United States security reports

H

HyprMX

hyprmx.com

67

HyprMX is a New York-based mobile advertising network specializing in brand-only ads within premium mobile applications. Established in 2012, the company positions itself as a premier ad network connecting top Fortune 500 advertisers directly with mobile app publishers. The website reflects a professional and modern digital presence, utilizing standard web technologies and third-party services such as Google Analytics and OneTrust for cookie consent management. The technical infrastructure appears solid, with AWS-hosted DNS and modern font loading techniques, although no CMS or advanced frameworks are detected. Security posture is adequate with HTTPS and IP anonymization in analytics, but lacks explicit security headers and published security policies. Privacy compliance is partially addressed through cookie consent but lacks a visible privacy policy or terms of service. Overall, the domain registration data aligns well with the business claims, indicating legitimacy and transparency.

D

Dia Art Foundation

diaart.blog

57

Dia Art Foundation operates an arts-focused blog hosted on Squarespace, providing weekly content related to artist projects, exhibitions, and public programs. The website targets a general audience interested in contemporary art and culture, positioning itself as a niche non-profit arts organization. The technical infrastructure is modern, leveraging Squarespace's platform with good mobile optimization and SEO practices. Security posture is solid with HTTPS enabled and no visible vulnerabilities, though security headers are absent and privacy compliance could be improved. The lack of direct contact information and WHOIS transparency slightly reduces trust but is typical for privacy-conscious non-profits. Overall, the site is professional and trustworthy within its domain.

B

Bar Laika

laika.bar

56

Bar Laika is a small hospitality business operating a bar located at 224 Greene Avenue, Brooklyn, NY. The website presents the bar's location, contact information, and acknowledges indigenous land, positioning itself as a community-focused nightlife venue. The business is affiliated with e-flux, a known cultural organization, which adds credibility. The website uses modern frontend technologies such as Vue.js and is hosted via Hover DNS services. The site is accessible, mobile-optimized, and provides a good user experience with clear navigation and relevant content. However, it lacks formal privacy and cookie policies, which are important for compliance and user trust. Security posture is moderate with HTTPS enabled but missing security headers and DNSSEC. No WAF or blocking mechanisms are detected, allowing full content access. The domain is privacy protected but this is justified given the business type and age. Overall, the site is functional and professional but could improve compliance and security practices.

B

Bitly, Inc.

hop.sc

53

Bitly, Inc. is a well-established enterprise technology company specializing in branded link management and URL shortening services. Founded in 2003 and headquartered in the United States, Bitly serves businesses and marketers worldwide, offering key services such as URL shortening, branded links, QR codes, and analytics. The company enjoys a strong market position, trusted by major global brands and supported by comprehensive compliance with privacy regulations including GDPR and CCPA. Technically, Bitly's website demonstrates a mature digital infrastructure leveraging modern technologies such as WordPress CMS, AWS hosting, Cloudfront CDN, and advanced marketing and analytics tools like Google Tag Manager, Optimizely, and ProfitWell. The site is optimized for performance, mobile responsiveness, accessibility, and SEO, reflecting a high level of digital maturity. From a security perspective, Bitly enforces HTTPS, maintains domain registration protections, and complies with SOC 2 Type 2 standards. While security headers and DNSSEC are areas for improvement, the overall security posture is strong with no evident vulnerabilities or exposed sensitive data. Privacy compliance is robust, supported by clear policies and consent mechanisms. Overall, Bitly presents a low-risk profile with a professional, trustworthy online presence. Strategic recommendations include enabling DNSSEC, publishing a security.txt file, enhancing security headers, and providing explicit incident response contacts to further strengthen security and compliance.

T

Travel Portland

travelportland.com

10

Travel Portland operates as the official city guide for Portland, Oregon, providing comprehensive tourism information including attractions, culture, neighborhoods, and trip planning resources. The website is well-branded and targets tourists and visitors seeking to explore Portland. Technically, the site is built on WordPress with modern technologies such as Google Tag Manager, New Relic monitoring, and CookieYes for consent management, ensuring good performance, mobile optimization, and SEO. Security posture is strong with HTTPS enforced and security monitoring scripts in place, though some security headers could be improved. Privacy compliance is robust with clear privacy and cookie policies and consent mechanisms. However, the WHOIS data is unavailable or inconsistent, which slightly impacts business credibility. Overall, the site is professional, trustworthy, and provides a safe browsing experience.

The Regional Arts and Culture Council (RACC) is a well-established nonprofit organization founded in 1995, dedicated to enriching the greater Portland community through arts and culture. The organization operates a diverse portfolio of services including grant programs, a nationally recognized public art program, advocacy efforts, and arts education support. Their market position is strong within the regional arts ecosystem, supported by a clear mission and active community engagement. The website reflects a professional and consistent brand image, targeting artists, creatives, and cultural organizations in the Portland area. Technically, the website is built on WordPress with modern front-end technologies such as Foundation CSS and Swiper.js for interactive elements. It integrates Google Analytics and Tag Manager for tracking and uses Yoast SEO for optimization. The site is mobile responsive and performs moderately well, though there is room for improvement in accessibility and security headers. Hosting details are not explicit but DNS and registrar information indicate a reputable setup. From a security perspective, the site uses HTTPS with a good SSL configuration and has domain transfer protections in place. However, DNSSEC is not enabled, and security headers are absent, which are areas for improvement. There is no visible security policy or incident response information published, and cookie consent mechanisms are missing, which impacts privacy compliance. The WHOIS data shows privacy protection typical for nonprofits and a domain age consistent with the organization's history, supporting legitimacy. Overall, the website is trustworthy, professionally maintained, and serves its nonprofit mission effectively. Strategic recommendations include enabling DNSSEC, adding security headers, implementing cookie consent for GDPR compliance, and publishing security and incident response policies to enhance trust and compliance.

