Security Directory

X

Xapian Project

xapian.org

53

The Xapian Project is an established open source search engine library primarily written in C++ with bindings for multiple programming languages. It targets developers and organizations seeking to integrate advanced search capabilities into their applications. The project also offers Omega, a packaged search engine application built on Xapian, enhancing its versatility. The website reflects a mature project with a long domain history dating back to 2001, hosted by Gandi SAS, and presents stable version releases indicating ongoing maintenance. Technically, the website is straightforward, using basic HTML and CSS without advanced frameworks or CMS. It is hosted securely over HTTPS but lacks advanced security headers and DNSSEC, which are recommended for improved security posture. The site is moderately optimized for performance and mobile devices, with clear navigation and relevant content for its target audience. There is no evidence of analytics or tracking scripts, indicating minimal user tracking. From a security perspective, the site benefits from HTTPS but misses several best practices such as security headers and formal privacy or cookie policies. No contact or incident response information is provided, which limits transparency and user trust in security matters. The WHOIS data shows a consistent domain registration history with no suspicious patterns, supporting the legitimacy of the project. Overall, the website is safe, professional, and credible for its niche audience but would benefit from enhanced security measures, privacy compliance documentation, and clearer contact information to improve trust and compliance posture.

Smol Pub is a small, privacy-focused blogging platform launched in 2021, offering users a minimalistic service to manage posts via web and command line interfaces. It supports multiple protocols including Web, Gemini, and Gopher, and emphasizes no JavaScript, ads, or tracking technologies. The platform targets users seeking simple, privacy-conscious blogging solutions with features like image storage, custom CSS, and custom domain SSL support. Technically, the site uses basic HTML and CSS without advanced frameworks or CMS, hosted under a registrar in France with DNS services from DNSimple. Performance and mobile optimization are basic but functional. Security posture is moderate with HTTPS and domain transfer protection, but lacks DNSSEC and security headers. Privacy compliance is weak due to absence of privacy and cookie policies. Contact information is minimal, limited to a single email address. Overall, the site is legitimate and consistent with its business profile but would benefit from enhanced security and compliance documentation.

T

this happy shop

this-happy.shop

65

This Happy Shop is a small e-commerce retail business operating via a Shopify-hosted online store. The website uses the Shopify Dawn theme and standard Shopify infrastructure, indicating a modern but basic digital presence. The business appears to be recently founded in 2022, with domain registration consistent with the business profile. The site offers a contact form for customer inquiries but lacks explicit privacy, cookie, or terms of service policies, which are important for compliance and trust. Technically, the site is functional with HTTPS enabled but lacks advanced security headers and DNSSEC, representing areas for improvement. Analytics and marketing tools are implemented via Shopify's native pixels and scripts, with moderate user tracking. Overall, the website is safe for general audiences and presents a basic but legitimate e-commerce storefront.

U

Unencumbered by Facts – Taking unsubstantiation to new levels

unencumberedbyfacts.com

59

Unencumbered by Facts is a personal technology blog primarily focused on open source webmail client development and related software topics. The site is authored by Jason Munro and hosted on WordPress.com, leveraging standard WordPress technologies such as PHP, JavaScript, and CSS. The blog features detailed posts about software projects, personal anecdotes, and technical insights, targeting developers and technology enthusiasts interested in open source email clients and related protocols. The website has a consistent branding and good content quality, though it lacks formal business contact information and privacy policies.

Freron Software operates the website freron.com, promoting MailMate, a specialized IMAP email client for macOS. The company targets advanced macOS users who require powerful email management features including encryption, advanced search, and integration capabilities. The business model is based on software licensing and product sales, positioning itself as a niche player in the macOS email client market. The website content is professional, well-structured, and consistent with the brand identity, reflecting a small but focused software company based in Denmark. Technically, the website is a straightforward static HTML/CSS site with no detected complex frameworks or CMS. It is hosted under a registrar known for domain services, with no DNSSEC enabled and no advanced security headers detected. The site performs well with basic mobile optimization and accessibility features. There is no evidence of tracking or advertising scripts, indicating a privacy-conscious approach. From a security perspective, the domain is stable and long-lived, registered since 2010 with clientTransferProhibited status, enhancing domain security. However, the lack of DNSSEC and missing security headers are areas for improvement. No explicit security policies or incident response contacts are published, and cookie consent mechanisms are absent, which may impact compliance with privacy regulations. Overall, the website presents a low-risk profile with a solid business credibility score but could benefit from enhanced security and privacy compliance measures to strengthen trust and regulatory adherence.

The domain presscoder.com currently serves a 404 Not Found error page with no active business content. The page content indicates that the domain is hosted by Admiral, a service provider specializing in copyright access control and privacy compliance for digital publishers. The service supports GDPR compliance and subscription management but does not provide direct business or contact information on this domain. Technically, the site is hosted on Google Cloud Platform with AWS DNS servers and uses HTTPS with frequent certificate rotation, indicating a secure hosting environment. However, the lack of security headers and absence of a cookie consent mechanism reduce the overall security posture. The domain registration is consistent and legitimate with no privacy protection, registered via NameCheap in 2022. Overall, the site is minimally functional and does not provide direct business engagement or user interaction features.

