Other security reports

M

Motor Agency

motor.ee

40

Motor Agency is a specialized exhibition design and production company based in Estonia, founded in 2014. They focus on creating immersive experiences for museums, expos, and showrooms by integrating multimedia and virtual reality technologies. Their market position is that of a niche, innovative agency with recognized awards and international partnerships. The website is built on Concrete CMS with modern frontend technologies like Bootstrap 5 and jQuery, and it demonstrates good mobile optimization and user experience. However, the site lacks critical privacy and cookie policies, which impacts compliance and user trust. Security posture is generally good with HTTPS and no exposed sensitive data, but the absence of security headers and incident response information suggests room for improvement. Overall, the business presents a professional and trustworthy image but should enhance privacy compliance and security transparency to strengthen its digital maturity.

Copix is a newly established Estonian digital printing company specializing in a wide range of printing services including labels, packaging, interior decoration prints, and book printing. The website is professionally designed using WordPress and Bootstrap, featuring a modern and responsive layout with clear navigation and multiple contact channels. The company targets businesses, schools, publishers, designers, and individual customers, positioning itself as a regional printing service provider with an online ordering platform. The technical infrastructure includes common marketing and analytics tools such as Google Analytics, Facebook Pixel, and Adform tracking, integrated via Google Tag Manager. Security posture is adequate with HTTPS enabled and cookie consent implemented, but lacks DNSSEC and security headers, which are recommended for improvement. The domain is newly registered in 2024, consistent with the business launch, and shows no suspicious registration patterns. Overall, the website is functional, trustworthy, and business credible, though it would benefit from enhanced privacy and security policies.

M

Maria Mägi Advokaadibüroo

mmab.ee

42

Maria Mägi Advokaadibüroo is a professional law firm based in Estonia, providing legal services across major legal domains including business law, real estate law, contract law, tax law, intellectual property, bankruptcy, family law, and environmental law. The firm positions itself as a modern legal service provider with a team of partners and specialized lawyers, targeting clients seeking comprehensive legal assistance in Estonia. The website is well-structured, multilingual, and professionally designed, reflecting the firm's commitment to quality and client service. Technically, the website is built on WordPress using the Avia Framework, with integrations such as Yoast SEO and Google Analytics for performance and marketing insights. The site is mobile-optimized and includes cookie consent mechanisms aligned with GDPR requirements. Performance is moderate with room for improvement in accessibility and security headers. From a security perspective, the site enforces HTTPS and implements cookie consent with opt-in/out options, demonstrating good privacy compliance. However, explicit security headers are missing, and there is no dedicated security policy or vulnerability disclosure page. No critical vulnerabilities or exposed sensitive data were detected. WHOIS data confirms the domain's legitimacy and consistency with the business claims. Overall, the website presents a trustworthy and professional digital presence for the law firm, with a solid foundation in security and privacy compliance. Strategic improvements in security headers, accessibility, and explicit security policies would enhance the firm's digital maturity and client trust.

The website at adtech.app currently presents an extremely minimal and placeholder-like presence with no visible content, metadata, or business information. There is no privacy policy, cookie policy, terms of service, or contact information available, which severely limits its credibility and user trust. The only external link is to the powering company Online Solution Int, suggesting the site may be under development or not actively maintained. Technically, the site lacks any detectable modern technologies, scripts, or frameworks, and no security headers or SSL information is available from the provided data. The security posture is weak due to the absence of HTTPS and security best practices. Overall, the site is not suitable for business or user engagement in its current state and poses risks related to trust and compliance.

The website ace.lt appears to be a small Lithuanian domain registered since 1997 under the registrar UAB "BALTNETOS KOMUNIKACIJOS". The site is built on WordPress but currently suffers from visible PHP warnings and errors related to the revslider plugin, indicating outdated or incompatible code. There is no accessible business content, contact information, or privacy and cookie policies, which significantly limits the ability to assess the business model or services offered. The technical infrastructure shows signs of neglect with poor performance and no visible security best practices implemented. Security posture is weak due to exposed PHP warnings and lack of security headers or HTTPS confirmation. Overall, the site is accessible but of very low quality and professionalism, with critical issues that impact trust and compliance.

