Security Directory

The website ssi.fyi represents a small technology-focused entity branded as SERVER SCANNING INC, registered under Private by Design, LLC in the US. The site is minimalistic, primarily serving as a portal linking to community and code repositories such as Discord, GitHub, and Forgejo. The domain is relatively new, created in 2023, consistent with a startup or new project in the technology sector. The business model and detailed service offerings are not explicitly described on the site, limiting comprehensive business insights. Technically, the site uses basic web technologies including SVG for branding, CSS for styling, and JavaScript for minimal interactivity. Hosting and DNS services are provided by Cloudflare, a reputable provider, but DNSSEC is not enabled. The site lacks advanced security headers and privacy compliance mechanisms such as cookie consent or privacy policies, indicating room for improvement in security posture and regulatory adherence. Security-wise, no immediate vulnerabilities or exposed sensitive data were detected in the HTML content. However, the absence of security headers and privacy policies reduces the overall security maturity. No incident response or vulnerability disclosure information is provided, which could impact trust and compliance. The site is accessible without WAF or security challenges, and no adult or explicit content is present, making it safe for general audiences. Overall, the website scores moderately on content quality, technical implementation, and business credibility but scores low on privacy compliance and security best practices. Strategic improvements in privacy policy publication, security header implementation, and contact transparency would enhance trust and compliance.

E

Epic Blazed, Inc.

epicblazed.com

53

Epic Blazed, Inc. is a newly established small business focused on retail and branding of cannabis-related products such as blunts, joints, and various strains. The website content is basic and primarily targets adult consumers interested in cannabis culture. The site branding includes multiple trademarks related to cannabis products, indicating a niche market positioning. Technically, the website is simple, built with basic HTML and CSS, hosted and registered via Cloudflare, but lacks modern web features such as CMS, analytics, or advanced SEO. Security posture is weak due to absence of HTTPS information, security headers, and privacy policies. No contact or compliance information is provided, limiting trust and credibility. Overall, the site is functional but minimalistic, with significant room for improvement in security, privacy, and user engagement.

S

Smokepowered

smokepowered.com

40

Smokepowered.com is a newly established website (created May 2023) focused on smoking culture, specifically blunt discussion and wrapping. The site features minimal content including a video montage and references to Valve Corporation trademarks, possibly as thematic or stylistic elements. The target audience appears to be mature users interested in cannabis and smoking culture. Technically, the site is basic with HTML and CSS, hosted with DNS servers from Hurricane Electric, but lacks modern security features such as HTTPS and security headers. No privacy or cookie policies are present, and no contact or business information is provided, limiting trust and compliance. Security posture is weak due to missing HTTPS and security best practices. Overall, the site is functional but minimal and lacks professional security and compliance measures.

N

nano – Text editor

nano-editor.org

55

The website nano-editor.org serves as the official homepage for the GNU nano text editor, a widely used open source terminal-based text editor. The site provides basic information about the software, including the latest version, download links, documentation, and news updates. It targets developers, system administrators, and users seeking a simple, user-friendly text editor alternative. The business model is centered on open source software distribution and community engagement, with no commercial transactions evident on the site. From a technical perspective, the website is a straightforward static HTML and CSS implementation hosted on DigitalOcean. It lacks modern web frameworks or CMS platforms and shows basic mobile optimization and accessibility features. The site does not employ analytics or tracking technologies, indicating a minimalistic approach to user data collection and privacy. Security posture is moderate but could be improved. The domain is well-established with a long registration period and clientTransferProhibited status, indicating domain ownership protection. However, the absence of DNSSEC, security headers, and explicit HTTPS enforcement reduces the overall security robustness. No privacy or cookie policies are published, which limits compliance with GDPR and other privacy regulations. Overall, the website is functional and trustworthy for its purpose but would benefit from enhanced security configurations, privacy disclosures, and modern web practices to improve user trust and compliance.

S

spooky ghost zone

spookyghost.zone

44

The website spookyghost.zone is a personal site operated by an individual named Valerie, focusing on sharing personal interests such as music and a curated list of physical albums. It is a small-scale, hobbyist site without commercial intent or business operations. The site is hosted on Hetzner servers with privacy-protected WHOIS registration, consistent with a personal project started in early 2023. Technically, the site uses basic HTML, CSS, and JavaScript with minimal external dependencies and no CMS detected. The site is accessible over HTTPS but lacks advanced security headers and formal privacy or cookie policies. No contact information or business credentials are provided, limiting trust and credibility from a business perspective. Security posture is basic but acceptable for a personal site, with recommendations to improve DNS security and add security headers. Overall, the site is safe for general audiences and contains no adult or explicit content.

V

Vendicated

vendicated.dev

59

Vendicated.dev is a personal website representing an individual self-taught software developer passionate about Linux, Android, and privacy-friendly software. The site serves as a personal branding platform with blog content and multiple social media and code repository links, targeting a general audience interested in technology and open source. The website is built using modern technologies such as Astro and JavaScript modules, with a clean design and good mobile optimization. However, it lacks formal privacy and cookie policies, which are important for compliance and user trust. Security posture is moderate with HTTPS enforced but missing security headers and incident response contacts. Overall, the site is safe, trustworthy, and well-maintained but could benefit from enhanced privacy and security practices.

