Security Directory

A

Atlas Events

brisbanemarathon.com.au

67

The EVA Air Brisbane Marathon Festival website represents a well-established sporting event managed by Atlas Events, with strong government and corporate partnerships. The event targets runners and community participants, offering multiple race categories and fundraising opportunities. The website is built on WordPress with modern plugins and tracking tools, providing a good user experience and mobile optimization. Security posture is adequate with HTTPS and Cloudflare DNS, but lacks some security headers and explicit incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is trustworthy and professionally maintained, supporting a significant annual event in Brisbane.

A

Anonymize LLC

literal.club

52

Literal.club is a modern digital platform focused on book lovers, enabling users to track their reading progress, discover new books, join book clubs, and engage socially with friends and communities. Founded in 2020 and operated by Anonymize LLC, the platform offers web and mobile applications with features such as barcode scanning, import from other book services, and an open API for developers. The website is professionally designed with excellent content quality and user experience, supported by a modern tech stack including React, Next.js, and WordPress for content management. Security posture is strong with HTTPS, security headers, and domain transfer protection, although DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Privacy and cookie policies are present and indicate GDPR compliance. Overall, Literal.club presents a trustworthy and well-maintained service for its niche audience.

P

Private by Design, LLC

is-quite.gay

58

The website is a niche, invite-only social platform branded as 'is-quite.gay', targeting individuals who identify as quite gay. It operates as a federated social media instance powered by the Misskey software, which supports ActivityPub federation. The platform is small with limited users and notes, emphasizing community exclusivity through invite codes. The business behind the domain is registered as Private by Design, LLC, a US-based entity, with the domain newly created in June 2024. The site content is consistent with its stated purpose and audience, with no adult or explicit content detected. Technically, the website uses modern web technologies including JavaScript ES modules, Vite bundler, and icon fonts. It leverages Cloudflare for DNS services but does not enable DNSSEC, which is a minor security gap. The site is served over HTTPS with domain status protections to prevent unauthorized changes. However, no security headers were detected in the HTML content, and no privacy or cookie policies are published, indicating room for compliance improvements. The site does not use advertising or tracking services, reflecting a privacy-conscious approach. From a security perspective, the platform shows a moderate security posture with HTTPS and domain protections but lacks published policies and security headers that would enhance trust and compliance. No vulnerabilities or exposed sensitive data were found. The absence of a privacy policy and cookie consent mechanism lowers the privacy compliance score. The domain registration details align well with the website content, supporting legitimacy. No WAF or blocking mechanisms were detected, allowing full content access. Overall, the website is a professionally presented, small-scale social platform with a clear niche audience and a solid technical foundation. Strategic recommendations include publishing privacy and cookie policies, enabling DNSSEC, adding security headers, and providing incident response contacts to improve security and compliance posture.

UltraGuest is a niche technology service offering free customizable guestbooks for events such as weddings, sports teams, blogs, and websites. The service has been operational since 2003 and claims millions of users daily, positioning itself as a longstanding player in the guestbook service market. The website content is well structured with clear navigation and relevant information about features and usage, targeting individuals and groups seeking simple guestbook solutions. Technically, the site uses older but functional technologies including jQuery 1.11.3, Bootstrap 3.3.5, and a jFlow slider plugin, hosted with DNS services via Cloudflare and domain registration through Amazon Registrar. Performance and mobile optimization are basic but adequate for the service offered. Security posture is limited with no visible security headers or HTTPS enforcement information, and no privacy or cookie policies are present, indicating compliance gaps. No contact information or social media presence is provided, which limits business credibility and user trust. Overall, the site is functional and trustworthy but would benefit from modernization and improved security and privacy practices.

A

ari melody 💫

arimelody.space

59

The website arimelody.space represents a personal brand of an individual named ari melody, who is a musician, developer, streamer, and content creator. The site serves as a hub linking to various creative projects, social media platforms, and streaming channels. The business model is primarily content creation with monetization through music sales and streaming engagement. The site targets a general audience interested in music, gaming, and creative tech projects. Technically, the site uses modern web standards including HTML5, CSS3, and JavaScript ES modules, hosted with Cloudflare DNS services. The site is mobile optimized and has good SEO practices but lacks advanced security headers and privacy compliance documentation. Security posture is moderate with HTTPS enabled and domain transfer protections, but no DNSSEC or security.txt found. Overall, the site is safe, trustworthy, and professionally presented but could improve privacy and security compliance.

C

Carta

carta.com

83

Carta is a well-established technology company specializing in private capital management software. Their platform offers comprehensive equity and fund management solutions tailored for private companies, investors, and venture capital firms. Carta holds a strong market position as a leading SaaS provider in the finance technology sector, with a mature domain age and consistent branding. The website demonstrates excellent content quality, professional design, and clear navigation, targeting a business audience in the United Kingdom and globally. Technically, the site leverages modern frameworks like SvelteKit, uses Cloudflare for DNS and CDN, and integrates marketing and analytics tools such as Google Tag Manager and Marketo. Privacy compliance is robust, with clear cookie consent mechanisms and comprehensive privacy policies. Security posture is strong with HTTPS, security headers, and domain transfer protections, though DNSSEC is not enabled and no explicit security policy or incident response contacts are published. Overall, Carta's digital presence reflects a mature, trustworthy, and professional business with a solid technical foundation and good privacy practices.

Soldered Electronics is a specialized e-commerce business focused on providing electronics components, kits, and educational resources primarily targeting makers, hobbyists, and STEM educators. With over a decade of industry presence and a customer base exceeding 20,000, the company positions itself as a trusted provider of user-friendly electronics products supported by comprehensive technical assistance. The website is professionally designed, mobile-optimized, and enriched with SEO best practices and structured data to enhance visibility and user engagement. Technically, the site is built on WordPress with WooCommerce, leveraging modern JavaScript libraries and third-party integrations such as Google Tag Manager, Microsoft Clarity, and Trustpilot for analytics and customer feedback. Hosting and DNS are managed via NameCheap and Cloudflare, respectively, providing a solid infrastructure foundation. Privacy and cookie policies are implemented with GDPR compliance, supported by consent mechanisms and a cookie management plugin. From a security perspective, the website enforces HTTPS, employs standard security headers, and maintains a clientTransferProhibited domain status to prevent unauthorized transfers. However, DNSSEC is not enabled, and no explicit security policy or incident response information is published, representing areas for improvement. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website presents a low-risk profile with strong business credibility and good technical maturity. Strategic enhancements in DNS security and transparency around security policies would further strengthen its posture.

