What is SiteSpecter?

SiteSpecter is a website security intelligence tool that helps you analyze domains for potential security risks. It aggregates publicly available information to provide a comprehensive security overview without requiring you to visit potentially dangerous sites directly.

Key Features

• Domain Overview: Registration details, domain age, and basic security assessment
• Security Scorecard: Consolidated letter grades across multiple security categories
• RDAP/WHOIS: Domain registration and ownership information
• DNS Records: A, MX, TXT, and other DNS configuration details
• Email Security: SPF, DKIM, DMARC, and other email authentication analysis
• Web Headers: HTTP security headers analysis (CSP, HSTS, etc.)
• SSL/TLS: Certificate details and validity
• Threat Intelligence: Integration with AlienVault OTX for domain AND IP-based threat data
• Brand Similarity: Detection of potential typosquatting or brand impersonation
• HTML Risk Analysis: Detection of potentially suspicious patterns in page content
• Website Screenshot: Capture a visual screenshot of the analyzed website
• AI Analysis: AI-powered summary and recommendations

Intended Uses

SiteSpecter is designed for legitimate security purposes, including:

• Investigating suspicious links: Safely analyze URLs from emails or messages before visiting them
• Security research: Evaluate websites as part of authorized security investigations
• Analyzing your own domains: Assess your organization's security posture and identify improvements
• Vendor & partner assessments: Evaluate the security posture of business partners, vendors, or third-party services
• Educational purposes: Learn about web security concepts and common threat indicators

Getting Started

1. Enter a domain name (e.g., example.com) in the input field
2. Check the Terms of Service agreement box
3. Click Analyze to run the security analysis
4. Review the results across the various tabs
5. Optionally, use the AI Analysis tab for an AI-generated summary

For full legal terms, please review the Terms of Service & Privacy Policy.

1. Open Source Intelligence (OSINT) Tool

SiteSpecter is an Open Source Intelligence (OSINT) tool that aggregates and analyzes publicly available information about domains. This tool:

• Only accesses publicly available data sources (WHOIS/RDAP records, DNS records, SSL certificates, public threat intelligence databases)
• Fetches publicly accessible web content in the same manner as any web browser or search engine crawler
• Does not bypass any authentication, access controls, or security measures
• Does not store, redistribute, or share any fetched content
• Processes all data server-side to protect users from direct exposure to potentially malicious content

2. Acceptable Use

SiteSpecter is intended solely for legitimate security research purposes. By using this tool, you agree to:

• Use SiteSpecter only to analyze domains you have authorization to investigate
• Use the tool for defensive security research, threat analysis, and educational purposes
• Not use this tool to facilitate any illegal activities, harassment, or malicious purposes
• Not attempt to circumvent rate limits or abuse the service

3. Legal Basis for Data Collection

The information gathered by SiteSpecter is obtained through methods that are legally equivalent to:

• Visiting a website and viewing its source code (publicly served HTML)
• Performing a WHOIS lookup (public domain registration records)
• Querying public DNS servers (public DNS records)
• Connecting to a server and viewing its SSL certificate (publicly presented certificates)
• Querying public threat intelligence APIs (publicly available security data)

No content is stored permanently, cached beyond the immediate analysis session, or redistributed.

4. Rate Limits

To ensure fair access for all users and prevent abuse:

• Client-side rate limiting is enforced (5 requests per 30 seconds)
• Excessive or automated requests may result in temporary blocks
• AI analysis features are subject to additional rate limits

5. No Warranty / Disclaimer

SiteSpecter is provided "AS IS" without warranty of any kind. We make no guarantees about:

• The accuracy, completeness, or reliability of analysis results
• The availability or uptime of the service
• The suitability of results for any particular purpose

Analysis results should be considered informational only and verified through additional sources before taking action.

5a. Brand Similarity Analysis Disclaimer

The Brand Similarity feature compares analyzed domains against a database of known legitimate brands:

• Our verified domains list is continuously updated but cannot be comprehensive
• High similarity to a known brand does not necessarily indicate malicious intent — many legitimate businesses operate multiple similar domains
• Low similarity does not guarantee there is no brand impersonation — attackers may use creative variations
• This analysis should be considered alongside other indicators, not in isolation

5b. IP-Based Threat Intelligence Disclaimer

SiteSpecter checks threat intelligence for both domains and their associated IP addresses:

• Many websites share IP addresses through shared hosting, CDNs, or cloud providers
• IP addresses may change due to dynamic addressing or infrastructure migrations
• Historical IP threat data may reflect previous tenants of the IP address, not the current website
• IP-based threat indicators have limited impact on overall risk scores (capped at 10 points) due to these considerations
• IP-based findings should be evaluated in context with domain-specific threat data

5c. Screenshot Feature Disclaimer

The website screenshot feature captures a visual representation of analyzed websites:

• Screenshots are captured via a third-party service and represent a point-in-time view
• Content may differ from what you see due to geolocation, personalization, or dynamic content
• Screenshots are not stored permanently and are generated on-demand

6. Assumption of Risk

By using SiteSpecter, you acknowledge and agree that:

• You assume all risk and liability for your use of this tool and any actions taken based on its output
• You are solely responsible for ensuring your use complies with all applicable laws and regulations
• The operators of SiteSpecter shall not be liable for any damages, losses, or consequences arising from your use of this tool
• You will not hold the operators responsible for any false positives, false negatives, or inaccuracies in the analysis

7. Data Privacy

SiteSpecter respects your privacy:

• No user accounts or personal information is collected
• Analysis history is stored locally in your browser only
• Analyzed domains are sent to third-party services (RDAP, OTX, Claude AI) for processing
• No server-side logs of user activity are maintained
• Fetched web content is processed in memory only and not permanently stored

For complete privacy information, please review our Privacy Policy.

8. Analytics

We use Simple Analytics, a privacy-focused analytics service, to understand how SiteSpecter is used:

• Simple Analytics does not use cookies or track individual users
• No personal data, IP addresses, or unique identifiers are collected
• Analytics data is aggregated and anonymized
• We only collect basic metrics like page views and referrer sources

Learn more at simpleanalytics.com

9. Third-Party Services

SiteSpecter integrates with external services including:

• RDAP/WHOIS servers for domain registration data
• AlienVault OTX for threat intelligence
• Anthropic Claude for AI-powered analysis
• Screenshotlayer for website screenshots
• Simple Analytics for privacy-focused usage analytics

Use of these services is subject to their respective terms and privacy policies.

10. Modifications

We reserve the right to modify these terms at any time. Continued use of SiteSpecter constitutes acceptance of any changes.

Before using SiteSpecter, please review and accept our Terms of Service.

Key Points:

• OSINT Tool: This tool only uses publicly available information (WHOIS, DNS, SSL certs, public HTML)
• No Storage: Fetched content is processed in memory only and never stored or redistributed
• Server-Side Processing: All requests are made server-side to protect you from direct exposure
• Authorized Use Only: Only analyze domains you have permission to investigate
• Security Research: Use for defensive security, threat analysis, and education
• No Warranty: Results are informational and provided "as is"
• Your Responsibility: You assume all risk for actions based on results

Read the full Terms of Service

SiteSpecter is committed to protecting your privacy.

Last updated: January 2026

1. Information We Don't Collect

SiteSpecter is designed with privacy in mind. We do not collect:

• Personal information (names, email addresses, etc.)
• User accounts or login credentials
• IP addresses or unique identifiers
• Cookies for tracking purposes
• Browsing history or behavior profiles

2. Local Storage

SiteSpecter uses your browser's local storage to:

• Store your analysis history (visible in the History tab)
• Remember your Terms of Service acceptance

This data is stored only on your device and is never transmitted to our servers. You can clear this data at any time through your browser settings.

3. Domain Analysis Data

When you analyze a domain:

• The domain name is sent to our server for analysis
• Our server queries third-party services (RDAP, DNS, OTX, etc.)
• Fetched web content is processed in memory only and not stored
• Analysis results are returned to your browser and not retained on our servers
• No server-side logs of analyzed domains are maintained

4. Third-Party Services

SiteSpecter integrates with the following third-party services:

• RDAP/WHOIS Servers: For domain registration lookups
• AlienVault OTX: For threat intelligence data
• Anthropic Claude: For AI-powered analysis
• Screenshotlayer: For website screenshots
• Simple Analytics: For privacy-focused usage analytics

Each service has its own privacy policy that governs how they handle data.

5. Analytics

We use Simple Analytics to understand how SiteSpecter is used:

• No cookies are used
• No personal data is collected
• No IP addresses are logged
• No cross-site tracking
• GDPR, CCPA, and PECR compliant

Simple Analytics collects only aggregated, anonymized metrics such as page views and referrer sources. This helps us understand overall usage patterns without identifying individual users.

Learn more: Simple Analytics Privacy Policy

6. Data Security

We implement appropriate security measures:

• All connections use HTTPS encryption
• API keys and secrets are stored securely server-side
• No sensitive data is stored in databases

7. Your Rights

Since we don't collect personal data, there is no personal information to access, correct, or delete. Your analysis history is stored locally in your browser and can be cleared at any time.

8. Children's Privacy

SiteSpecter is not intended for use by children under 13. We do not knowingly collect any information from children.

9. Changes to This Policy

We may update this privacy policy from time to time. Continued use of SiteSpecter constitutes acceptance of any changes.

10. Contact

For privacy-related questions, please contact us through our support channels.