High-risk security reports

The website versary.town is a personal creative portfolio and blog site owned by Annie, who identifies as a gay girl interested in music and programming. The site features personal blogs, recipes, resources, and links to social media and code repositories. The business is small and niche, targeting a general audience interested in personal creative content. The domain is registered to Private by Design, LLC in the US, consistent with the website's content and timeline. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, and Google Fonts. It is hosted with DNS services from Porkbun LLC, with moderate performance and good mobile optimization. However, there is no CMS detected, and no advanced frameworks are used. SEO and accessibility are basic but functional. From a security perspective, the site uses HTTPS but lacks DNSSEC and security headers, which reduces its security posture. There are no visible privacy, cookie, or security policies, and no incident response or vulnerability disclosure mechanisms. No analytics or tracking scripts are present, indicating minimal user tracking. The site content is safe for general audiences with no adult or explicit material. Overall, the site is a legitimate personal project with moderate technical and security maturity. Strategic improvements include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and considering vulnerability disclosure to enhance trust and compliance.

L

lisanne.gay

lisanne.gay

49

Lisanne.gay is a personal website operated by an individual developer named Lisanne, who identifies as they/she. The site serves as a portfolio showcasing their software and game development projects, including Godot games and web browsers. The website is small-scale and targets an audience interested in indie software and gaming projects. The domain was registered in 2022, consistent with the website's stated establishment date. The site links to various external developer platforms such as GitLab and itch.io, reinforcing its role as a personal project hub. Technically, the website is built with standard HTML, CSS, and JavaScript, hosted by Dynadot Inc. It uses HTTPS but lacks advanced security headers and DNSSEC, indicating room for improvement in security hardening. The site is moderately optimized for mobile and has basic accessibility and SEO features. No CMS or major frameworks are detected, suggesting a custom or lightweight static site. From a security perspective, the site has a basic posture with HTTPS enabled but no evident security policies, incident response contacts, or vulnerability disclosure mechanisms. No privacy or cookie policies are present, which may expose the site to compliance risks under GDPR or similar regulations. No contact emails or phone numbers are provided, limiting direct communication channels. Overall, the website is a functional personal portfolio with good content quality but lacks formal security and privacy controls. Strategic improvements in security headers, policy disclosures, and contact information would enhance trust and compliance. The site is safe for general audiences with no adult or questionable content detected.

F

Homepage - flewkey

flewkey.com

44

The website flewkey.com is a personal portfolio and blog site operated by Ryan Fox, a computer programmer from Canada. The site features blog posts related to software and personal interests, as well as music tracks created by the owner. The business model is that of a personal brand and content sharing platform, targeting a general audience interested in technology and programming. The website is small in scale and was established in 2019, consistent with the domain registration data. The site is hosted via GoDaddy and uses basic HTML and CSS technologies without advanced frameworks or CMS platforms. From a technical perspective, the website is simple and functional but lacks modern enhancements such as security headers, analytics, or advanced SEO features. Mobile optimization and accessibility are basic but present. The site does not employ any tracking or advertising technologies, indicating a minimal digital footprint. Security posture is limited; the domain is registered with standard protections against unauthorized changes but lacks DNSSEC and security headers. No privacy or cookie policies are present, which impacts compliance with GDPR and other privacy regulations. No contact or incident response information is provided, limiting transparency and trust. Overall, the website is safe and appropriate for general audiences, with no adult or questionable content detected. The risk level is low given the personal nature of the site, but improvements in security and privacy compliance are recommended to enhance trust and professionalism.

I

Incard Ltd

incard.co

49

Incard Ltd operates a specialized financial platform tailored for ecommerce businesses, offering multi-currency business accounts, corporate Visa Platinum cards with cashback and rewards, expense management, accounting automation, and financial analytics. Positioned as a fintech innovator, Incard targets ecommerce entrepreneurs seeking streamlined financial operations and enhanced visibility into their cash flow and advertising spend. The company leverages partnerships with Currency Cloud, Visa, and TrueLayer to provide regulated payment and account information services, reinforcing its credibility in the financial sector. Technically, the website is built on a modern React and Next.js stack, hosted on Vercel, and integrates multiple analytics and marketing tools such as Google Tag Manager, Facebook Pixel, Hotjar, and Intercom. The site demonstrates excellent mobile optimization, accessibility, and SEO practices, contributing to a professional user experience. Security posture is strong with HTTPS enforcement, comprehensive security headers, and no visible vulnerabilities or exposed sensitive data. Privacy compliance is supported by detailed privacy and cookie policies, though an explicit cookie consent mechanism is not detected. WHOIS data is privacy protected, which is justified for a fintech company, though it limits direct registrant verification. Overall, Incard presents a trustworthy and professional digital presence with a solid foundation for ecommerce financial services.

The website deltarune.com serves as the official portal for the indie game DELTARUNE, created by Toby Fox. It provides information about the game available on multiple platforms including Nintendo Switch, PC/Mac, and PlayStation. The site offers direct links to purchase or download the game, soundtrack, and merchandise, targeting gamers and fans of the UNDERTALE series. The business model revolves around digital sales and merchandising with a strong niche market presence and a dedicated fanbase. Technically, the site is a modern, fast-loading static website using Bridgetown framework and Cloudflare DNS services, optimized for mobile and desktop with good SEO and accessibility features. Security posture is solid with HTTPS and domain transfer protections, though some improvements like DNSSEC and security headers could be made. Privacy compliance is basic with a privacy policy linked externally but lacks cookie consent mechanisms. Overall, the site is professional, trustworthy, and well-maintained, reflecting a small but reputable indie game business.