The website t-ch.net is a personal hobbyist site operated by an individual named Tech, who is a former medical pathology professional and currently a mental health professional. The site primarily serves as a portfolio and informational hub for personal projects, including Java development related to Minecraft, community chatroom participation, and legal information about name changes in Ontario. The site targets developers, Minecraft enthusiasts, and individuals interested in mental health or legal name changes. It operates on a small scale without commercial business operations or formal market positioning. Technically, the site is built using the Nuxt.js framework with modern JavaScript ES modules and is hosted on Cloudflare infrastructure. The site demonstrates moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. No CMS or complex backend systems are detected. Security-wise, the site enforces HTTPS and uses Cloudflare for hosting but lacks DNSSEC and security headers, which could be improved. No privacy or cookie policies are present, and no contact information or incident response details are provided, limiting transparency and compliance. Overall, the security posture is moderate with no critical vulnerabilities detected, but improvements are recommended in security headers, privacy compliance, and contact transparency. The site content is safe for general audiences with no adult or explicit material. The domain registration is consistent with the site’s nature and age, showing no suspicious patterns. The site’s AI score reflects basic content quality and technical implementation but is penalized for missing privacy and contact information. Strategic recommendations include enabling DNSSEC, adding security headers, publishing privacy and cookie policies, and providing clear contact and incident response information to enhance trust and compliance.

The website wico.lol is a minimal personal or hobby site with limited content and no clear business model or commercial services. It primarily serves as a hub linking to various social media and partner sites. The domain is registered through a privacy protection service, indicating a preference for anonymity or privacy. The technical infrastructure is basic, relying on standard HTML and CSS, hosted via Hurricane Electric's DNS services. The site lacks advanced technical features, security headers, or compliance policies, reflecting a low level of digital maturity. Security posture is moderate due to HTTPS usage but lacks DNSSEC and security headers, which are recommended for improved protection. Overall, the site poses low risk but also lacks trust and compliance indicators typical of professional or commercial websites.

Z

reflection

z7.vc

52

The website at z7.vc is a minimalistic personal or community page primarily serving as a hub of links to other related sites and social contacts. It lacks clear business information, commercial services, or professional branding. The site’s content is sparse, with explicit language present, indicating a mature audience but no adult services or explicit adult content. Technically, the site uses basic HTML, CSS, and JavaScript without modern frameworks or CMS, and lacks SEO and accessibility optimizations. Security posture is weak with no detected HTTPS or security headers, and no privacy or cookie policies are present. The domain uses privacy protection in WHOIS, consistent with the non-commercial nature of the site. Overall, the site scores low on professionalism, security, and privacy compliance, reflecting a casual or hobbyist web presence rather than a business.

The website meower.moe is a minimal personal webpage representing an individual named 'sam' who identifies as a 'sleep-deprived ffxiv/deadlock/IA player'. The site contains very limited content, no business or commercial information, and no contact or policy pages. The domain is recently registered in 2023 with Porkbun as the registrar, consistent with a small personal site. Technically, the site uses basic HTML and CSS without advanced frameworks or CMS. There is no evidence of HTTPS or security headers from the provided data, indicating a low security posture. No privacy or cookie policies are present, and no contact information is provided, limiting trust and compliance. Overall, the site is safe for general audiences but lacks professionalism and business credibility.

The website marisakirisame.net is a small personal or hobby site focused on technology-related content such as sourcemod, music, and graphical buttons. It does not represent a commercial business entity and serves a niche audience interested in these topics. The site is relatively new, founded in 2022, and uses Cloudflare DNS with domain registration through NameCheap. The technical infrastructure is basic, relying on standard HTML, CSS, and JavaScript without any detected CMS or frameworks. Mobile optimization and navigation are functional but minimal. Security posture is moderate with some positive indicators such as clientTransferProhibited domain status and Cloudflare DNS, but lacks advanced security headers and policies. Privacy and cookie policies are absent, which impacts compliance. Overall, the site is safe with no adult or explicit content detected.

The website vin.pet appears to be a small personal or hobby site with a focus on gaming and digital content, as indicated by references to Steam game launch URLs and various gaming-related images. There is no clear business model or commercial activity evident from the content. The site is modest in design and content, lacking professional business information, contact details, or compliance policies. Technically, the site uses basic HTML and CSS with no detected modern frameworks or CMS. Mobile optimization and accessibility are poor, and SEO practices are minimal. Security posture is weak due to lack of HTTPS and security headers, and no privacy or cookie policies are present. The domain is registered with privacy protection through a reputable registrar, consistent with a small personal site. Overall, the site is safe with no adult or explicit content detected but lacks professionalism and security best practices.

Utsuho Rocks is a personal and hobbyist website primarily serving as an online presence for an individual describing themselves as an 'interweb traveller and bird mom.' The site does not represent a commercial business entity and focuses on personal interests and social connectivity. It links to various social media and partner sites, indicating a community-oriented approach rather than a commercial market position. The domain is registered with privacy protection, consistent with personal use, and has been active since 2018. Technically, the website is simple and minimalist, built with basic HTML and CSS, served via a Caddy server. It avoids JavaScript entirely, which reduces complexity and potential security risks but also limits interactivity and modern web features. The site is moderately optimized for mobile and accessibility but lacks advanced SEO and performance optimizations. No CMS or advanced frameworks are detected. From a security perspective, the site benefits from minimal attack surface due to no JavaScript and no forms collecting user data. However, it lacks security headers and DNSSEC is not enabled, which are areas for improvement. The domain uses privacy protection, which is appropriate for a personal site. No privacy or cookie policies are present, indicating low compliance with GDPR or similar regulations. Overall, the website poses low risk, serving a personal audience with safe content. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and confirming HTTPS enforcement to improve security posture and compliance.