Illuna-minetest.tk operates as a niche community gaming website providing dedicated Minetest servers with custom mods and texture packs. The business targets Minetest players seeking a unique and advanced gaming experience, supported by a small but experienced team since 2014. The website reflects a community-driven model with emphasis on server reliability and custom content. Technically, the site is built using modern frontend technologies including Bootstrap, jQuery, and the Zola static site generator, delivering a responsive and user-friendly experience. Performance is moderate with good mobile optimization and SEO practices. Security posture is adequate with HTTPS usage and no exposed sensitive data, but lacks explicit security headers and cookie consent mechanisms, indicating room for improvement in compliance and security best practices. Overall, the domain registration data supports the legitimacy and maturity of the business. The site is safe for general audiences with no adult or questionable content detected.

The website lemmy-meter.info provides a technical monitoring dashboard for Lemmy instances, leveraging Grafana technology. It targets technical users and administrators interested in instance health metrics. The domain is recently registered in 2023 and hosted with German name servers, while the registrant is located in Canada. The site is functional but lacks comprehensive privacy, cookie, and terms of service policies, as well as contact and incident response information. Technically, it uses modern React and Grafana frameworks but has basic SEO, accessibility, and performance optimizations. Security posture is moderate with HTTPS likely enabled but missing security headers and DNSSEC. Overall, the site is safe with no adult or questionable content detected.

M

Michael Lazar

mozz.us

46

Mozz.us is the personal domain of Michael Lazar, a professional software developer with a strong focus on alternative internet protocols such as Gemini, Gopher, Spartan, and CCSO. The website serves as a portfolio showcasing his open source projects, software development expertise, and personal interests including ASCII art. The site targets technology enthusiasts and developers interested in niche internet protocols and software tools. The business model is primarily personal and community-oriented, with no commercial transactions evident. Technically, the site uses standard HTML5 and CSS with FontAwesome icons, and the backend projects leverage Python frameworks like Flask and Django. Hosting and DNS are managed via Squarespace Domains and Google Cloud DNS respectively. The website is moderately optimized for performance and mobile devices, with basic accessibility and SEO features.

P

Private by Design, LLC

tilde.pink

45

The website tilde.pink is a niche, minimalist site focused on providing access via alternative internet protocols such as Gopher and Gemini. It is operated by Private by Design, LLC, a small US-based entity registered in 2019. The site content is minimal, primarily informational, and targets users interested in retro or alternative internet technologies. The business model appears to be hobbyist or community-focused with no evident commercial services or monetization. Technically, the site uses basic HTML and CSS with no advanced frameworks or CMS detected. Hosting is provided by Porkbun LLC, the domain registrar. The site performs well in terms of loading speed and basic mobile optimization but lacks SEO optimization and accessibility features. No analytics or tracking technologies are present, indicating a privacy-conscious approach. From a security perspective, the site lacks DNSSEC, security headers, and any formal privacy or cookie policies. The SSL configuration is basic but present. No forms or data collection mechanisms are implemented, reducing attack surface but also limiting user engagement. WHOIS data is consistent and legitimate with no privacy protection, which aligns with the site's transparent and minimal nature. Overall, the site is safe and suitable for general audiences but would benefit from improved security practices, privacy compliance, and richer content to enhance credibility and user experience.

rawtext.club is a niche community-driven technology service focused on providing shell access, local email, and hosting for alternative internet protocols such as gemini and gopher. The website emphasizes a slow and deliberate development approach, fostering a community governed by a social contract. The business operates under the domain registered to 1&1 Internet Inc, a reputable US-based hosting provider, with the domain created in 2018 and currently active. Technically, the website is minimalistic, built with basic HTML and CSS without modern frameworks or CMS. It lacks mobile optimization and SEO best practices, resulting in a slow and basic user experience. No analytics or advertising tools are present, indicating a privacy-conscious or low-budget operation. Security measures are limited; DNSSEC is not enabled, and no security headers are detected, which could expose the site to certain risks. From a security perspective, the site uses HTTPS (implied by domain registration and hosting provider but not explicitly confirmed), but lacks advanced security configurations. There are no privacy or cookie policies, which reduces compliance with GDPR and other privacy regulations. The WHOIS data is transparent and consistent with the business, enhancing trustworthiness. No adult or questionable content is present, making the site safe for general audiences. Overall, rawtext.club is a small, community-focused technology service with basic technical and security maturity. Strategic improvements in security headers, DNSSEC, privacy compliance, and mobile optimization would enhance its security posture and user experience.

P

prx

si3t.ch

42

The website si3t.ch is a personal digital space hosted by an individual known as 'prx'. It serves as a repository for documentation, code, tools, and miscellaneous content aimed at digital travelers and enthusiasts interested in self-hosting and privacy. The site also offers community interaction via an XMPP chat and is accessible through a TOR hidden service, emphasizing privacy and anonymity. The business model is non-commercial and hobbyist in nature, with a small-scale operation based in Switzerland. Technically, the site uses basic HTML, CSS, and JavaScript with Atom feeds and XMPP integration. It is self-hosted at home, with moderate performance and basic mobile optimization. No CMS or advanced frameworks are detected. The site lacks formal privacy, cookie, or terms of service policies and does not appear to use analytics or advertising, reflecting a privacy-conscious approach. From a security perspective, the site shows limited security measures in the HTML content, with no detected security headers or HTTPS/SSL information. The use of a TOR hidden service is a positive privacy feature. However, the absence of security policies, incident response contacts, and vulnerability disclosure mechanisms indicates room for improvement. No critical vulnerabilities or adult content were detected. Overall, the site is a safe, small personal project with moderate trustworthiness but limited formal security and privacy compliance. Strategic recommendations include implementing HTTPS, adding security headers, publishing privacy and cookie policies, and establishing a vulnerability disclosure process to enhance security posture and user trust.