N

Njalla Okta LLC

poridge.club

33

Poridge Club is a small technology-focused project offering a suite of privacy-centric and ethical internet services, including federated social networking, private email, voice communication, and video conferencing. The platform emphasizes free speech and user data protection, positioning itself as an alternative to mainstream corporate services. The website is primarily in Russian and targets users seeking privacy and freedom online. Technically, the site is built with standard web technologies and hosted on privacy-focused infrastructure provided by Njalla. While the site is well-structured and content-rich, it lacks some compliance features such as cookie consent and visible contact information. Security posture is moderate, with domain protections in place but missing DNSSEC and security headers. Overall, the site is trustworthy and legitimate but could improve in security and compliance aspects.

L

Le collectif du « Conseil du Langage Neutre »

pronoms.fr

30

Pronoms.fr is a French-based, volunteer-driven, open-source project focused on promoting inclusive and non-binary language through examples of personal pronouns and neutral language usage. It offers users the ability to create and share personalized pronoun cards, supports multiple languages, and fosters community engagement through social media and a dedicated queer calendar. The project is positioned as a niche educational and social inclusion resource within the LGBTQ+ community and language activism space. Technically, the website is built using modern frameworks such as Nuxt.js and Vue.js, with integration of Shopify for e-commerce functionalities. It leverages Cloudflare for DNS and possibly CDN services, uses Google Fonts and Font Awesome for UI, and employs Plausible Analytics for privacy-respecting visitor tracking. The site is well-optimized for mobile devices, accessible, and SEO-friendly, reflecting a mature digital infrastructure for a small community project. From a security perspective, Pronoms.fr enforces HTTPS, implements key security headers, and avoids exposing sensitive data. However, it lacks a visible cookie consent mechanism and formal security or incident response policies, which are recommended for compliance and transparency. No vulnerabilities or suspicious activities were detected, indicating a strong security posture for its scale. Overall, Pronoms.fr presents a trustworthy, professional, and community-oriented platform with excellent content quality and technical implementation. Strategic improvements in privacy compliance and formal security documentation would further enhance its credibility and user trust.

S

Anders · Work smart, not hard

spirit55555.dk

45

The website spirit55555.dk is a personal professional portfolio for Anders G. Jørgensen, a technology professional based in Copenhagen, Denmark, working at One.com. The site highlights his personal projects related to Minecraft server tools and provides contact information and social media links. The business model is personal branding and showcasing technical expertise. The site is small scale and targets a general audience interested in technology and gaming tools. Technically, the website uses modern frontend technologies including Bootstrap and FontAwesome delivered via CDN, hosted on One.com. The site is mobile optimized with a clean and consistent design, though accessibility and SEO optimizations are basic. No CMS or analytics tools are detected, indicating a lightweight and privacy-conscious setup. From a security perspective, the site lacks several best practices such as DNSSEC, security headers, and privacy or cookie policies. No incident response or vulnerability disclosure information is provided. The domain is well established since 2007, registered with a reputable registrar, and consistent with the website content, indicating legitimacy. No WAF or blocking mechanisms are detected. Overall, the site is safe and professional but could improve its security posture and privacy compliance. The risk level is low given the limited data collection and personal nature of the site. Strategic improvements in security headers, privacy policies, and DNS security would enhance trust and compliance.

B

British Acoustic Neuroma Association CIO

bana-uk.com

45

The British Acoustic Neuroma Association (BANA UK) is a UK-based non-profit organization dedicated to supporting individuals affected by Acoustic Neuroma, a type of brain tumor. The website serves as an information hub and community platform offering resources, support groups, events, and membership benefits. It targets patients, their families, and support networks, positioning itself as a specialized charity in the healthcare sector. The organization is registered as a charity in the UK, enhancing its credibility. Technically, the website is built on WordPress with modern plugins such as Modern Events Calendar and Contact Form 7, and uses Bootstrap for responsive design. It integrates Google Analytics and Google reCAPTCHA v3 for analytics and security. Hosting appears to be via Bitnami WordPress stack. The site demonstrates good mobile optimization and SEO practices, though accessibility is basic. Performance is moderate, with room for improvement in security headers and cookie consent mechanisms. From a security perspective, the site enforces HTTPS and uses reCAPTCHA to protect forms, but lacks visible security headers and explicit incident response or security policy pages. No vulnerabilities or exposed sensitive data were detected in the HTML content. Privacy and cookie policies are present and appear comprehensive, but cookie consent is not implemented. WHOIS data for the domain is missing, which is unusual and reduces trust slightly, though the website content and charity registration support legitimacy. Overall, the site is a well-maintained, professional charity website with good content quality and business credibility. Security posture is solid but could be enhanced with additional headers and policies. The absence of WHOIS data is a concern but does not outweigh the positive trust indicators. Strategic improvements in privacy compliance and security transparency are recommended to strengthen trust and compliance.

T

TRABIT

trabit.eu

43

TRABIT is a European interdisciplinary training network focused on computational brain imaging in clinical applications. The website serves as an information portal for the consortium, providing details about training events, researchers, and project results. The project is funded by the European Union's Horizon 2020 program under a Marie Sklodowska-Curie grant, positioning it as a credible academic initiative in healthcare and technology sectors. The target audience includes researchers, clinicians, and industry professionals involved in neuroimaging and brain health. Technically, the site is built on Joomla CMS with common web technologies like jQuery, Bootstrap, and UIkit, offering moderate performance and good mobile optimization. Security posture is basic with HTTPS implied but lacking explicit security headers and privacy compliance documentation. No blocking or WAF mechanisms were detected, and content is fully accessible and safe for general audiences.

