Security Directory

Umbreon.online is a personal website operated by an individual named Erin, a web developer with a focus on frontend CSS and browser extensions. The site serves as a personal hub for hosting small projects, guides, and links to related sites including a webring and personal code repositories. The website targets a general audience interested in quirky personal content and web development. Technically, the site uses a simple stack of HTML, CSS, and JavaScript, hosted on DigitalOcean with DNS managed by DigitalOcean's nameservers. The site is mobile optimized and performs moderately well but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but missing DNSSEC and security headers. No privacy or cookie policies are present, and no formal business or contact information is provided beyond a Fediverse social link. Overall, the site is a small personal project with moderate professionalism and security maturity.

B

Backblaze

backblazeb2.com

0

Backblaze is a reputable cloud storage and backup service provider founded in 2007, offering cost-effective and scalable S3 compatible object storage solutions. Positioned as a competitive alternative to major cloud providers, Backblaze targets businesses and developers seeking affordable and reliable cloud storage. The company emphasizes simplicity, performance, and integration with existing workflows. Technically, the website is built on modern frameworks including Webflow CMS, uses advanced JavaScript libraries for animations and tracking, and integrates multiple marketing and analytics tools with user consent mechanisms. Security posture is strong with HTTPS enforcement, SOC 2 Type 2 certification, multi-factor authentication, and data immutability features. However, the absence of publicly available WHOIS data is noted but does not detract significantly from overall trust given the company's established market presence. Overall, the website is professional, secure, and compliant with privacy regulations, providing a trustworthy platform for cloud storage services.

B

Besties

besties.house

0

Besties is a small, community-driven collective focused on providing safe and inclusive spaces for queer individuals to engage in software development and online socialization. Their key offerings include open source projects such as git.gay, a Git forge, and pages.gay, a static website hosting platform, alongside a Mastodon social server. The organization emphasizes openness, inclusivity, and community support, targeting queer developers and newcomers to development. Technically, the website is built using modern frameworks like SvelteKit and is hosted via Cloudflare, ensuring good performance and security basics such as HTTPS. The site is mobile-optimized and presents a consistent, professional design. However, some technical improvements are possible, including enabling DNSSEC and adding security headers. From a security perspective, the site enforces HTTPS and uses domain transfer protection but lacks published privacy policies, cookie consent mechanisms, and incident response or vulnerability disclosure information. No security headers were detected, and DNSSEC is not enabled, representing areas for improvement. No critical vulnerabilities or suspicious patterns were found, and the domain registration is transparent and consistent with the business. Overall, Besties presents a trustworthy and well-maintained community platform with room to enhance privacy compliance and security posture. Strategic improvements in policy publication and security headers would strengthen user trust and regulatory compliance.

P

Private by Design, LLC

git.gay

0

git.gay is a niche collaboration platform designed to empower queer developers by providing Git hosting, continuous integration, and static site hosting services. Operated by the collective 'besties', it emphasizes community values, open source software, and privacy by avoiding ads and third-party trackers. The platform leverages a fork of Forgejo, ensuring open source transparency and configurability. The website presents a professional and consistent brand image targeting queer and neurodiverse developers, positioning itself as a community-centric alternative to corporate platforms. Technically, git.gay uses modern web technologies including Forgejo, Cloudflare DNS, and custom JavaScript for enhanced user experience and error handling. The site is mobile optimized with good SEO practices and minimal user tracking, reflecting a mature digital infrastructure. However, DNSSEC is not enabled, and security headers are not visibly implemented, indicating areas for improvement in security hardening. From a security perspective, the site enforces HTTPS and employs CSRF tokens, with no detected vulnerabilities or exposed sensitive data. Privacy policies and terms of service are present but basic, and no explicit incident response or vulnerability disclosure policies are published. The absence of cookie consent mechanisms despite script usage suggests a potential compliance gap. Overall, the security posture is solid but could benefit from enhanced transparency and technical controls. The domain registration is transparent and consistent with the business profile, registered to Private by Design, LLC in the US, matching the website's operational claims. The domain age aligns with the platform's founding date, supporting legitimacy. No suspicious WHOIS patterns or privacy protections obscure ownership, enhancing trustworthiness. The platform's focus on community and open source principles further supports a positive risk profile. Strategic recommendations include enabling DNSSEC, implementing comprehensive security headers, publishing detailed security and incident response policies, adding cookie consent mechanisms, and establishing a vulnerability disclosure process. These steps will strengthen security, compliance, and user trust, supporting git.gay's mission as a safe and empowering platform for queer developers.

S

SERVFAIL :: main

servfail.network

0

Project SERVFAIL is a small-scale, open-source authoritative DNS nameserver network currently in beta. It offers free DNS hosting services with a lightweight, no-JavaScript web interface and a PowerDNS-compatible API for automation. The project is community-driven with collaboration among several contributors and encourages donations and contributions. The website content is technical and targeted at DNS users and beta testers. The market position is niche, focusing on DNS infrastructure enthusiasts and small-scale users. Technically, the website uses basic HTML and CSS without JavaScript, which reduces attack surface but also limits interactivity. The site lacks advanced frameworks or CMS and shows moderate performance and basic mobile optimization. No explicit hosting provider or SSL configuration details were found. The site links to several partner domains and community resources, indicating an active ecosystem. From a security perspective, the site lacks visible HTTPS enforcement and security headers, and no privacy or cookie policies are present, which impacts compliance and trust. The WHOIS data is unavailable or malformed, limiting domain legitimacy verification. No contact emails or phone numbers are provided, reducing transparency. However, the open-source nature and community engagement are positive trust signals. Overall, the site is functional and relevant for its niche but requires improvements in security posture, privacy compliance, and domain transparency to enhance trust and professional credibility.