O

Oregon Cultural Trust

culturaltrust.org

10

The Oregon Cultural Trust is a well-established non-profit organization dedicated to supporting arts, heritage, and humanities nonprofits across Oregon. It operates a unique cultural tax credit program that enables donors to match their donations and supports over 1,600 nonprofits statewide. The website reflects a mature digital presence with comprehensive content, multimedia resources, and clear calls to action for donations and grant applications. The organization maintains strong partnerships with state government and cultural institutions, reinforcing its market position as a key cultural funding entity in Oregon. Technically, the website is built on WordPress with modern web technologies including jQuery, MediaElement.js, and integrates multiple analytics and marketing tools such as Google Tag Manager, Facebook Pixel, Hotjar, and Reddit Pixel. The site is mobile-optimized and SEO-friendly, leveraging Yoast SEO and Typekit fonts for branding consistency. Performance is moderate with asynchronous loading of scripts enhancing user experience. From a security perspective, the site enforces HTTPS and uses several security best practices, though explicit security headers like Content-Security-Policy and X-Frame-Options are not clearly present. Privacy compliance is partially addressed with a comprehensive privacy policy but lacks a cookie consent mechanism. WHOIS data is unavailable, likely due to privacy protection, but the website's professionalism and official branding indicate legitimacy. Overall, the Oregon Cultural Trust website presents a trustworthy and professional digital front for a non-profit cultural funding organization. Strategic recommendations include enhancing security headers, implementing cookie consent for GDPR compliance, and publishing a security policy with incident response contacts to further strengthen trust and compliance.

T

The Oregon Community Foundation

oregoncf.org

11

The Oregon Community Foundation is a well-established non-profit organization dedicated to improving lives across Oregon through philanthropy. The foundation facilitates charitable giving via donor advised funds, grants, scholarships, and philanthropic advising. It has a strong market position as a trusted community foundation since 1973, serving a broad audience including donors, volunteers, professional advisors, and community members. The website reflects this with comprehensive content, clear navigation, and multiple regional offices to serve the state. Technically, the website is built on Silverstripe CMS and leverages modern marketing and analytics tools such as Google Analytics, Facebook Pixel, and Adroll. Hosting is provided via Cloudflare, ensuring good performance and security. The site is mobile optimized and SEO friendly, though accessibility could be improved. Security posture is solid with HTTPS and domain transfer protections, but could benefit from additional security headers and DNSSEC. Security-wise, no critical vulnerabilities or exposed sensitive data were found. Privacy and cookie policies are present with consent mechanisms, supporting GDPR compliance. However, the site lacks explicit security policies, incident response contacts, and vulnerability disclosure information, which are recommended for enhanced trust and compliance. Overall, the website is professional, trustworthy, and well-aligned with the organization's mission. Strategic improvements in security headers, DNSSEC, and transparency around security policies would further strengthen its posture and user trust.

J

James F. and Marion L. Miller Foundation

millerfound.org

50

The James F. and Marion L. Miller Foundation is a private foundation dedicated to supporting arts and education initiatives in Oregon. Their website clearly communicates their mission, funding areas, and grant programs targeting individual artists, arts organizations, and educational institutions. The foundation maintains an active presence with news updates, grantee spotlights, and social media engagement, positioning itself as a trusted regional grantmaker in the education and arts sectors. Technically, the website is built on the Webflow CMS platform, leveraging modern web technologies including Google Fonts, jQuery, and Google Tag Manager for analytics. The site is well-designed, mobile-optimized, and provides a good user experience with clear navigation and professional branding. However, there is room for improvement in accessibility and SEO best practices. From a security perspective, the site uses HTTPS with a strong SSL configuration and does not expose sensitive data. However, it lacks explicit security headers such as Content Security Policy and HSTS, and does not provide visible privacy or cookie policies, which are important for compliance and user trust. No vulnerability disclosure or incident response information is present, which could be enhanced to improve security posture. Overall, the website is professional, trustworthy, and serves its audience well, but should address privacy compliance and security best practices to reduce risk and enhance user confidence.

T

TrueWest

truewestpresents.com

56

TrueWest is a small, regionally focused live event promoter specializing in music concerts and festivals primarily in Portland, Oregon. The company operates a professional website built on WordPress that provides event listings, ticket sales, and promotional content targeting music fans and live event attendees. The site demonstrates good digital maturity with modern technologies such as jQuery, Yoast SEO, and integration with ticketing platforms. Social media presence on Facebook, Instagram, and Twitter supports their marketing efforts. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and vulnerability disclosure mechanisms. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Overall, the website is trustworthy and professionally maintained, supporting the company's business model effectively.

R

Revolution Hall

revolutionhall.com

61

Revolution Hall is a well-established music venue located in Portland, Oregon, operating since 2014 in a historic building. The venue offers live music events, private event hosting, and food and beverage services including a show bar, cafe, and roof deck. It targets music fans and local community members, positioning itself as a key player in Portland's live entertainment and hospitality sector. The website is professionally designed with excellent content quality, clear navigation, and strong branding consistency. It integrates ticketing services via Etix and maintains active social media channels, enhancing its market presence. Technically, the website is built on WordPress with modern SEO and analytics tools such as Yoast SEO, Google Analytics, Google Tag Manager, and Facebook Pixel. It uses jQuery and other JavaScript libraries for interactive features. The site is mobile optimized and accessible, though performance is moderate. HTTPS is enforced, ensuring secure communications. However, security headers are not explicitly detected, and no cookie consent mechanism is present, indicating room for improvement in privacy compliance. From a security perspective, the site demonstrates good practices like secure form handling and no visible sensitive data exposure. The absence of WHOIS data for the domain raises some concerns about domain registration transparency, though the website's operational legitimacy is supported by its content and external integrations. No explicit security policies or incident response contacts are published, which could be enhanced to improve trust and compliance. Overall, Revolution Hall's website is a professional, content-rich platform supporting its business operations effectively. Strategic improvements in privacy compliance, security headers, and domain registration transparency would strengthen its security posture and trustworthiness.