The Surgery CDT website represents the EPSRC Centre for Doctoral Training in Advanced Engineering for Personalised Surgery & Intervention, affiliated with King's College London and funded by EPSRC. It serves as an academic and research platform targeting doctoral students and researchers in personalised surgery and intervention. The website provides information about projects, teams, cohorts, partners, and application procedures, reflecting a specialized educational and research focus. Technically, the site is built on WordPress using the Divi theme, leveraging common web technologies such as jQuery and Google Fonts. The site is moderately optimized for performance and mobile responsiveness, with good SEO practices evident in meta tags and structured data. Security posture is solid with HTTPS enforced and no visible sensitive data exposure, though security headers are absent and could be improved. Privacy and cookie policies are missing, which is a compliance gap. The WHOIS data is notably absent, which raises concerns about domain registration legitimacy despite the professional and trustworthy content. Overall, the site is functional, professional, and safe for general audiences but would benefit from enhanced privacy compliance and security best practices.

The website represents the Medical Research Council Doctoral Training Partnership in Biomedical Sciences at King's College London, providing doctoral training and research opportunities in biomedical sciences. The site is professionally designed using WordPress with the Divi theme and includes detailed program information and multimedia content. The technical infrastructure is modern and well-maintained, hosted under King's College London DNS servers, with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled and no exposed sensitive data, though improvements can be made by enabling DNSSEC and adding security headers. Privacy compliance is partial, with a cookie consent mechanism but no visible privacy policy or terms of service. Overall, the domain registration and WHOIS data are consistent and trustworthy, reflecting a legitimate academic institution.

C

Contact Privacy Inc. Customer 0169240283

pony.directory

38

Pony.directory is a niche community directory website dedicated to the My Little Pony fandom. It aggregates and categorizes a wide variety of fan-related websites including blogs, art boards, fanfiction, games, conventions, and community forums. The site targets MLP fans seeking a centralized resource for fandom content and community engagement. Technically, the site is built using modern web technologies such as SvelteKit and modular JavaScript, hosted with DNS services from NS1 and Squarespace DNS. The site is mobile optimized and offers clear navigation and well-structured content. Security posture is moderate; the site uses HTTPS but lacks DNSSEC and security headers, and does not publish privacy or cookie policies. The domain is recently registered with privacy protection, which is typical for small community sites. Overall, the site is functional, safe, and serves its community well but would benefit from improved privacy and security disclosures.

The website 'Twilight Sparkle's Secret Shipfic Folder Online' is a niche community platform dedicated to hosting and playing the TSSSF game online. It provides resources such as rulebooks, FAQs, card references, and community links to Discord and Reddit, fostering player engagement. The site is small-scale and community-driven, with a focus on fan interaction rather than commercial enterprise. The domain is relatively new, registered in 2020, consistent with the site's beta status and niche audience. Technically, the site uses basic HTML, CSS, and JavaScript without advanced frameworks or CMS. Hosting details are not explicit but the domain registrar is Squarespace Domains II LLC, and DNS is managed via Google Cloud DNS. The site is mobile-optimized with good navigation and design quality but lacks advanced SEO and accessibility features. No analytics or tracking scripts were detected, indicating minimal user tracking. From a security perspective, the site lacks visible HTTPS enforcement details and security headers, and DNSSEC is not enabled. The domain status includes protections against unauthorized transfer or deletion, which is positive. However, the absence of privacy, cookie, and terms of service policies indicates compliance gaps. No contact or incident response information is provided, limiting transparency and trust. Overall, the website is functional and serves its community well but should improve security posture and compliance documentation to enhance trust and protect users. Strategic recommendations include enabling DNSSEC, implementing HTTPS with security headers, publishing privacy and cookie policies, and providing clear contact information for support and security incidents.

Ponymusic Wiki is a niche, community-maintained online database focused on pony music tracks, artists, albums, and related metadata. It serves a specialized audience of pony music fans and contributors, offering features such as data export, import tools, and API documentation. The website is relatively new, founded in 2022, and hosted via Squarespace Domains with a privacy-protected WHOIS registration. The site uses modern web technologies including the Svelte framework, providing a good user experience with clear navigation and mobile optimization. However, it lacks formal privacy and cookie policies, and no contact or business information is provided, which limits its compliance and trustworthiness from a regulatory perspective. Security-wise, HTTPS is enabled but advanced security headers and DNSSEC are missing, indicating room for improvement in hardening the site against common web threats.

H

HexBrain

hexbrain.com

43

HexBrain is a small, specialized web development agency based in Ukraine, founded in 2013. The company focuses on Magento e-commerce development and custom PHP programming, offering a comprehensive range of services including consulting, web design, project management, and system administration. Their market position is strengthened by multiple Magento and Zend certifications and active participation in industry conferences such as Meet Magento. The website content is professional and well-structured, targeting businesses seeking tailored e-commerce solutions. Technically, the website is built on GravCMS using the Foundation framework and jQuery, with Google Analytics integrated for user tracking. The site demonstrates good mobile optimization and SEO practices, though accessibility features are basic. Hosting appears to be managed via NameCheap, consistent with the domain registrar information. Performance is moderate, with no critical technical issues detected. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, it lacks important security headers and DNSSEC is not enabled, representing areas for improvement. No privacy or cookie policies are published, indicating compliance gaps with GDPR and related regulations. Incident response and vulnerability disclosure mechanisms are absent, which could impact trust and security readiness. Overall, HexBrain presents a credible and professional online presence with solid business credibility and technical implementation. To enhance security posture and regulatory compliance, the company should implement privacy and cookie policies, add security headers, enable DNSSEC, and consider publishing security and incident response information.

