatheme.com

66

Dracula Theme is a well-established open source project providing a popular dark color scheme for over 300 applications, primarily targeting developers and programmers. The website showcases a professional design with clear branding and a strong community presence, evidenced by a highly starred GitHub repository. The business model includes free theme offerings alongside a premium Dracula PRO product sold via a partner store. Technically, the site leverages modern web technologies such as Next.js and React, with good performance and mobile optimization. Security posture is strong with HTTPS and multiple security headers implemented, though the absence of explicit privacy and cookie policies, as well as contact information for security incidents, represents compliance gaps. Overall, the site is trustworthy and professional but could improve privacy compliance and incident response transparency.

P

Private by Design, LLC

lipukule.org

58

Lipukule.org is a niche cultural and linguistic website dedicated to the toki pona language and related content. It provides articles and posts that explore various themes in toki pona, targeting enthusiasts and learners of this constructed language. The website operates under the ownership of Private by Design, LLC, a US-based entity, with domain registration consistent with the site's scale and focus. The business model centers on content publication and community engagement via Discord and Telegram channels, without evident commercial transactions or e-commerce features. Technically, the website is built using the modern SvelteKit framework with JavaScript and CSS, delivering a good user experience with responsive design and clear navigation. Performance is moderate, and accessibility is basic but functional. No major technical debt or outdated technologies were detected. However, the site lacks advanced SEO optimization and accessibility features. From a security perspective, the site uses HTTPS but lacks security headers and published security policies. No privacy or cookie policies are present, and no contact information is provided, which limits compliance with GDPR and other privacy regulations. No vulnerability disclosure or incident response information is available. The domain registration is transparent and consistent with the website's purpose, supporting legitimacy. Overall, the website is safe, with no adult or explicit content detected. The content quality and business credibility are good, but privacy compliance and security posture need improvement. Strategic recommendations include implementing privacy and cookie policies, adding security headers, publishing a vulnerability disclosure policy, and enhancing accessibility and SEO.

P

Privacy service provided by Withheld for Privacy ehf

wikipesija.org

41

Wikipesija is a niche community-driven wiki platform focused on the toki pona language, providing an open content knowledge base for speakers and learners. The website operates on the MediaWiki platform and hosts over 3,000 pages, emphasizing educational and cultural content. The technical infrastructure is basic but functional, with moderate performance and limited mobile optimization. Security posture is minimal, lacking advanced security headers and published policies, and the domain uses privacy protection services typical for small community projects. Overall, the site is safe, trustworthy, and serves a specialized audience with no commercial intent or advertising.

The website 'lipamanka.gay' is a personal site primarily focused on sharing essays, stories, and linguistic resources related to the creator's interests. It is a small-scale, niche site without commercial intent or business contact information. The site is hosted likely on GitHub Pages with domain registration through NameCheap, protected by privacy services. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript, with minimal external dependencies. Analytics are implemented via GoatCounter, providing lightweight user tracking without aggressive data collection. From a security perspective, the site uses HTTPS and has domain transfer protection enabled, but lacks DNSSEC and security headers, which could be improved to enhance security posture. There are no privacy or cookie policies, nor terms of service, which limits compliance with GDPR and other privacy regulations. No contact or incident response information is provided, reducing transparency and trustworthiness from a security standpoint. Overall, the site is safe for general audiences, containing no adult or explicit content. The domain registration is recent and privacy protected, appropriate for a personal website. The lack of business information and policies limits the site's credibility and compliance maturity. Strategic improvements in security headers, privacy disclosures, and contact transparency would enhance trust and compliance.

H

healthyareastore

healthyareastore.com

59

healthyareastore.com is a newly established e-commerce website launched in early 2024, specializing in health and beauty products including makeup, skin care, hair care, and nutritional supplements. The site targets general consumers interested in improving their health and wellbeing through quality products. The business operates primarily online with a straightforward retail model and a focus on product variety within the health and beauty niche. The website is hosted on the edit.site platform and uses modern web technologies including JavaScript and REST APIs to deliver content and e-commerce functionality. The design is professional and mobile-optimized, providing a good user experience with clear navigation and calls to action. Security posture is basic but adequate with HTTPS enabled and domain transfer protection in place, though DNSSEC is not enabled and security headers are absent. Privacy compliance is addressed through a cookie consent mechanism and a privacy policy page, but terms of service and incident response policies are missing. Contact information is limited to an email address and a subscription form, with no phone or physical address provided. Overall, the site presents a moderate risk profile with room for improvement in security, compliance, and business credibility indicators.