M

Mississippi Studios

mississippistudios.com

53

Mississippi Studios is a well-established music venue and bar located in Portland, Oregon, operating since 2002. The venue hosts a variety of nationally and internationally touring acts alongside local favorites, and also operates a bar named Bar Bar. The business model includes live event hosting, food and beverage sales, merchandise, and gift cards, targeting music fans and adults in the local community. The website reflects a professional and consistent brand presence with good content quality and active event listings. Technically, the site is built on WordPress with common web technologies and integrates multiple analytics and advertising tools. Security posture is adequate with HTTPS enabled and domain registration locks in place, but lacks DNSSEC and security headers. Privacy compliance is weak due to missing privacy and cookie policies and no visible consent mechanisms. Overall, the site is functional and credible but would benefit from enhanced privacy and security practices.

T

The Green Cities Company

greencities.com

69

The Green Cities Company is a well-established real estate investment management firm focused on integrating environmental, social, and governance (ESG) principles into its portfolio. With over a decade of experience, the company manages a diverse portfolio including Value-Add, Build-to-Core, and Core investments, emphasizing sustainability and community impact. Their market position is strong, supported by industry certifications and a clear commitment to ESG innovation. The website reflects a professional and modern digital presence, leveraging WordPress with SEO optimization and responsive design to engage investors and stakeholders effectively. Security posture is solid with HTTPS and domain protections, though there is room for improvement in DNSSEC and security headers. Overall, the site demonstrates high business credibility and trustworthiness, with comprehensive contact information and transparent reporting.

G

Greystar Worldwide, LLC

greystar.com

66

Greystar Worldwide, LLC operates a professional real estate website focused on apartment rentals and property management services across multiple U.S. cities. The company positions itself as a large, enterprise-level real estate management firm offering a wide portfolio of residential communities. The website is well-structured, with clear navigation, comprehensive privacy and terms policies, and a strong brand presence supported by social media channels. Technically, the site uses modern frameworks such as Next.js and Sitecore CMS, ensuring good performance and mobile optimization. Security posture is strong with HTTPS and security headers implemented, though no explicit incident response or vulnerability disclosure information is provided. The absence of WHOIS data is a notable anomaly but does not detract from the overall legitimacy indicated by the website content and external references.

R

RealPage

realpage.com

73

RealPage is a leading enterprise providing property management software, data analytics, and related services primarily targeting the multifamily and real estate sectors. Their website showcases a comprehensive suite of solutions including marketing, leasing, resident experience, revenue management, and compliance services. The company positions itself as a market leader with a strong focus on innovation, including AI-powered platforms like Lumina and LOFT. Technically, the website employs modern web technologies and integrates multiple analytics and marketing tools, ensuring a professional and responsive user experience. Security posture is solid with HTTPS enforcement and privacy compliance mechanisms, though explicit security headers are not clearly visible in the HTML. The absence of WHOIS data reduces transparency but does not detract significantly from the overall legitimacy given the professional presentation and business scale. Strategic recommendations include enhancing security header implementation and formalizing vulnerability disclosure channels.

M

Mirror Mirror

mirrormirrorfinish.tv

57

Mirror Mirror is a specialized color and finishing studio serving digital film and commercial projects. They focus on enhancing the emotional impact of visual content through expert grading, grain, stylized color, and tone adjustments. Their services cater to production companies and agencies requiring high-quality post-production finishing, supporting both in-person and remote workflows. The website reflects a professional and modern digital presence with rich multimedia content showcasing their portfolio. Technically, the site uses modern frameworks such as Vue.js and Nuxt.js, with embedded Vimeo videos and Lottie animations, delivering a fast and mobile-optimized experience. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though the absence of security headers and formal security policies suggests room for improvement. Privacy compliance is lacking as no privacy or cookie policies are found, which could pose regulatory risks. Overall, the domain registration aligns well with the business claims, supporting legitimacy and trustworthiness.

T

Table22

table22.com

65

Table22 is a U.S.-based platform focused on helping hospitality businesses such as restaurants, wine shops, and specialty food producers expand their revenue streams through subscription management and customer loyalty solutions. The company has established a solid market presence since its founding in 2015, serving thousands of operators with tailored playbooks and digital tools. The website is built on the Squarespace platform, integrating multiple analytics and marketing technologies to support business growth and customer engagement. Security posture is adequate with HTTPS and domain registrar protections, but lacks advanced security headers and DNSSEC. Privacy compliance is limited due to the absence of explicit privacy and terms of service pages. Overall, the site is professional, well-branded, and safe for general audiences.

E

Engrain

sightmap.com

68

Engrain is a technology company specializing in interactive property mapping solutions primarily for the multifamily real estate sector. Their flagship product, SightMap, offers advanced features such as transparent pricing, unit availability, and media integration to streamline leasing and enhance renter experience. The company targets property managers, leasing agents, and renters, positioning itself as a key player in real estate SaaS solutions with a strong focus on user-friendly, immersive mapping technology. The website demonstrates a mature digital presence with comprehensive content, developer resources, and partner integrations, reflecting a medium-sized enterprise with a consistent brand identity. Technically, the website is built on the Webflow CMS platform, leveraging modern web technologies including JavaScript libraries, Google Tag Manager, and Hotjar for analytics and user behavior tracking. The site is well-optimized for performance, mobile responsiveness, and accessibility, with proper SEO and metadata implementation. Security best practices are observed with HTTPS enforcement and relevant security headers, although there is room for improvement in publicly disclosing security policies and incident response procedures. From a security perspective, the site shows a good posture with no evident vulnerabilities or exposed sensitive data. However, the absence of a public security policy, vulnerability disclosure program, and incident response contacts suggests opportunities to enhance transparency and trust. The WHOIS data for the domain is unavailable or not found, which is unusual and may indicate privacy protection or a query issue; this discrepancy warrants caution but does not directly undermine the site's legitimacy based on content and technical indicators. Overall, Engrain's website is professional, secure, and compliant with privacy standards, serving its business audience effectively. Strategic recommendations include publishing detailed security and incident response information, establishing a vulnerability disclosure channel, and ensuring WHOIS data transparency to strengthen trust and compliance.