SankeyMATIC is a niche online tool focused on enabling users to create Sankey diagrams easily and visually. It targets a broad audience including analysts, educators, and anyone interested in visualizing flow data such as budgets, elections, or financial results. The website is small-scale, independently produced by Steve Bogart, and offers free access without requiring user registration. The business model relies on voluntary contributions and advertising revenue via Google AdSense. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, and the D3.js library for rendering diagrams. Hosting is provided by pair Networks, Inc. The site is moderately optimized for performance and mobile use, with good SEO practices and basic accessibility features. The source code is openly available on GitHub, enhancing transparency and trust. From a security perspective, the site uses HTTPS but lacks advanced security headers and DNSSEC is not enabled, which could be improved. No forms or user data collection mechanisms are present, reducing attack surface. Privacy compliance is basic with a privacy policy present but no cookie consent or GDPR-specific statements. No incident response or vulnerability disclosure policies are published. Overall, SankeyMATIC presents a trustworthy and professional web presence with a clear focus on its specialized service. Security and privacy practices could be enhanced to align with modern standards, and adding contact information and terms of service would improve business credibility and compliance.

Mutant Standard is a small creative project focused on delivering an experimental emoji set with diverse and inclusive themes such as LGBT, queer, furry, and cyberpunk. The website serves as a distribution and demo platform for these emoji assets, targeting niche communities interested in alternative emoji representations. The business operates independently with no visible parent or subsidiary companies and maintains a consistent brand identity centered around creativity and inclusivity. Technically, the website is built with standard modern web technologies including HTML5, CSS3, SVG, and optimized image formats like WebP. It is mobile responsive and offers a good user experience with clear navigation. However, the site lacks advanced frameworks or CMS platforms and does not implement common security headers or analytics tools, indicating a lightweight and minimalistic technical infrastructure. From a security perspective, the site uses HTTPS (implied by domain registrar and modern web standards) but lacks explicit security headers and privacy policies, which reduces its compliance posture. No forms or data collection mechanisms are present, minimizing attack surface but also limiting user engagement features. The domain is privacy protected but legitimate, with a registration date consistent with the business age. No critical vulnerabilities or suspicious patterns were detected. Overall, the website is a niche, well-designed creative project with moderate technical maturity and limited security controls. Strategic improvements in privacy compliance, security headers, and contact transparency would enhance trust and security posture.

The website onenetbeyond.org is currently inaccessible or blocked, presenting only a minimal placeholder page with the message: 'You have reached this page because your request could not be properly identified.' This prevents any meaningful extraction of business or service information from the site itself. The domain is registered to Associazione AI ODV, a French organization, with a long registration history dating back to 2005, indicating an established entity. However, the lack of accessible content and absence of privacy, cookie, or contact information significantly limit the ability to assess the business model or market position. From a technical perspective, no information about the technology stack, CMS, or hosting beyond the nameservers is available. The site appears to be hosted on servers related to investici.org. No security headers or SSL configuration details were provided, and no analytics or tracking technologies were detected. The minimal content and lack of metadata suggest poor SEO and user experience. Security posture evaluation is constrained by the lack of accessible content and technical data. No privacy policies, incident response contacts, or security frameworks are evident. The domain registration data is consistent and legitimate, but the absence of website content and security best practices lowers the overall trust and security score. The site is likely behind a generic blocking mechanism or misconfigured server, resulting in a low AI score and high risk for users seeking information. Overall, the website requires significant improvements in accessibility, content provision, security policies, and compliance documentation to be considered trustworthy and professional.

S

saursvepur

saursvepur.xyz

48

The website saursvepur.xyz is a personal portfolio and content platform for an individual named Slava, a 23-year-old streamer, musician, and IT enthusiast from Russia. The site showcases personal projects, music tracks, and social media links, targeting a general audience interested in streaming and music content. The domain is relatively new, registered in early 2023, and uses privacy protection common for personal sites. Technically, the site uses modern web technologies including custom WebGL shaders for visual effects, but lacks advanced frameworks or CMS. Performance and mobile optimization are moderate, with basic accessibility and SEO features. Security posture is weak due to absence of HTTPS enforcement details, security headers, and privacy policies. No forms or data collection mechanisms are present, reducing attack surface but also limiting user interaction. Overall, the site is functional and visually appealing but requires improvements in security and compliance to enhance trust and professionalism.

S

Silver4ok "Cheat Engine" Olo4eka

pastcard.su

43

Pastcard.su is a personal blog operated by Silver4ok "Cheat Engine" Olo4eka, focusing on gaming, personal stories, and music content primarily for a Russian-speaking audience. The site is built using the Hugo static site generator and hosted by BEGET-SU, with a domain registered recently in December 2024. The blog features regular posts with a moderate level of content quality and user engagement through social media links. Technically, the site is moderately optimized with basic mobile responsiveness and SEO, but lacks advanced security headers and privacy compliance mechanisms. No privacy or cookie policies are present, and no direct contact information is provided, which limits business credibility and privacy compliance. Security posture is basic, with no detected vulnerabilities but also no advanced protections. Overall, the site is safe for general audiences and does not contain adult or explicit content.

The website www3.rinici.de is a parked domain landing page primarily designed to advertise the domain rinici.de for sale. It lacks substantive business content, contact information, or any service offerings. The site relies heavily on advertising scripts and tracking technologies, with minimal user-facing content. Technically, the site uses standard HTML and JavaScript with external ad and tracking services, hosted via Amazon Cloudfront CDN. There is no evidence of HTTPS or security headers, and privacy compliance is minimal, with only a basic privacy policy accessible via a popup. The security posture is weak due to lack of HTTPS and absence of security best practices. Overall, the site presents a low trust profile and limited business credibility.