P

Private by Design, LLC

unseen.ninja

57

The website unseen.ninja is a personal portfolio site representing an individual or small entity focused on design and coding services. The site presents a modern, clean design with SVG-based branding and uses Vue.js framework for frontend interactivity. The content is minimal but relevant, targeting a general audience interested in design and code. The domain is newly registered in early 2024, consistent with the site's apparent purpose as a personal portfolio. Technically, the site employs modern web technologies including ES modules, web fonts, and SVG graphics. It is hosted under a reputable registrar Porkbun LLC, though the hosting provider is not explicitly identified. The site is mobile optimized and has basic accessibility features. SEO is basic but includes proper meta tags and Open Graph data. From a security perspective, the site uses HTTPS but lacks DNSSEC and visible security headers, which are recommended for enhanced security. No forms or data collection mechanisms are present, reducing attack surface but also limiting user interaction. No privacy or cookie policies are provided, which is a compliance gap. The WHOIS data is consistent and transparent, with no privacy protection, appropriate for this type of site. Overall, the site is low risk with moderate trustworthiness but would benefit from improved security headers, privacy compliance, and contact transparency to enhance credibility and user trust.

M

mooncell07

mooncell07.me

56

Mooncell07 is a personal website and blog operated by an individual known as nova/mooncell07, focusing on web development learning, emulator development, network programming, gaming, and visual novels. The site serves as a platform to share open source projects and personal posts, targeting technology enthusiasts and developers. The website is built using modern frontend technology SvelteKit and hosted by Hostinger with privacy-protected domain registration, reflecting a small-scale personal project rather than a commercial enterprise. Technically, the site demonstrates a modern tech stack with good mobile optimization and basic SEO, though performance is moderate and accessibility is basic. Security posture is adequate with HTTPS and domain transfer protection but lacks DNSSEC and security headers, and no formal privacy or cookie policies are published. Overall, the site is safe, trustworthy, and professional for its intended personal use, but lacks formal compliance and security documentation typical of commercial sites.

Z

aman/home

zeffo.me

56

The website zeffo.me is a personal portfolio site owned by an individual named Aman, primarily showcasing programming projects and animal rehabilitation efforts. The site is small-scale and targets a general audience interested in technology and personal hobbies. It is hosted on Cloudflare and built using the modern SvelteKit framework, indicating a moderate level of technical maturity. The website design is good with clear navigation and mobile optimization, but lacks formal business and compliance documentation such as privacy or cookie policies. Security posture is adequate with HTTPS enabled and domain transfer protection, but could be improved by enabling DNSSEC and adding security headers. No contact emails or phone numbers are provided, limiting direct communication channels. Overall, the site is safe, trustworthy, and professionally presented for a personal project, but lacks formal compliance and security policies expected in business contexts.

L

lighttigerXIV - About

lighttigerxiv.dev

56

The website lighttigerxiv.dev is a personal portfolio site for Afonso Fonseca, a young developer from Portugal. It serves primarily as a showcase for his programming projects, open source contributions, and professional CV. The site targets a general audience interested in technology and programming, with a focus on personal branding rather than commercial business operations. Technically, the site is built using modern web technologies including SvelteKit and Google Fonts, delivering a fast and mobile-optimized experience. However, it lacks explicit privacy, cookie, and security policies, which are important for compliance and trust. Security posture is moderate with HTTPS implied but no detected security headers or incident response information. Overall, the site is safe, professional, and trustworthy but could improve in privacy compliance and security best practices.

P

Private by Design, LLC

dunkirk.sh

58

The website dunkirk.sh is a personal portfolio and blog site for Kieran Klukas, a 17-year-old homeschooled coder and content creator based in the United States. The site showcases personal interests such as filmmaking, FPV, and TypeScript programming, and provides contact information primarily via email. The domain is newly registered in 2024 under Private by Design, LLC, with transparent WHOIS data and appropriate domain security statuses. The site uses modern web technologies including TypeScript, Cloudflare DNS and CDN, and JavaScript, delivering a fast and mobile-optimized user experience with good SEO practices. From a security perspective, the site enforces HTTPS and benefits from Cloudflare's infrastructure, but lacks explicit security headers and formal privacy or cookie policies, indicating room for compliance improvement. No forms or sensitive data collection mechanisms are present, reducing attack surface. Analytics usage is minimal and privacy-conscious, relying on anonymous HTTP request counters. No vulnerabilities or suspicious content were detected. Overall, the site presents a moderate to good security posture with a strong technical foundation and clear business credibility as a personal portfolio. However, the absence of privacy and cookie policies and explicit security headers are notable gaps. Strategic improvements in these areas would enhance compliance and trustworthiness.