E

Entrata

entrata.com

66

Entrata is a leading enterprise SaaS provider specializing in property management software that integrates property data and automates processes to enhance user experiences. The company targets property management firms and real estate professionals, offering comprehensive software solutions that streamline operations. The website reflects a mature digital presence with consistent branding and professional content tailored to its industry. Technically, Entrata employs modern web technologies including Webflow CMS, Google Tag Manager, and Visual Website Optimizer, indicating a commitment to performance optimization and user analytics. Security measures such as HTTPS, security headers, and reCAPTCHA are implemented, though explicit security policies and incident response details are not publicly available. Overall, Entrata demonstrates a strong security posture with room for improvement in transparency and vulnerability disclosure. The domain WHOIS data is unavailable, likely due to privacy protection, which slightly impacts trust but is mitigated by the professional website and compliance with privacy regulations. Strategic recommendations include publishing detailed security policies, establishing a vulnerability disclosure program, and enhancing accessibility features to further strengthen trust and compliance.

P

PrimeVue - Vue UI Component Library

primevue.org

55

PrimeVue.org is a website dedicated to providing a Vue.js UI component library aimed at developers building web applications with the Vue framework. The site offers a comprehensive set of UI components and developer tools, positioning itself as a popular open source resource in the frontend development community. The technical infrastructure leverages modern web technologies including Vue.js, Tailwind CSS, and PrimeIcons, hosted with Cloudflare DNS services, ensuring fast performance and good mobile optimization. Security posture is adequate with HTTPS enabled and domain registration protections in place, though there is room for improvement in security headers and formal security policies. Privacy compliance is minimal with no visible privacy or cookie policies, and contact information is not readily available on the main site. Overall, the site is professional and trustworthy for its target audience but would benefit from enhanced privacy and security disclosures.

H

HH Fitness

hungryhaley.com

56

HH Fitness is a small US-based fitness and nutrition coaching business specializing in plant-based, sustainable training programs combining strength, HIIT, cardio, and nutrition coaching. The website is professionally designed on the Squarespace platform, featuring clear program offerings and active social media integration. The technical infrastructure leverages modern web technologies including Google Analytics, Tag Manager, and Mailchimp for marketing and analytics. Security posture is adequate with HTTPS enabled and domain registration protections, but lacks DNSSEC and security headers. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is trustworthy and functional but would benefit from improved compliance and security hardening.

B

ButterYum

butteryum.org

59

ButterYum is a small personal recipe blog focused on sharing cooking and baking recipes with high-quality food photography. The site targets home cooks and food enthusiasts, offering a variety of recipes including Italian, American, dinner, and dessert dishes. The business model includes affiliate marketing through the Amazon Associates program, as disclosed on the site. Technically, the website is built on the Squarespace platform, leveraging modern web technologies and Google Analytics for visitor tracking. The site is well-structured, mobile-optimized, and uses HTTPS with HSTS for secure communications. However, it lacks explicit privacy and cookie policies, which impacts its privacy compliance score. Security posture is strong with no visible vulnerabilities or exposed sensitive data. Overall, the website presents a professional and trustworthy front for a personal food blog but should improve privacy compliance and formalize security policies to enhance trust and regulatory adherence.

T

The Pioneer Woman

thepioneerwoman.com

72

The Pioneer Woman website is a well-established lifestyle and cooking brand offering a wide range of recipes, home design tips, shopping options, and entertainment content. It is associated with Ree Drummond and operates under the umbrella of Hearst Corporation, a major media company. The site targets a general audience interested in country life and cooking, positioning itself strongly in the media and lifestyle sector. Technically, the site uses modern web technologies including React and Next.js, with integration of advertising and cookie consent tools. The site is mobile-optimized and provides a good user experience with rich, relevant content. Security-wise, the site enforces HTTPS and uses cookie consent mechanisms but lacks visible security headers and explicit privacy or terms of service pages in the analyzed HTML, which are areas for improvement. WHOIS data is missing or unavailable, which reduces trust signals but the association with Hearst Corporation and professional site quality mitigate concerns. Overall, the site is credible and professionally maintained but could enhance transparency and security posture.

T

The Joinery

thejoinery.com

71

The Joinery is a well-established handcrafted solid wood furniture manufacturer and retailer based in Portland, Oregon. With a domain age dating back to 1997 and a strong emphasis on sustainability and craftsmanship, the company operates a professional e-commerce website powered by Shopify. The site offers a comprehensive product catalog, online ordering, and showroom information, targeting consumers seeking high-quality, sustainable furniture. The presence of a Certified B Corporation badge and multiple press features further solidify its market position. Technically, the website leverages modern web technologies including Shopify's Dawn theme, JavaScript ES modules, and integrates multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, and Mailchimp. The site is well-optimized for performance, mobile responsiveness, and accessibility, with a clear navigation structure and comprehensive metadata for SEO. From a security perspective, the site enforces HTTPS, uses domain transfer locks, and implements cookie consent mechanisms compliant with GDPR. No critical vulnerabilities or exposed sensitive data were detected. However, DNSSEC is not enabled, and there is no explicit security policy or incident response contact information published, which could be improved. Overall, The Joinery's website demonstrates a mature digital presence with strong business credibility and good security hygiene. Strategic recommendations include enabling DNSSEC, publishing a security policy, and adding vulnerability disclosure information to enhance trust and compliance further.