The website ria.ee is currently inaccessible due to a Cloudflare security challenge page requiring human verification. This prevents access to any substantive content, business information, or policies. The domain is registered since 2010 with an Estonian registrar, indicating a legitimate and established domain. The technical infrastructure relies on Cloudflare services including Turnstile captcha and Cloudflare Insights for security and analytics. Due to the blocking, no privacy, cookie, or terms of service policies are visible, nor is any contact or business information. The security posture cannot be fully assessed, but the use of Cloudflare indicates a baseline of protection. Overall, the site cannot be fully analyzed until the WAF challenge is passed, limiting the ability to provide a comprehensive risk assessment or business intelligence.

The website chartwells.com currently serves as a parked domain with a clear notice that it is for sale. There is no active business content, product or service information, or company branding beyond the domain name itself. The site primarily displays advertising scripts from Google and a banner linking to Afternic for domain purchase inquiries. The domain is registered with GoDaddy Online Services Cayman Islands Ltd. since 2001, indicating a long registration history but no active operational presence at this URL. From a technical perspective, the site uses basic HTML and CSS with minimal modern web technologies. It includes Google Adsense and Google Ad Services scripts for monetization but lacks advanced frameworks, CMS, or structured data. The site is moderately optimized for mobile devices but has poor SEO and accessibility features. No forms or user input fields are present, reducing data collection risks but also limiting user engagement. Security posture is minimal with no DNSSEC enabled and no security headers detected in the HTML content. The domain status includes multiple prohibitions to prevent unauthorized changes, which is a positive control. However, the lack of HTTPS enforcement details and absence of privacy or cookie consent mechanisms indicate a low maturity level in security and privacy compliance. Overall, the site presents a low-risk profile due to its parked status but offers no business credibility or trust signals. Strategic recommendations include enabling DNSSEC, adding security headers, implementing privacy and cookie policies with consent mechanisms, and providing clear contact and incident response information if the domain is to be developed into an active business site.

The website crex.lv is currently inaccessible beyond a security challenge page that performs a browser integrity check and automatic redirect. The visible content is minimal, showing only a loading animation and a countdown timer. The site appears to be running very outdated content management systems, specifically Joomla 1.5 and WordPress 2.5, which are known to have multiple security vulnerabilities. There is no visible business or contact information, privacy or cookie policies, or terms of service. The only external link is to BitNinja.IO, indicating the use of a third-party security service to protect the site. Due to the security challenge and lack of accessible content, a full analysis of the website's business model, services, and compliance posture is not possible.

I

IZSTĀŽU RĪKOTĀJSABIEDRĪBA BT 1

rigaexpo.lv

43

The website represents an international exhibition center based in Latvia, operated by IZSTĀŽU RĪKOTĀJSABIEDRĪBA BT 1. It offers venue rental for various events such as conferences, sports competitions, concerts, and corporate gatherings. Additional services include catering through Expo Cafe and equipment rental for event needs. The business targets event organizers and corporate clients within the Latvian market. The website content is basic but functional, providing essential information and links to partner services. Technically, the site uses older but stable technologies like Bootstrap 3 and jQuery 3.1.1, with moderate mobile optimization and basic accessibility features. Security posture is limited, with no visible HTTPS enforcement or security headers, and no cookie consent mechanism implemented. Privacy and terms of service documents exist but are basic and lack explicit GDPR compliance indicators. Overall, the site is moderately trustworthy but would benefit from improved security and privacy practices.