C

CPlusPatch Development

cpluspatch.com

0

CPlusPatch Development is a small, independent software development entity focused on creating open source applications, websites, and servers leveraging free and open standards. The website serves as a professional portfolio showcasing multiple open source projects, including protocol specifications, server implementations, and client applications. The target audience includes developers and technology enthusiasts interested in open source software and modern web technologies. The business model centers on open source contributions and community engagement, with a strong emphasis on transparency and quality. Technically, the website is built using modern frameworks such as Nuxt.js and Vue 3, styled with Tailwind CSS, and employs TypeScript for development. The site demonstrates excellent performance, mobile optimization, and accessibility. Security best practices are observed, including a strict Content-Security-Policy and HTTPS enforcement. Analytics are implemented via Plausible, ensuring minimal user tracking and good privacy compliance. Security posture is strong with no detected vulnerabilities or exposed sensitive data. However, the site lacks published security policies, incident response procedures, and a cookie consent mechanism, which are areas for improvement. The domain registration details are consistent with the website's claims, supporting legitimacy and trustworthiness. Overall, CPlusPatch Development presents a professional, secure, and privacy-conscious online presence suitable for its niche. Strategic enhancements in privacy compliance and security transparency would further strengthen its position.

P

Private by Design, LLC

ezri.pet

0

The website ezri.pet represents a personal and academic online presence of a 21-year-old computer science student based in New York City. The individual operates a small internet hosting service with its own ASN and is involved in academic research in computer systems and networking. The site serves as a portfolio and contact point, featuring links to various social media and communication platforms, and showcases personal projects and interests. The business model is small-scale and niche, focusing on personal hosting and academic collaboration rather than commercial enterprise. Technically, the website is built with standard HTML5 and CSS using Pure.css for styling, with some JavaScript for interactive elements. It is hosted under a domain registered with Porkbun LLC and uses DNS services from Hurricane Electric and kjsl.com. The site is mobile responsive and well-structured, though it lacks advanced SEO and accessibility features. No CMS or major frameworks are detected, indicating a custom or static site approach. From a security perspective, the site uses domain status flags to prevent unauthorized transfer or deletion but lacks DNSSEC and security headers such as CSP or HSTS. There is no privacy or cookie policy, and no incident response or vulnerability disclosure information is provided. No analytics or advertising scripts are present, indicating minimal tracking and good privacy by default. The domain registration is transparent and consistent with the website's stated purpose, enhancing trustworthiness. Overall, the site is safe, professional, and trustworthy for its intended audience but would benefit from implementing basic privacy and security policies, enabling DNSSEC, and adding security headers to improve its security posture and compliance. The lack of privacy and cookie policies currently limits its privacy compliance score.

The website cqql.site is a personal technical blog operated by an individual or small entity registered as Njalla Okta LLC in Saint Kitts and Nevis. The site focuses on technology-related content including hacking tutorials, generative art, CTF writeups, and queer/trans community resources. It serves a niche audience of technology enthusiasts and members of the queer/trans community interested in technical topics. The business model is content publishing and community engagement without evident commercial transactions. The domain is newly registered in May 2024 with privacy protection, consistent with the website's privacy-conscious theme. Technically, the site is a static HTML/CSS site hosted via Njalla, a privacy-focused hosting provider. The site is basic but functional with good content relevance and navigation clarity. Mobile optimization and accessibility are basic but adequate. No CMS or advanced frameworks are detected. Performance is likely fast due to static content delivery. SEO and metadata are minimal but present. From a security perspective, the site lacks HTTPS enforcement information and security headers in the provided data, which lowers its security posture. No privacy or cookie policies are present, indicating limited compliance with privacy regulations. No forms or data collection mechanisms are detected, reducing exposure to input-based vulnerabilities. The domain registration is legitimate and consistent with the website content and operator profile. No WAF or blocking mechanisms are detected. Overall, the site is a safe, niche personal blog with moderate trustworthiness but could improve security and privacy compliance. Strategic recommendations include implementing HTTPS with HSTS, adding security headers, publishing privacy and cookie policies, and establishing vulnerability disclosure and incident response information to enhance trust and security posture.

Neovim is an open source, hyperextensible Vim-based text editor designed for developers seeking a modern and extensible editing experience. It offers advanced features such as a first-class API, remote plugins, Lua scripting support, and built-in language server protocol integration. The project is well-positioned in the developer tools market as a popular alternative to Vim, supported by an active community and sponsors. Technically, the website is built with modern web technologies including Bootstrap and Algolia DocSearch, hosted via Cloudflare, and optimized for performance and accessibility. Security posture is solid with HTTPS enforced and domain transfer protections, though it lacks some security headers and formal security policies. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the website is professional, trustworthy, and content-rich, but could improve transparency and compliance documentation.

L

LibreWolf

librewolf.net

0

LibreWolf is an open source project providing a custom Firefox browser focused on privacy, security, and user freedom. The project is community-driven with active engagement on platforms such as Codeberg, Matrix, Reddit, and Lemmy. The website presents a professional and consistent brand image with clear descriptions of the product's privacy-centric features and community involvement. Technically, the site is built using modern web technologies including Next.js and React, delivering a fast and mobile-optimized experience. Security posture is good with HTTPS enforced and no telemetry or tracking scripts detected; however, explicit security headers and a formal security policy are absent. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism or terms of service page. Overall, the domain registration is consistent and transparent, supporting the legitimacy of the project. The website scores well on content quality, technical implementation, and business credibility, with minor penalties for missing some compliance and security best practices.