Foxwells Garden is a small, niche online community platform that brands itself as an 'online beer garden with less beer and more nerds.' It offers semi-private social spaces including chatrooms across multiple platforms (Telegram, Discord, Mumble, IRC) and gaming servers such as Minecraft. The site also hosts code repositories on GitHub and GitLab, indicating a tech-savvy user base. The business model centers on community engagement and social interaction rather than commercial services. The domain is privacy protected and registered since 2018, consistent with a small community site. Technically, the website is simple, built with basic HTML and CSS, hosted with DNS services via Cloudflare, and secured with HTTPS. The site lacks advanced frameworks or CMS and shows basic mobile optimization and accessibility. No analytics or tracking scripts are detected, indicating minimal user tracking. However, the site does not implement security headers or privacy/cookie policies, which are areas for improvement. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and security headers. No forms or data collection mechanisms are present, reducing attack surface. The absence of privacy and cookie policies and contact information limits compliance with GDPR and general trustworthiness. No vulnerabilities or suspicious activities are detected. Overall, Foxwells Garden is a modest, community-focused site with basic technical implementation and moderate security posture. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and security. The site is safe for general mature audiences, with content related to social gaming and community chat rather than explicit or adult material.

O

Olivia Swinscoe Photography

oliviaswinscoe.com

55

Olivia Swinscoe Photography is a professional photography portfolio website showcasing diverse photographic works including landscapes, wildlife, cityscapes, and travel photography. The site targets photography enthusiasts and potential clients interested in commissioning photographic work. The business operates on a commission-based model, leveraging a visually rich portfolio to attract clients. The website is hosted on Squarespace, utilizing its CMS and infrastructure, with a moderate performance profile and good mobile optimization. The technical stack includes Typekit fonts and standard web technologies. Security posture is adequate with HTTPS enforced but lacks advanced security headers and privacy compliance documentation. The absence of WHOIS data raises concerns about domain registration transparency, although the website content appears legitimate and professional. Overall, the site is functional and visually appealing but would benefit from enhanced security practices and compliance documentation.

iTerm2.com is the official website for iTerm2, a macOS terminal replacement software project founded in 2011 by George Nachman. The site provides detailed information about the software, including features, documentation, downloads, and community support via a bug tracker and forum. The business model is open source with donation support, targeting macOS users who require advanced terminal capabilities. The website is technically modern, using HTML5, CSS, JavaScript, and the Foundation framework, with hosting and DNS managed by DreamHost and Cloudflare respectively. Mobile optimization and user experience are good, though accessibility and SEO are basic. Security posture is moderate; the domain is stable and legitimate but lacks DNSSEC and security headers, and no privacy or cookie policies are published. Contact information is limited to an obfuscated personal email. Overall, the site is professional and trustworthy for its niche audience but could improve compliance and security documentation.

N

Nerd Fonts

nerdfonts.com

57

Nerd Fonts is an open source project focused on aggregating, patching, and distributing developer-targeted fonts enriched with a vast collection of iconic glyphs from popular icon fonts such as Font Awesome, Octicons, and Devicons. The project targets developers and programmers who want enhanced terminal and editor fonts with rich iconography. It enjoys a strong community presence on GitHub and Gitter, with frequent updates and a comprehensive font patcher tool. Technically, the website is well-structured, mobile-optimized, and uses modern web technologies including Google Fonts and analytics tools. Security posture is generally good with HTTPS enforced and no exposed sensitive data, but lacks explicit security headers and formal privacy or cookie policies. The absence of WHOIS data for the domain raises some concerns about domain registration legitimacy, though the active open source community and transparent project details mitigate this risk. Overall, the site is professional, trustworthy, and safe for general audiences.

C

Conrad Crawford

cnrad.dev

59

The website cnrad.dev serves as a personal portfolio and professional presence for Conrad Crawford, a self-taught frontend-focused software engineer. The site highlights his experience with various companies, contract work, and open source projects, positioning him as a skilled individual contributor in the technology sector. The business model centers on personal branding and showcasing technical expertise to potential employers or collaborators. Technically, the site is built using modern web technologies including Next.js and TypeScript, delivering fast performance and excellent mobile optimization. The design is professional and user-friendly, with clear navigation and relevant content. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though the absence of security headers and formal security policies suggests room for improvement. Privacy compliance is minimal, lacking privacy and cookie policies, which is typical for personal sites but may limit trust for some users. Overall, the domain registration data aligns well with the website content, supporting legitimacy and trustworthiness. Strategic recommendations include adding privacy and security policies, implementing security headers, and establishing a vulnerability disclosure process to enhance security and compliance.

E

espimarisa

espi.me

61

Espi Marisa's website is a personal portfolio and activist platform showcasing their work as a blind developer, tinkerer, and LGBTQ+ rights activist based in Huntsville, Alabama. The site highlights various projects, social media presence, and volunteer efforts, positioning Espi as a technology professional and community advocate. The website is built using modern technologies such as Astro, TypeScript, and SASS, hosted behind Cloudflare DNS services, ensuring good performance and accessibility. The content is well-structured, mobile-optimized, and accessible, with a clear focus on personal branding and activism rather than commercial business operations. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and formal privacy or cookie policies. The domain registration is consistent with the website's personal nature and geographic claims, enhancing trustworthiness. Overall, the site is professional, trustworthy, and safe for general audiences, though it would benefit from improved privacy compliance and security hardening.

L

Lylythii

lylythii.com

52

Lylythii.com is a personal portfolio website for a multimedia artist named Lily, showcasing her projects primarily hosted on GitHub and other personal subdomains. The site serves as a digital space for creative expression and links to various social and content platforms. The business model is individual and niche, focusing on artistic experimentation rather than commercial enterprise. Technically, the site uses basic HTML, CSS, and JavaScript with jQuery, hosted likely via NameCheap services. The site is mobile responsive at a basic level but lacks advanced SEO and accessibility features. Security posture is minimal with no detected HTTPS or security headers from the provided data, and no privacy or cookie policies are present, indicating low compliance maturity. Overall, the site is safe for general audiences but would benefit from enhanced security and compliance measures.