B

Blockeys

opium.network

61

Opium Protocol is a decentralized finance platform specializing in the creation, settlement, and trading of derivatives on blockchain networks such as Ethereum, Polygon, Arbitrum, and BNB Chain. Founded in 2018 and registered under Blockeys in the Netherlands, the platform targets experienced DeFi professionals and developers, offering tools to build custom derivative products with community-driven governance via a DAO. The website demonstrates a mature digital presence with comprehensive documentation, active developer engagement, and partnerships with notable crypto and finance entities. Technically, the platform leverages modern web technologies and blockchain integrations, supported by Cloudflare DNS and various analytics tools. Security posture is solid with HTTPS, audits, and a bug bounty program, though improvements are recommended in DNSSEC and security headers. Privacy compliance is basic, with privacy and terms policies present but lacking cookie consent mechanisms. Overall, Opium Protocol presents a trustworthy and professional DeFi service with a strong community focus and technical foundation.

C

Cohere

cohere.ai

72

Cohere is a mature enterprise technology company specializing in providing a secure AI platform tailored for modern enterprises. Their platform offers advanced multilingual language models, retrieval tools, and AI workspace solutions designed to drive innovation securely and privately. The company positions itself as a leader in secure enterprise AI, targeting large organizations and modern workers. Technically, the website is built on modern frameworks such as Next.js and hosted on Vercel, with strong mobile optimization and fast performance. The site integrates multiple analytics and marketing tools while maintaining a comprehensive cookie consent mechanism, reflecting a good level of privacy compliance. Security posture is strong with HTTPS enforced, security headers present, and domain registration protections in place. However, enabling DNSSEC and publishing a security.txt file would further enhance security transparency. Overall, the website is professional, trustworthy, and well-aligned with its business objectives.

G

GetTerms

getterms.io

70

GetTerms is a technology company specializing in providing data privacy compliance solutions for businesses worldwide. Established in 2015, it offers a suite of SaaS products including privacy policy generators, cookie policy generators, terms and conditions generators, and consent management platforms. The company targets businesses needing to comply with global privacy regulations such as GDPR, CCPA, CalOPPA, and others. With over 500,000 customers and strong trust indicators like high Trustpilot ratings, GetTerms holds a solid market position as a reliable compliance partner. Technically, the website is built on WordPress with modern technologies including Google Tag Manager for analytics and Cloudflare for DNS management. The site is well optimized for performance, mobile responsiveness, and accessibility. SEO practices are implemented effectively using Yoast SEO plugin. Security posture is strong with HTTPS enforced and privacy-by-design principles applied in consent management, although some security headers could be improved. From a security perspective, the site demonstrates good practices such as default denied consent in Google Consent Mode and embedding a cookie consent widget. However, there is no publicly available security policy or incident response information, and no security.txt file for vulnerability disclosures. The domain registration is privacy protected but consistent with the business profile and age, indicating legitimacy. Overall, GetTerms presents a professional, trustworthy, and technically sound online presence with a strong focus on privacy compliance. The risk level is low, but improvements in security transparency and header implementation are recommended to further enhance trust and security posture.

C

Cobb Chamber of Commerce

cobbchamber.org

59

The Cobb Chamber of Commerce is a well-established business advocacy organization serving Cobb County, Georgia, with a domain age dating back to 1997. The website provides comprehensive information about membership, events, advocacy, and workforce development, targeting local businesses and community stakeholders. The technical infrastructure is based on WordPress with Elementor, enhanced by SEO tools like Yoast and tracking via Google Analytics and Facebook Pixel. The site is hosted with Cloudflare DNS and uses HTTPS, ensuring secure communications. However, the absence of privacy and cookie policies, as well as explicit contact information on the homepage, indicates gaps in privacy compliance and user transparency. Security posture is solid but could be improved by enabling DNSSEC and adding security headers. Overall, the site reflects a professional and trustworthy organization with room for enhanced privacy and security practices.

The website beepi.ng is a personal homepage operated by an individual known as 'unnick', hosted under a domain registered to Ginkoid LLC in the US. The site serves as a portfolio and hub for personal projects, creative content, and links to various social media and technical platforms. It is not a commercial business site and targets a general audience interested in programming, shaders, and creative web tools. The domain is newly registered in late 2024, consistent with the site's content and purpose. Technically, the site uses standard HTML5, CSS3, and JavaScript with Cloudflare DNS services. The site is moderately optimized for mobile and accessibility but lacks advanced frameworks or CMS. Performance is moderate with no heavy scripts or analytics detected. The site does not implement common security headers or privacy policies, indicating a basic security posture. Security-wise, the site uses HTTPS (implied by domain and external links), but no DNSSEC or security headers are enabled. There are no visible vulnerabilities or exposed sensitive data, but the absence of privacy and cookie policies and security incident contacts reduces compliance and trust. No WAF or blocking mechanisms are detected, and the site content is fully accessible. Overall, the site is a safe, personal, and creative web presence with moderate technical quality but limited security and privacy compliance. Strategic improvements in security headers, privacy policies, and contact information would enhance trust and compliance.

S

Sourcegraph

ampcode.com

58

Amp is a specialized agentic coding tool designed to leverage advanced frontier AI models for autonomous reasoning, comprehensive code editing, and complex task execution. The product targets developers and technical users seeking enhanced coding assistance. The website is professionally designed, mobile-optimized, and uses modern web technologies such as SvelteKit and Cloudflare DNS/CDN services. The parent company is Sourcegraph, a known entity in the developer tools space, lending credibility to the offering. Security posture is strong with HTTPS enforced and domain registration consistent with a mature business. However, the site lacks explicit privacy and cookie policies, which is a compliance gap. No direct contact information or incident response contacts are provided, limiting transparency in these areas.