D

dimden

dimden.dev

0

The website dimden.dev is a personal portfolio and blog of a Ukrainian programmer known as dimden. It serves as a platform to showcase open source projects, share blog posts, and engage with a community primarily through Discord and Patreon. The site targets programmers, tech enthusiasts, and followers of the author's work. The business model is centered around personal branding, community engagement, and open source contributions, with no direct commercial sales evident. The market position is niche, focusing on a dedicated audience interested in programming and retro-inspired web culture. Technically, the website employs a modern JavaScript-based stack with custom scripts and uses HTTPS with Google Analytics and Tag Manager for tracking. The site is hosted on platforms like Neocities and Nekoweb, with some projects leveraging µWebSockets. Performance is moderate, with basic mobile optimization and accessibility features. SEO is basic but functional, with proper meta tags and Open Graph images. From a security perspective, the site benefits from HTTPS and lacks exposed sensitive data or vulnerable libraries. However, it lacks important security headers such as Content-Security-Policy and Strict-Transport-Security, and does not provide privacy or cookie policies, which impacts compliance. No vulnerability disclosure or incident response information is available. Overall, the security posture is moderate but could be improved with standard best practices. The overall risk is low given the personal nature of the site and absence of sensitive transactions or user data collection. Strategic recommendations include implementing security headers, adding privacy and cookie policies, and establishing a vulnerability disclosure process to enhance trust and compliance.

I

InfinityFree

000.pe

0

000.pe is a domain hosted by InfinityFree, a free web hosting provider offering PHP and MySQL support for users to create websites on subdomains such as yourname.000.pe. The website serves as an informational landing page promoting InfinityFree's free hosting services and providing an abuse reporting contact. The technical infrastructure is basic, relying on standard HTML5 and CSS3 with Google Fonts, hosted on InfinityFree's platform. The site is mobile optimized with moderate performance but lacks advanced SEO and accessibility features. Security posture is minimal with no detected security headers, but HTTPS is implied. There is no privacy or cookie policy, which impacts compliance. Overall, the site is legitimate and consistent with its purpose but would benefit from enhanced security and compliance documentation.

P

Private by Design, LLC

lea.pet

0

The website lea.pet is a personal instance of the Sharkey social platform, designed for a small community of friends. It operates under the domain registered to Private by Design, LLC, a US-based organization. The site offers social networking services with a focus on personal and community content sharing. The business model is niche and community-oriented, with no commercial or enterprise scale indications. The technical infrastructure uses modern web technologies including JavaScript and CSS, with a custom theme and no detected CMS. Hosting details are not explicit, and the domain uses suspicious name servers which may pose security concerns. The site is accessible without WAF or blocking mechanisms and shows moderate performance and mobile optimization. Security posture is average with no DNSSEC and missing security headers, and privacy compliance is weak due to lack of privacy and cookie policies. The site contains adult-themed content and links, targeting a mature audience without age verification. Overall, the site is functional but has notable security and compliance gaps that should be addressed to improve trust and safety.

The website brodokk.space serves as a personal homepage for an individual known as Brodokk, who identifies as a Fennec fox persona. The site highlights personal and professional programming activities, server management, and participation in various online communities and projects. The content is straightforward, primarily textual with some images, and links to multiple social media and community platforms. The website is small-scale and targeted at a general audience interested in technology and creative online communities. From a technical perspective, the site is built with basic HTML and CSS, hosted by Gandi SAS, and does not use any advanced frameworks or CMS. The site is moderately optimized for mobile devices and accessibility but lacks advanced SEO and performance optimizations. No analytics or advertising technologies are detected, indicating a privacy-conscious or minimalistic approach. Security posture is basic; the domain uses HTTPS (implied by the URL), but no DNSSEC is enabled, and no security headers are present. There are no forms or data collection points, reducing attack surface but also limiting user interaction. The WHOIS data is transparent and consistent with the website's personal nature, with no privacy protection used. No privacy or cookie policies are present, which is a compliance gap. Overall, the website is low risk, safe for general audiences, and serves as a personal portfolio and community hub. Strategic recommendations include improving security headers, adding privacy and cookie policies, enabling DNSSEC, and enhancing mobile and accessibility features to improve user experience and compliance.

A

Akseli Lahtinen

akselmo.dev

0

The website akselmo.dev is a personal blog authored by Akseli Lahtinen, focusing on topics such as gaming, game development, free and open source software (FOSS), and programming. It serves a niche audience of gamers, developers, and open source enthusiasts. The blog has a consistent and professional presentation with a rich archive of posts dating back to 2016, indicating a well-established presence in its domain. The business model is primarily content sharing without commercial transactions or services. Technically, the site is built with standard web technologies (HTML, CSS, JavaScript) and uses Goat Counter for privacy-respecting analytics. The site appears to be hosted on Hetzner, inferred from blog content, and is likely a static or custom-built blog without a CMS. The site is performant, mobile-optimized, and SEO-friendly, though accessibility features are basic. From a security perspective, the site uses HTTPS and does not expose sensitive data or forms. However, no explicit security headers were detected, and no privacy or cookie policies are present, which are areas for improvement. The domain registration data is consistent with the website content and author identity, supporting high legitimacy and trustworthiness. Overall, the site is low risk with good content quality and technical implementation but would benefit from enhanced privacy compliance and security best practices to improve user trust and regulatory adherence.

D

dragon.style

dragon.style

0

Dragon.style is a small, niche Mastodon instance focused on providing a decentralized social media platform for a queer-friendly community. It is administered by an individual known as Gracious Anthracite, emphasizing a moderated, safe, and ad-free environment. The website serves as an about page detailing community rules, contact information, and donation options, reflecting a non-commercial, community-supported business model. Technically, the site runs Mastodon version 4.0.15, hosted on DigitalOcean, with a standard modern web stack including JavaScript and CSS. The site is mobile-optimized and provides a good user experience with clear navigation and relevant content. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and explicit security headers. Privacy compliance is basic with a privacy policy present but no cookie consent mechanism or GDPR-specific features. Overall, the site is trustworthy and professional for its scope but could improve security and privacy practices.