M

Motor Agency

motoragency.eu

40

Motor Agency is a specialized exhibition design and production company focused on museums, expos, and showrooms. They integrate multimedia and virtual reality technologies to create immersive educational and entertainment experiences. Their market position is that of a niche service provider with recognized awards and partnerships in the cultural sector. The website reflects a professional and consistent brand image targeting cultural institutions and educational organizations primarily in Estonia and Europe. Technically, the site uses Concrete CMS with modern frameworks like Bootstrap 5 and includes multiple marketing and analytics tools such as Google Analytics, Facebook Pixel, and LinkedIn Insight Tag. The site is mobile optimized and has good SEO practices but lacks visible privacy and cookie policies, which is a compliance gap. Security posture is decent with HTTPS enforced but missing security headers and formal security policies. Overall, the domain registration data is consistent and trustworthy, supporting the legitimacy of the business.

L

Læsø Museum

laesoe-museum.dk

48

Læsø Museum is a small, state-recognized local museum established in 1938, dedicated to preserving and showcasing the cultural heritage of Læsø, Denmark. The museum operates multiple departments and offers exhibitions, guided tours, and visitor services including a shop and café. The website reflects a well-structured and content-rich platform targeting visitors interested in local history and culture. Technically, the site uses modern JavaScript libraries, Google Analytics for tracking, and is hosted with assets served from a CDN, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS enforced and cookie consent implemented, but lacks advanced security headers and published privacy or security policies. The absence of WHOIS data reduces domain trustworthiness, but the website content and contact information appear legitimate and consistent with the museum's profile. Overall, the site scores well in business credibility and user experience but should improve privacy transparency and security practices.

Juuriharja Consulting Group Oy operates the First Whistle Service, a confidential online whistleblowing platform designed to help organizations report and manage misconduct and non-compliance efficiently. The service emphasizes legal compliance, particularly with GDPR and national personal data protection laws, targeting organizations seeking secure and anonymous reporting tools. The company positions itself as a niche provider in the compliance and whistleblowing sector within Finland and potentially broader European markets. Technically, the website is built as a modern single-page application likely using React, with asynchronous JavaScript modules and Google reCAPTCHA integration for bot protection. Hosting appears to leverage AWS infrastructure, indicated by the nameservers. The site demonstrates good mobile optimization and basic accessibility but lacks some advanced SEO and security header implementations. From a security perspective, the site uses HTTPS and reCAPTCHA to secure user inputs and protect anonymity. However, it lacks DNSSEC, explicit security headers, and a cookie consent mechanism, which are areas for improvement. The WHOIS data is transparent and consistent with the business identity, enhancing trustworthiness. No critical vulnerabilities or blocking mechanisms were detected, indicating a stable security posture. Overall, the website and service present a trustworthy and professional offering with room for technical and security enhancements to fully align with best practices and regulatory requirements.

H

häk agency

hak.ee

42

häk agency is a strategic design and digital agency based in Estonia, founded in 2018. The company offers comprehensive services including branding, web environments, and advertising, serving over 500 satisfied clients. Their market position is strong, supported by client testimonials, awards, and certifications that enhance their credibility. The website is professionally designed, well-structured, and optimized for SEO and mobile devices, reflecting a mature digital presence. Technically, the site runs on WordPress with modern tools such as Gravity Forms, Google Tag Manager, and Facebook Pixel, indicating a robust infrastructure. Security posture is good with HTTPS, reCAPTCHA, and cookie consent mechanisms in place, although explicit security policies and incident response contacts are not published. Overall, the website and business demonstrate high professionalism and trustworthiness, with minor recommendations to enhance security headers and publish security policies.

The website ve350.com is currently inaccessible due to a Cloudflare 520 error, indicating an unknown issue between Cloudflare's edge network and the origin web server. This prevents any meaningful content or business information from being accessed or analyzed. The domain WHOIS data shows a creation date in the future (May 28, 2025), which is inconsistent with the current date and raises questions about the domain's legitimacy or data accuracy. No privacy, cookie, or terms of service policies are present, and no contact or business details are available on the site. Technically, the site uses Cloudflare as a CDN and WAF, but the origin server is misconfigured or down, resulting in poor performance and accessibility. Security posture is weak with no visible security headers or SSL configuration details. Overall, the site scores very low on content quality, technical implementation, security, privacy compliance, and business credibility due to the blocked content and lack of information.