Medium is a well-established online publishing platform that hosts a wide range of content from independent authors and organizations. The analyzed page is a blog post by FrontRow, a user or entity on Medium, announcing the shutdown of their product. Medium operates a large-scale content platform with a membership-based business model, offering publishing tools and content hosting services. The platform targets a broad audience of readers and writers globally. Technically, Medium employs modern web technologies including React, GraphQL, and integrates various third-party services such as Google Analytics and Branch.io for analytics and marketing. The site is hosted on a robust infrastructure with Cloudflare DNS and Amazon Registrar domain management, ensuring high availability and performance. Security posture is strong with HTTPS enforced, security headers present, and use of advanced bot protection via Google reCAPTCHA Enterprise. Privacy and cookie policies are comprehensive and GDPR compliant, reflecting a mature privacy stance. However, explicit security policies and incident response contacts are not found on this page. Overall, the website is professional, trustworthy, and secure, with minor recommendations to enhance DNS security and publish dedicated security policies.

Y

Yac

yac.com

68

Yac is a technology company providing asynchronous communication tools including voice messaging, screen sharing, and asynchronous meetings designed primarily for remote teams. The company positions itself as a productivity enhancer by reducing the need for synchronous meetings, supported by reputable customers such as Spotify and HubSpot. The website is professionally designed, built on modern web technologies including Webflow CMS, Google Tag Manager, and Segment Analytics, and hosted with Cloudflare DNS services. The technical infrastructure supports good performance and mobile optimization, although accessibility features are basic. Security posture is solid with HTTPS enforced and domain registration protections in place, but could be improved by enabling DNSSEC and adding security headers. Privacy compliance is partially addressed with a comprehensive privacy policy and terms of service, but lacks a cookie consent mechanism. Overall, the website is trustworthy, professional, and safe for general audiences.

F

Factored Quality

factoredquality.com

69

Factored Quality is a digital quality control management platform founded in 2019 and headquartered in New York, USA. It serves over 100 consumer brands globally, providing a unified platform to manage quality control, factory audits, compliance testing, and supply chain operations. The company operates a large network of over 2,000 inspectors and auditors across 30+ countries, positioning itself as a key player in manufacturing quality assurance for consumer goods and e-commerce sectors. Factored Quality was acquired by Pietra in March 2025, indicating strategic growth and market consolidation. Technically, the website is built on Webflow CMS with integrations including jQuery, Swiper.js, GSAP, Globe.gl, Intercom, and Google Tag Manager. The site is well-optimized for performance, mobile responsiveness, and accessibility, with modern design and clear navigation. Hosting and DNS are managed via Squarespace Domains and Cloudflare respectively, ensuring reliable uptime and security. From a security perspective, the site enforces HTTPS with strong domain status protections (clientDeleteProhibited, clientTransferProhibited). Cookie consent mechanisms are implemented with opt-out options, and input validation is present on forms to ensure business email submissions. However, explicit security policies, incident response contacts, and vulnerability disclosure mechanisms are not publicly available, representing areas for improvement. Overall, Factored Quality presents a professional, trustworthy online presence with strong business credibility and technical maturity. The absence of critical security issues and the presence of privacy compliance measures support a positive risk profile. Strategic recommendations include enabling DNSSEC, publishing detailed security and incident response policies, and adding terms of service to enhance legal clarity and user trust.

S

Sword Health

swordhealth.com

74

Sword Health is a healthcare technology company specializing in AI-powered digital physical therapy solutions designed to help individuals recover from musculoskeletal and pelvic health conditions. The company targets employers, health plans, labor unions, consultants, brokers, and individuals, offering scalable and accessible care that reduces healthcare costs and improves patient outcomes. Sword Health positions itself as a leader in the digital health space with a strong client portfolio including major corporations and health plans. Technically, the website is built on modern web technologies including Next.js and React, hosted with Cloudflare DNS and CDN services, and uses Storyblok as its CMS. The site demonstrates excellent design quality, mobile optimization, and SEO practices, providing a smooth user experience. However, explicit privacy and cookie policies are not detected in the provided content, which is a gap in privacy compliance. From a security perspective, the site uses HTTPS and has domain registration protections such as clientDeleteProhibited status, but lacks DNSSEC and security headers that could enhance its security posture. No critical vulnerabilities or exposed sensitive data were detected. The WHOIS data aligns well with the business claims, indicating legitimacy and consistency. Overall, Sword Health's website reflects a mature, professional digital health company with strong business credibility and technical implementation. Privacy compliance and security headers are areas for improvement to enhance trust and regulatory adherence.

A

yz authenyo.x

authenyo.xyz

62

authenyo.xyz is a personal website operated by an individual named Iris, who identifies as a Brazilian DEI hire at OpenAI and a government department. The site serves as a personal blog and a hub for various self-hosted projects including Fediverse instances, a Minecraft server, and streaming services. The website is built using the Zola static site generator and hosted on a VPS provider (Netcup) with DNS managed by Cloudflare. The content is primarily personal and technical in nature, targeting general internet users interested in niche internet culture and self-hosting. Technically, the site uses modern web technologies including HTML5, CSS, JavaScript, and integrates third-party scripts for analytics from a suspicious domain. The site lacks advanced security headers and DNSSEC is not enabled, which presents moderate security risks. The website is moderately optimized for performance and mobile use but lacks comprehensive privacy and cookie policies, which impacts compliance with GDPR and other privacy regulations. From a security perspective, the site uses HTTPS and has domain transfer protections but lacks explicit security policies and incident response information. The use of privacy protection in WHOIS is justified given the personal nature of the site, but the presence of an external tracking script from a suspicious domain is a concern. No contact information or formal business credentials are provided, limiting trust and business credibility. Overall, the website is functional and content-rich for its niche but requires improvements in security posture, privacy compliance, and transparency to enhance trustworthiness and reduce risk.

abtmtr.link is a small technology-focused domain managed by an individual or small entity named MeowcaTheoRange. The website serves as a hub for various community and personal projects including a CDN directory, Discord server, Minecraft server, and Nextcloud service. The site content is minimal but functional, targeting a general audience interested in these services. The domain is recently registered with privacy protection, consistent with the site's scale and nature. Technically, the site uses basic HTML and CSS with Cloudflare DNS services but lacks advanced frameworks or CMS. Performance and mobile optimization are basic, and SEO and accessibility features are minimal. No analytics or tracking technologies are detected, indicating a privacy-conscious approach. From a security perspective, the site lacks published security policies, privacy or cookie policies, and contact information for incident response. DNSSEC is not enabled, and no security headers are detected, which lowers the security posture score. However, no critical vulnerabilities or exposed sensitive data were found. The domain registration is privacy protected but legitimate, with no suspicious patterns. Overall, the site is safe and suitable for general audiences but would benefit from improved security practices, privacy compliance, and transparency to enhance trust and professionalism.