G

Gensler

gensler.com

78

Gensler is a globally recognized architecture, design, and planning firm with a significant international footprint, operating 57 offices and employing over 6,000 professionals. The company offers a broad range of services including architecture, urban design, brand design, sustainability consulting, and interior design, targeting corporate clients, real estate developers, and urban planners. The website reflects a mature digital presence with professional design, comprehensive content, and clear navigation, supporting its market leadership position. Technically, the website employs modern web technologies such as JavaScript frameworks, Matomo analytics, and Sentry for error tracking. It is well-optimized for mobile devices and accessibility, with good SEO practices and performance. Security posture is strong with HTTPS enforced and multiple security headers present, although explicit security policies and incident response information are not publicly detailed. Overall, the site demonstrates a high level of professionalism and trustworthiness, with privacy and cookie policies implemented in compliance with GDPR. The absence of WHOIS data suggests domain privacy protection, which is common for large enterprises. No critical vulnerabilities or suspicious content were detected, indicating a low risk profile. Strategic recommendations include publishing detailed security and incident response policies, adding a vulnerability disclosure program, and enhancing transparency around data protection officer contacts and certifications to further strengthen trust and compliance.

A

Aquent

aquent.com

70

Aquent is a global work solutions company specializing in connecting businesses with talent, technology, and services primarily in marketing, creative, and design sectors. Established in 1998, it holds a strong market position as a leader in talent recruitment and workforce solutions, offering a diverse portfolio including Aquent Talent, Studios, RoboHead, Sustainability, Scout, and Employer of Record services. The website reflects a mature, enterprise-level organization with a professional digital presence and a broad client base including major global corporations. Technically, the website is built on WordPress with modern JavaScript frameworks like React, leveraging Google Tag Manager for analytics and tracking. The site is well-optimized for SEO, mobile responsiveness, and accessibility, with fast performance and consistent branding. Hosting appears to be on AWS infrastructure, supported by multiple DNS servers. From a security perspective, the site enforces HTTPS and uses domain transfer protection. However, DNSSEC is not enabled, and explicit security headers are not visible in the HTML content. Privacy and cookie policies are comprehensive and include consent mechanisms, indicating good compliance posture. No incident response or vulnerability disclosure information is publicly available, which could be improved. Overall, the website presents a low-risk profile with strong business credibility and technical maturity. Strategic recommendations include enabling DNSSEC, adding security headers, publishing vulnerability disclosure policies, and providing incident response contacts to enhance trust and security posture.

S

Scout Books

scoutbooks.com

59

Scout Books is a niche e-commerce business specializing in custom and blank pocket-sized notebooks, operating under Pinball Publishing Inc. The company has a long-established domain since 2000, indicating a mature presence in the market. Their website is professionally designed using WordPress and WooCommerce, integrating modern marketing and analytics tools such as Google Analytics, Facebook Pixel, and Mailchimp. Privacy and cookie policies are well implemented via Iubenda, reflecting good compliance with GDPR standards. However, direct contact emails and phone numbers are not prominently displayed, relying primarily on contact forms and social media channels for communication. Security posture is solid with HTTPS enforced and domain transfer protections, though DNSSEC and security headers could be improved. Overall, the website presents a trustworthy and professional front for their retail business.

T

The Beauty Shop

thebeauty-shop.com

55

The Beauty Shop is a women-owned, B Corp-certified strategic creative agency based in Portland, Oregon, specializing in accessible brand and website design for purpose-driven companies. Their market position is strengthened by a clear focus on inclusivity and sustainability, serving a diverse client base including retail brands, startups, nonprofits, and government entities. The website reflects a professional and consistent brand image with a well-structured portfolio and clear navigation. Technically, the site is built on Squarespace, leveraging modern web technologies such as jQuery, Google Tag Manager, and Typekit fonts. It is mobile-optimized and performs moderately well, with good SEO and accessibility features. Security posture is solid with HTTPS and HSTS enabled, though additional security headers could enhance protection. Privacy compliance is lacking, with no visible privacy or cookie policies, which is a notable gap. The absence of WHOIS data raises concerns about domain registration legitimacy, though the professional web presence and social media links provide some reassurance. Overall, the site is secure and professional but would benefit from improved privacy disclosures and domain registration transparency.

Weblog.lol is a beta-stage weblog service affiliated with omg.lol, offering Markdown-based authoring, template processing, and Git-based content management options. The service targets developers and technical users interested in flexible weblog solutions. The website is minimalistic but well-structured, with a consistent branding approach and basic content quality. Technically, the site uses modern web fonts and standard HTML/CSS but lacks advanced frameworks or CMS platforms. Hosting and DNS are managed by reputable providers, though DNSSEC is not enabled. Security posture is moderate with domain transfer protections but lacks security headers and privacy policies. No contact or incident response information is provided, limiting trust and compliance. Overall, the site is functional but requires enhancements in security, privacy, and user engagement to improve credibility and compliance.

L

LocationsHub

locationshub.com

60

LocationsHub operates as a specialized marketplace connecting filmmakers, studios, production companies, and property owners to facilitate film location rentals. The platform boasts a large inventory of over 100,000 locations and 1.5 million photos, positioning itself as a niche leader in the entertainment media sector. The website is professionally designed with consistent branding and clear navigation, targeting industry professionals seeking film locations globally, with a US base in Charlotte, NC. Technically, the website is built on the Squarespace platform, leveraging modern web technologies including jQuery and Typekit fonts. It is hosted by Squarespace, with HTTPS and HSTS enabled, ensuring a secure browsing experience. The site demonstrates moderate performance and good mobile optimization, though accessibility features could be enhanced. From a security perspective, the site benefits from strong SSL configuration and security headers but lacks explicit privacy, cookie, and terms of service policies, which are critical for compliance and user trust. No incident response or vulnerability disclosure information is present, indicating areas for improvement in security transparency and readiness. Overall, the website presents a credible and professional business front with a solid technical foundation but requires enhancements in privacy compliance and domain registration transparency to strengthen trust and security posture.