E

eldritch.cafe

eldritch.cafe

0

Eldritch.cafe operates as an independent Mastodon instance providing decentralized social media services primarily targeting queer, feminist, and anarchist communities, with a focus on French-speaking users. The platform emphasizes community moderation, inclusivity, and amplifying marginalized voices. It maintains a small but active user base and is hosted by Fedi Monster in France. The website content is bilingual and includes detailed moderation guidelines, credits, and legal notices consistent with French law. Technically, the site runs on a Glitch-soc fork of Mastodon, leveraging modern web technologies such as React and JavaScript. The infrastructure is moderately performant and mobile-optimized, though accessibility and SEO features are basic. Hosting and domain registration are consistent and legitimate, with HTTPS enabled and domain transfer protections in place. However, DNSSEC is not enabled, and security headers are absent, indicating room for improvement in security hardening. From a security perspective, the instance enforces clear community rules prohibiting hateful conduct, harassment, misinformation, and illegal content. While no explicit security policy or incident response contacts are published, the moderation team is transparent and active. Privacy compliance is adequate with a privacy policy present, but the absence of a cookie consent mechanism is a minor gap. No vulnerabilities or suspicious patterns were detected in the analysis. Overall, eldritch.cafe presents a trustworthy, community-driven social media platform with a solid technical foundation and clear governance. Strategic enhancements in security headers, cookie consent, and incident response transparency would further strengthen its security posture and compliance standing.

V

VSCodium

vscodium.com

0

VSCodium is a community-driven open source project that provides freely-licensed binaries of Microsoft's VS Code editor without telemetry or proprietary licensing. It targets developers and programmers who prefer open source software with privacy considerations. The website offers comprehensive installation instructions across multiple platforms and package managers, emphasizing ease of access to MIT-licensed VS Code binaries. Technically, the site uses standard web technologies including HTML5, CSS, JavaScript, and external libraries like AnchorJS and Font Awesome, hosted with Cloudflare DNS services. The site is well-structured, mobile-optimized, and fast loading, with good SEO practices but lacks some accessibility features. Security-wise, the project demonstrates good practices by disabling telemetry and signing Windows binaries, but the website itself lacks explicit security headers, privacy policies, and incident response information, which are areas for improvement. Overall, the domain registration is consistent and transparent, supporting the legitimacy of the project. The site contains no adult or questionable content and is safe for general audiences.

T

The LineageOS Project

lineageos.org

0

LineageOS is a well-established open-source Android operating system distribution project founded in 2016. It targets Android device users, developers, and power users seeking customization and extended device longevity. The project operates with a strong community-driven model supported by donations and offers monthly security updates and open-source apps. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the site uses modern web technologies including Material Kit CSS, jQuery, and Cloudflare CDN, ensuring fast performance and mobile optimization. Security posture is good with HTTPS enforced and domain transfer protections, though improvements are possible by enabling DNSSEC and adding security headers. Privacy compliance is basic, with a privacy policy and terms of service present but lacking cookie consent mechanisms and explicit GDPR compliance indicators. Contact information is limited to community channels such as Reddit, with no direct company emails or phone numbers published. Overall, the website is trustworthy, safe, and well-positioned in the open-source Android ecosystem.

T

The Khronos Group, Inc.

opengl.org

0

The Khronos Group operates the official OpenGL website, providing authoritative resources, documentation, and news for the OpenGL graphics API. The organization is well-established with a domain registered since 1997, reflecting its long-standing presence in the graphics technology industry. The website targets developers and technology professionals seeking high-performance graphics standards and related tools. Technically, the site employs modern web technologies including HTML5, CSS, JavaScript, and integrates Google Analytics and Tag Manager for tracking and search functionality. Hosting is provided by DigitalOcean, ensuring reliable infrastructure. Security posture is solid with HTTPS enforced and domain transfer protections, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is partial, with a privacy policy present but lacking a cookie consent mechanism despite use of tracking scripts. Contact information is clearly provided, enhancing business credibility. Overall, the website is professional, trustworthy, and serves as a key resource hub for the graphics development community.

RARLAB operates the official website for WinRAR, a widely used file archiving software supporting RAR and ZIP formats. The company, win.rar GmbH, has a long-standing presence since 2002 and offers software downloads, licensing, and partner programs. The website is professionally designed with clear navigation and provides essential information about the product and purchasing options. Technically, the site uses jQuery and standard web technologies with basic mobile optimization and accessibility. Security posture is moderate with cookie consent implemented but lacks visible security headers and explicit HTTPS verification. WHOIS data is unavailable, which slightly reduces trust but is common for software vendors. Overall, the site is safe, trustworthy, and serves a general audience without any adult or questionable content.

X

X Corp.

pepsi.zip

0

X.com, formerly known as Twitter, is a leading global social media platform specializing in microblogging and social networking services. Owned by X Corp., the platform offers a range of services including advertising and subscription-based features, targeting a broad general audience worldwide. The website demonstrates a mature digital infrastructure with modern web technologies such as React and GraphQL, optimized for performance and mobile responsiveness. Security is robust with HTTPS enforcement, comprehensive security headers, and bot mitigation technologies integrated. Privacy policies and terms of service are clearly linked and comprehensive, reflecting compliance with GDPR and other regulations. However, explicit security policies and incident response contacts are not publicly disclosed, representing an area for improvement. Overall, the platform maintains a high level of trustworthiness and professionalism, supported by a long-established domain and consistent branding.

G

Giorgio Maone

noscript.net

0

NoScript.net is the official website for the NoScript Security Suite, a free and open-source browser extension that enhances user security by blocking malicious scripts and allowing trusted content only. The project is well-established since 2005 and is integrated into the Tor Browser, positioning it as a trusted tool in the privacy and security software market. The website targets privacy-conscious users and security experts seeking enhanced browser protection. The business model is donation-based, emphasizing free software principles. Technically, the website is built with standard web technologies (HTML, CSS, JavaScript) and supports multiple major browsers. The site is well-structured, mobile-optimized, and accessible, with good SEO practices. However, some modern security enhancements like DNSSEC are not enabled, and no explicit security headers were detected in the provided data. The site does not appear to use any CMS or complex frameworks, reflecting a lightweight and focused technical infrastructure. From a security perspective, the website promotes strong security practices through its product, including script blocking and anti-XSS protections. However, the site itself lacks published privacy, cookie, or security policies, and no contact information or vulnerability disclosure mechanisms are provided. DNSSEC absence and missing security headers represent minor security gaps. Overall, the security posture is good but could be improved with better transparency and technical hardening. The overall risk assessment is low given the nature of the site and its content. Strategic recommendations include publishing privacy and cookie policies, enabling DNSSEC, adding security headers, and providing clear contact and vulnerability disclosure information to enhance trust and compliance.