J

Jan's Website

jan-osing.de

57

Jan's website is a personal portfolio and social presence site for a young developer from Germany. It focuses on personal interests such as gaming, anime, open source software, and Linux distributions. The site is simple, well-structured, and provides links to various social and community platforms. The technical infrastructure is basic, relying on static HTML and CSS with Cloudflare DNS services. There is no evidence of advanced frameworks or CMS usage. Security posture is minimal with no visible security headers or policies, but no critical vulnerabilities or malicious content were detected. Privacy compliance is lacking as no privacy or cookie policies are present. Overall, the site is low risk but would benefit from improved security and compliance documentation.

P

PURE Sports Nutrition

puresportsnutrition.com

62

PURE Sports Nutrition is a New Zealand-based e-commerce business specializing in premium sports nutrition products including sports drinks, energy gels, protein powders, and hydration solutions. The website is professionally designed and hosted on the Shopify platform, leveraging modern web technologies and multiple third-party marketing and analytics integrations. The brand positions itself as a clean, performance-focused nutrition provider targeting active lifestyle consumers. Technically, the site demonstrates good performance and mobile optimization, though accessibility features are basic. Security posture is solid with HTTPS and no visible vulnerabilities, but lacks explicit security headers and formal policies. The absence of WHOIS data for the domain introduces some uncertainty about domain registration legitimacy. Overall, the site is functional and trustworthy but would benefit from enhanced privacy compliance and transparency.

R

Rokeby Nutrition

rokebyfarms.com.au

67

Rokeby Nutrition is a small Australian nutrition food company specializing in award-winning dairy products and nutrition beverages, operating primarily through an e-commerce Shopify platform. The website presents a professional and consistent brand image targeting health-conscious consumers in Australia. Technically, the site leverages modern Shopify technologies, including Google Tag Manager and Facebook Pixel for analytics and marketing, and employs hCaptcha for form security. The site is mobile-optimized with good performance and SEO practices. Security posture is adequate with HTTPS enforced and clientTransferProhibited domain status, but could be improved by enabling DNSSEC and adding advanced security headers. Privacy compliance is basic with a privacy policy and cookie consent banner, but lacks explicit GDPR compliance details. Contact information is limited to forms without direct emails or phone numbers. Overall, the site is trustworthy and well-structured but would benefit from enhanced security and privacy transparency.

Chemist Warehouse is Australia's largest pharmacy retailer, offering a wide range of products including fragrances, prescriptions, vitamins, beauty, and baby care items. The company operates a professional and well-branded e-commerce platform targeting the general Australian population. The website demonstrates a mature digital infrastructure using modern technologies such as Next.js and React, with integrations for analytics and cookie consent management. Security posture is strong with HTTPS enforcement and appropriate security headers, although explicit privacy and terms of service pages were not detected in the provided content. Overall, the website is trustworthy and professionally maintained, reflecting a large retail business with a significant market presence in Australia.

M

Marathon-Photos.com Limited

marathonphotos.live

59

Marathon Photos Live is a globally recognized leader in mass participation event sports photography, operating in 70 countries and serving millions of athletes. The company specializes in capturing and delivering live race images, positioning itself as a key service provider in the sports media sector. Their website reflects a professional and consistent brand image with a focus on user experience and accessibility for athletes and event organizers worldwide. Technically, the site is built on modern frameworks such as Vue.js, with good mobile optimization and SEO practices, although some accessibility features could be enhanced. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and published security policies. The domain is privacy protected but consistent with the business profile, and no suspicious indicators were found. Overall, the website demonstrates a mature digital presence with room for security and compliance improvements.

P

Private by Design, LLC

fedi.gay

39

The website at fedi.gay is a minimal, non-commercial site containing only a literary poem themed on Elven lore from Tolkien's universe. There is no business description, contact information, or commercial content. The domain is registered to Private by Design, LLC, a US-based entity, but the website content does not reflect any business operations or services. The domain WHOIS data is suspicious due to a future creation date, which raises concerns about legitimacy. Technically, the site uses basic HTML and CSS with no advanced frameworks or scripts detected. There are no privacy, cookie, or terms of service policies, and no contact or incident response information is provided. Security posture is weak with no DNSSEC, no security headers, and unknown SSL status. Overall, the site appears to be a placeholder or personal page rather than a professional business site.

The website floof.gay is a personal site belonging to an individual named Olivia, serving as a small corner of the internet to share personal interests, social media presence, and blog content. The site is positioned as a personal brand rather than a commercial business, targeting a general audience interested in the author's activities and social links. The site leverages modern web technologies such as Dev.css and web fonts to provide a clean and responsive user experience. The technical infrastructure is straightforward, hosted likely via NameCheap with privacy-protected WHOIS registration, reflecting a typical personal website setup. From a security perspective, the site uses HTTPS and has domain transfer protections enabled, but lacks DNSSEC and security headers, which are recommended for improved security posture. There are no privacy or cookie policies present, and no contact information or forms for data collection, indicating minimal compliance with privacy regulations. No analytics or advertising scripts were detected, suggesting limited tracking and data collection. Overall, the site is safe and appropriate for general audiences, with no adult or questionable content detected. The domain is recently registered and privacy protected, consistent with a personal site. The security posture is moderate but could be improved with additional headers and policies. The site’s business credibility is limited due to its personal nature and lack of formal business information. Strategic recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and considering a security.txt file for vulnerability disclosure to enhance trust and compliance.