V

velzie.rip

velzie.rip

57

The website velzie.rip is a personal site belonging to an individual named velzie, who is a programmer, neovim evangelist, and open source contributor. The site serves as a portfolio and blog, showcasing software projects and interests in gaming and music. It targets a general audience interested in technology and programming, with a small-scale, hobbyist business model. The site is hosted on Cloudflare and uses modern web technologies including JavaScript ES modules and a lightweight router for enhanced user experience. The technical infrastructure is modern and performant, with good mobile optimization and SEO practices. Security posture is moderate; HTTPS is implied via Cloudflare hosting, but DNSSEC is not enabled and security headers are missing. Privacy compliance is minimal, with no privacy or cookie policies present. Contact information is limited to a single verified email address. Overall, the site is trustworthy for its purpose but lacks formal security and privacy documentation.

E

Eudēmonia Summit

eudemonia.net

50

Eudēmonia Summit is a specialized health and wellness event focused on preventative medicine, regenerative health, and human flourishing. The summit features over 100 experts, offering attendees access to workshops, expert talks, fitness sessions, and a health innovation expo. The website is professionally designed, SEO optimized, and targets health-conscious individuals seeking science-based wellness protocols. Technically, the site is built on WordPress with modern tracking and marketing tools integrated, hosted behind Cloudflare DNS. Security posture is good with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers. Privacy compliance is limited due to missing privacy and cookie policies. Overall, the domain registration is consistent with the business claims, indicating a legitimate and trustworthy operation.

W

WisdmLabs

edwiser.org

67

Edwiser, operated by WisdmLabs, is a specialized software company focused on enhancing the Moodle learning management system through plugins, themes, and integrations. Established in 2015 and based in India, Edwiser serves educational institutions and e-learning professionals by simplifying Moodle usage and improving LMS experiences. Their product suite includes the RemUI Moodle Theme, Edwiser Bridge for WordPress integration, and reporting tools, positioning them as a niche player with a loyal user base exceeding 10,000 customers. Technically, the website is built on WordPress using modern frameworks such as Elementor and Redux, with performance optimizations via NitroPack and Cloudflare DNS. The site demonstrates good SEO practices, mobile optimization, and moderate accessibility features. Analytics and marketing tools like Google Analytics, Facebook SDK, and affiliate tracking are employed responsibly with visible privacy compliance measures. From a security perspective, the site enforces HTTPS and uses clientTransferProhibited domain status, indicating domain transfer protection. However, it lacks DNSSEC and some security headers like Content-Security-Policy, which are recommended for enhanced protection. No explicit security policy or incident response contacts are publicly available, representing an area for improvement. Overall, Edwiser.org is a professional, trustworthy, and well-maintained website with a strong business focus on Moodle LMS solutions. The security posture is adequate but can be strengthened by adopting additional best practices. The site is safe for general audiences with no adult or questionable content detected.

W

WiserNotify

wisernotify.com

50

WiserNotify is a SaaS company specializing in social proof and FOMO marketing tools designed to boost website conversions. The company offers a cloud-based platform with over 60 notification templates, A/B testing capabilities, and strong customer support. The website is built on WordPress using Elementor and integrates modern marketing and analytics tools such as Google Analytics and Facebook Pixel. The domain is registered since 2019, consistent with the company's founding date, and uses Cloudflare DNS services. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks advanced security headers and published security policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is professional, well-branded, and trustworthy, targeting marketers and e-commerce businesses seeking conversion optimization solutions.

R

Roundcube Webmail Dev Team

roundcube.net

61

Roundcube.net is the official website for Roundcube, a free and open source webmail software project established in 2004. The site provides information about the software, including features, downloads, news updates, and community resources. The project targets users and developers interested in a browser-based IMAP email client with a modern interface and extensibility via plugins. The website is well maintained with regular news updates and active GitHub and DockerHub presence, indicating a mature open source ecosystem. Technically, the website uses modern frontend technologies such as Bootstrap 5 and FontAwesome, served via CDN with Cloudflare DNS. HTTPS is enforced via client-side redirect, and the site is mobile optimized with good accessibility and SEO practices. No CMS is detected, suggesting a custom or static site approach. The site does not employ advertising or tracking services, reflecting a privacy-conscious design. From a security perspective, the site enforces HTTPS and mentions XSS protection in its features. However, no explicit security headers were detected, and there is no published security policy or incident response information. DNSSEC is not enabled, which is a recommended improvement. The domain is long-standing and consistent with the project's history, enhancing trustworthiness. Overall, roundcube.net is a professional, trustworthy, and technically sound website supporting a reputable open source project. Strategic improvements include publishing privacy and security policies, enabling DNSSEC, and adding cookie consent mechanisms to enhance compliance and user trust.

L

Lulu Junior

lulujr.com

68

Lulu Junior is a specialized e-commerce business offering creative book-making kits designed for children to foster literacy and creativity. The company operates under the parent company Lulu Press, Inc., with a well-established online presence since 2014. Their market position is niche, targeting parents, educators, and children with educational products that combine fun and learning. The website is professionally designed on the Shopify platform, leveraging modern technologies and marketing tools such as Klaviyo and Facebook Pixel to engage customers effectively. The site demonstrates good digital maturity with responsive design, clear navigation, and SEO optimization. Security posture is strong with HTTPS enforcement and domain protections, though improvements like enabling DNSSEC and adding security headers could enhance resilience. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. Overall, Lulu Junior presents a trustworthy and professional online presence with a solid foundation for growth in the educational retail sector.