Open Camera is a small-scale, open source software project focused on providing an advanced camera application for Android devices. The website serves primarily as an informational and download portal, featuring detailed descriptions of app features, licensing, and links to source code repositories. The business model is based on free software distribution with revenue generated through website advertising. The target audience is Android users seeking enhanced camera functionality beyond stock apps. Technically, the website is a static site hosted by 123-Reg Limited, utilizing standard web technologies such as HTML, CSS, and JavaScript. It integrates Google services including Analytics, Tag Manager, and Adsense for tracking and monetization. The site is mobile-optimized with a basic but functional design and navigation structure. However, it lacks advanced CMS features and some modern security headers. From a security perspective, the site uses HTTPS (implied by domain and Google services usage) and implements cookie consent with anonymized IP tracking for analytics, indicating some privacy awareness. However, no explicit security policies, incident response contacts, or vulnerability disclosure mechanisms are present. The absence of security headers and contact information for security incidents suggests room for improvement in security posture. Overall, the website is trustworthy and professionally maintained for its niche purpose but would benefit from enhanced security practices and clearer privacy compliance documentation. The domain registration data supports legitimacy with consistent and long-term ownership.

C

Chitter

chitter.xyz

0

Chitter.xyz is an independent Mastodon-based decentralized social network fostering a friendly and inclusive community. It operates as a small-scale social platform within the fediverse, emphasizing community moderation and user etiquette to promote kindness and accessibility. The platform is transparent about its hosting and data locations, relying on reputable providers such as Hetzner and AWS for DNS and storage services. The website content is well-structured, with clear descriptions of staff, community guidelines, and support mechanisms via Patreon and Liberapay.

P

Private by Design, LLC

snug.moe

0

Snugly Moe Moe is a small, niche federated social platform instance targeting general users interested in social networking within the 'snuggly beings' community. The website uses modern web technologies including Vue.js and Cloudflare DNS services, providing a moderate level of performance and basic mobile optimization. The domain is registered to Private by Design, LLC in the US, consistent with the website's content and target audience. Security posture is moderate with HTTPS enabled and domain status protections in place, but lacks DNSSEC and security headers which could improve resilience against attacks. Privacy and cookie policies are absent, and no contact or incident response information is provided, which limits compliance and transparency. Overall, the website is safe for general audiences and does not contain adult or explicit content.

H

Hochschule Neubrandenburg – University of Applied Sciences

dabamos.de

0

DABAMOS is an academic research project hosted by Hochschule Neubrandenburg – University of Applied Sciences, focusing on developing advanced deformation monitoring systems integrated with the Internet of Things. The project produces open source software such as DMPACK and OpenADMS to support sensor networks and automated geodetic data processing. The website serves as an information hub for research, software, and monitoring applications, targeting professionals and researchers in geodesy and geotechnics. Technically, the website is built with standard HTML and CSS, with a clean and professional design, good navigation, and mobile optimization. The presence of GitHub links and open source licensing enhances transparency and community engagement. Security posture is moderate with HTTPS usage implied but lacks explicit security headers and published policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is trustworthy and safe, with no signs of malicious or adult content.

F

Foxscotch

foxscot.ch

0

Foxscotch is a personal website representing an individual web developer who also enjoys programming, 3D modeling, and animals. The site serves primarily as a personal portfolio and social media hub, linking to various social platforms. The business model is personal branding with a focus on web development services. The website is simple, clean, and consistent in branding but lacks formal business information or policies. Technically, the site uses standard HTML and CSS with FontAwesome icons, but no advanced frameworks or CMS are detected. Performance and mobile optimization are moderate to good, though accessibility and SEO are basic. Security posture is weak due to absence of HTTPS confirmation, security headers, and privacy policies. No forms or data collection mechanisms are present, reducing attack surface but also limiting business functionality. Overall, the site is safe and suitable for general audiences with no adult content or tracking technologies detected.

D

Digital Privacy Corporation

keithhacks.cyou

0

The website keithhacks.cyou is a personal site operated by an individual known as ~keith, who identifies as a queer, trans, cyberpunk anarchist with interests in technology, privacy, and the furry community. The site serves as a hub for personal content, hosting various public services including a Git server, IRC, XMPP, and a Tor mirror, reflecting a strong commitment to privacy and alternative internet culture. The domain is registered to Digital Privacy Corporation in the US, consistent with the site's privacy-focused ethos. Technically, the site is hosted on DigitalOcean and built with standard web technologies including HTML5, CSS (Sass), and JavaScript. The site is mobile-optimized with clear navigation and moderate performance. However, it lacks advanced frameworks or CMS platforms and does not implement DNSSEC or security headers, which are recommended for enhanced security. From a security perspective, the site enforces HTTPS and publishes a PGP key for secure communication, which are positive indicators. However, the absence of DNSSEC, security headers, privacy policies, and incident response information indicates room for improvement in security posture and compliance. No tracking or analytics scripts are present, aligning with the site's privacy values. Overall, the site is a niche personal project with moderate technical maturity and a privacy-conscious approach. Strategic improvements in security headers, DNSSEC, and privacy compliance would enhance trust and security. The site is safe for general audiences with no adult or explicit content detected.

A

Adam Walker

furry.engineer

0

Furry.Engineer is a niche Mastodon social networking instance founded in 2018 and administered by Adam Walker in the US. It targets tech enthusiasts and engineers within the furry fandom, promoting an LGBTQ+ friendly and safe community space. The platform leverages the open-source Mastodon software (version 4.4.1+glitch) and is hosted with Cloudflare DNS and domain registration services. The website demonstrates good design quality, mobile optimization, and basic accessibility, providing a user-friendly experience for its audience. However, it lacks some standard compliance features such as cookie consent mechanisms and terms of service documentation. Security posture is adequate with HTTPS enforced and domain transfer protections, but could be improved by enabling DNSSEC and publishing security policies. Overall, the site is a legitimate, small community platform with moderate trustworthiness and a clear focus on its target audience.