P

Petri Kajander

petrikajander.com

60

Petri Kajander's website serves as a personal and professional platform showcasing his work as a purpose-driven founder, content creator, and mentor. The site features a variety of content including blogs, podcasts, and curated social media feeds, targeting entrepreneurs, business leaders, and individuals interested in personal development and startups. The business model revolves around thought leadership and content dissemination rather than direct product sales. Technically, the website is built on WordPress, leveraging common plugins and modern web technologies such as jQuery and YouTube Embed Plus. The site is mobile-optimized and provides a good user experience with clear navigation and structured content. However, hosting provider details are not explicitly identified. From a security perspective, the site uses HTTPS and implements some best practices like setting rel="noopener noreferrer" on external links. However, it lacks visible security headers, privacy and cookie policies, and vulnerability disclosure mechanisms. The absence of WHOIS registration data raises concerns about domain legitimacy, although the site content and branding appear consistent and professional. Overall, the website is functional and professional but would benefit from enhanced transparency in privacy, security policies, and domain registration details to improve trust and compliance.

Advokaadibüroo RASK is a leading Estonian law firm established in 2012, offering a broad range of professional legal services across multiple sectors including energy, transport, technology, healthcare, government, real estate, and finance. The firm targets Estonian businesses and individuals seeking tailored legal advice and support. Their market position is strong within Estonia, supported by a professional website showcasing detailed service areas, client case studies, and a well-presented team of partners and lawyers. The business model focuses on providing expert legal consultancy and representation.

The website www.heatit.ee is currently inaccessible, presenting only a minimal error message indicating an unexpected error. Due to the lack of accessible content, no metadata, forms, scripts, or contact information could be extracted or analyzed. This severely limits the ability to assess the company's business model, market position, or technical infrastructure. The absence of visible security headers, privacy policies, or cookie consent mechanisms suggests a low maturity in digital compliance and security posture. Without accessible content, the website's trustworthiness and professionalism cannot be established, resulting in a critical risk profile and low AI scoring.

The website at https://transactpro.com/lander is currently a minimal placeholder or parking page with no substantive content, business information, or user engagement features. The domain transactpro.com is registered since 2002 with Moniker Online Services LLC and is set to expire in 2026, indicating a long-standing registration. However, the DNS points to cashparking.com name servers, suggesting the domain is parked or monetized rather than actively used for business purposes. The page loads minimal HTML with scripts related to Google AdSense advertising, but no privacy, cookie, or terms of service policies are present. No contact information or social media links are available, and no forms or data collection mechanisms exist on the page. The technical infrastructure is basic, with JavaScript usage but no detected CMS or frameworks. Security posture is weak due to lack of HTTPS and security headers, and no GDPR compliance indicators are found.

The website ttja.ee is currently inaccessible due to a Cloudflare Turnstile human verification challenge page that blocks access to actual content. As a result, no direct business information, policies, or contact details are available for analysis. The domain is registered with Zone Media OÜ since 2018, indicating a stable registration history consistent with an Estonian entity. The technical infrastructure includes Cloudflare security and analytics services, but no further technical or security details can be assessed due to content blocking. The security posture cannot be fully evaluated, and no privacy or compliance policies are visible. Overall, the site appears legitimate based on WHOIS data but lacks accessible content for a comprehensive assessment.