P

Private by Design, LLC

derg.rest

43

The website derg.rest is a personal site representing an aspiring master electrician named Tom Darsonian based in Michigan, USA. The site serves primarily as a personal portfolio or presence with minimal content focused on personal interests and updates. The business is small-scale and newly established, as indicated by the domain registration date in early 2024. The site lacks formal business contact information, privacy policies, and terms of service, which limits its professional and compliance posture. Technically, the site is simple, built with basic HTML and CSS, and uses Cloudflare for DNS services. There is no evidence of a CMS or advanced frameworks. Mobile optimization and accessibility are basic but functional. Performance is moderate with no visible errors or broken elements. However, security measures are minimal; no security headers or DNSSEC are enabled, and HTTPS enforcement is not confirmed from the data provided. From a security perspective, the domain registration is consistent and legitimate with appropriate domain status protections. The absence of privacy and cookie policies, contact information, and security headers reduces the overall security and privacy compliance score. No vulnerabilities or malicious content were detected. The site content is safe for general audiences with no adult or explicit material. Overall, the site scores moderately on AI evaluation, with strengths in business credibility due to consistent WHOIS data and weaknesses in privacy compliance and security posture. Strategic improvements in security headers, privacy policies, and contact information would enhance trust and compliance.

J

JamSharp

jamsharp.net

57

JamSharp.net is a personal website serving as a blog and project portfolio for the individual or entity known as JamSharp. The site aggregates blog posts, social media links, and open source projects primarily hosted on GitHub. The business model is personal branding and content sharing within the technology sector, targeting a general audience interested in software development and related topics. The website is relatively new, with the domain registered in 2022, and is hosted on Cloudflare with modern web technologies such as SvelteKit, indicating a moderate level of digital maturity. From a technical perspective, the site uses a modern JavaScript framework (SvelteKit) and benefits from Cloudflare's DNS and hosting services, providing good performance and HTTPS security. The site is mobile optimized and has basic accessibility and SEO features. However, it lacks advanced security headers and DNSSEC, which could be improved to enhance security posture. Security-wise, the website enforces HTTPS and has domain transfer protections but lacks published privacy, cookie, or security policies. No forms or data collection mechanisms are present, reducing attack surface but also limiting user engagement features. No vulnerability disclosure or incident response information is provided, which is a gap for security transparency. Overall, the security posture is moderate but could be improved with better policy disclosures and security headers. The overall risk assessment is low given the site's personal and informational nature, but strategic recommendations include enabling DNSSEC, publishing privacy and cookie policies, adding security headers, and establishing a vulnerability disclosure process to improve trust and compliance.

Y

Yiff.Life

yiff.life

65

Yiff.Life is a small, independent Mastodon instance focused on serving the furry and LGBTQA+ communities. It operates as a non-commercial, donation-supported platform with a clear community orientation. The instance is administered by an individual known as 'Sky @ WHY2025' and features contributions from known artists. Technically, the platform runs on a dedicated Hetzner cloud VM, uses a Glitch-Soc fork of Mastodon, and leverages modern web technologies including React and ES modules. The infrastructure includes daily backups and CDN hosting, indicating a reasonable level of operational maturity. Security posture is adequate with HTTPS enabled and domain transfer protections, but lacks DNSSEC and published security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is accessible, well-structured, and serves a niche adult audience with moderate trustworthiness.

B

skull's blog

brutecat.com

59

The website brutecat.com is a personal cybersecurity research blog titled "skull's blog" that publishes technical articles focused on hacking techniques, vulnerability disclosures, and security research related to Google and YouTube user data. It targets security researchers, hackers, and tech enthusiasts interested in advanced security topics. The business model is content publishing without commercial or e-commerce elements, positioning it as a niche blog in the cybersecurity domain. Technically, the site is built using modern web technologies including SvelteKit and is hosted on Cloudflare Pages, ensuring fast performance and excellent mobile optimization. The domain is registered with Cloudflare, Inc. with a long 10-year expiry, indicating commitment to the domain. The site uses HTTPS with a good SSL configuration but lacks DNSSEC and security headers, which are recommended for enhanced security. From a security posture perspective, the site enforces HTTPS and has domain transfer protection but lacks published privacy, cookie, or security policies, and no contact or incident response information is provided. Minimal tracking is present via Cloudflare analytics. No vulnerabilities or malware indicators were found, but the absence of DNSSEC and security headers are notable gaps. Overall, brutecat.com is a technically sound, niche cybersecurity blog with good content quality and performance but limited privacy and security policy disclosures. Strategic improvements include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and publishing incident response contacts to enhance trust and compliance.

R

Restart

titaniumbot.me

58

Titanium is an open source multipurpose Discord bot launched in late 2024, offering a wide range of features including image manipulation, server statistics, Spotify integration, and quote generation. The website serves as a professional landing page targeting Discord users and server administrators, emphasizing ease of use and privacy. Technically, the site is built with modern frameworks like SvelteKit, hosted behind Cloudflare, and optimized for performance and mobile devices. Security posture is adequate with HTTPS and domain transfer protection, but lacks DNSSEC and explicit security policies. Privacy compliance is partial with privacy and terms pages present but missing cookie consent mechanisms and contact information. Overall, the site is trustworthy and well-positioned for its niche but could improve transparency and security practices.

