MalwareTips
Security Review

Is ejj.io legit or a scam?

Our verdict:Safe· 90/100

Legitimate personal technical blog run by established security professional Evan J. Johnson; clean reputation, no fraud indicators.

Why we trust it
Domain active since 2012 with consistent professional operation over 12+ years.Owner is publicly identifiable security engineer with verifiable Cloudflare employment and RunReveal co-founder status.Zero antivirus detections across 92 engines and zero abuse reports on hosting IP.
ejj.ioScanned 2d ago
Post Facebook
0
Trust score
SAFE
Heuristics 95·MT 88
View density

Analysis Summary

Threat Intelligence
0/92
All engines report clean
Domain Age
Registration date unknown
MT Intelligence
Safe
Low likelihood · 95% confidence
SAFE

No threats detected

All checks passed. This site appears legitimate — but always stay alert for phishing even on trusted domains.

Website Preview

Screenshot of ejj.io
LIVE RENDER
ejj.io

Automated page render — captured in a safe sandbox. What an ordinary visitor would see when loading the site.

MT Intelligence

Advanced threat intelligence
MT Security Analyst
Low scam likelihoodengineMT · Guardiantrust88/100
MT AgentLive web researchVisual inspection
0%
Confidence
ejj.io is a long-standing personal website (active since at least 2012) operated by a publicly identifiable security engineer with verifiable professional credentials at Cloudflare and co-founder status at RunReveal. Our antivirus network shows zero detections across 92 engines, the hosting IP has zero abuse reports, and SSL is valid. Web research found no scam reports, complaints, or negative mentions across consumer-review sites, Reddit, or security forums. The site content consists of technical blog posts on security topics and serves as a professional portfolio; there are no commercial transactions, suspicious calls-to-action, or credential-harvesting patterns. The owner's LinkedIn and GitHub profiles confirm the professional background, and the site has been consistently hosted behind Cloudflare since at least 2019.
Full dossier
Analysis complete

Page Content

ejj.io is a personal technical blog featuring security-focused articles, including posts on the Capital One breach, Cloudflare architecture, and misconfigured CORS scanners. The site serves as a professional portfolio and informational resource with no commercial elements, downloads, or suspicious calls-to-action.

Infrastructure

The domain is hosted on IP 172.66.43.176 with valid SSL (Let's Encrypt, 83 days to expiry). The site has been fronted by Cloudflare since at least 2019 and was originally built with PHP/Apache before being rewritten in Golang. No redirects or cross-domain behaviour detected.

Domain History

ejj.io has been active since at least 2012, making it a 12+ year-old domain. The owner, Evan J. Johnson, is publicly associated with James Madison University mentoring activities (circa 2013–2016) and maintains active professional profiles on LinkedIn and GitHub under the handle @ejcx_.

Web Reputation

Zero scam reports, complaints, or fraud mentions found across web searches, consumer-review aggregators, Reddit, and security forums. Our antivirus network reports zero detections (0/92 engines), and the hosting IP has zero abuse reports with a reputation score of 0/100 (clean).

Positive Signals
5
  • Domain active since 2012 with consistent professional operation over 12+ years.
  • Owner is publicly identifiable security engineer with verifiable Cloudflare employment and RunReveal co-founder status.
  • Zero antivirus detections across 92 engines and zero abuse reports on hosting IP.
  • Valid SSL certificate and consistent Cloudflare hosting since 2019.
  • No scam reports, complaints, or negative mentions found in web research.
AI Recommendation
This site is safe to visit. It is a legitimate personal technical blog run by an established security professional. No action is needed.
Next-gen fraud intelligence
Evidence-backedCross-checked

Web Research Findings

Our live research agent queries scam-report databases, consumer-review sites, news coverage, and general web search for ejj.io, then cross-checks business-registration records and look-alike domain patterns. Everything below is pulled from what it actually found.

Business registration
No public record found
Could not match the site to a registered company — common for small sites.
Clone check
Not a clone
No well-known site's layout or branding detected here.
Typosquat check
No look-alike match
The domain doesn't resemble any well-known brand's spelling.
Web mentions
No scam reports found
No complaints, no negative coverage turned up in our sweep.
Key findings
7 headline facts from open-web research
  • ejj.io is the personal website of Evan J. Johnson (Twitter/X: @ejcx_, GitHub: ejcx), a security engineer who has worked at Cloudflare in San Francisco.
  • The site has existed since at least 2012, originally hosted with PHP/Apache and later rewritten in Golang, always fronted by Cloudflare (per blog post from 2019).
  • Content includes technical blog posts on security topics such as the Capital One breach, Cloudflare architecture, and misconfigured CORS scanners.
  • Owner is publicly associated with James Madison University (JMU) alumni/mentor activities (Reddit posts from ~2013–2016 offering advice via e@ejj.io).
  • No scam reports, complaints, fraud mentions, or negative reviews found across web searches, Reddit, or security forums.
  • LinkedIn and GitHub profiles confirm professional background in security, patents, and co-founding RunReveal; site serves as a professional/portfolio presence.
  • No commercial transactions, downloads, or suspicious calls-to-action observed; purely informational/technical personal site.
Research summary
Narrative write-up from our AI analyst, grounded on the facts above

We searched scam-report databases, consumer-review sites, Reddit, and general web sources for ejj.io and found no scam reports, complaints, or fraud mentions. The domain is confirmed as the personal website of Evan J. Johnson, a security engineer with public professional credentials at Cloudflare and co-founder of RunReveal. The site has operated continuously since at least 2012 as a technical blog and professional portfolio.