Nightfall City is a creative and thematic website that presents a fictional virtual city with various districts and services, designed to engage visitors in an artistic and immersive experience. The site does not represent a traditional business but rather a niche project focused on storytelling and virtual exploration. The technical infrastructure is basic, relying on standard HTML and CSS without advanced frameworks or CMS. The website is accessible without any blocking or WAF interference, but lacks modern security headers and privacy compliance features. The absence of contact information, privacy policies, and security best practices limits its trustworthiness and compliance posture. Overall, the site is safe for general audiences and does not contain any adult or explicit content.

J

Jae Lo Presti

jae.moe

66

Jae's Website is a personal site belonging to Jae Lo Presti, a technical artist and content creator based in Helsinki, Finland. The site serves as a portfolio and blog platform showcasing Jae's work in 3D art, VR game development, and mentorship activities on platforms like Resonite. The website targets a general audience interested in technical artistry and virtual worlds. The business model is primarily personal branding and content sharing without commercial transactions. Technically, the website is built with standard HTML, CSS, and JavaScript, including the highlight.js library for code highlighting. It is hosted on the 777.tf domain and appears to be self-managed or hosted by a small provider. The site is well-structured, mobile-optimized, and performs well with good SEO and accessibility features. However, it lacks advanced security headers and formal privacy or cookie policies. From a security perspective, the site uses HTTPS but does not implement common security headers or GDPR compliance mechanisms. No vulnerabilities or exposed sensitive data were detected. The WHOIS data shows the domain is registered to a private person, consistent with the personal nature of the site, and the domain age aligns with the site's content timeline. No WAF or blocking mechanisms are present, allowing full content access. Overall, the site is trustworthy and professional for a personal portfolio but would benefit from adding privacy and cookie policies, security headers, and vulnerability disclosure information to improve compliance and security posture.

Flounder.online is a small niche service providing a free web interface and log builder for the Gemini protocol network, a privacy-focused internet protocol. The website targets users of the Gemini network who require simple tools to manage Gemini capsules. The business model is based on offering free services with optional donations via Patreon. The site is modest in scale and content but updated frequently, indicating active maintenance within its community niche. Technically, the website uses basic HTML and CSS without advanced frameworks or CMS, hosted likely via Namecheap. The site is mobile responsive at a basic level and has moderate performance. Security posture is minimal with no advanced security headers or policies detected, and no HTTPS configuration details available from the provided data. Privacy and cookie policies are absent, and no contact or incident response information is provided, limiting compliance and trust signals. Overall, the site is functional and relevant for its audience but lacks formal security and privacy documentation.

The Midnight Pub is a niche virtual pub platform launched in 2019, offering users the ability to write posts and create pages within a community-oriented environment themed around retro internet culture and small web communities. The platform is hosted on Linode and uses a custom or unknown CMS with basic HTML and CSS technologies. The website content is accessible and primarily text-based, with a donation mechanism via buymeacoffee.com. However, the site lacks critical privacy and cookie policies, contact information, and visible security best practices, which impacts its overall trust and compliance posture. No advanced analytics or tracking scripts are detected, indicating minimal user tracking. The domain registration is consistent with a small community platform, registered through 1API GmbH with a French registrant location, but with limited public registrant details.

F

FileZilla

filezilla-project.org

74

FileZilla is a well-established open source software project providing free FTP client and server solutions, with an additional paid Pro offering supporting cloud storage protocols. The website is professionally designed, with clear navigation and relevant content targeting IT professionals and end users needing reliable file transfer tools. The technical infrastructure is based on standard web technologies with active development and recent security updates, reflecting a mature digital presence. Security posture is solid with HTTPS usage and participation in a bug bounty program, though improvements in security headers and cookie consent mechanisms are recommended. Overall, the domain registration data aligns well with the website content, supporting legitimacy and trustworthiness.

S

skyjake (@[email protected]) - skyjake.fi

skyjake.fi

56

The website skyjake.fi hosts a personal Mastodon instance operated by an individual known as 'skyjake'. The site serves as a social platform within the fediverse, focusing on personal and technical content related to software projects such as Gemini protocol applications and the Doomsday Engine. The domain has been registered since 2010, indicating a long-term personal project. The site is small-scale, targeting a niche audience interested in open-source and federated social networking. Technically, the site runs Mastodon version 4.3.8, uses modern web technologies including JavaScript and SVG, and is hosted under a Finnish registrar. The site is mobile-optimized and provides a good user experience with clear navigation and consistent branding. Security posture is solid with HTTPS enabled and no obvious vulnerabilities, though it lacks advanced security headers and published security policies. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or GDPR-specific indicators. Overall, the site is trustworthy and well-maintained for a personal project, with no signs of malicious activity or suspicious registrations.

T

The SquirrelMail Project Team

squirrelmail.org

55

SquirrelMail.org is the official website for the SquirrelMail open source webmail project, providing a PHP-based webmail client and related plugins. The project has a long history dating back to 1999 and maintains a modest but consistent presence with announcements, plugin updates, and security advisories. The website targets system administrators and users seeking a lightweight, open source webmail solution. Technically, the site is basic, using standard HTML, CSS, and PHP, with no modern frameworks or CMS detected. Hosting is supported by Cloudflare DNS but lacks advanced security headers and DNSSEC. Security posture is moderate, with some security fixes and clickjacking protections noted, but no formal security.txt or vulnerability disclosure policy is published. Privacy and cookie policies are absent, and no direct contact information or social media presence is provided, limiting user engagement and compliance transparency. Overall, the site is functional and trustworthy but could benefit from modernization and improved compliance documentation.