The website mihao.pl is a personal portfolio and blog site belonging to an individual named Michał (alias Mihao), focused on game development, music creation for games, and 3D modeling. The site is relatively new, created in late 2024, and serves primarily as a personal branding and creative showcase platform. It targets peers and enthusiasts in indie game development and related creative fields. The business model is non-commercial, centered on personal expression and portfolio presentation. Technically, the site is built using modern web technologies including Astro framework version 5.0.9, with standard HTML, CSS, and JavaScript. Hosting is provided by home.pl S.A., a Polish hosting provider. The site demonstrates good mobile optimization and basic accessibility but lacks advanced SEO and security headers. Performance is moderate with no evident broken elements. From a security perspective, the site lacks critical security headers and privacy compliance mechanisms such as privacy and cookie policies. There is no evidence of HTTPS enforcement or DNSSEC enabled, which are recommended for improved security posture. No incident response or vulnerability disclosure information is present. The WHOIS data is consistent and legitimate, with no privacy protection or suspicious registration patterns. Overall, the site is safe and appropriate for general audiences, with no adult or questionable content. The main risks relate to missing security and privacy best practices, which could be improved to enhance trust and compliance.

The website noia.site serves as a personal portfolio for an independent full stack developer and designer focused on various software projects including open source tools and game-related frameworks. The site highlights several projects such as Oldcord, NoBotz, Doki, and Phoenix, targeting developers and enthusiasts in niche technology and gaming communities. The business model is primarily personal and open source contributions without commercial or enterprise scale operations. Technically, the website is built with standard web technologies including HTML, CSS, JavaScript, and jQuery, with references to frameworks like Svelte and React in the qualifications section. Hosting and DNS are managed via Cloudflare, but DNSSEC is not enabled. The site is simple, moderately optimized for performance and mobile, and lacks advanced SEO or accessibility features. From a security perspective, the site uses HTTPS (implied by Cloudflare DNS and domain status), but no security headers or policies are published. There are no privacy, cookie, or terms of service policies, nor contact or incident response information. The domain is privacy protected, which is reasonable for a personal developer site. No vulnerabilities or suspicious indicators were detected, but security posture is basic. Overall, the site is safe, professional, and relevant for its target audience but lacks formal privacy and security compliance documentation. Strategic improvements in security headers, privacy policies, and contact transparency would enhance trust and compliance.

N

nax.dev home

nax.dev

60

The website nax.dev is a personal site belonging to an individual named nax, who identifies as enby and uses they/them pronouns. The site serves as a personal hub for sharing interests in software development, niche subcultures, and self-hosted services. It is not a commercial business site but rather a hobbyist's portfolio and social presence. The site uses modern web technologies including the Astro framework and ES modules, delivering a fast and mobile-optimized experience with good design and navigation. However, it lacks formal business information, privacy policies, and security headers, which limits its compliance and security posture. No forms or data collection mechanisms are present, reducing privacy risks but also limiting engagement features. Overall, the site is safe, trustworthy, and suitable for general audiences.

M

Mopigames

mopigames.gay

49

This website represents a personal portfolio and blog for an individual developer known as Mopigames, a lesbian MtF transgender girl living in France. The site serves as a personal branding platform with links to social media and community sites, targeting a general audience interested in technology and personal content. The domain is newly registered in 2024 with privacy protection, consistent with the personal nature of the site. Technically, the site uses standard HTML, CSS, and JavaScript with Cloudflare DNS services. The site is moderately optimized for performance and mobile use but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but no additional security headers or policies present. No privacy, cookie, or terms of service policies are found, indicating low privacy compliance. Contact information is clearly provided via email and social media links. No forms or data collection mechanisms are present, reducing risk exposure. The content is safe for general audiences with no adult or explicit material detected. Overall, the site is a small personal project with moderate professionalism and trustworthiness. Security and privacy improvements are recommended to enhance compliance and user trust.

B

miaowing

birb.cc

46

The website birb.cc is a personal portfolio site titled 'miaowing' representing a senior systems technician. It primarily serves as a personal presence showcasing sections such as about, projects, socials, hardware, and friends. The site targets technology enthusiasts or personal contacts rather than commercial customers. The business model is personal branding without commercial transactions or services. The site is small scale and niche with basic content quality and moderate branding consistency. Technically, the site uses standard HTML5, CSS, and JavaScript with no detected frameworks or CMS. The site is moderately performant with basic mobile optimization and accessibility features. There is no evidence of advanced SEO or analytics tools. Hosting and SSL details are not provided, limiting the assessment of infrastructure maturity. From a security perspective, the site lacks HTTPS confirmation, security headers, privacy policies, and incident response contacts. No forms or data collection mechanisms are present, reducing attack surface but also limiting user engagement. The security posture is minimal with recommendations to implement HTTPS, security headers, and privacy compliance measures. No vulnerabilities or malware indicators were detected. Overall, the site is low risk but also low maturity in security and privacy compliance. Strategic improvements include adding HTTPS, privacy and cookie policies, security headers, and incident response contacts to enhance trust and compliance. The site is safe for general audiences with no adult or questionable content detected.

Rocket League, operated by Psyonix LLC under Epic Games, is a leading online multiplayer vehicular soccer game with a strong market presence and a loyal gaming community. The website showcases the latest season content, player profiles, and cross-platform progression features, reflecting a mature digital product with a focus on user engagement and esports. Technically, the site leverages modern web frameworks such as Next.js and React, hosted on Epic Games infrastructure, delivering fast and responsive user experiences across devices. Security posture is solid with HTTPS enforcement and cookie consent mechanisms, though explicit privacy and security policies are not directly linked, representing an area for improvement. The absence of WHOIS data is unusual but likely due to privacy or query limitations, not detracting significantly from the site's legitimacy. Overall, the site is professional, trustworthy, and well-optimized for its audience.