Antivirus Engines

Clean pass · verified
Clean across 92 engines

We cross-check every URL against our antivirus network of 92 malware and blacklist engines. None of them flagged this URL in the last scan.

0Malicious0Suspicious60Harmless92Engines
Clean
Kaspersky
Clean
Bitdefender
Clean
Microsoft
Not in pass
ESET-NOD32
Not in pass
Avira
Not in pass
Sophos
Clean
Fortinet
Clean
Google Safebrowsing
Clean
Emsisoft
Clean

No engine detections. The URL passed every antivirus and blacklist engine we queried in this scan. Stay vigilant — AV coverage is only one signal among many.

Security Scans

Blacklist Check
Not flagged on major threat lists

Checked against the major public blocklists used by browsers and security tools — no hits.

Domain & Encryption

Encryption Certificate
StatusValid
ProtocolTLSv1.3
IssuerLet's Encrypt · YE2
ExpiresSep 3, 2026 (83d)
Self-signedNo
Hosting & Technology
HostingCloudflare, Inc.
Server locationUS

Server Reputation

Abuse Intelligence
Confidence score0%
Reports on file0
ISPCloudflare, Inc.
Usage typeContent Delivery Network

Still, stay alert

No major threat indicators — but a clean scan does not guarantee every page is safe, and phishing emails routinely spoof real domains.

  • Double-check the exact URL in your address bar

    Confirm you are actually on ejj.io and not a lookalike like e-jj.io.com or an IDN homoglyph.

  • Use a password manager

    Password managers only auto-fill on the exact domain they were saved for — they refuse to fill lookalike domains, which is the single best phishing defence.

  • Discuss this site on the forum

    If you have first-hand experience with this site — good or bad — share it with the MalwareTips community.

    Open

Reputation Sources

How this domain rates across independent threat-intelligence and blocklist providers.

Google Safe Browsing
Not listedCheck ↗
VirusTotal
Not listedCheck ↗
AbuseIPDB
Not listedCheck ↗
Also verify:Spamhaus ↗DNSBL / SURBL ↗PhishTank ↗

Safety FAQ

Common questions about this site, answered directly from the scan data above — so the answers always reflect the latest verdict on this page.

  • Our automated security review found no threat indicators on ejj.io. The site appears legitimate based on the signals we checked, but always stay alert for phishing emails that spoof real domains.
  • ejj.io passed our automated security checks with a trust score of 90/100. No antivirus engines or major blacklists flagged the site at the time of the last scan.
  • Yes. ejj.io presents a valid TLSv1.3 certificate issued by Let's Encrypt · YE2, expiring in 83 days. Note that SSL only encrypts the connection — it does not guarantee that the site itself is trustworthy.
  • No. All 92 antivirus engines in our malware network report ejj.io as clean.
  • No. ejj.io is not currently listed on the major browser blocklist feeds that modern browsers use.
  • ejj.io resolves to an IP operated by Cloudflare, Inc. in US (usage type: Content Delivery Network). Hosting location alone doesn't make a site good or bad, but unusual geography for a brand's claimed country is one of many signals we weigh.
  • This is a permanent record of the scan run on June 12, 2026. The verdict and evidence above reflect that scan and do not change on their own. If circumstances around ejj.io have changed, MalwareTips staff can run a fresh scan, which re-runs every check from scratch and publishes an updated report.

Final Verdict

0
Trust / 100
Final Verdict·ejj.io
SAFE

ejj.io is the legitimate personal website and technical blog of Evan J. Johnson, a security engineer at Cloudflare and co-founder of RunReveal. The site has operated since 2012 with no scam reports, complaints, or suspicious activity.

This site is safe to visit. It is a legitimate personal technical blog run by an established security professional. No action is needed.

AV engines
92
MT passes
2
Net signals
0
Scan another URL
Security review completemalwaretips.com/url-scan
Recently scanned

Other Safe reports

Browse all reports
Safetrust86
juuri.hagezi.org
26m ago
Read the review
Safetrust85
happiyum.com
30m ago
Read the review
Safetrust85
esaac.co
31m ago
Read the review
Safetrust86
icucleaning.com
32m ago
Read the review
Safetrust85
seanquigley.com
35m ago
Read the review
Safetrust66
hedvalevi.co.il
37m ago
Read the review
Safetrust83
minesbeachresort.com
41m ago
Read the review
Safetrust82
ledytec.com
41m ago
Read the review
Safetrust81
leekimyew.com
44m ago
Read the review
Safetrust85
astralhq.com
48m ago
Read the review
Safetrust88
fmpadel.com
48m ago
Read the review
Safetrust78
proxysite.com
48m ago
Read the review
Community review

User reviews & comments(0)

Share your experience — "Lost $200 on a fake checkout" is more useful than "Scam". Your review helps others avoid traps.

Loading…
Loading comments…
This report is generated automatically by combining threat intelligence, domain signals, and an AI security analyst. It is informational, not legal advice. Always use your own judgement before sharing personal information or money online.