The website nekomimi.party currently serves as a minimal placeholder page with very limited content and no clear business description or services. The domain is newly registered in early 2023 and uses Cloudflare as its registrar and hosting provider. There is no evidence of a mature or established business presence, and no contact or policy information is provided on the site. Technically, the site uses basic HTML and CSS with no advanced frameworks or CMS detected. Security posture is minimal with no security headers or DNSSEC enabled, and privacy compliance is absent due to missing policies. Overall, the site appears to be in an early or inactive stage of development with low trustworthiness and limited user engagement potential.

KitsuPage is a small technology service offering free static hosting for user repositories, leveraging Git branches to serve content automatically. The service targets developers and users seeking simple, no-cost static site hosting with optional custom domain support. The website is minimalistic, providing essential information about usage and configuration but lacks comprehensive business or legal documentation. Technically, the site uses basic HTML and CSS without advanced frameworks or CMS, and no analytics or advertising scripts are present, indicating a lightweight and privacy-conscious approach. Security posture is limited with no visible security headers or privacy policies, and no contact information is provided except for an abuse report link. The domain uses privacy protection, which is typical for small tech projects, and no suspicious WHOIS patterns were detected. Overall, the site is functional but basic, with room for improvement in security, compliance, and user engagement.

T

Techland S.A.

dyinglightgame.com

62

Techland S.A. operates the official website for the Dying Light franchise, a well-established video game series with over 40 million players worldwide. The website serves as a central hub for game information, news, community engagement, and digital sales, targeting gamers interested in parkour and zombie-themed entertainment. The company maintains a strong market position with consistent branding and a professional online presence. Technically, the website employs modern web technologies including JavaScript, CSS, and integrates third-party services such as Google Tag Manager and Cookiebot for analytics and consent management. Hosting is managed via AWS infrastructure, ensuring reliable performance and scalability. Security posture is solid with HTTPS enforced and domain transfer protections in place, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is well addressed with clear policies and cookie consent mechanisms, aligning with GDPR requirements. Overall, the website is professional, secure, and trustworthy, supporting Techland's business objectives effectively.

The website citrons.xyz is a personal website belonging to an individual named raven, featuring journal entries, podcasts, galleries, and personal anecdotes. It does not represent a commercial business or organization and lacks formal business information or contact details. The site is modest in technical sophistication, built with basic HTML and CSS, and hosted on Mythic Beasts servers. There is no evidence of advanced frameworks, CMS, or analytics tools. Security posture is minimal with no detected HTTPS or security headers, and no privacy or cookie policies are present, indicating low compliance with modern web security and privacy standards. The domain is privacy protected and registered in 2021, consistent with the personal nature of the site. Overall, the site is safe for general audiences but lacks professional and security maturity.

S

SCS Software

worldoftrucks.com

63

World of Trucks is an online community platform operated by SCS Software that complements their popular truck simulation games, Euro Truck Simulator 2 and American Truck Simulator. The website serves as a hub for players to engage in community events, share content such as screenshots and videos, and stay updated with news and DLC releases. The platform targets simulation gaming enthusiasts and supports community-driven activities enhancing player engagement. Technically, the website is well-structured with modern web technologies, uses HTTPS exclusively, and integrates Google Analytics with privacy considerations such as IP anonymization. Media assets are hosted on Amazon S3, ensuring reliable content delivery. Security posture is solid with session protection and cookie consent mechanisms, though some security headers and explicit incident response policies are not publicly documented. The absence of WHOIS data is notable but does not detract from the site's legitimacy given the professional presentation and strong brand association with SCS Software. Overall, the site demonstrates a mature digital presence with good privacy compliance and user experience.

meow.company appears to be a small technology-focused website or personal project branded as "pancakes' corner of the internet." The site provides links to related services such as AodeRelay, Forgejo, and Iceshrimp.NET, indicating a community or developer-oriented ecosystem. The website is hosted on Debian GNU/Linux 12 in Melbourne, Australia, consistent with the domain registration data. The content is minimal but functional, with some ASCII art and basic system information displayed. There is no evidence of commercial activity or extensive business operations. The domain is newly registered in 2024, matching the apparent small scale and recent launch of the site.