TwitterDB is a small technology project focused on aggregating and providing historical data on Twitter tags and hashtags. The website offers search and statistical analysis of over 96 million unique tags and 20 million hashtags, processing more than 1.8 billion tweets over approximately one year. However, the project is archived and no longer updated due to changes in Twitter's API, with all data frozen as of April 1, 2023. The site targets researchers, social media analysts, and data enthusiasts interested in Twitter trends. Technically, the website is built using Angular 12, hosted by Hetzner Online GmbH, and uses Cloudflare DNS without DNSSEC. The site has moderate performance and basic mobile optimization. SEO and accessibility are basic, with no advanced compliance or security headers detected. No privacy or cookie policies are present, and no contact or incident response information is provided, limiting transparency and compliance. From a security perspective, the site lacks DNSSEC, security headers, and visible incident response contacts. The SSL configuration is unknown but presumed present due to Cloudflare DNS usage. No vulnerabilities or exposed sensitive data were detected in the HTML content. The WHOIS data is consistent and legitimate, with domain registration dating back to 2021, matching the site's operational timeline. Overall, the website scores moderately on business credibility and technical implementation but scores low on privacy compliance and security posture. The absence of privacy policies and contact information, combined with minimal security controls, suggests areas for improvement. The site content is safe for general audiences, with no adult or explicit material detected.

P

Privacy service provided by Withheld for Privacy ehf

booklify.me

54

Booklify.me is a technology startup offering a digital bookshelf platform that enables users to scan, collect, and share their book collections easily. The service integrates a companion app for barcode scanning and automatically organizes books by series. The platform targets book enthusiasts and collectors, providing a free account model to manage personal libraries and share them with friends or keep them private. The website is built on modern Angular technology with Material Design components, hosted behind Cloudflare DNS services, and includes a tracking script from u.cd0.eu for analytics. Privacy and terms of service pages are present, indicating basic compliance with data protection regulations. However, no cookie consent mechanism or detailed security policies are published on the site.

The website sandcat.lol is a personal hobbyist site owned by an individual named Tom, who shares interests in technology, gaming, and personal computer hardware. The site serves as a personal blog and contact point primarily via Discord. The content is basic and targeted at general internet users interested in tech and gaming. The domain is newly registered in December 2024 and uses privacy protection services, which is typical for personal websites. Technically, the site uses standard HTML, CSS, and JavaScript with Cloudflare DNS but lacks advanced security headers and privacy policies. No forms or data collection mechanisms are present, and no analytics or advertising scripts are detected. The site is accessible without WAF or security challenges and contains no adult or explicit content, making it safe for general audiences.

The website 'Niko's Webpage' is a personal hobbyist site created by an individual named Niko, focusing on interests such as IT, coding, computing, radio, gaming, and programming projects. The site serves as a personal portfolio and social hub linking to various related hobbyist and friend sites. The domain is very new, registered in August 2024, and consistent with the personal nature of the content. The site does not represent a commercial business entity and lacks formal business information or contact details. Technically, the website is built with basic HTML and CSS, hosted behind Cloudflare DNS but without advanced security headers or CMS frameworks. The site has moderate performance and basic mobile optimization but lacks SEO and accessibility enhancements. No analytics or advertising technologies are detected, indicating minimal tracking or marketing efforts. From a security perspective, the site lacks privacy and cookie policies, security headers, and vulnerability disclosure mechanisms. The domain does not use DNSSEC, and SSL/TLS configuration details are not provided, which may indicate basic or incomplete HTTPS implementation. No forms or data collection points are present, reducing attack surface but also limiting user interaction. Overall, the website is safe for general audiences, with no adult or explicit content. The risk profile is low given the personal nature and limited functionality, but improvements in security posture and privacy compliance are recommended to enhance trust and protection.

P

Private by Design, LLC

critters.gay

61

Critters.gay is a niche social media platform targeting the 'critters' community, offering a small, focused alternative to mainstream social media. The platform is built on the Sharkey software and hosted with Cloudflare DNS services, reflecting a modern but minimalistic technical infrastructure. The website content is accessible and well-branded, with consistent theming and a clear community focus. However, it lacks formal privacy and cookie policies, which are important for compliance and user trust. Security posture is moderate, with domain registration protections in place but missing DNSSEC and security headers. Overall, the site is safe for general audiences and does not contain adult or explicit content.

SEMICON Taiwan is a premier semiconductor industry exhibition and event platform held in Taipei, Taiwan. It serves as a global hub for semiconductor professionals, companies, and technology leaders to collaborate, showcase innovations, and discuss key industry trends. The event attracts over 1,100 companies and 100,000 professionals, emphasizing Taiwan's strategic role in the semiconductor supply chain. The website is professionally designed using Drupal CMS, optimized for mobile, and integrates modern tracking and marketing tools such as Google Tag Manager and HubSpot. Security posture is solid with HTTPS and domain protections, though some security headers and explicit policies could be improved. Privacy and cookie policies exist but are basic, with GDPR compliance not explicitly stated. Overall, the site reflects a mature, credible business with strong industry positioning and digital presence.

A

Accomplice

accomplice.co

60

Accomplice is a specialized venture capital firm and contemporary family office focused on high conviction investments in technology startups. The firm has a strong market position, evidenced by its involvement in the early stages of numerous successful companies such as AngelList, DraftKings, and Patreon. Their business model centers on concentrated, patient investments and includes initiatives like Accomplice Blockchain and the Spearhead operator-angel movement. The website reflects a professional and consistent brand image targeting investors and entrepreneurs in the technology sector. Technically, the website is built on the PageCloud platform, utilizing jQuery and hosted with Cloudflare DNS services. The site is mobile optimized and performs moderately well, though it lacks advanced SEO and accessibility features. The absence of DNSSEC and security headers indicates room for improvement in technical security hardening. From a security perspective, the site uses HTTPS and has domain transfer locks in place, which are positive indicators. However, it lacks visible security policies, incident response information, and vulnerability disclosure mechanisms. No privacy or cookie policies were found, which is a compliance gap. No analytics or tracking scripts were detected, suggesting minimal user tracking. Overall, the website presents a low risk profile with a solid business credibility but requires enhancements in privacy compliance and security best practices to improve trust and regulatory adherence. Strategic recommendations include implementing privacy and cookie policies, enabling DNSSEC, adding security headers, and publishing incident response and vulnerability disclosure information.

P

Private by Design, LLC

rez.bio

54

rez.bio is a small, informal personal or community website operated under the privacy-focused registrant Private by Design, LLC. The site features playful content including ASCII art, friend links, and a Discord user link, but lacks formal business descriptions or commercial services. Technically, the site is built using the modern SvelteKit framework and uses Cloudflare for DNS, indicating a contemporary but minimal infrastructure. Security posture is basic with no DNSSEC or security headers detected, and no privacy or cookie policies published, which limits compliance and trust. Overall, the site is safe with no adult or explicit content, but lacks business credibility and formal security or privacy measures.