A

AS207960 Cyfyngedig

glauca.digital

0

Glauca Digital is a UK-based technology company specializing in domain registration, DNS management, VPS hosting, and related internet infrastructure services. Founded in 2020 and operating under the legal entity AS207960 Cyfyngedig, the company positions itself as a transparent, tech-savvy provider with a focus on ease of use and clear pricing. It is a member of the RIPE NCC, indicating a strong presence in IP address and ASN allocation services. The website reflects a professional and consistent brand image with a clear target audience of technical users and businesses seeking reliable domain and hosting solutions. Technically, the website employs modern web technologies including Bootstrap 4, jQuery, and Keycloak for authentication, with support for passkeys enhancing security. The infrastructure appears custom-built and hosted within the AS207960 network, ensuring control and reliability. Performance and mobile optimization are good, though accessibility features are basic. SEO practices are well implemented with comprehensive metadata and structured data. From a security perspective, the site enforces HTTPS and uses advanced authentication mechanisms. DNSSEC is enabled by default for DNS zones, and hCaptcha is used to mitigate automated abuse. However, the absence of explicit security policies, incident response plans, and cookie consent mechanisms indicates areas for improvement in compliance and transparency. The domain WHOIS data is consistent with the business identity, though the domain is currently expired, which could pose operational risks if not addressed promptly. Overall, Glauca Digital presents a trustworthy and professional online presence with strong technical foundations and a clear business focus. Strategic enhancements in privacy compliance and formal security documentation would further strengthen its market position and customer trust.

D

Digital Overdose

digitaloverdose.tech

0

Digital Overdose is a small, community-driven platform focused on information security, cybersecurity, and ethical hacking education. Founded in 2021, it provides a welcoming space for enthusiasts and professionals to engage through tutoring sessions, events, and a vibrant Discord server. The platform leverages social media and content hosting on Patreon, YouTube, and GitHub to extend its reach and provide resources to its members. The website is built using modern Angular technology and hosted likely on GitHub Pages with Cloudflare DNS services, reflecting a moderate level of digital maturity.

The website alyx.sh is a personal blog operated by Alyx Wijers, focusing on technology, security, and personal projects. The site features a series of blog posts with detailed content relevant to a niche audience interested in technology and security topics. The business model is that of a personal content creator with no commercial or enterprise scale operations. The site is built using the Hugo static site generator and is hosted with DNS services provided by Cloudflare, indicating a modern and performant technical infrastructure. The website is mobile optimized and provides a good user experience with clear navigation and consistent branding. Security posture is moderate; HTTPS is enabled and domain transfer is protected, but DNSSEC is not enabled and security headers are missing. There are no privacy or cookie policies, and no contact information or incident response details are provided, which limits compliance and trust. Overall, the site is safe, professional, and trustworthy for general audiences but would benefit from enhanced security and privacy compliance measures.

Eloydegen.com is a personal website operated by Eloy, a retro technology enthusiast and hacker involved in the RevSpace community near The Hague. The site primarily serves as a blog and contact hub, sharing writings on technology, retro computing, and related topics. It targets a niche audience of technology hobbyists and open source contributors. The website is built using the Hugo static site generator and hosted on infrastructure associated with TransIP, featuring a simple, minimalistic design with basic mobile optimization and accessibility. Security posture is moderate with domain transfer protections but lacks DNSSEC and security headers. Privacy compliance is low due to absence of privacy and cookie policies. Overall, the site is trustworthy and legitimate but would benefit from enhanced security and compliance measures.

P

Private by Design, LLC

lina.sh

0

The website lina.sh is a personal site of Lina, a young developer from Germany, focusing on internet transparency and community engagement. The site highlights Lina's projects, including CUII-Liste, which exposes wrongful ISP domain blocking in Germany. The business model is personal branding supported by donations, targeting developers and privacy-conscious users. The site is technically simple, using no JavaScript, relying on HTML and CSS, and hosted with Cloudflare DNS and Porkbun LLC as registrar. It demonstrates good performance and mobile optimization but lacks advanced SEO and accessibility features. Security posture is moderate with domain locks and published PGP keys but lacks DNSSEC and security headers. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is trustworthy, safe, and professional but could improve compliance and security practices.

The website shift.gay is a personal portfolio site titled 'Shebang' belonging to an individual known as 'shebang' who shares links to personal projects, open source utilities, and creative web concepts. The site targets technology enthusiasts and the open source community, serving primarily as a showcase and link aggregator rather than a commercial business. The domain is recently registered in mid-2023 under a privacy-focused registrar, consistent with the personal nature of the site. Technically, the site is built with basic HTML and CSS, with no detected CMS or advanced frameworks. The hosting provider is not explicitly identified, but DNS nameservers suggest a decentralized or privacy-conscious setup. The site is moderately optimized for mobile and accessibility but lacks advanced SEO and performance optimizations. No analytics or advertising scripts are present, indicating minimal tracking. From a security perspective, the site lacks security headers, DNSSEC is not enabled, and no privacy or cookie policies are present, which lowers compliance and security posture scores. However, no critical vulnerabilities or exposed sensitive data were detected. The site uses HTTPS (implied by the URL) but no explicit SSL configuration details were provided. No contact information or incident response channels are available, limiting trust and business credibility. Overall, the site is low risk with safe content and a clear personal/technical focus but would benefit from improved security practices, privacy compliance, and contact transparency to enhance trustworthiness and compliance.