W

Windows96

windows96.org

60

Windows96.org is a niche website dedicated to the promotion and archival of the Brazilian electronic music producer Gabriel Eduardo, known as Windows96. The site serves primarily as a fan and artist archive, providing links to music platforms, social media, and merchandise stores. The business model revolves around content promotion and merchandise sales through external partners. The website is hosted on the Blogger platform, leveraging Google hosting and embedded YouTube videos for content delivery. The technical infrastructure is basic but functional, with moderate performance and limited mobile optimization. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal privacy or terms policies. No contact or incident response information is provided, limiting trust and compliance indicators. Overall, the site is safe and suitable for general audiences but would benefit from enhanced security and privacy practices.

K

Kobaryo

kobaryo.com

43

Kobaryo.com is the official website of Kobaryo, a Japanese electronic music artist and designer active since 2010. The site showcases the artist's extensive discography, collaborations with major game companies, and social media presence. The business model revolves around music production, label management, and commissioned works for rhythm games and multimedia projects, positioning Kobaryo as a niche but well-established figure in the electronic music and gaming industries. Technically, the website uses a straightforward HTML5, CSS, and JavaScript stack with libraries such as jQuery and particles.js to enhance user experience. The site is moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. Hosting and domain registration are stable and managed by reputable providers. From a security perspective, the site uses HTTPS but lacks DNSSEC and security headers, which are recommended to enhance protection. No forms or sensitive data collection points reduce risk exposure. Privacy and cookie policies are absent, indicating compliance gaps with GDPR and similar regulations. No analytics or tracking scripts were detected, suggesting a privacy-conscious approach. Overall, the website is professional, content-rich, and trustworthy but would benefit from improved security configurations and privacy compliance measures to align with best practices and regulatory requirements.

M

MetaBrainz Foundation Inc.

musicbrainz.org

64

MusicBrainz is a well-established open music encyclopedia operated by the MetaBrainz Foundation, a US-based non-profit organization. The platform provides comprehensive music metadata and identification services, supported by a global community of contributors. Its business model focuses on open data licensing and community engagement, positioning it as a leading resource in the music metadata domain. The website is professionally designed with good content relevance and clear navigation, targeting music enthusiasts, developers, and data consumers. Technically, the site uses modern web technologies including JavaScript, CSS, and Mapbox for mapping features. Hosting and domain registration are consistent with the foundation's identity, and performance is moderate with good mobile optimization. The site lacks a CMS and appears to use a custom or legacy backend. Security practices include HTTPS enforcement and client transfer prohibited domain status, though DNSSEC is not enabled and security headers are absent. Security posture is solid but could be improved by enabling DNSSEC and adding security headers. Privacy compliance is strong with a comprehensive privacy policy and GDPR compliance, though no cookie consent mechanism was detected. Contact is primarily via a form on the foundation's site, with no direct emails or phone numbers publicly listed. No vulnerability disclosure or security policy pages were found. Overall, MusicBrainz presents a trustworthy, professional, and secure platform with minor areas for improvement in security hardening and privacy mechanisms. The site is safe for general audiences with no adult or questionable content detected.

M

Machine Girl Online

machin3gir1.com

69

Machine Girl Online is an e-commerce platform specializing in official merchandise and music sales for the band Machine Girl. The website targets fans and customers interested in purchasing branded apparel, music, and accessing tour information. The business operates primarily in the United Kingdom and was established in 2022, positioning itself as a niche player in the music merchandise market. The site leverages Shopify's robust e-commerce infrastructure, ensuring a professional and consistent user experience with good mobile optimization and clear navigation. The presence of cookie consent and privacy policies indicates a baseline compliance with data protection regulations.

B

bye2

bye2.co.uk

49

The website bye2.co.uk represents a small independent music and multimedia project primarily focused on promoting music content and merchandise. The site links to various music streaming platforms such as SoundCloud and Bandcamp, as well as social media and a merchandise shop. The business appears to be UK-based and founded in 2020, consistent with the domain registration data. The site uses basic web technologies including HTML, CSS, JavaScript, and Bootstrap 4.3.1, with moderate performance and basic mobile optimization. Security posture is weak, with no HTTPS enforcement or security headers detected, and no privacy or cookie policies present, indicating compliance gaps. No contact information or forms are provided, limiting user engagement and trust signals. Overall, the site is functional but lacks modern security and privacy best practices, impacting its trustworthiness and compliance.

The website schlatt.me is a minimal personal or fan page with very limited content. It primarily displays a simple heading and references two Discord usernames for contact. There is no business description, no privacy or cookie policies, and no terms of service. The domain is recently registered in June 2023 and hosted via Cloudflare, but no advanced technologies or CMS platforms are detected. The website lacks professional design elements, SEO optimization, and accessibility features. Security posture is weak with no security headers or incident response information. Overall, the site appears legitimate but very basic and not business-oriented.

D

DomRobot UG (haftungsbeschraenkt)

ntauthority.me

45

The website ntauthority.me is a personal homepage representing an individual known as Norma or 'nta'. The site focuses on personal expression, social interaction, and sharing interests related to technology, gaming, and community engagement. It does not represent a formal business entity but is linked to a domain registered under DomRobot UG in Germany, indicating a stable and legitimate domain ownership. The site targets general internet users interested in technology and online communities. Technically, the site is built with basic HTML and CSS, hosted with DNS managed by Cloudflare, and shows moderate performance and mobile optimization. Security posture is minimal with no advanced headers or policies published, and privacy compliance is low due to the absence of privacy or cookie policies. Overall, the site is safe, trustworthy, and suitable for general audiences but lacks formal business and security maturity.