The website aki.ee is currently inaccessible beyond a Cloudflare Turnstile human verification challenge page, which blocks access to any substantive content. The domain is registered to Elkdata OÜ, an Estonian company, with a domain age of over a decade, indicating a stable registration history. However, due to the blocking mechanism, no business descriptions, contact information, or policy documents are available for review. The site leverages Cloudflare's security and analytics services, but no further technical or content details can be assessed. This limits the ability to evaluate the website's digital maturity or security posture comprehensively. From a security perspective, the presence of Cloudflare's challenge indicates an active defense against automated threats, but the lack of visible security headers or policies in the accessible content prevents a full security assessment. The WHOIS data suggests legitimacy and consistency with the domain's country of registration. Overall, the site appears to be protected by modern security infrastructure but lacks publicly accessible information for deeper analysis. Given the current state, the website's risk assessment is limited by the lack of accessible content. Strategic recommendations focus on enabling access for legitimate users and publishing essential compliance and contact information to improve trust and transparency.

The website omnivagroup.com is currently inaccessible beyond a Cloudflare security challenge page, indicating that the content is blocked by a Web Application Firewall (WAF) mechanism. Due to this, no substantive business information, contact details, or policies are publicly available. The domain is newly registered in 2023 with a reputable registrar, Ascio Technologies, Inc. Denmark branch, and is set to expire in 2033, which suggests a long-term intent but no visible operational history. The technical infrastructure relies on Cloudflare services for security and performance, including Turnstile captcha and challenge platform, but no further technology stack or CMS details are discernible. Security posture cannot be fully assessed due to lack of accessible content and headers, but the presence of Cloudflare indicates some baseline protection. Overall, the website's risk profile is elevated due to lack of transparency, absence of privacy and cookie policies, and no contact information, compounded by the content being blocked. Strategic recommendations include enabling public access to website content, publishing essential compliance policies, and enhancing security headers and SSL configurations.

Indexfunction.com is a newly registered domain with minimal online presence, featuring an empty website with no visible content, metadata, or user interaction elements. The business behind the domain is not identifiable from the website content, and no contact or policy information is provided. The domain is registered through NameCheap and uses Cloudflare DNS services but lacks DNSSEC and other advanced security configurations. The absence of privacy, cookie, or terms of service policies indicates a lack of compliance with common data protection regulations. The website's technical implementation is basic, with no detectable frameworks, CMS, or analytics tools. Security posture is minimal, relying solely on HTTPS without additional security headers or incident response information. Overall, the site presents a low trust profile and limited business credibility.

The analyzed website at thearcane.com/lander is currently a minimal placeholder or parking page with very limited content and no visible business information. The domain is registered since 2001 with eNom, LLC, indicating a long-standing registration, but the website itself does not reflect an active or mature business presence. The site loads minimal scripts related to advertising and parking services and lacks any metadata, structured data, or user interaction elements such as forms or contact details. Technically, the site uses JavaScript and React-based scripts hosted on WSIMG, but no CMS or advanced frameworks are detected. Security posture is weak due to lack of HTTPS confirmation, security headers, and privacy policies. No GDPR compliance or incident response information is present. Overall, the site appears inactive or under development, with low trust and professionalism indicators.

The website multitudegroup.com currently serves as a placeholder 'Coming Soon' page hosted on the Squarespace platform. It lacks any substantive business content, contact information, or policy documentation. The domain is registered through Squarespace Domains II LLC with a registration date in early 2021, consistent with a new or developing business presence. The technical infrastructure is basic, relying on Squarespace's hosting and standard web fonts and scripts. There are no advanced SEO, accessibility, or security features implemented on the site at this time. From a security perspective, the site uses HTTPS but lacks DNSSEC and security headers, which are recommended to enhance domain and web application security. No privacy or cookie policies are present, indicating non-compliance with GDPR and related regulations. There are no forms or data collection mechanisms, which limits exposure but also reduces business functionality. The absence of contact or incident response information further reduces trust and transparency. Overall, the site is in an early stage of development with minimal digital maturity and security posture. The risk level is moderate due to lack of content and policies rather than active vulnerabilities. Strategic recommendations include implementing comprehensive privacy and cookie policies, enabling DNSSEC, adding security headers, and providing clear contact and incident response information to improve trust and compliance.