F

Welcome to my website.

famfo.xyz

0

The website famfo.xyz is a personal technology-focused site operated by an individual named famfo. It serves as a portfolio and social hub featuring a blog, project links, and social media presence primarily in the open-source and federated social network space. The site is small scale, targeting a general audience interested in technology and personal projects. The domain is registered in Germany with a registrar known for domain services, and the domain age is consistent with a recently established personal site. Technically, the site uses basic HTML and CSS without advanced frameworks or CMS, and it shows moderate performance and basic mobile optimization. Security posture is minimal with no DNSSEC, no security headers detected, and no privacy or cookie policies present. No forms or analytics scripts are used, indicating minimal data collection and tracking. The site content is safe for general audiences with no adult or questionable content. Overall, the site is legitimate but lacks advanced security and privacy compliance features.

B

besties

pages.gay

0

pages.gay is a small technology startup offering a niche service for hosting static websites quickly and easily, tightly integrated with the git.gay source code repository platform. The service targets developers and users who want to deploy static sites with minimal setup, leveraging open source software and git repositories. The website is modern, built with SvelteKit, and uses Cloudflare for DNS hosting, providing fast performance and good mobile optimization. However, the site lacks formal privacy, cookie, and terms of service policies, and does not provide contact information, which limits trust and compliance. Security posture is decent with HTTPS and domain transfer protection, but could be improved by enabling DNSSEC and adding security headers. No analytics or advertising tools are present, indicating minimal user tracking.

Astrid.tech is a personal technology blog and project showcase website maintained by Astrid Yu. The site focuses on topics such as networking, homelab setups, programming languages, and various tech projects. It is a niche site targeting technology enthusiasts and readers interested in detailed technical content. The website is built using a custom Rust-based static site generator CMS called Seams and hosts static assets on Backblaze B2. The site is fast, mobile-optimized, and uses modern web technologies including JavaScript and CSS. Google Analytics is employed for visitor tracking, but no visible cookie consent mechanism is present. Security posture is moderate with HTTPS enabled and no exposed sensitive data, but lacks security headers and formal security policies. The domain is privacy protected, registered in 2020, which aligns with the site's personal nature and recent content updates. Overall, the site is trustworthy and professional but would benefit from improved privacy compliance and security best practices.

P

Private by Design, LLC

taavi.wtf

0

Taavi Väänänen's personal website serves as a professional portfolio and blog highlighting his work as a Wikimedia sysadmin, Debian Developer, and open source contributor. The site targets technology professionals and open source communities, offering insights into his projects, blog posts, and contact information. The business model is personal branding and community engagement within niche technology sectors. The website is well-positioned as a trusted personal brand with recognized contributions and awards in the Wikimedia ecosystem. Technically, the site is built using the Hugo static site generator, hosted on Debian-powered infrastructure with Apache HTTPd and HAProxy. It employs a minimalistic approach with no JavaScript, custom fonts, and good mobile optimization. The site is performant, accessible, and SEO-friendly, with a Tor hidden service for privacy-conscious access. Security posture is solid with HTTPS enabled and no exposed vulnerabilities detected. However, the site lacks DNSSEC, security headers, cookie consent mechanisms, and explicit security or incident response policies. The published PGP key and absence of tracking indicate a privacy-respecting approach. Overall, the site is secure but could improve compliance and security best practices. The overall risk is low given the personal nature and limited attack surface. Strategic recommendations include enabling DNSSEC, adding security headers, implementing cookie consent, and publishing security policies to enhance trust and compliance.

T

Theia Bähr, Games

teamakes.games

0

Theia Bähr, operating under the brand 'tea makes games', is a small indie game developer based in Germany specializing in experimental and artistic games. The website serves as a professional portfolio showcasing a variety of free and commercial games, including the 2024 commercial release 'The Elision Effect'. The business targets niche audiences interested in contemplative, surreal, and atmospheric gaming experiences. The company leverages platforms such as Steam and itch.io for distribution and uses PayPal for payment processing. Technically, the website is well-constructed with modern HTML5, CSS3, and JavaScript, hosted on Cloudflare infrastructure ensuring good performance and availability. The site is mobile-optimized and accessible with good SEO practices.

C

crimew.gay

crimew.gay

0

crimew.gay is a small, community-driven Fediverse instance operated by an individual named Maia. It provides a social networking platform based on the Pleroma software, targeting users interested in a curated and moderated federated social experience. The instance emphasizes active moderation and federation policies to maintain community standards. Technically, the site uses modern web technologies and is mobile optimized, though it lacks some advanced security headers and privacy compliance features. The domain is relatively new, registered in 2022 with privacy protection, which is appropriate for this type of community service. Security posture is moderate with HTTPS enabled but could be improved with DNSSEC and additional headers. Overall, the site is functional and trustworthy but would benefit from enhanced privacy policies and contact transparency.

S

Rain's slonksite

slonk.ing

0

The website 'Rain's slonksite' is a personal portfolio and blog site for an individual developer and cybersecurity enthusiast known as Rain or slonkazoid. The site showcases the developer's skills, projects, and interests, with a focus on backend web development, cybersecurity, and various programming languages including Rust and Bash. The site also offers software commissions for small projects such as webapps, bots, and mods. The target audience includes fellow developers, cybersecurity professionals, and potential clients seeking software development services. Technically, the website is a static HTML site with no JavaScript, emphasizing simplicity, accessibility, and security. The tech stack described includes modern and secure technologies such as Rust, Axum, Tokio, and PostgreSQL, running on Linux-based systems. The site is optimized for performance and accessibility, with a fast loading time and good mobile optimization. However, no CMS or hosting provider information is explicitly stated. From a security perspective, the site demonstrates good practices such as the use of SSH and PGP keys for identity verification and encrypted filesystems on the server. However, no explicit security headers or HTTPS enforcement details were found in the provided data. There is no published privacy policy, cookie policy, or terms of service, which limits privacy compliance. No incident response or vulnerability disclosure information is available, which could be improved to enhance trust and security posture. Overall, the website is a well-maintained personal developer site with a moderate security posture and good technical implementation. The lack of formal privacy and security policies and absence of security headers are areas for improvement. The site is safe for general audiences, contains no adult or explicit content, and is fully accessible without WAF or blocking mechanisms.