U

Untold Uptown

untolduptown.com

61

Untold Uptown is a small, youth-driven online publication based in New York City, focusing on social justice, culture, health, environment, and other topical issues relevant to its audience. The website is built on the WordPress platform, hosted by WordPress.com, and uses Jetpack for additional functionality and analytics. The content is well-organized and regularly updated, targeting a general audience interested in social and cultural topics. Technically, the site is moderately optimized with good mobile responsiveness and SEO practices, but lacks advanced security headers and DNSSEC implementation. The security posture is adequate with HTTPS enforced, but could be improved with additional security measures and privacy compliance documentation. Overall, the website presents a legitimate and trustworthy presence with room for enhancements in privacy and security policies.

U

Uptown Stories

uptownink.org

46

Uptown Ink is a small non-profit educational and media platform dedicated to showcasing student creative works such as fiction, poetry, art, and music. It operates under the parent organization Uptown Stories and offers workshops and publishing opportunities aimed at youth and students. The website is built on WordPress, hosted by SiteGround, and uses modern web technologies including Google Analytics for visitor tracking. While the site is well-structured and visually consistent, it lacks critical privacy and cookie policies, which impacts its compliance posture. Security practices include HTTPS and domain transfer protection, but the absence of DNSSEC and security headers suggests room for improvement. Overall, the site is safe, accessible, and serves its educational mission effectively.

H

Hype Kit, Inc.

hype.co

68

Hype Kit, Inc. operates the website hype.co, providing a comprehensive marketing platform tailored primarily for gyms, fitness businesses, and small to medium enterprises. The company offers an integrated SaaS solution combining link-in-bio websites, lead generation, CRM with SMS and email messaging, subscription payment processing, and NFC accessories for contactless sharing. Positioned as an all-in-one marketing co-pilot, Hype aims to replace multiple apps with a unified platform, supported by a clear pricing model and strong testimonials. The website is professionally designed, mobile-optimized, and leverages Shopify as its CMS and e-commerce platform.

Simpleview Summit is a professionally presented annual conference focused on online tourism marketing and sales for Destination Marketing Organizations (DMOs). The website demonstrates a solid market position as an industry-leading event organizer, targeting tourism marketing professionals globally. The content is well-structured, with clear branding and consistent messaging emphasizing networking, education, and collaboration in the hospitality sector. Technically, the site employs a modern technology stack including jQuery, RequireJS, Foundation framework, and integrates multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. The site is mobile optimized and performs moderately well, with good SEO and accessibility basics. Security posture is generally strong with HTTPS enforced and GDPR compliance evident via cookie consent mechanisms and a comprehensive privacy policy. However, the absence of WHOIS registration data for the domain raises concerns about domain legitimacy and trustworthiness, which should be investigated further. No explicit security policies or incident response information are published, and contact information is not readily available on the homepage, which could impact user trust. Overall, the website is professional and trustworthy but would benefit from enhanced transparency and security disclosures.

M

Mac Barnett

macbarnett.com

59

Mac Barnett's official website serves as a comprehensive platform showcasing his extensive portfolio of children's books, including detailed descriptions, images, and purchase links. The site targets children, parents, and educators interested in children's literature and related merchandise. Technically, the site is built on Squarespace, leveraging modern web technologies and Google Analytics for visitor tracking. The website demonstrates good design quality, mobile optimization, and SEO practices, providing an excellent user experience. Security posture is solid with HTTPS and basic security headers, though additional headers and policies could enhance protection. However, the absence of privacy, cookie, and terms of service policies indicates gaps in compliance and transparency. The WHOIS data is unavailable, raising concerns about domain registration legitimacy, which impacts overall trustworthiness. No direct contact information or incident response details are provided, limiting user support avenues. Overall, the site is professional and content-rich but would benefit from improved compliance documentation and domain registration transparency.

U

University of Iowa Health Care

uihc.org

62

University of Iowa Health Care is a large, enterprise-level academic medical center providing comprehensive healthcare services including adult and pediatric care, cancer treatment, and clinical trials. It holds a strong market position as Iowa's top-ranked hospital with national distinctions and a Magnet hospital designation for nursing excellence. The website reflects a mature digital presence built on Drupal 10, integrating modern technologies such as Google Maps API and Algolia search, with good mobile optimization and accessibility. Security posture is strong with HTTPS, security headers, and no evident vulnerabilities, although DNSSEC is not enabled. Privacy and cookie policies are present and GDPR compliant, supporting user trust and regulatory adherence. Overall, the site demonstrates high professionalism, trustworthiness, and effective communication of services and academic mission.

U

University of Iowa Center for Advancement

foriowa.org

60

The University of Iowa Center for Advancement website serves as a digital platform for the university's advancement and fundraising activities. It targets alumni, donors, and the university community, providing information and engagement opportunities to support the institution. The site reflects a large, established educational entity with consistent branding and professional content. Technically, the website employs modern JavaScript libraries such as jQuery, AngularJS, and Bootstrap, indicating a moderate level of digital maturity. However, some areas such as accessibility and SEO could be improved. Security posture is moderate; while HTTPS is presumably enabled, the absence of security headers and privacy policies indicates room for enhancement. The lack of WHOIS data limits domain trust assessment but does not detract significantly from the site's legitimacy given its university affiliation. Overall, the site is functional and professional but would benefit from improved privacy compliance and security best practices.