O

onzecki's webpage

onz.ee

55

The website onz.ee is a personal webpage belonging to an individual known as 'onzecki', a cybersecurity student and developer. The site serves as a portfolio and personal blog sharing the owner's interests in cybersecurity, programming (notably Rust and JavaScript), music preferences, political ideology, and various hobbies. It targets a general audience interested in technology, open source, and personal insights. The business model is non-commercial, focusing on personal branding and community engagement with donation options via Monero and Liberapay. The site is hosted on Contabo and served via Caddy HTTP server, emphasizing privacy and accessibility.

The website k.vu presents as a minimalistic domain with very limited content, primarily displaying the domain name itself and providing a contact email. The domain is registered through Telecom Vanuatu Limited with a creation date in 2013, indicating a stable but low-profile presence. The site appears to be associated with DNS services, referencing FreeDNS for DNS management and providing an abuse contact email related to that service. There is no substantive business description, product offering, or service details available on the site, suggesting it may function as a URL shortener or placeholder domain rather than a full-fledged business website. From a technical perspective, the site uses basic HTML, CSS, and JavaScript without any detected CMS or advanced frameworks. The DNS is managed externally by FreeDNS, and DNSSEC is not enabled, which is a potential security improvement area. No analytics, tracking, or advertising technologies are present, indicating minimal digital marketing or user tracking activity. The site lacks privacy, cookie, or terms of service policies, which limits its compliance posture. Security-wise, the site does not present any immediate vulnerabilities but also lacks security best practices such as security headers and DNSSEC. The absence of HTTPS information prevents a full SSL assessment, but the domain status is 'ok' and not flagged for abuse. Incident response contact is limited to the DNS abuse email, with no dedicated security or incident response policy visible. Overall, the security posture is basic and could benefit from enhancements to improve trust and compliance. The overall risk assessment is low due to the minimal content and lack of sensitive data handling, but the site’s lack of transparency, policies, and security features suggest it is not suitable for business-critical or customer-facing applications without significant improvements. Strategic recommendations include implementing security headers, enabling DNSSEC, publishing privacy and cookie policies, and improving contact and business information transparency.

M

Mozilla

getfirefox.org

75

Mozilla operates the Firefox browser, a leading independent web browser focused on privacy, speed, and user customization. The website www.firefox.com serves as a primary portal for downloading Firefox across desktop and mobile platforms, offering extensive resources, support, and community engagement. The business model centers on free software distribution backed by the non-profit Mozilla Foundation, emphasizing internet health and privacy advocacy. Technically, the website employs modern web technologies including JavaScript, CSS, and HTML5, with integrations such as Google Tag Manager and Sentry for analytics and error tracking. The site is well-optimized for performance and mobile responsiveness, providing a seamless user experience across devices. SEO and accessibility features are well implemented, supporting broad user reach and compliance. From a security perspective, the site enforces HTTPS and includes a cookie consent mechanism aligned with GDPR requirements. However, explicit security headers and a public vulnerability disclosure policy are not evident, representing areas for improvement. The absence of WHOIS data for the domain www.firefox.com raises questions about domain registration transparency, although the site content and Mozilla branding strongly indicate legitimacy. Overall, the website demonstrates a strong privacy and security posture with excellent content quality and user experience. Strategic enhancements in security transparency and domain registration clarity would further strengthen trust and compliance.

P

Private by Design, LLC

itsastrid.me

56

The website itsastrid.me is a personal site belonging to Astrid, a transfem individual residing in Catalunya. The site serves as a personal blog and portfolio showcasing interests in EDM music, Rubik's cubes, origami, trains, and photography, particularly train photography. It includes a gallery of images, links to social media on the Fediverse, and Wikimedia Commons contributions. The website is built using modern web technologies, specifically Astro framework, and is optimized for mobile and accessibility. The domain is recently registered with privacy protection, consistent with the personal nature of the site. From a technical perspective, the site demonstrates good performance, responsive design, and SEO optimization. However, it lacks some security best practices such as DNSSEC, security headers, and privacy/cookie policies. HTTPS is enabled, and domain registration includes protective status flags. No forms or sensitive data collection mechanisms are present, reducing attack surface. Security posture is moderate with room for improvement in headers and privacy compliance. No vulnerabilities or suspicious activities were detected. The site does not collect user data extensively and has minimal tracking, aligning with privacy expectations for a personal site. Overall, the site is low risk, well-maintained for its purpose, but would benefit from adding privacy and cookie policies, enabling DNSSEC, and implementing security headers to enhance trust and compliance.

BitlBee is an open-source software project that integrates multiple instant messaging protocols into IRC clients, enabling users to manage diverse chat networks through a single IRC interface. The project supports protocols such as XMPP/Jabber, Twitter, and via plugins, Facebook, Discord, Steam, and Mastodon. It targets users who prefer IRC clients and seek to consolidate their messaging platforms without running multiple clients. The project is community-driven with active development visible through GitHub commits and changelogs. Technically, the website is straightforward, built with basic HTML and CSS, linking to GitHub repositories and wikis for documentation. The site lacks advanced frameworks or CMS and shows moderate performance and basic mobile optimization. No analytics or tracking scripts are detected, indicating a privacy-conscious approach. However, the site lacks privacy and cookie policies, security headers, and explicit contact information, which are areas for improvement. From a security perspective, the project demonstrates awareness by publishing security advisories and encouraging upgrades for vulnerability fixes. However, the website itself lacks modern security headers and formalized incident response or vulnerability disclosure information. The WHOIS data is malformed or unavailable, which limits domain legitimacy verification, but the active development and community presence support the project's authenticity. Overall, BitlBee presents a niche, technically competent open-source project with room to enhance its web security posture, privacy compliance, and contact transparency to improve trust and user confidence.