K

katlyn

katlyn.dev

44

The website katlyn.dev is a personal portfolio site primarily focused on coding and related projects. The content is minimal but well structured, presenting a clear personal brand with links to social and development platforms such as GitHub, Mastodon, and Matrix. The site targets a general audience interested in technology and coding, likely peers or potential collaborators. The business model appears to be personal branding rather than commercial operations, with no direct sales or service offerings evident. Technically, the site uses standard HTML5 and CSS3 with custom fonts hosted on a static subdomain, indicating a lightweight and fast-loading infrastructure. There is no evidence of a CMS or complex frameworks, suggesting a static or custom-built site. Mobile optimization and accessibility are basic but adequate for the site's scope. No analytics or advertising technologies are detected, reflecting a privacy-conscious or minimalistic approach. From a security perspective, the site lacks visible security headers and does not provide privacy, cookie, or terms of service policies, which limits compliance with GDPR and other regulations. No contact information or incident response channels are provided, reducing transparency and trust. However, no vulnerabilities or malicious content are detected in the provided HTML content. The absence of forms or data collection reduces attack surface but also limits user engagement features. Overall, the site presents a low-risk profile but would benefit from improved security practices, privacy compliance, and contact transparency to enhance trustworthiness and professionalism.

S

Sublime HQ Pty Ltd

sublimemerge.com

49

Sublime Merge is a cross-platform Git client developed by Sublime HQ Pty Ltd, the makers of Sublime Text. The website presents a professional and polished interface targeting developers and software professionals who require a powerful Git GUI client with features like line-by-line staging, commit editing, and syntax highlighting. The product is positioned as a high-performance tool with seamless Git integration across Mac, Windows, and Linux platforms. The website content is rich, well-structured, and consistent with the Sublime brand, indicating a focused business model based on software sales and licensing. Technically, the website employs modern web standards including HTML5, CSS3, JavaScript, and uses JSON-LD structured data to enhance SEO and semantic understanding. The site is responsive and optimized for multiple platforms, providing a fast and smooth user experience. However, there is no evidence of advanced frameworks or CMS usage, suggesting a custom-built or lightweight site architecture. From a security perspective, the site lacks visible security headers and does not provide privacy, cookie, or terms of service policies, which are important for compliance and user trust. The WHOIS data for the domain is missing or indicates the domain may be unregistered or expired, which raises concerns about domain legitimacy despite the professional appearance of the site content. No contact emails or phone numbers are provided, limiting direct communication channels. Overall, the website demonstrates strong business credibility and technical maturity but requires improvements in security posture, privacy compliance, and domain registration transparency to enhance trustworthiness and regulatory adherence.

Sublime HQ Pty Ltd is a small Australian technology company specializing in developing remarkable software products, notably Sublime Text and Sublime Merge, which cater primarily to software developers and technical professionals. The website presents a minimal but professional front showcasing these products with consistent branding and clear navigation. However, the lack of detailed company information, contact details, and policy documents limits the depth of user engagement and trust signals. Technically, the website uses standard HTML5 and CSS3 with external stylesheets, but lacks advanced frameworks or CMS platforms. Performance and mobile optimization are basic but functional. No analytics, tracking, or advertising scripts were detected, indicating a privacy-conscious or minimalistic approach. Security features such as HTTPS status and security headers could not be confirmed from the provided data, but no WAF or blocking mechanisms were detected. From a security and compliance perspective, the absence of WHOIS registration data is a notable concern, as it raises questions about domain legitimacy and ownership transparency. The website lacks privacy, cookie, and terms of service policies, which are critical for GDPR and other regulatory compliance. No incident response or vulnerability disclosure information is available, limiting the security posture assessment. Overall, the site appears safe with no adult or questionable content but would benefit from enhanced security and compliance measures. The overall risk assessment suggests moderate trustworthiness with room for improvement in transparency, security best practices, and compliance documentation. Strategic recommendations include implementing HTTPS with strong SSL/TLS, publishing privacy and cookie policies, adding contact and incident response information, and improving WHOIS registration visibility to enhance legitimacy and user trust.

J

Joshua Barrett

ptnote.dev

45

PT_NOTE is a personal website and blog operated by Joshua Barrett, focusing on personal writing and project showcases. The site targets general internet users interested in personal content rather than commercial services. The website is built using the Zola static site generator, employing standard web technologies such as HTML, CSS, and JavaScript. The technical infrastructure is simple and lightweight, with moderate performance and basic mobile optimization. No advanced CMS or hosting provider details are evident. Security posture is basic; no security headers or incident response contacts are present, and privacy compliance is minimal due to the absence of privacy and cookie policies. The site uses HTTPS (assumed from domain), but no explicit security headers were detected in the HTML content. Overall, the site is safe, with no adult or questionable content detected, and minimal user tracking or advertising. The domain registration is privacy protected, which is appropriate for a personal blog. The website demonstrates moderate trustworthiness but lacks formal business or compliance documentation.

Pixilic.com is a personal technical blog operated by Hunter Fuller, focusing on topics such as networking, Linux, VoIP, and home automation. The site serves a niche audience of technology enthusiasts and IT professionals, providing detailed blog posts, tutorials, and talks. The business model is content publishing without apparent commercial transactions or services. The domain has been registered since 2009, indicating a stable and long-term presence. Technically, the website is built on WordPress 6.4.5 using the JupiterX Lite theme, with jQuery and standard web technologies. The site is hosted likely via NameCheap, with HTTPS enabled and moderate performance. Mobile optimization and accessibility are basic to good, with room for improvement in SEO and security headers. Security posture is adequate with HTTPS and domain transfer protection, but lacks DNSSEC and important security headers. No privacy or cookie policies are present, which is a compliance gap. No contact or incident response information is provided, limiting trust and transparency. Overall, the site is trustworthy and safe, with good content quality but limited privacy and security compliance. Strategic improvements in privacy policies, security headers, and contact transparency would enhance the site's credibility and compliance.