U

University of Iowa Athletics

hawkeyesports.com

60

The website hawkeyesports.com serves as the official athletics portal for the University of Iowa Hawkeyes, providing sports news, schedules, scores, and multimedia content targeted at fans, students, and alumni. The site is well-established with a domain age dating back to 1996, reflecting a mature digital presence aligned with the university's athletics department. Technically, the site employs modern JavaScript frameworks such as React and integrates common advertising and tracking technologies including Google DoubleClick and Facebook Pixel. However, the hosting provider is not explicitly identified, and DNSSEC is not enabled, which could be improved for enhanced security. Security posture is moderate with HTTPS enabled but lacking explicit security headers and published security policies. Privacy compliance is weak due to the absence of visible privacy and cookie policies or consent mechanisms. Overall, the site demonstrates good business credibility and content quality but would benefit from enhanced privacy and security transparency.

U

USA Legal Notice

usalegalnotice.com

60

USA Legal Notice operates as a specialized online portal aggregating legal notices originally published in U.S. newspapers, providing a centralized searchable platform for foreclosures, public hearings, financial reports, ordinances, and other government-mandated publications. The website serves a niche market focused on legal professionals, government entities, and the general public seeking official community information. The business model relies on partnerships with state newspaper associations, linking users to state-specific public notice websites and providing contact information for further inquiries. The company was founded in 2020 and operates primarily within the U.S. media and government information sector.

NAPCO Media LLC operates as a specialized media company focusing on multiple industry sectors including promotional products, printing & packaging, and marketing, retail & nonprofit. The company provides industry news, organizes events and summits, and maintains a portfolio of media brands targeting professionals in these markets. Their website reflects a medium-sized enterprise with consistent branding and a professional online presence. Technically, the site is built on WordPress and leverages modern JavaScript libraries and tracking tools such as Google Tag Manager, Microsoft Clarity, and Lytics, indicating a moderate level of digital maturity. The website is mobile optimized and offers a good user experience with clear navigation and relevant content.

M

Maine Trust for Local News

metln.org

58

The Maine Trust for Local News is a medium-sized non-profit media organization focused on providing independent local news coverage across Maine. It operates multiple newspapers and newsletters with a sizable journalist staff and is a subsidiary of the National Trust for Local News. The website is built on WordPress with a modern tech stack including Google Tag Manager and Cloudflare DNS. The site is professionally designed with good mobile optimization and clear navigation, though it lacks explicit privacy and cookie policies. Security posture is adequate with HTTPS and domain protections but lacks DNSSEC and security headers. No contact emails or phone numbers are explicitly listed, which may impact user trust. Overall, the site is trustworthy and safe with no adult or questionable content detected.

L

Live + Work in Maine

liveandworkinmaine.com

60

Live + Work in Maine is a non-profit organization dedicated to providing comprehensive resources, job postings, community events, and relocation guides for individuals interested in living, working, or staying in Maine. The website serves as a central hub for job seekers, employers, entrepreneurs, and community members, offering a variety of services including a job board, employer resources, and educational opportunities. Their market position is that of a trusted regional resource with strong community ties and partnerships. Technically, the website is built on the Webflow platform, leveraging modern web technologies such as Google Tag Manager, Facebook Pixel, Hotjar, and Weglot for multilingual support. The site demonstrates good performance, mobile optimization, and SEO practices, although accessibility features could be improved. The use of third-party analytics and tracking is evident, but no cookie consent mechanism was detected. From a security perspective, the site enforces HTTPS and avoids exposing sensitive data. However, it lacks important security headers and does not publish a security policy or incident response information. The absence of WHOIS data for the domain raises some concerns about transparency, although the website content and external partnerships suggest legitimacy. Overall, the website presents a professional and trustworthy front for its non-profit mission but would benefit from enhanced security practices, improved privacy compliance, and greater transparency in domain registration details.

D

Domains By Proxy, LLC

ev.io

60

ev.io is a browser-based multiplayer FPS game launched in 2020, targeting gamers interested in fast-paced shooting games with integrated blockchain and NFT marketplace features. The platform offers social features such as clans and friends lists, and supports crypto wallet connectivity, positioning itself in the niche intersection of gaming and blockchain technology. The website is professionally designed with consistent branding and good user experience, though mobile optimization and accessibility are basic. Technically, the site uses modern JavaScript libraries and frameworks including Three.js for 3D graphics, Howler.js for audio, and web3.js for blockchain interactions. Hosting and DNS are managed via reputable providers including GoDaddy and Cloudflare. Security posture is adequate with HTTPS and domain registration protections, but lacks DNSSEC and visible security headers. Privacy compliance is weak due to absence of privacy and cookie policies. No contact emails or phone numbers are publicly listed, but social media presence on Twitter and Discord is active. Overall, the site is functional and trustworthy but could improve transparency and security practices.

A

Addicting Games

addictinggames.com

66

Addicting Games is a large-scale online platform offering thousands of free online games across multiple genres including arcade, puzzle, strategy, and multiplayer games. The website targets a general audience seeking casual gaming experiences without downloads or intrusive ads. It maintains an active content update schedule and supports multiplayer gaming communities. Technically, the site is built on modern web technologies such as React and Next.js, optimized for both desktop and mobile platforms with video previews enhancing user engagement. Security posture is adequate with HTTPS enforced, but lacks some advanced security headers and explicit incident response information. Privacy and terms policies are comprehensive and GDPR compliant, supporting user trust. However, the absence of WHOIS domain registration data introduces some uncertainty regarding domain legitimacy. Overall, the site presents a professional and trustworthy gaming portal with room for security enhancements and domain transparency improvements.