‹

‹div›RIOTS

divriots.com

9

‹div›RIOTS is a small technology company specializing in the development of innovative Figma plugins designed to enhance design workflows. Their product suite includes a variety of plugins that convert HTML, PDFs, images, and other formats into Figma designs, as well as tools for removing backgrounds, upscaling images, and more. The company targets designers and developers who use Figma as their primary design tool. The website reflects a professional and modern digital presence with a focus on showcasing their plugin offerings. Technically, the website is built using modern web technologies including Astro framework, JavaScript, and CSS, with hosting and DNS services provided by Cloudflare and domain registration via Squarespace. The site includes minimal tracking via Fathom Analytics and uses Sendinblue for form submissions. Performance and mobile optimization are good, though accessibility features are basic. From a security perspective, the site uses HTTPS and has domain status protections to prevent unauthorized changes. However, DNSSEC is not enabled, and no security headers or vulnerability disclosure policies are present. Privacy and cookie policies are absent, indicating gaps in compliance with GDPR and related regulations. No direct contact information or incident response contacts are provided. Overall, the website is trustworthy and professional but would benefit from enhanced privacy compliance, security best practices, and clearer contact and policy disclosures to improve user trust and regulatory adherence.

B

Bundlephobia | Size of npm dependencies

bundlephobia.com

53

Bundlephobia is a specialized web service launched in 2017 that helps JavaScript developers and frontend engineers analyze the size and performance impact of npm packages before integrating them into their projects. The website provides tools to measure package size, composition, and exports, including a beta feature to scan package.json files. It occupies a niche market position focused on frontend bundle optimization and is supported by open source community trust signals such as GitHub sponsorship and transparent hosting credits. Technically, the site is built on modern frameworks like Next.js and React, hosted on DigitalOcean, and uses Amplitude for analytics and Sentry for error monitoring, indicating a mature digital infrastructure with good performance and mobile optimization. Security posture is solid with HTTPS enforced and domain transfer protections, though improvements are needed in DNSSEC, security headers, and formal privacy and cookie policies. Overall, the site is professional, trustworthy, and safe for general audiences, but lacks explicit contact and compliance documentation which slightly reduces its privacy compliance score.

N

New Vector Ltd

riot.im

77

Element.io is a leading secure collaboration and messaging platform built on the open Matrix protocol. Founded in 2011 and operated by New Vector Ltd, the company offers end-to-end encrypted communication solutions that emphasize data sovereignty and interoperability. Their offerings include the Element App for users and the Element Server Suite for backend customization, targeting enterprises, governments, and organizations requiring secure real-time communication. The website reflects a mature, professional digital presence with comprehensive content and multilingual support. Technically, the site uses modern web technologies, is mobile-optimized, and integrates marketing and analytics tools such as HubSpot. Security posture is strong, supported by industry certifications like ISO/IEC 27001:2022 and Cyber Essentials Plus, though DNSSEC is not enabled. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, Element.io demonstrates high business credibility and trustworthiness.

P

Private by Design, LLC

critter.cafe

66

Critter Cafe is a small, independent social media platform operating a Mastodon instance aimed at users seeking an alternative to mainstream social media. It offers a cozy, decentralized environment with features such as extended post lengths, custom profile fields, and poll options. The platform is self-hosted on private hardware, emphasizing user privacy and community engagement without algorithms or advertising. The domain is registered to Private by Design, LLC in the US, consistent with the website's claims and recent launch in 2024. Technically, the site uses modern open-source Mastodon software forks and Cloudflare DNS, with good mobile optimization and basic accessibility. Security posture is solid with HTTPS and domain status protections, though DNSSEC is not enabled and security headers are absent. Privacy compliance is partial, with a privacy policy present but no cookie consent or terms of service. Overall, the site is trustworthy and well-positioned within its niche, but could improve security and compliance practices.

The website timedout.uk is a personal site operated by an individual known as 'nex', focusing on cybersecurity interests, programming skills, and casual gaming. It serves as a personal blog and portfolio with links to various social and gaming profiles. The site does not represent a commercial business entity and lacks formal business information or contact details. Technically, the site is built with standard HTML and CSS, hosted likely on a Linux-based VPS environment with Cloudflare as the domain registrar. The site is accessible without any WAF or security challenges and uses HTTPS with DNSSEC enabled, indicating a good baseline security posture. However, the absence of privacy, cookie, or terms of service policies and lack of contact information limits its privacy compliance and business credibility. The WHOIS data shows an anomalous domain creation date set in the future, which raises questions about domain registration legitimacy but does not directly impact the site's content or security. Overall, the site is safe for general audiences and provides a moderate level of technical and security maturity.

L

Lilly Schramm

eps-dev.de

49

EPS-DEV is a personal portfolio website of Lilly Schramm, a young German full-stack developer showcasing her projects including Booklify, TwitterDB, and a Tor relay service. The site targets developers and tech enthusiasts interested in open source and free internet initiatives. The business model is primarily personal branding and project demonstration with open source contributions. Technically, the site is built with Angular 16.2.0, uses modern CSS frameworks like Tailwind, and is hosted with Cloudflare DNS. The site is performant, mobile optimized, and uses minimal tracking via Umami analytics. Security posture is good with HTTPS enforced and no exposed sensitive data, but lacks security headers and formal policies. Overall, the site is trustworthy and professional but would benefit from adding privacy, cookie, and security policies to improve compliance and user trust.