Notmuchmail.org is the official website for Notmuch, an open source, fast, tag-based email indexing and search system primarily designed for use within text editors and terminals. The project targets developers and advanced users who require efficient email search capabilities without relying on third-party services. The website serves as a wiki and documentation hub, providing guides, source code access, and community contact channels such as mailing lists and IRC. Technically, the website is built using ikiwiki, a wiki engine, and delivers static HTML and CSS content with minimal dynamic elements. The site demonstrates good performance and basic mobile optimization but lacks advanced SEO and accessibility features. The technology stack includes Xapian for search backend integration and Git for source control, with continuous integration via Travis CI. From a security perspective, the site uses HTTPS (implied by domain and modern standards though SSL details are not provided), but lacks security headers and published security policies. No privacy or cookie policies are present, indicating limited compliance with privacy regulations. The domain WHOIS data is consistent and shows a long-established registration, enhancing trustworthiness. No forms or tracking technologies are present, minimizing data collection risks. Overall, the website is a trustworthy, niche technical resource with good business credibility but could improve in privacy compliance and security best practices to enhance user trust and regulatory adherence.

M

MARMARO

marmaro.de

45

The website marmaro.de is a personal site focused on sharing writings, programming projects, sports interests, and miscellaneous personal content. It does not represent a commercial business entity and lacks formal business information or contact details. The site is simple, static, and primarily serves as a personal portfolio or blog. Technically, the site uses basic HTML and CSS without modern frameworks or CMS. There is no evidence of HTTPS or security headers, which limits the security posture. No privacy or cookie policies are present, indicating low compliance with data protection standards. Overall, the site is safe for general audiences but lacks professional features and security best practices.

Freron Software operates the website freron.com to promote and distribute MailMate, an advanced IMAP email client designed exclusively for macOS users. The product targets a niche market of users requiring powerful email management features including encryption, advanced search, and integration capabilities. The company has maintained a consistent online presence since 2010, indicating stable business operations. The website content is well-structured and professional, focusing on product features and updates, with clear navigation and official social media links to Bluesky and X (Twitter). Technically, the website is simple and fast-loading, built with standard HTML and CSS without complex frameworks or CMS, reflecting a lean digital infrastructure. Hosting and domain registration are managed through a reputable registrar, joker.com, with domain age supporting legitimacy. Security posture is basic; while HTTPS is implied, no advanced security headers or DNSSEC are enabled, and no cookie consent mechanism is present. Privacy policy and EULA are published, but no explicit GDPR compliance statements or security policies are found. No contact emails or phone numbers are listed on the main site, limiting direct communication channels. Overall, the website is safe, professional, and trustworthy but could benefit from enhanced security and privacy compliance measures.

G

Gnus Network User Services

gnus.org

49

Gnus Network User Services operates a niche website dedicated to the Gnus Emacs newsreader, providing resources, manuals, and historical information for users of this open source software. The website serves a specialized audience of Emacs users and enthusiasts, positioning itself as a long-standing community resource since its founding in 1997. The business model focuses on information dissemination rather than commercial transactions, with a small organizational footprint based in Norway. Technically, the website is simple and lightweight, built with basic HTML and CSS without modern frameworks or CMS. It is hosted behind Cloudflare DNS but does not employ advanced security headers or DNSSEC, indicating room for technical modernization. The site performs moderately with basic mobile optimization and accessibility features, but lacks analytics or tracking technologies, reflecting a privacy-conscious approach. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks security headers and formal privacy or cookie policies, which lowers its compliance posture. No forms or data collection mechanisms are present, reducing attack surface but also limiting user engagement. The WHOIS data confirms a consistent and legitimate registration history, enhancing trustworthiness. Overall, the website is a safe, low-risk informational resource with moderate technical and security maturity. Strategic improvements in privacy compliance, security headers, and DNS security would enhance its posture and user trust.

The website aerc-mail.org presents an open source terminal-based email client named 'aerc' designed for technically proficient users such as hackers and developers. The site provides detailed descriptions of the software's features, including support for multiple email protocols, embedded terminal editing, and PGP encryption. The website is built using the Hugo static site generator and hosts content efficiently with minimal tracking or advertising. The technical infrastructure is modern and performant, with fast loading times and basic mobile optimization. However, the site lacks privacy and cookie policies, contact information, and security headers, which limits its compliance and security posture. The domain registration is consistent and transparent, indicating a legitimate and stable project. Overall, the site is professional and trustworthy within its niche but could improve in privacy and security transparency.

M

mCloud doo

rt.rs

62

RT Balkan is a Serbian language news media website operated by mCloud doo, established in 2012. It provides daily updated news content focused on Serbia, the Balkan region, and global events, including live TV streaming and program schedules. The website leverages modern web technologies such as React and lazy loading for performance optimization. It maintains an active presence on major social media platforms including Instagram, Telegram, Facebook, Twitter, and TikTok, enhancing its reach and engagement. The domain registration details align well with the website's regional focus, indicating legitimacy and consistency.

envs.net is a small, community-driven platform offering a shared Linux environment and a suite of self-hosted open source services tailored for Linux enthusiasts, programmers, and sysadmins. The platform emphasizes minimalism, non-commercial use, and collaboration, providing services such as shell accounts, file hosting, collaborative editing, microblogging, and federated social networking. The website and domain have been active since 2018, reflecting a stable and consistent presence in the niche Linux community space. Technically, envs.net runs on Debian GNU/Linux 11 and integrates multiple open source platforms like Gitea, Matrix, Pleroma, and Cryptpad. The website is well-structured with good SEO practices and basic mobile optimization. No advanced CMS or commercial hosting provider is evident, suggesting a self-managed infrastructure. Performance is moderate, suitable for the community's needs. From a security perspective, the site uses HTTPS and has domain transfer protections but lacks DNSSEC and security headers, which are recommended improvements. No cookie consent mechanism is present despite having a privacy policy, indicating partial privacy compliance. No incident response or vulnerability disclosure policies are published, which could be enhanced to improve trust and security posture. Overall, envs.net presents a trustworthy, privacy-respecting community platform with a solid technical foundation but could benefit from enhanced security practices and compliance measures to strengthen its position and user confidence.