P

pineconet

pineco.net

45

The website pineco.net is a personal portfolio site representing an undergraduate student named pinecone, who is pursuing an interdisciplinary degree at the University of Washington. The site serves primarily as a showcase of personal interests, projects, and social links rather than a commercial business. The content is basic and focused on personal expression with no commercial or transactional elements. The domain was registered in 2020, consistent with the stated personal timeline. Technically, the site is a simple static HTML and CSS implementation using Google Fonts. There is no evidence of advanced frameworks, CMS, or analytics tools. The site appears to be hosted via NameCheap, the registrar, with no DNSSEC enabled and no visible security headers or HTTPS status provided. Performance and mobile optimization are basic but functional. From a security perspective, the site lacks critical elements such as privacy and cookie policies, security headers, and incident response contacts. The domain registration is consistent and legitimate for a personal site, but the absence of HTTPS and security best practices lowers the security posture. No vulnerabilities or malicious content were detected. Overall, the site is low risk but also low in professionalism and security maturity. Strategic recommendations include enabling HTTPS, adding privacy and cookie policies, implementing security headers, and providing incident response information to improve trust and compliance.

D

Diamondburned

libdb.so

44

The website libdb.so is a personal portfolio site for Diamond, a software engineer at Google with over five years of experience. The site highlights her passion for open source, showcases her projects, professional experience, and provides multiple social media and contact links. The site is well-structured, visually appealing, and optimized for performance and mobile devices, reflecting a high level of technical maturity. Security-wise, the site uses HTTPS and Cloudflare DNS but lacks explicit security headers and formal privacy or cookie policies, which are areas for improvement. Overall, the site presents a trustworthy and professional image but would benefit from enhanced privacy compliance and security best practices to align with industry standards.

M

Mike Klubnika

mikeklubnika.com

47

Mike Klubnika is an indie game developer specializing in experimental and atmospheric games with dystopian themes. The website serves as a hub for showcasing game projects, updates, logs, and community engagement primarily through Discord and Steam. The business operates on a small scale, targeting niche gamers interested in unique indie experiences. Technically, the website is built with standard web technologies (HTML, CSS, JavaScript) and hosted via NameCheap, with moderate performance and basic mobile optimization. Security posture is moderate with HTTPS enabled but lacking security headers and DNSSEC. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is trustworthy and professional for its scale but would benefit from enhanced security and compliance measures.

J

jae kaplan

jkap.io

45

The website jkap.io is a personal blog and online presence of an individual named Jae Kaplan, who is a former CEO of Posting at cohost and currently working on a chat app. The site serves as a platform for sharing blog posts, personal updates, and links to social media profiles. It targets a general audience interested in technology and personal content. The business model is primarily personal branding and content sharing with no commercial transactions evident. The domain is well aged since 2014 and uses privacy protection typical for personal sites. Technically, the site is built on Bear Blog platform with modern web technologies including htmx and lite-youtube-embed for enhanced user experience. It is hosted behind Cloudflare DNS with HTTPS enabled, ensuring good performance and mobile optimization. SEO and accessibility are basic but adequate for a personal blog. However, no advanced security headers or privacy policies are implemented. From a security perspective, the site uses HTTPS and domain status protections but lacks DNSSEC and security headers, which are recommended for improved security posture. No forms or sensitive data collection are present, reducing attack surface. Privacy compliance is low due to absence of privacy and cookie policies. No incident response or vulnerability disclosure information is provided. Overall, the site is low risk with good content quality and moderate trustworthiness. Strategic recommendations include enabling DNSSEC, adding security headers, publishing privacy and cookie policies, and improving contact mechanisms to enhance trust and compliance.

The website brambleshadow4.net is a personal hobby site maintained by a software developer who shares various personal projects including music, blog posts, fonts, and coding projects. The site is explicitly described as non-professional and serves as a personal portfolio and creative outlet rather than a commercial business. The domain is registered since 2017 and is consistent with the website's stated history. The site is hosted with standard DNS services and uses basic web technologies such as HTML, CSS, and JavaScript without any major frameworks or CMS detected. From a technical perspective, the website is functional with moderate performance and basic mobile optimization. However, it lacks advanced SEO, accessibility features, and modern security headers. The domain registration includes standard protections but does not enable DNSSEC, which could be improved. No privacy, cookie, or terms of service policies are present, and no contact information or incident response details are provided, indicating low privacy compliance and limited business credibility. Security posture is basic with no detected vulnerabilities or exposed sensitive data, but the absence of security headers and policies reduces the overall security maturity. The site is accessible without WAF or security challenges and contains safe, family-friendly content. Overall, the website scores moderately due to its personal nature and limited professional or security features. Strategic recommendations include enabling DNSSEC, adding privacy and cookie policies, implementing security headers, and providing contact and incident response information to improve trust and compliance.

P

Private by Design, LLC

wolfgirl.systems

46

wolfgirl.systems is a small, volunteer-run community project hosting multiple Linux systems running NixOS across global points of presence. It aims to provide a comfortable and private environment for invited friends, emphasizing a non-profit and abuse-resistant model. The website content is clear and focused on technical and community aspects without commercial intent. Technically, the site uses modern web technologies including JavaScript libraries for search and syntax highlighting, and is designed with responsive and accessible features, though some accessibility and SEO optimizations remain basic. Security posture is moderate; while the domain uses protective domain status flags and HTTPS is implied, there is no DNSSEC or security headers implemented, and no formal privacy or cookie policies are published. Incident response is partially addressed with an abuse contact email provided. Overall, the site is trustworthy for its niche audience but would benefit from enhanced security and compliance documentation.