I

IRC docs and links

ircdocs.horse

54

The website ircdocs.horse serves as a specialized resource dedicated to the IRC protocol, offering documentation, specifications, historical context, and real-world statistics. It targets developers, researchers, and enthusiasts interested in IRC technology. The site is small-scale, with a focused content offering and a consistent branding approach. The domain is registered since 2015 with privacy protection, which aligns with the niche and technical nature of the site. Technically, the site uses standard web technologies such as HTML, CSS, and JavaScript, with a simple but effective design including a dark mode toggle. Hosting appears to be via NS1 DNS services, and the site is mobile optimized with good performance. However, there is no evidence of advanced frameworks or CMS usage, indicating a lightweight and straightforward implementation. From a security perspective, the site lacks several best practices such as DNSSEC, security headers, and explicit HTTPS enforcement details. No privacy or cookie policies are present, and no contact or incident response information is provided, which limits transparency and compliance posture. The domain registration is privacy protected but consistent with a legitimate small technical site. No vulnerabilities or malicious indicators were detected. Overall, the site is a good quality niche documentation resource with moderate trustworthiness but would benefit from enhanced security measures, privacy compliance, and clearer contact information to improve its professional and compliance standing.

F

FiloSottile

age-encryption.org

67

The website is a GitHub repository page for 'age', a simple, modern, and secure encryption tool and Go library developed by the user FiloSottile. It serves a technical audience of developers and security professionals seeking encryption solutions. The project is well-regarded with over 19k stars and a significant number of forks, indicating strong community interest and usage. The repository is hosted on GitHub's platform, leveraging its infrastructure and design system, ensuring good performance, mobile optimization, and accessibility. However, the page itself lacks explicit privacy, cookie, and terms of service policies, which is typical for GitHub-hosted project pages but impacts privacy compliance scores. Security posture benefits from HTTPS enforced by GitHub and domain registration protections, though DNSSEC is not enabled. No direct contact information or vulnerability disclosure policies are present, which could be improved for better security transparency.

Termbin.com is a specialized online service providing a command line pastebin utility that enables users to share terminal output easily using netcat. The service targets developers and system administrators who require quick and simple text sharing from terminal environments. The business operates as a small-scale, niche utility powered by open source software, with indirect support through the developer's game sales on Steam. The website content is clear, concise, and focused on technical usage instructions, with a consistent branding approach and a basic but functional design. From a technical perspective, the website employs standard web technologies including HTML5, CSS, and JavaScript, and integrates Google Analytics for usage tracking. Hosting is managed through OVH with DNS services via Cloudflare. The site demonstrates fast performance and basic mobile optimization but lacks advanced accessibility features and SEO enhancements. There are no forms or complex data collection mechanisms, reducing attack surface but also limiting user engagement features. Security posture is moderate; the site uses HTTPS and domain registration protections such as clientDeleteProhibited and clientTransferProhibited statuses. However, DNSSEC is not enabled, and no security headers are detected in the HTML content. Privacy compliance is limited, with no cookie policy or consent mechanism, and only a basic acceptable use policy serving as a privacy-related document. Contact information is minimal, limited to a support email address. No incident response or vulnerability disclosure policies are published. Overall, termbin.com is a functional and trustworthy niche service with a moderate security posture and limited privacy compliance. Strategic improvements in security headers, DNSSEC implementation, privacy policies, and user consent mechanisms would enhance trust and compliance. The site is safe for general audiences with no adult or questionable content detected.

J

Jortage

jortage.com

53

Jortage is a small, community-driven technology project focused on providing cost-effective, communal object storage primarily for fediverse instances. Their key service is the Jortage Storage Pool, which offers S3-compatible storage with file-level deduplication to reduce storage costs significantly. The service is accelerated by Fastly's CDN under their Fast Forward program and uses Backblaze B2 as the storage backend. The website is well-structured, informative, and targets a niche audience of fediverse administrators. Technically, the site is lightweight, fast, and mobile-friendly, though it lacks some modern security headers and DNSSEC. Security posture is moderate with room for improvement, especially in formalizing security policies and enabling DNSSEC. Privacy compliance is basic, relying on third-party providers' policies without a dedicated cookie consent mechanism. Overall, the domain registration is consistent and trustworthy, supporting the legitimacy of the project.

The website kernelpanic.neocities.org is a personal site hosted on NeoCities, primarily serving as a personal blog or information page for an individual interested in programming, Linux distributions, and leftist politics. It lacks commercial or business-oriented content and does not present a professional business presence. The site contains basic HTML and CSS with minimal content and no advanced technical frameworks or CMS detected. The hosting is provided by NeoCities, a free web hosting platform for personal sites. From a security perspective, the site does not present any immediate vulnerabilities or malicious content but lacks essential security features such as HTTPS enforcement, security headers, and privacy or cookie policies. The WHOIS data for the domain is unavailable or malformed, which limits the ability to verify domain ownership and trustworthiness. No forms or data collection mechanisms are present, reducing risk but also limiting interactivity. Overall, the site is low risk but also low in professionalism and business credibility. It is suitable for general audiences with no adult or explicit content. Strategic improvements include implementing HTTPS, adding privacy and cookie policies, and improving SEO and accessibility to enhance user experience and trust.

The website timokats.xyz is a personal portfolio site for Timo Kats, a technology enthusiast and developer from The Netherlands. The site showcases open source CLI tools, Python libraries, and project downloads, targeting individuals interested in computer tinkering and software development. The business model is primarily personal branding and project sharing, with a niche market position in the technology and open source community. The website content is well structured and relevant, providing clear contact via email and GitHub links. Technically, the site is built with basic HTML and CSS, hosted likely via Namecheap, with no detected CMS or advanced frameworks. The site performs moderately well with basic mobile optimization and accessibility. There are no analytics or tracking scripts, indicating a privacy-conscious approach. However, no security headers or HTTPS enforcement details were found, which could be improved. From a security perspective, the site provides a PGP key for secure email communication, which is a positive indicator. The domain is privacy protected but consistent with the personal nature of the site. No vulnerabilities or security incidents are evident, but the absence of privacy and cookie policies and security headers suggests room for improvement in compliance and security posture. Overall, the site is safe, professional, and trustworthy for its intended audience, but would benefit from enhanced security practices and formal privacy compliance documentation.