F

Free Radical

freeradical.zone

61

Free Radical operates an independent Mastodon social networking server focused on infosec, privacy, technology, and leftward politics. The platform offers users a space to engage in the fediverse with trending content, hashtags, and news exploration. The website is built on the Mastodon open-source platform version 4.4.2, utilizing React and modern JavaScript technologies. The domain is registered since 2017 with privacy protection, consistent with the site's privacy-focused mission. While the site provides basic privacy policy information, it lacks cookie consent mechanisms and explicit terms of service. Security posture is moderate with no detected security headers or incident response policies, but no critical vulnerabilities are evident. Overall, the site is functional, well-branded, and serves a niche community with moderate traffic and engagement.

P

Private by Design, LLC

fedia.io

58

Fedia.io is a small technology company operating a content aggregator and micro-blogging platform focused on the fediverse ecosystem. The platform offers services such as thread posting, photo sharing, and magazine creation, targeting general users interested in decentralized social content. The website is modern and functional, with good design and navigation, but lacks visible privacy and cookie policies on the login page. Technically, the site uses modern JavaScript frameworks and is hosted via bunny.net, indicating a CDN-backed infrastructure with moderate performance and good mobile optimization. Security features include CSRF protection on forms and password preview toggling, but the absence of DNSSEC and security headers indicates room for improvement. The WHOIS data is transparent and consistent with the business profile, enhancing trustworthiness. Overall, the site scores moderately well but needs to improve privacy compliance and security hardening.

P

Private by Design, LLC

klingon.wiki

56

The Klingon Language Wiki is a niche online resource dedicated to the Klingon language, offering a multilingual wiki platform with over 1,800 articles in English and additional content in German, French, and Dutch. The website is operated by Private by Design, LLC, a US-based entity, and serves language learners and enthusiasts interested in Klingon. The business model centers on providing free, open-access language resources through a wiki format, positioning itself as a specialized educational platform within the constructed language community. Technically, the website is built on the Foswiki content management system and uses older versions of jQuery, indicating some technical debt. The site is moderately optimized for mobile devices and SEO, with a clean and consistent design. Hosting details are not explicitly disclosed, but DNS servers suggest a third-party hosting arrangement. Performance is moderate, with no major errors or broken elements detected. From a security perspective, the site uses HTTPS but lacks DNSSEC and security headers, and it employs an outdated jQuery version with known vulnerabilities. No advanced security policies or incident response contacts are published. Privacy compliance is limited, with no cookie policy or consent mechanism found, and no explicit privacy policy addressing GDPR. Contact information is minimal, with no emails or phone numbers provided on the main page. Overall, the website is a credible and useful resource for its target audience but would benefit from technical and security improvements, enhanced privacy compliance, and clearer contact information to strengthen trust and resilience against potential threats.

TrekCore.com is a well-established fan media website dedicated to Star Trek multimedia content, including high-resolution screencaps, episode guides, scripts, trivia, and gaming information. Founded in 2005 and operated by Trapezoid Media, LLC, it serves a niche audience of Star Trek enthusiasts with extensive, well-organized content and frequent updates. The website holds a strong market position as a leading fan resource in its domain. Technically, the site uses legacy technologies such as jQuery 1.3.2 and is hosted on HostGator servers. While the site is accessible via HTTPS and has a consistent domain registration history, it lacks modern security headers and DNSSEC, which could be improved. Privacy compliance is minimal, with no cookie consent mechanism despite the use of Google Analytics tracking. Overall, the site demonstrates good content quality and business credibility but would benefit from enhanced security and privacy practices.

L

Top Lemmy Instance Health Status

lemmy-status.org

37

The website lemmy-status.org provides a public health and status monitoring service for Lemmy instances, a federated social platform within the Fediverse. It dynamically displays uptime and response time statistics for various Lemmy nodes, targeting users and administrators interested in instance reliability. The site leverages modern web technologies, notably Vue.js, to deliver a responsive and interactive user experience. While the technical implementation is solid with HTTPS enabled and a clean design, the site lacks formal privacy, cookie, and terms of service policies, and the contact information is incomplete, which impacts its overall trustworthiness. Security posture is moderate, with HTTPS but missing security headers and incident response contacts. The domain registration is recent but consistent with the site's purpose and shows no suspicious patterns. Overall, the site is functional and serves a niche community but would benefit from improved compliance and security practices.

C

Chriwi Holding ApS

expressional.social

69

Expressional.social is an independent Mastodon server hosted in Copenhagen, Denmark, operated by Chriwi Holding ApS. The platform offers a federated social networking service focusing on safety, transparency, and security, welcoming users of all languages and federating primarily with other Danish servers. The website presents a modern and functional interface built on the Mastodon platform version 4.4.0-nightly, leveraging React and standard web technologies. The technical infrastructure is solid with HTTPS enforced and Cloudflare as registrar and DNS provider, though DNSSEC is not enabled. Security posture is adequate but could be improved by adding security headers and formal security policies. Privacy compliance is partial, with a privacy policy present but lacking cookie consent mechanisms and terms of service. No direct contact information or incident response contacts are published, which limits user support transparency. Overall, the site is trustworthy and professionally maintained, suitable for general audiences without adult content.

