Terms of Service & Disclaimers

Last updated: April 2026

1. Service Description

URLSiege is a passive security scanning service. We analyze publicly observable information about websites including HTTP headers, DNS records, SSL/TLS configuration, technology fingerprints, known vulnerability databases, and domain reputation services.

We do not perform active exploitation, penetration testing, or intrusive scanning. Our analysis is limited to information that is freely accessible to any internet user or publicly available through standard protocols.

2. Authorization & Consent

By using URLSiege, you confirm that:

  • You own or have written authorization to scan the domains you submit.
  • Unauthorized scanning of domains you do not own or control may violate applicable laws, including the Computer Fraud and Abuse Act (US), Computer Misuse Act (UK), and equivalent legislation in other jurisdictions.
  • Domain ownership is verified before any scanning is performed via file-based or DNS TXT record verification.

3. Scanning Methodology

URLSiege employs up to 15 passive scanning modules:

  • HTTP security headers analysis
  • DNS configuration checks (SPF, DMARC, CAA, DNSSEC)
  • SSL/TLS certificate and protocol analysis (via SSL Labs)
  • Technology stack fingerprinting
  • Known vulnerability (CVE) lookup based on detected versions
  • Domain reputation via Google Safe Browsing
  • Cookie security flag analysis
  • CORS misconfiguration testing
  • Information leakage detection (exposed files, error pages, metadata)
  • Open port detection for commonly exploited services
  • Form security analysis (CSRF, input handling)
  • Authentication security assessment (user enumeration, rate limiting)
  • Domain exposure analysis (WHOIS, subdomains, DNS zone configuration)

All requests are throttled to avoid disrupting the target website. We identify ourselves via User-Agent header as a security scanner authorized by the domain owner.

4. Disclaimer of Warranties

URLSiege is provided "as is" without warranty of any kind.

  • Scan results are informational only and may contain false positives or miss vulnerabilities not detectable through passive scanning.
  • Security is dynamic — new vulnerabilities are disclosed daily. A scan reflects the state of the target at the time of the scan only.
  • URLSiege is not a substitute for professional penetration testing, security audits, or compliance assessments.
  • The absence of findings does not guarantee the absence of vulnerabilities.
  • AI-generated reports are produced by large language models and may contain inaccuracies. Always validate recommendations with a qualified professional before making changes to production systems.

5. Limitation of Liability

URLSiege, its creators, and affiliates accept no liability for:

  • Actions taken or not taken based on scan results or report recommendations.
  • Any damages, losses, or security incidents arising from reliance on our service.
  • Inaccuracies in scan findings, AI-generated reports, or remediation advice.
  • Third-party actions resulting from information contained in scan results.

6. Acceptable Use

You agree not to:

  • Scan domains you do not own or are not authorized to test.
  • Use scan results to exploit vulnerabilities in any system.
  • Attempt to circumvent rate limits or scan cooldown periods.
  • Resell or redistribute scan results without attribution.
  • Use the service to harass, extort, or threaten domain owners.

We reserve the right to terminate accounts that violate these terms and to cooperate with law enforcement regarding misuse.

7. Data Handling

Scan results are stored in our database and associated with your account. We do not share scan results with third parties. Domain verification tokens and scan data are retained for the duration of your account. You may request deletion of your account and all associated data by contacting us.

8. Contact

For questions about these terms or to report misuse, contact us at contact@reevesnco.com.