Temp.sh is a small, niche technology service providing temporary file upload capabilities with a 3-day expiry and a 4GB file size limit. The service targets general users needing quick and easy file sharing, supporting command line uploads and ShareX integration. The business operates on a donation model without formal commercial offerings or extensive branding. Technically, the website is minimalistic, custom-built with basic HTML, CSS, and JavaScript, hosted by OVH SAS. The domain is registered in Ireland since 2018, consistent with the service's operational timeline. Security posture is moderate with HTTPS enabled but lacking DNSSEC and security headers. No privacy or cookie policies are present, and no vulnerability disclosure mechanisms are provided. Overall, the site is functional but lacks advanced security and compliance features.

H

hcrypt

hcrypt.net

43

The website hcrypt.net is a small personal technical blog focused on topics such as homelabs, self-hosting, logging, and scraping. It targets technology enthusiasts and developers interested in these niche areas. The site uses Jekyll as its CMS and serves static content with basic design and navigation. The technical infrastructure appears modest, likely self-hosted or on a VPS, with no HTTPS detected in the provided HTML content, which is a significant security concern. Analytics are implemented via Plausible, indicating some privacy awareness, but no privacy or cookie policies are present. Security posture is weak due to lack of HTTPS, missing security headers, and no evident incident response or security policies. Overall, the site is functional but lacks professional security and compliance features.

The website m-chrzan.xyz is a personal professional site belonging to Martin Chrzanowski, a software engineer specializing in smart contracts and blockchain technology. The site serves primarily as a personal blog and portfolio, targeting software developers and blockchain enthusiasts. The content is well-structured and relevant, though the design and technical implementation are basic, relying on simple HTML and CSS without advanced frameworks or CMS. Hosting appears to be via Namecheap with no advanced hosting platform detected. From a security perspective, the site lacks key elements such as privacy and cookie policies, security headers, and incident response information. No HTTPS or SSL configuration details were provided, which is a critical area for improvement. The domain is privacy protected, which is reasonable for a personal site, and the domain age aligns well with the owner's professional timeline. No suspicious or malicious indicators were found. Overall, the site is safe and trustworthy but would benefit from enhanced security practices, privacy compliance, and improved technical sophistication to better protect visitors and enhance professionalism. The lack of contact information and policies limits business credibility and privacy compliance scores.

T

The Jolly Teapot

thejollyteapot.com

64

The Jolly Teapot is a personal blog operated by Nicolas Magand, focusing on technology and media-related content. The site features monthly curated link collections and individual blog posts, targeting a general audience interested in tech and media commentary. The business model is content-driven with no evident commercial transactions or services. The website is small in scale and was established in 2019, consistent with the domain registration data. Technically, the site is built using the Eleventy static site generator, leveraging modern HTML5 and CSS standards. The site is moderately optimized for mobile devices and offers a good user experience with clear navigation and consistent branding. Hosting and DNS services are provided by reputable providers, but no advanced performance or security optimizations such as DNSSEC or security headers are implemented. From a security perspective, the website uses HTTPS (implied by canonical URL), but lacks security headers and privacy-related policies, which lowers its security posture. There are no forms or data collection points, reducing exposure to common web vulnerabilities. The domain registration is consistent and stable, with no suspicious indicators. Overall, the site is low risk but would benefit from improved security and privacy compliance. The overall risk is moderate due to missing privacy and security best practices. Strategic recommendations include implementing privacy and cookie policies, adding security headers, enabling DNSSEC, and providing contact information to enhance trust and compliance.

ActivityPub Rocks! is a niche, community-driven informational website dedicated to promoting and supporting the ActivityPub protocol, a W3C standard for decentralized social networking. The site offers guides, tutorials, test suites, and news updates aimed at developers, implementers, and users interested in federated social web technologies. It occupies a specialized position within the technology sector, focusing on open standards and decentralized communication. Technically, the website is built with standard HTML5 and CSS, hosting SVG images for branding. It is hosted on Linode infrastructure, as indicated by the nameservers. The site lacks a CMS and advanced frameworks, reflecting a lightweight and straightforward technical implementation. Performance and mobile optimization are basic but adequate for the informational purpose. SEO and accessibility features are minimal but present. From a security perspective, the site uses HTTPS (implied by the URL), but no advanced security headers or DNSSEC are enabled. The domain registration is consistent and legitimate, with a long registration period and clientTransferProhibited status to prevent unauthorized transfers. However, the absence of privacy and cookie policies, contact information, and security incident response details indicates gaps in compliance and user trust facilitation. Overall, the website is trustworthy and professional within its niche but would benefit from enhanced privacy compliance, security hardening, and clearer contact channels to improve user confidence and regulatory adherence.

H

Hugh Wells

crablab.uk

58

The website crablab.co.uk serves as a personal professional portfolio for Hugh Wells, a Platform Engineer at Wise with extensive experience in cloud engineering, consultancy, and public sector digital projects. The site highlights his involvement in hackathon organization and community events, positioning him as an active technology professional and community contributor. The website is modest but well-structured, providing clear contact information and links to professional social media and code repositories. Technically, the site uses basic HTML and CSS with Font Awesome icons, hosted under a reputable registrar (Gandi) with a domain age consistent with the professional history presented. Security posture is adequate for a personal site, with HTTPS assumed but lacking advanced security headers and policies. Privacy and cookie policies are absent, which is a compliance gap. Overall, the site is trustworthy, safe, and professionally presented, though it would benefit from enhanced privacy and security disclosures.