T

The Zero Proof

thezeroproof.com

69

The Zero Proof operates a professionally designed e-commerce platform specializing in non-alcoholic beverages including wines, spirits, beers, cocktail kits, and related barware. Established in 2019, the company positions itself as a leading online retailer in this niche, targeting consumers seeking alcohol-free alternatives. The website leverages Shopify's robust platform and integrates multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, Klaviyo, and Yotpo, indicating a mature digital marketing strategy. Technically, the site is well-implemented with modern web technologies, fast performance, and good mobile optimization. Security posture is strong with HTTPS enforced and domain locked with multiple EPP status codes, though DNSSEC is not enabled. However, the site lacks visible privacy and cookie policies and explicit contact information, which are areas for improvement. Overall, the site is trustworthy and professional with a solid market presence in the non-alcoholic beverage e-commerce sector.

The website useplaintext.email serves as an educational and advocacy platform promoting the use of plain text email over HTML email. It provides detailed guidance on configuring various email clients, etiquette recommendations, and implementation advice for software developers. The site targets technical users and communities who prefer or require plain text email, positioning itself as a niche resource within the technology sector. The business model is informational, supported by the open source community and hosted on sourcehut, a known free software platform. The content quality is good, with consistent branding and trust indicators such as the 'Plain Text Certified' badge and MIT licensing. Technically, the website is built with simple HTML and CSS, hosted on sourcehut infrastructure, and exhibits good performance and mobile optimization. There are no detected CMS or complex frameworks, which aligns with the site's minimalist and security-conscious approach. Accessibility and SEO are basic to good, with clear navigation and structured content. No third-party scripts or analytics services are used, reflecting a strong privacy stance. From a security perspective, the site lacks advanced security headers and DNSSEC is not enabled, which are areas for improvement. The absence of forms or data collection reduces attack surface, and no vulnerabilities or exposed sensitive data were detected. The WHOIS data is consistent and transparent, with a domain age appropriate for the site's purpose and no privacy protection masking registrant details. However, no formal privacy, cookie, or security policies are published, which limits compliance and trust signals. Overall, the website presents a low-risk profile with a strong focus on privacy and minimalism but would benefit from enhanced security headers, formal policies, and DNSSEC implementation to improve its security posture and compliance. The business credibility is high given the clear purpose and community backing, but privacy compliance scores lower due to missing policies.

Forust is a company specializing in sustainable wood 3D printing technology, aiming to make high-volume wood 3D printing affordable, reliable, and sustainable. The website positions Forust as part of a larger additive manufacturing ecosystem (Team DM), with a focus on rematerializing wood waste into high-quality, complex wood products. The company targets manufacturers, designers, and consumers interested in sustainable wood products, offering both hardware (Shop System™ Forust Edition) and product platforms. Technically, the website is well-built with modern technologies including HubSpot for marketing and analytics, Google Analytics, and responsive design. Security posture is good with HTTPS and cookie consent mechanisms, though explicit security headers and vulnerability disclosures are absent. WHOIS data is unavailable, which slightly reduces trust but the professional presentation and association with Desktop Metal support legitimacy. Overall, the site is well-positioned in the manufacturing technology sector with a strong sustainability message.

O

Oopy 우피

oopy.io

63

Oopy (우피) is a Korean SaaS company specializing in transforming Notion pages into optimized websites, enabling users to create personalized homepages quickly with domain linking and customization. The company targets individuals and businesses seeking easy web presence solutions, offering templates, guides, and customer showcases to support various branding and landing page needs. The website demonstrates a modern technical infrastructure built on Next.js, leveraging third-party analytics and chat services for user engagement and marketing insights. Security posture is solid with HTTPS and no visible vulnerabilities, though explicit security headers and privacy policies are absent. The lack of WHOIS transparency is due to privacy protection, which is common and justified for this business type. Overall, the website is professional, well-designed, and trustworthy, though improvements in privacy compliance and contact transparency are recommended.

J

Jonah Aragon

jonaharagon.com

67

Jonah Aragon is an independent content creator focusing on data privacy, digital rights, and cybersecurity education through blog posts and YouTube videos. The website serves as a personal brand platform offering educational content, a newsletter subscription, and a tip/donation mechanism. The market position is that of a niche privacy advocate and educator with a small but engaged audience. Technically, the site is built on the Ghost CMS platform, uses modern web technologies, and includes structured data for SEO. Performance and mobile optimization are good, though some security best practices like security headers and explicit privacy policies are missing. The security posture is solid with HTTPS enforced and no visible vulnerabilities, but the absence of privacy and cookie policies and missing WHOIS data reduce trust. Overall, the site is professional and trustworthy in content but would benefit from improved compliance and transparency. Strategic recommendations include publishing privacy and cookie policies, adding security headers, and clarifying domain registration details.