H

Haylin Moore

haylinmoore.com

49

Haylin Moore's website serves as a personal professional portfolio and technical blog highlighting his expertise as a software and network engineer. The site features detailed descriptions of his current and past roles at reputable technology companies, alongside open source projects and technical writings. The target audience includes technology professionals and open source enthusiasts. The business model is centered on personal branding and knowledge sharing rather than commercial transactions. Technically, the website is built using modern web standards with HTML5, CSS3 (Pure.css framework), and JavaScript. It is mobile-optimized and performs well with fast loading times. The site uses HTTPS, ensuring secure connections, but lacks explicit security headers and privacy policies. No analytics or tracking scripts are present, indicating a privacy-conscious approach. From a security perspective, the site demonstrates good baseline practices such as HTTPS usage and absence of user input forms, reducing attack surface. However, it lacks published security policies, incident response contacts, and vulnerability disclosure mechanisms. The WHOIS data is privacy protected, which is appropriate for a personal site, and no suspicious patterns were detected. Overall, the website is professional, trustworthy, and safe for general audiences. Strategic improvements include adding privacy and cookie policies, security headers, and contact information to enhance compliance and trust.

The website lyra.horse is a personal portfolio and blog site belonging to Lyra Rebane, focusing on creative audiovisual web experiences, infosec topics, and various digital tools. The site targets a general audience interested in technology, creative coding, and information security. The business model is primarily personal branding and content sharing, with a small-scale presence in the technology sector. The domain is registered under a privacy protection service, which is typical for personal websites and does not detract from legitimacy. Technically, the site is built with clean HTML5 and CSS3, with no detected CMS or complex frameworks. It performs well with good mobile optimization and basic accessibility features. SEO is basic but sufficient for a personal site. Hosting details are limited but the domain registrar is Porkbun, a reputable provider. No advanced analytics or tracking technologies are detected, indicating a privacy-conscious approach. From a security perspective, the site lacks several best practices such as security headers and DNSSEC, and no privacy or cookie policies are present, which impacts compliance and trust. The domain status flags clientDeleteProhibited and clientTransferProhibited add a layer of domain security. No forms or data collection mechanisms reduce attack surface but also limit user interaction. Overall, the security posture is moderate but could be improved with standard headers and policies. The overall risk is low given the personal nature and limited data collection, but improvements in privacy compliance and security hardening are recommended to enhance trust and protect visitors. The site is accessible without WAF or blocking mechanisms, allowing full content analysis.

MrBruh.com is a personal blog operated by Paul, a young programmer and aspiring cybersecurity professional from New Zealand. The site focuses on sharing technical blog articles related to cybersecurity vulnerabilities, malware analysis, and programming insights. The blog targets gamers and cybersecurity enthusiasts, providing niche content in the technology sector. The website is built using the Hugo static site generator and hosted by Privex, with DNS managed via Cloudflare. The domain is registered with Tucows Domains Inc. and is relatively new, consistent with the stated founding year of 2023. Technically, the website is well-structured with good mobile optimization and accessibility. However, it lacks advanced SEO optimization and security headers. The site uses HTTPS but does not enable DNSSEC, and no privacy or cookie policies are present. There are no analytics or tracking scripts detected, indicating minimal user tracking. Contact information is provided via email and Signal, but no forms or other data collection mechanisms are present. From a security perspective, the site benefits from domain transfer protections but lacks important security headers and DNSSEC, which could improve its security posture. No vulnerabilities or exposed sensitive data were detected in the content. The absence of privacy and cookie policies indicates non-compliance with GDPR and other privacy regulations. Overall, the site is safe for general audiences and does not contain adult or explicit content. The overall risk is low given the personal blog nature, but improvements in security headers, privacy compliance, and DNS security are recommended to enhance trust and protection against potential threats.

S

Smokepowered

smokepowered.com

40

Smokepowered.com is a newly established website (created May 2023) focused on smoking culture, specifically blunt discussion and wrapping. The site features minimal content including a video montage and references to Valve Corporation trademarks, possibly as thematic or stylistic elements. The target audience appears to be mature users interested in cannabis and smoking culture. Technically, the site is basic with HTML and CSS, hosted with DNS servers from Hurricane Electric, but lacks modern security features such as HTTPS and security headers. No privacy or cookie policies are present, and no contact or business information is provided, limiting trust and compliance. Security posture is weak due to missing HTTPS and security best practices. Overall, the site is functional but minimal and lacks professional security and compliance measures.

K

Kamila Szewczyk

iczelia.net

46

The website iczelia.net is a personal technical blog authored by Kamila Szewczyk, focusing on topics such as mathematics, cryptography, programming languages, and technology. It serves a niche audience interested in these academic and technical subjects. The site offers blog posts, a personal journal, a short CV, and access to a personal Git repository. The business model is primarily content publishing and knowledge sharing without commercial services or e-commerce. Technically, the website is built using the Hugo static site generator and uses KaTeX for rendering mathematical notation. Hosting appears to be managed via Name.com, the domain registrar. The site is moderately optimized for mobile devices and has a clean, consistent design with good navigation. However, SEO and accessibility features are basic, and no advanced frameworks or platforms are detected. From a security perspective, the site lacks critical security headers and DNSSEC is not enabled. The WHOIS data shows an anomalous domain creation date set in the future, which raises concerns about registration legitimacy. No privacy, cookie, or terms of service policies are present, and no contact information or incident response details are provided. There is no evidence of analytics or advertising scripts, indicating minimal user tracking. Overall, the website is safe and suitable for a general audience with no adult or questionable content. The main risks relate to domain registration inconsistencies and lack of security best practices. Strategic improvements in security headers, DNSSEC, privacy compliance, and contact transparency would enhance trust and compliance.

S

spooky ghost zone

spookyghost.zone

44

The website spookyghost.zone is a personal site operated by an individual named Valerie, focusing on sharing personal interests such as music and a curated list of physical albums. It is a small-scale, hobbyist site without commercial intent or business operations. The site is hosted on Hetzner servers with privacy-protected WHOIS registration, consistent with a personal project started in early 2023. Technically, the site uses basic HTML, CSS, and JavaScript with minimal external dependencies and no CMS detected. The site is accessible over HTTPS but lacks advanced security headers and formal privacy or cookie policies. No contact information or business credentials are provided, limiting trust and credibility from a business perspective. Security posture is basic but acceptable for a personal site, with recommendations to improve DNS security and add security headers. Overall, the site is safe for general audiences and contains no adult or explicit content.