B

Baltimore Public Media

baltimorepublicmedia.org

57

Baltimore Public Media is a regional non-profit public media organization delivering news, music, arts, and cultural programming through multiple radio stations and digital platforms. The organization targets Baltimore residents and communities, positioning itself as a key media provider with a community-focused mission. Technically, the website is built on Squarespace, leveraging modern web technologies and providing a responsive user experience with good SEO and accessibility basics. Security posture is solid with HTTPS and HSTS enabled, though some advanced security headers and privacy compliance features are missing. The absence of privacy and cookie policies, as well as vulnerability disclosure information, represents areas for improvement. Overall, the website is professional, trustworthy, and safe for general audiences.

B

Baltimore City Office of Cable & Communications

charmtvbaltimore.com

46

CharmTV Baltimore is a government-affiliated media outlet operated by the Baltimore City Office of Cable & Communications. It provides live streaming and video content focused on local government meetings, community events, and public service programming aimed at informing and inspiring Baltimore residents. The website is positioned as a trusted local media source with a clear mission to engage the community through accessible digital content. Technically, the site is built on Drupal 10, leveraging modern web technologies such as jQuery and Slick Carousel, and is hosted on AWS infrastructure. The site is mobile-optimized and offers a good user experience with clear navigation and consistent branding. Security posture is adequate with HTTPS enforced and domain transfer protection, but lacks DNSSEC and security headers, which are recommended for enhanced protection. Privacy compliance is basic, with no explicit cookie consent or GDPR indicators, and no visible privacy policy beyond ADA compliance information. Overall, the site is professional, trustworthy, and safe for general audiences, but could improve in privacy and security transparency.

N

National League of Cities

nlc100.org

59

The National League of Cities (NLC) operates the website nlc100.org as a dedicated centennial campaign platform celebrating 100 years of service to local governments in the United States. The organization provides research, advocacy, and technical expertise to mayors, city council members, and municipal staff. The site highlights historical milestones, leadership, and upcoming events tied to the centennial celebration. The business model is that of a large non-profit advocacy organization with a strong national presence and trusted reputation. Technically, the website is built on WordPress using the Themify Ultra theme and leverages plugins such as Jetpack and Qi Blocks. It is hosted on WordPress.com infrastructure, indicated by the WordPress nameservers. The site is moderately performant, mobile optimized, and includes SEO best practices. However, accessibility features are basic and could be improved. From a security perspective, the site uses HTTPS with a valid SSL certificate and has domain transfer protections in place. DNSSEC is not enabled, which is a minor security gap. No advanced security headers were detected, and no explicit security or incident response policies are publicly available. Privacy compliance is partial, with a privacy policy linked on the parent domain but no cookie consent mechanism on this site. Overall, the website is professional, trustworthy, and well-aligned with the organization's mission. It poses low risk but could benefit from enhanced security controls and privacy compliance measures.

NLC Mutual Insurance Company is a member-owned captive reinsurance organization founded in 1986, serving state municipal league risk pools across 31 states in the United States. The company provides specialized reinsurance solutions tailored for public entities, including liability, property, and workers’ compensation coverages, supported by actuarial expertise and data-driven insights. The organization operates on a collaborative governance model with board representation from all members, emphasizing stability and member empowerment. Technically, the website is built on WordPress with modern web technologies including jQuery, New Relic monitoring, and Google Analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices, though some improvements in explicit privacy and cookie policy disclosures are recommended. The site is served over HTTPS with no detected blocking or WAF interference, indicating a secure and accessible digital presence. From a security perspective, the site employs HTTPS and monitoring tools but lacks explicit security headers and published incident response or vulnerability disclosure policies. No sensitive data exposure or vulnerabilities were detected in the content. The absence of WHOIS data for the domain is a concern, slightly reducing trustworthiness, but the professional presentation and external partner links support legitimacy. Overall, NLC Mutual presents a credible and professional online presence aligned with its business mission. Strategic recommendations include enhancing privacy compliance disclosures, publishing security policies, and verifying domain registration details to strengthen trust and compliance posture.

R

Roll Call

factba.se

55

Roll Call is a well-established media company specializing in political news and data services, operating since 1955. The website offers a Factbase search platform powered by FiscalNote, targeting government officials, journalists, and politically engaged audiences. The company maintains a strong market position as a trusted source for Capitol Hill coverage and political analysis. Technically, the site is built on WordPress with modern JavaScript frameworks such as Vue.js and Alpine.js, hosted on AWS infrastructure, and integrates multiple advertising and analytics services. Security posture is good with HTTPS enforced and clientTransferProhibited domain status, though improvements are recommended in DNSSEC and security policy disclosures. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is professional, trustworthy, and safe for general audiences.

F

Free Law Project

free.law

68

Free Law Project is a leading nonprofit organization dedicated to making the legal ecosystem more equitable and competitive through technology, data, and advocacy. They provide a suite of open-source tools and datasets including CourtListener, RECAP, and Bots.law, serving journalists, researchers, legal professionals, and the public. Their market position is strong as a pioneer in legal data transparency and open access, supported by donations and organizational sponsorships. Technically, the website is built on modern frameworks such as Next.js and React, hosted on Netlify, and optimized for performance and mobile responsiveness. The site demonstrates good SEO and accessibility practices, with a clean, professional design and clear navigation. Analytics are implemented via plausible.io, indicating a privacy-conscious approach to user tracking. From a security perspective, the site enforces HTTPS and employs domain status protections but lacks DNSSEC and security headers like CSP or HSTS. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is partial, with a basic privacy policy present but no cookie consent mechanism or detailed GDPR compliance statements. Contact information is limited to a contact form, with no direct emails or phone numbers publicly listed. Overall, the website presents a low-risk profile with a high degree of professionalism and trustworthiness. Strategic recommendations include enhancing security headers, implementing DNSSEC, adding cookie consent, and publishing a security.txt file to improve incident response transparency.