Organizaţia Profesioniştilor Pieţei de Capital (OPPC) is a Romanian professional organization dedicated to the capital market sector. Founded in 2012, it provides professional training, organizes conferences and seminars, and advocates for the development of the Romanian capital market. The website content is primarily in Romanian and targets professionals and stakeholders in the financial sector. The organization holds authorization from the Romanian Financial Supervisory Authority (ASF), which adds to its credibility and trustworthiness. Technically, the website is built on a custom HTML/CSS/JavaScript stack using older versions of jQuery and plugins such as bxSlider and fancybox. The hosting is provided by CYBER_FOLKS S.R.L., a Romanian registrar and hosting provider. The site shows moderate performance and basic mobile optimization but lacks modern CMS or frameworks. SEO and accessibility are basic but functional. From a security perspective, the site lacks HTTPS enforcement information, uses outdated JavaScript libraries, and does not implement modern security headers or cookie consent mechanisms. There is no visible incident response or vulnerability disclosure policy. The WHOIS data is consistent with the website's business claims, showing a domain age of over 10 years, which supports legitimacy. Overall, the website is a functional professional organization site with good business credibility but requires improvements in security posture, privacy compliance, and technical modernization to enhance trust and user experience.

Asociatia Pentru Promovarea Asigurarilor (APPA) is a Romanian non-profit organization dedicated to promoting insurance awareness, consumer protection, and insurance education. Established in 2010, APPA conducts multiple national campaigns, develops specialized information portals, and maintains strategic partnerships with key industry players. The website serves as an information hub for insurance-related education and campaigns targeting the Romanian population. Technically, the website uses traditional web technologies with some outdated elements such as Flash, and integrates Google Analytics for tracking. Security posture is basic with no advanced headers or DNSSEC, and privacy compliance is lacking due to absence of privacy and cookie policies. Overall, APPA presents a credible and established presence in the Romanian insurance education sector but should modernize its technical and security implementations.

L

Les Services de bien-être et moral des Forces canadiennes (SBMFC)

sbmfc.ca

58

Les Services de bien-être et moral des Forces canadiennes (SBMFC) is a Canadian government-related social enterprise focused on providing welfare, morale, and support services to members of the Canadian Forces and their families. The website offers comprehensive information on a wide range of services including family support, child care, relocation assistance, education, employment, physical conditioning, sports, and mental health. The target audience is primarily military members and their families, with content presented in French and structured for ease of navigation. Technically, the website is built on the Kentico CMS platform, utilizes Cloudflare for DNS and likely CDN services, and integrates multiple analytics and tracking tools such as Microsoft Clarity, Google Tag Manager, and Facebook Pixel. The site demonstrates good mobile optimization and SEO practices but lacks visible security headers and consent mechanisms for privacy and cookies, which are areas for improvement. From a security perspective, the domain is legitimate with consistent WHOIS data and no privacy protection, indicating transparency. However, the absence of DNSSEC, security headers, and published privacy or incident response policies lowers the security posture. No WAF or blocking mechanisms were detected, and the site content is safe and appropriate for a general audience. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance, security hardening, and clearer contact information to improve user trust and regulatory adherence.

M

Mullvad VPN AB

mullvad.net

66

Mullvad VPN AB is a well-established Swedish company founded in 2008 that provides privacy-focused VPN services aimed at protecting users from mass surveillance, censorship, and data collection. Their business model is subscription-based with a fixed monthly fee, emphasizing anonymity by not requiring personal information for account creation. The company offers a suite of privacy tools including a VPN, a privacy-focused browser, encrypted DNS, and browser extensions. Technically, the website is built on modern frameworks such as SvelteKit, optimized for performance and mobile use, with excellent content quality and clear navigation. Security posture is strong with HTTPS enforced, domain transfer protections, and privacy-respecting practices, though DNSSEC is not enabled and some security headers could be improved. The site shows minimal tracking and no advertising, aligning with their privacy ethos. Overall, Mullvad VPN demonstrates high business credibility and trustworthiness with comprehensive legal policies and transparent contact information.

Neilzone.co.uk is a personal blog maintained by Neil Brown, focusing on technology, open source software, privacy, and personal reflections. The site has a long-standing presence since 2006, indicating a stable and consistent content publishing history. The blog targets a general audience interested in technology and privacy topics, with a niche focus on Linux, open source, and the fediverse. The business model is primarily personal content sharing without commercial or transactional elements.

K

Kakao Pay Corp.

kakaopay.com

58

Kakao Pay Corp. is a leading South Korean fintech company providing a comprehensive suite of digital financial services including payments, money transfers, asset management, investment, loans, and insurance. The company operates a well-branded, content-rich website primarily targeting Korean consumers, reflecting its strong market position and broad service offerings. The website demonstrates a high level of digital maturity, utilizing modern web technologies such as Next.js and React, and delivering fast, mobile-optimized user experiences with multimedia content. Security posture is robust with HTTPS enforcement and standard security headers, though there is room for improvement in DNSSEC adoption and explicit security policies. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks an explicit cookie consent mechanism. Overall, the website and domain registration data indicate a legitimate, trustworthy business with a strong digital presence.

D

Daum

daum.net

62

Daum is a major South Korean web portal and media platform offering a wide range of services including news aggregation, search, live news streaming, and entertainment content. The website is well-established with a large audience and integrates content from reputable news sources and broadcasters. Technically, the site uses modern web technologies, including JavaScript, CSS, and integrates advertising networks such as Google Adsense and Kakao DAN. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though security headers could be improved. Privacy compliance is limited due to the absence of visible privacy and cookie policies. WHOIS data is unavailable, likely due to privacy protection or query limitations, but the site’s legitimacy is supported by its content and partnerships. Overall, Daum is a credible and professional media portal with room for improvement in privacy transparency and security header implementation.