S

home - sylvie.lol

sylvie.lol

57

Sylvie.lol is a personal portfolio and blog website belonging to Sylvia (aka sylvxa), a full-stack software developer and programming enthusiast. The site serves as a platform to share programming knowledge, open source projects, and personal interests such as speedrunning and cats. It targets a niche audience of developers and tech hobbyists. The website is newly created in 2024 and reflects a small-scale personal brand rather than a corporate entity. Technically, the website uses standard modern web technologies including HTML5, CSS3, and JavaScript, with Cloudflare providing DNS and likely CDN services. The site is well-structured with good mobile optimization and SEO meta tags. However, it lacks advanced frameworks or CMS platforms, indicating a lightweight and custom-built approach. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and security headers such as Content-Security-Policy. There are no visible forms or data collection mechanisms, reducing attack surface but also limiting user interaction. Privacy and cookie policies are absent, which is a compliance gap. No incident response or vulnerability disclosure information is provided. Overall, sylvie.lol is a safe, well-maintained personal website with moderate trustworthiness. To improve, the owner should consider adding privacy and cookie policies, security headers, and contact information to enhance compliance and user trust.

L

Lonaasan

lona.moe

53

Lona.moe is a personal website belonging to Lonaasan, a 22-year-old software engineer from Germany. The site serves as a portfolio and community hub featuring programming projects, blog content, photography, and social links. It targets a general audience interested in cats, blahaj, and programming. The website is small scale, with a niche market position focused on personal branding and community engagement. Technically, the site uses standard web technologies including HTML5, CSS3, and JavaScript, with Cloudflare DNS hosting. The site is mobile optimized and accessible, with good SEO practices. However, DNSSEC is not enabled, and no advanced security headers are detected. The site uses a minimal tracking script (umami) for analytics, indicating a low level of user tracking. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and security headers. There is a potential XSS vulnerability in the citation block due to unsanitized HTML content. No privacy or cookie policies are present, which impacts compliance. The domain registration is privacy protected but consistent with the personal nature of the site. Overall, the security posture is moderate but could be improved with standard best practices. The overall risk is low given the personal and non-commercial nature of the site, but improvements in security headers, privacy policies, and content sanitization are recommended to enhance trust and compliance.

P

Private by Design, LLC

funtimes909.xyz

61

The website funtimes909.xyz is a personal site operated by Amy, an 18-year-old technology and privacy enthusiast. The site serves as a platform to share personal interests, projects, and contact information, targeting a niche audience of tech and privacy advocates. The business model is non-commercial, focusing on hobbyist and community engagement with open source and privacy tools. The domain is registered under a privacy protection service, consistent with the personal and privacy-focused nature of the site. Technically, the site is built with basic HTML and CSS, hosted behind Cloudflare DNS services, and uses HTTPS for secure communication. The site lacks advanced frameworks or CMS and has moderate performance and basic mobile optimization. SEO and accessibility features are minimal but functional. No analytics or tracking scripts are present, reflecting a strong privacy orientation. From a security perspective, the site benefits from HTTPS and domain transfer protections but lacks security headers and formal policies such as privacy or cookie policies. No vulnerability disclosure or incident response information is provided. The absence of these elements suggests room for improvement in security posture and compliance. Overall, the site is safe, trustworthy, and suitable for general audiences. The risk level is low given the personal nature and limited scope of the site. Strategic recommendations include enabling DNSSEC, adding security headers, publishing privacy and cookie policies, and establishing vulnerability disclosure mechanisms to enhance trust and security maturity.

D

Dhanush Rambhatla

rambhat.la

57

The website rambhat.la is a personal portfolio and blog site for Dhanush Rambhatla, a software developer and content creator known as @TheOnlyWayUp. The site showcases various software projects, technical blog posts, and provides links to social media and code repositories. The target audience includes developers and technology enthusiasts interested in programming and software development. The business model is centered on personal branding and sharing knowledge through project demos and blog content. Technically, the site is built using modern frameworks such as SvelteKit and FastAPI, with hosting infrastructure leveraging Cloudflare DNS. The site is well-optimized for mobile and SEO, with fast performance and good accessibility. Security posture is adequate with HTTPS enforced and domain transfer protection enabled, but lacks DNSSEC and security headers. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is trustworthy and professional but could improve in compliance and security best practices.

P

Private by Design, LLC

damcraft.de

58

Lina.sh is a personal website of Lina, an 18-year-old developer from Germany, known for her work exposing wrongful ISP domain blocking in Germany. The site serves as a portfolio, blog, and community hub with donation support and secure communication via PGP. The business model is primarily personal branding and community engagement, targeting developers and privacy-conscious users. The domain is registered under Private by Design, LLC in the US, consistent with the website's privacy-focused ethos. Technically, the site is built with clean HTML and CSS without JavaScript, emphasizing privacy and performance. It uses Cloudflare DNS but lacks DNSSEC. The site is mobile optimized and accessible, with fast performance and basic SEO. No CMS or analytics tools are detected, reflecting a minimalist and privacy-first approach. Security posture is solid with HTTPS enforced and domain status protections, but lacks advanced security headers and incident response information. No privacy or cookie policies are published, representing compliance gaps. No tracking or advertising scripts are present, enhancing user privacy. Overall, the site is trustworthy and professional for a personal developer portfolio, but could improve compliance and security transparency. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, publishing security.txt, and enhancing security headers.

C

Call me by my gender

callmebymygender.top

54

The website 'Call me by my gender' is a small educational platform focused on promoting respectful and inclusive language regarding gender identity. It provides detailed explanations on why certain terms like “female” or “male” can be problematic and offers alternatives for respectful communication. The site targets a general audience interested in gender inclusivity and language sensitivity. The business model is informational without commercial transactions or services. Technically, the site uses standard web technologies including HTML5, CSS3, JavaScript, and Google Fonts. It is hosted with DNS services provided by Cloudflare and uses Plausible Analytics for privacy-conscious visitor tracking. The site is mobile optimized with good SEO practices but lacks advanced accessibility features. Performance is moderate with no CMS detected. From a security perspective, the site uses HTTPS and has domain transfer protections enabled. However, it lacks DNSSEC and security headers such as Content-Security-Policy or X-Frame-Options, which are recommended for enhanced security. There are no privacy or cookie policies present, representing compliance gaps. The domain registration is recent (2023) and privacy protected, which is reasonable for this type of small educational site. Overall, the website is safe, professional, and trustworthy for its niche educational purpose. Key recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and considering a vulnerability disclosure policy to improve security posture and compliance.