The website vin.pet appears to be a small personal or hobby site with a focus on gaming and digital content, as indicated by references to Steam game launch URLs and various gaming-related images. There is no clear business model or commercial activity evident from the content. The site is modest in design and content, lacking professional business information, contact details, or compliance policies. Technically, the site uses basic HTML and CSS with no detected modern frameworks or CMS. Mobile optimization and accessibility are poor, and SEO practices are minimal. Security posture is weak due to lack of HTTPS and security headers, and no privacy or cookie policies are present. The domain is registered with privacy protection through a reputable registrar, consistent with a small personal site. Overall, the site is safe with no adult or explicit content detected but lacks professionalism and security best practices.

Wito.bar is a small personal or community website centered around gaming and creative content, with a focus on social media engagement and content sharing. The site features links to multiple social platforms such as Twitter, YouTube, Twitch, Steam, and others, indicating an active online presence. The domain is relatively new, registered in early 2023, and uses privacy protection services consistent with a personal or small community site. The website design is basic with a retro aesthetic and limited mobile optimization. From a technical perspective, the site uses standard HTML and CSS with web fonts and is hosted behind Cloudflare DNS services. However, no advanced frameworks or CMS platforms are detected. Performance and accessibility are moderate to basic, with no detected analytics or advertising scripts, suggesting minimal tracking or marketing tools in use. Security posture is basic; HTTPS is implied but no security headers or DNSSEC are enabled. No privacy, cookie, or terms of service policies are present, and no contact or incident response information is provided, limiting compliance and transparency. No forms or data collection mechanisms are found, reducing attack surface but also limiting user interaction. Overall, the site is safe for general audiences with no adult or explicit content detected. The domain registration and website content are consistent, with no suspicious indicators. Strategic improvements include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and providing contact and incident response information to enhance trust and compliance.

The website nya.rest is a personal homepage for an individual known as SweetFade, who identifies as a local internet catgirl. The site primarily serves as a social hub linking to various social media platforms including Twitter, Mastodon, Telegram, GitHub, and GitLab. The content is minimal and personal in nature, with no commercial or business services offered. The domain was registered in 2022 and uses privacy protection services, which is consistent with personal use. The website employs WebGL shaders for visual effects, indicating some technical proficiency, but lacks advanced security features and compliance documentation such as privacy or cookie policies. The site is hosted behind Cloudflare DNS but does not have DNSSEC enabled.

G

Gender Census

gendercensus.com

43

Gender Census is a niche annual survey project focused on collecting data about language used by people outside the traditional gender binary. The website serves as a platform for survey participation, results publication, and community engagement. The project is small-scale, non-profit oriented, and supported by donations and sponsorships. Technically, the site is built on WordPress with common web technologies and demonstrates moderate performance and good mobile optimization. Security posture is generally good with HTTPS enforced, but lacks advanced security headers and cookie consent mechanisms. The absence of WHOIS data is a notable anomaly that reduces trustworthiness. Overall, the site is professional and trustworthy but could improve in privacy compliance and security transparency.

Q

Quitter

quitter.se

41

Quitter.se is a Swedish blog focused on social media transparency and critique, advocating for more open and honest social media platforms. The website operates on a WordPress CMS with Yoast SEO plugin, indicating a moderate level of digital maturity and SEO awareness. The content is well-structured, relevant, and targeted at a general audience interested in social media issues. Technically, the site uses HTTPS with a valid SSL certificate but lacks advanced security headers and DNSSEC, which are recommended for improved security. No privacy or cookie policies are present, which is a compliance gap. Contact information and security policies are also absent, limiting trust signals. Overall, the domain registration is consistent and legitimate, supporting the website's credibility.

The website gerzilla.de currently serves as a placeholder page indicating that a new website is under construction. There is no substantive business information, services, or content available to assess the company's market position or offerings. The technical infrastructure appears minimal, with no detected CMS, scripts, or analytics tools. Hosting is likely provided by netcup based on the nameservers. Security posture is weak due to the absence of HTTPS, security headers, and privacy policies. No contact or compliance information is present, limiting trust and credibility. Overall, the site is not yet operational and provides no meaningful data for business or security evaluation.

P

Private by Design, LLC

maggiepi.fyi

44

The website maggiepi.fyi is a personal site belonging to an individual named Maggie, a computer science student and technology enthusiast. The site serves primarily as a personal hub linking to Maggie's blog, social media, and technical interests. It provides detailed information about Maggie's interests, current desktop setup, and favorite media, targeting a general audience interested in technology and personal content. The site is small-scale and non-commercial, with no direct business services or e-commerce functionality. Technically, the site is built with basic HTML and CSS, uses Google Fonts, and is hosted with Cloudflare DNS services. The site is mobile responsive and has a moderate performance profile. However, it lacks advanced technical frameworks, CMS, or analytics tools. SEO and accessibility are basic but adequate for a personal site. From a security perspective, the site lacks critical security headers and does not have privacy or cookie policies, which impacts compliance and trust. The WHOIS data shows a suspicious future domain creation date, which reduces trustworthiness. No forms or data collection mechanisms are present, minimizing attack surface but also limiting user engagement. Overall, the security posture is basic with room for improvement in policy transparency and technical safeguards. The overall risk is low given the non-commercial nature and safe content, but the domain registration anomaly and lack of privacy policies suggest caution. Strategic improvements in security headers, privacy compliance, and domain registration transparency are recommended to enhance trust and security posture.