The website vea.st is a small-scale technical project focused on providing a browser-based virtual machine experience using technologies such as libv86 and JavaScript. It targets a niche audience interested in retro computing or browser virtualization. The site also fosters community engagement through a webring linking multiple related and partner sites. The technical infrastructure leverages Cloudflare for DNS and bot protection, including the use of Turnstile CAPTCHA, and hosts custom JavaScript libraries for VM functionality and playful UI elements like Browser-Ponies. However, the site lacks standard business and compliance features such as privacy policies, cookie consent mechanisms, and contact information, which limits its professionalism and trustworthiness. Security posture is basic with HTTPS enabled but missing important security headers and incident response details.

L

lymkwi

vulpinecitrus.info

0

VulpineCitrus is a personal blog operated by an individual named lux, a PhD student with interests in networking, programming (notably Rust), Linux development, and cycling. The website serves as a platform for sharing technical knowledge, personal writings, and photography. It targets a general audience interested in technology and personal insights rather than commercial customers. The business model is non-commercial, focusing on content sharing and community engagement. The site is small-scale and niche, with a consistent brand identity and clear contact information.

Keybase, owned by Zoom Video Communications, Inc., is a secure messaging and file-sharing platform that leverages public key cryptography to provide end-to-end encryption for individuals, families, communities, and companies. The service is available across multiple platforms including desktop and mobile operating systems, emphasizing privacy and security without reliance on third-party tracking or advertising. The website content is professionally designed, clear, and focused on promoting secure communication and file sharing with features such as exploding messages and team collaboration. Technically, the site uses modern web technologies and is hosted on AWS infrastructure, with DNS managed via Amazon's DNS services. Security posture is strong with HTTPS enforced, CSRF protections, and domain registration protections, though DNSSEC is not enabled and some security headers are not explicitly confirmed. Privacy compliance is robust with clear privacy and terms of service documentation, but no cookie consent mechanism is present, likely due to minimal cookie usage. No contact emails or phone numbers are publicly listed, which may limit direct user support visibility. Overall, the site is trustworthy, secure, and well-positioned in the technology sector as a privacy-focused communication tool.

T

The Fox Nexus

fox.nexus

0

The Fox Nexus operates as a small independent Mastodon social media instance, providing a federated platform for users interested in the fediverse. The website offers basic services typical of Mastodon servers, including user registration (currently closed), login, and content exploration. The platform targets users familiar with decentralized social networking and positions itself as a niche community for 'foxes'. Technically, the site runs Mastodon version 4.4.0-alpha.4+chuckya, leveraging modern web technologies such as JavaScript, SVG, and CSS with integrity checks on scripts and stylesheets, ensuring a moderate level of technical maturity and performance. Security posture is adequate with HTTPS enforced and no visible sensitive data exposure, though it lacks advanced security headers and explicit incident response policies. Privacy compliance is basic, with privacy and terms of service pages present but no cookie consent mechanism or GDPR-specific disclosures. Overall, the site is safe, professional, and trustworthy for its intended audience but could benefit from enhanced security and privacy features.

Toneindicator.io is a niche informational website launched in 2022 by the organization TNT based in Great Britain. The site provides a simple utility service allowing users to append tone indicators to URLs to view their definitions, targeting a general audience interested in online communication clarity. The business model is primarily informational with no evident monetization or commercial services. The website uses a modern Bootstrap framework and is hosted with Cloudflare DNS services, incorporating Google Tag Manager for analytics. The technical infrastructure is basic but functional, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers, which are recommended for improvement. Privacy compliance is minimal, with no privacy or cookie policies present, and no contact information provided, which reduces trust and compliance scores. Overall, the site is safe, free from adult or questionable content, and serves a clear informational purpose.

I

WMF Beta Cluster

isbetabroken.com

0

The website 'isbetabroken.com' serves as a status and monitoring page for the Wikimedia Foundation's Beta Cluster, a production-like environment used for final-stage testing of Wikimedia projects. It provides real-time operational status for various Wikimedia beta projects and deployment processes. The site is targeted primarily at developers and testers involved with Wikimedia projects, offering transparency into system health and deployment status. Technically, the site employs modern web technologies including JavaScript ES modules, Vue.js framework, and is built using the Vite toolchain. It is hosted on Cloudflare infrastructure with DNS managed by Cloudflare, ensuring reliable and performant delivery. The site is mobile-optimized and shows good design and navigation clarity, though accessibility features are basic. From a security perspective, the site uses HTTPS and has domain transfer protections enabled. However, DNSSEC is not enabled, and no explicit security headers or policies are visible in the content. There is a lack of privacy, cookie, and terms of service policies, as well as no contact or incident response information, which limits compliance and user trust. No tracking or analytics scripts are detected, indicating minimal user data collection. Overall, the site is a functional and focused technical status page with moderate trustworthiness and good technical implementation. The absence of privacy and security policies and DNSSEC are areas for improvement. Strategic recommendations include implementing DNSSEC, publishing privacy and cookie policies, adding contact and incident response details, and enhancing security headers to improve compliance and trust.

The website k4m1.net is a personal blog focused on technology topics including software, firmware, hardware projects, mathematics, and cryptography. It serves a niche audience of technology enthusiasts and hobbyists interested in deep technical content. The site is small scale and newly established in late 2023, with a consistent and clear branding approach. Technically, the site uses standard HTML, CSS, and JavaScript without a CMS, hosted likely via netcup.net based on DNS information. Performance and mobile optimization are good, though accessibility and SEO are basic. Security posture is moderate with HTTPS enabled but lacking advanced security headers and DNSSEC. No forms or sensitive data collection are present, reducing risk. Privacy compliance is basic with a privacy policy page but no cookie consent mechanism. Business credibility is moderate given the personal nature and clear author attribution. Overall, the site is safe, trustworthy, and well maintained for its scope.