EDIT (after 150+ comments of roasting):

First: You are legends. Thanks for the massive roasting. Had a Haupt-Mieterversammlung directly after clicking "Submit" and was too tired (and scared) to directly address the issues afterwards. Reading your comments really delivers some intense cringe-moments over here seeing my bugs exposed. I try to frame it as some of the best feedback from some of the best engineers in the world. This helps (it does).

The core stuff: I chose to implement ASN-list lookups instead of a GeoIP service (to have less deps). Worked for my european test cases. Clearly not battle-tested enough for the wild.

What I'm hearing: - Hosting detection has false positives (detecting links as hosting) and false negatives (US-hosted sites scoring 100%) - Social media LINKS shouldn't count same as EMBEDS (fair point) - Missing: registrar, TLD jurisdiction, DNS location - AWS/Cloudflare detection is spotty - Migration cost estimates are too high for small sites - Some UI bugs on Firefox

What we shipped overnight (yes, while this was trending): - "Hotfix" for our scanning friends over nsa.gov What we ship from now on: - Fix the real bugs

v0.2 roadmap based on your feedback:

1. Hybrid GeoIP + ASN detection 2. Differentiate links vs embeds 3. Add registrar/TLD/DNS checks 4. Fix AWS/CloudFront/Cloudflare detection 5. Smarter migration cost estimates 6. UI fixes

Building in public. This is day 1.

To everyone who tested edge cases: you part of this tool soon :) To whover tested nsa.gov at 2am CET: I noticed.

I am not sure how much i will get done by today – maybe i will need to touch grass later a bit (or feeding the cows as we do it over here in austria)