The website 'Portail sur la recherche en SP' is a French-language portal managed by the Canadian Multiple Sclerosis Society (Société canadienne de la sclérose en plaques). It serves as an information and recruitment platform for multiple sclerosis research studies and clinical trials conducted in Canada. The portal targets researchers seeking participants and individuals interested in participating in MS research. The business operates as a non-profit organization with a clear focus on healthcare research facilitation within Canada. The website content is professionally presented with consistent branding and clear contact information, supporting its credibility and trustworthiness. Technically, the site uses a traditional web stack including HTML, CSS, JavaScript with jQuery and jQuery UI libraries, and Google Analytics for user tracking. Hosting is provided via Linode, indicated by the domain's nameservers. The site demonstrates moderate performance and basic mobile optimization but lacks advanced CMS or modern frameworks. SEO and accessibility features are basic but functional. From a security perspective, the site uses domain status protections and HTTPS for analytics scripts but lacks DNSSEC and visible security headers such as CSP or HSTS. There is no cookie consent mechanism or explicit security policy disclosed, which presents compliance gaps. The WHOIS data shows a long-standing domain with privacy protection justified for a non-profit. Overall, the security posture is moderate with room for improvement in headers and privacy compliance. The overall risk assessment is low to moderate, with no critical vulnerabilities detected. Strategic recommendations include implementing security headers, enabling DNSSEC, adding cookie consent, and publishing security and incident response policies to enhance trust and compliance.

The MS Research Portal is a specialized non-profit website operated by the MS Society of Canada, aimed at connecting Canadian residents with multiple sclerosis research studies seeking participants. The portal supports transparency and accessibility for research initiatives funded by recognized agencies, excluding commercial or for-profit studies. The website serves both potential study participants and researchers, providing contact information and study listings sorted by province. The organization is well-established with a domain age of over a decade, reinforcing its credibility in the healthcare non-profit sector. Technically, the website employs a traditional web stack with HTML, CSS, and JavaScript, including older versions of jQuery and jQuery UI. Hosting is provided via Linode, and Google Analytics is used for visitor tracking. While the site is functional and well-structured, it lacks modern security headers and uses outdated JavaScript libraries, which could expose it to vulnerabilities. Mobile optimization and accessibility are basic but adequate for the target audience. From a security perspective, the site benefits from HTTPS and domain registration protections but lacks DNSSEC and explicit security policies or incident response information. The absence of a cookie consent mechanism is a compliance gap given the use of Google Analytics. No critical vulnerabilities or malicious content were detected, and the site maintains a high trust level appropriate for a healthcare non-profit. Overall, the MS Research Portal is a credible, professionally maintained resource with room for technical and security improvements. Strategic enhancements in security headers, library updates, and privacy compliance would strengthen its posture and user trust.

S

Sauropods.win

sauropods.win

65

Sauropods.win operates as a niche Mastodon instance dedicated to sauropod enthusiasts, providing a community-driven social media platform within the Fediverse. The website leverages the Mastodon 4.4.2 platform with modern web technologies such as React and JavaScript modules, hosted under Hover.com's domain services. The platform offers typical Mastodon features including user posts, profile directories, and public timelines, targeting a small but active user base. Security posture is solid with HTTPS enforced and domain transfer protections, though DNSSEC is not enabled and no advanced security policies are publicly disclosed. Privacy compliance is minimal with a basic privacy policy present but lacking cookie consent and terms of service. Business credibility is moderate given the community nature and lack of commercial presence. Overall, the site is functional, safe, and well-branded but could improve transparency and compliance.

E

EyeMed Vision Care

eyemedvisioncare.com

71

EyeMed Vision Care operates a comprehensive vision benefits platform offering affordable vision insurance plans, eye exams, eyewear, and LASIK savings. The company targets a broad audience including members, employers, brokers, providers, and insurance carriers, positioning itself as a large enterprise in the healthcare sector with a strong market presence and extensive provider network. The website demonstrates a high level of professionalism with clear navigation, rich content, and multiple user portals tailored to different stakeholders. Technically, the site employs modern tracking technologies such as Google Tag Manager and Google Analytics, and is optimized for mobile devices with good accessibility and SEO practices. Security posture is strong with HTTPS enforced and no exposed sensitive data, though additional security headers could enhance protection. Privacy compliance is well addressed with comprehensive privacy and cookie policies and consent mechanisms. WHOIS data is unavailable, likely due to privacy protection, which slightly reduces trust but is common for enterprises. Overall, the site is trustworthy, well-maintained, and aligned with industry standards.

M

Maje - Paris | México

maje.mx

65

Maje - Paris | México operates a professional e-commerce website targeting fashion consumers in Mexico, offering men's and women's collections. The site is built on Shopify, leveraging modern technologies and marketing tools such as Google Analytics and Facebook Pixel. The website demonstrates good design quality, mobile optimization, and clear navigation, supporting a positive user experience. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, though explicit security policies and incident response information are absent. Privacy compliance is adequate with a privacy and cookie policy present, but terms of service and direct contact details are missing. Overall, the site reflects a legitimate, established retail brand with a solid digital presence.

P

Project Mushroom

spore.social

60

Spore.social is an independent Mastodon-based social networking platform operated by Project Mushroom, focusing on community engagement around justice and social action. The platform leverages the open-source Mastodon software (version 4.4.2) and provides a federated social media experience within the fediverse. The website is well-structured with good content quality and consistent branding, targeting a general audience interested in social justice and community discourse. Technically, the site uses modern web technologies including React and ES modules, with good mobile optimization and moderate performance. Security posture is adequate with HTTPS enforced and domain transfer protection, but lacks DNSSEC and explicit security policies. Privacy compliance is partial, with a basic privacy policy present but no cookie consent or terms of service found. Overall, the platform appears legitimate and trustworthy for its niche, though improvements in security and compliance documentation are recommended.