The website www.imprest.ee is currently inaccessible, displaying only a minimal error message indicating an unexpected error. Due to the lack of accessible content, no metadata, business information, or technical details could be extracted. The absence of privacy, cookie, or terms of service policies, as well as contact information, limits the ability to assess compliance or business credibility. The technical infrastructure cannot be evaluated, and no security posture insights can be derived from the provided data. Overall, the site appears to be down or misconfigured, preventing a comprehensive analysis.

P

Privacy service provided by Withheld for Privacy ehf

aksesdeluna.me

52

The website takterhingga.xyz is currently a minimal placeholder site indicating private use only, with no public business information or services offered. The domain is newly registered in early 2024 and uses privacy protection for the registrant details, consistent with the private nature of the site. Technically, the site uses modern frontend libraries such as Bootstrap and FontAwesome, is hosted behind Cloudflare DNS, and enforces HTTPS, but lacks DNSSEC and security headers. There are no forms, contact details, or social media links, limiting user engagement and trust. The cookie consent mechanism is implemented, and a basic privacy policy is present, but no terms of service or security policies are found. Overall, the site has low content quality and business credibility, with a moderate technical implementation and security posture.

P

Privacy service provided by Withheld for Privacy ehf

takterhingga.xyz

51

The website takterhingga.xyz is a newly registered domain (February 2024) currently used for private purposes with minimal public content. It does not present any business description, services, or contact information, indicating it is not intended for public or commercial use at this time. The site uses a basic Bootstrap and FontAwesome frontend with Cloudflare DNS services and HTTPS enabled, but lacks advanced security headers and DNSSEC. The cookie consent mechanism is implemented with detailed categories, but privacy compliance is basic and no GDPR compliance indicators beyond a privacy page are present. Overall, the site has a low trust profile due to lack of business transparency and minimal content.

The website at selfservicerepair.com is currently inaccessible, returning a 403 Forbidden error with minimal HTML content. This prevents any meaningful analysis of the site's content, metadata, or business information. The domain is registered with GoDaddy.com, LLC since November 2021 and is set to expire in November 2025. DNS is hosted on Amazon AWS nameservers, indicating a cloud hosting environment. Due to the lack of accessible content, no privacy, cookie, or security policies are detectable, and no contact information or business details are available. The security posture cannot be assessed beyond the domain registration data. Overall, the site appears to be either restricted or misconfigured, resulting in a very low trust and quality score.

A

Advokatfirman Glimstedt

glimstedt.se

49

Advokatfirman Glimstedt is a well-established full-service law firm founded in 1935, specializing in business law and serving primarily large and medium-sized Swedish and international companies. The firm operates across 17 offices in Sweden and the Baltics with over 200 employees, positioning itself as one of the largest law firms in the region. Their website reflects a professional and modern digital presence, built on WordPress with integration of Google Tag Manager and Cookiebot for privacy compliance. The site is well-structured, mobile-optimized, and SEO-friendly, providing comprehensive legal content and news updates. Security-wise, the site enforces HTTPS and implements a robust cookie consent mechanism, though additional HTTP security headers could enhance protection. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website demonstrates a mature digital infrastructure aligned with the firm's market position and compliance requirements.

R

Ragnar Sellbergs stiftelse

ragnarsellbergsstiftelse.se

61

Ragnar Sellbergs stiftelse is a Swedish foundation supporting research projects at Swedish universities and institutes focused on waste and recycling. The website presents a professional and consistent brand image with good content quality tailored to its target audience of academic and research institutions. Technically, the site uses modern JavaScript frameworks, Episerver CMS, and is hosted on Microsoft Azure, with integrated analytics and monitoring tools such as Matomo, Piwik Pro, New Relic, and Microsoft Application Insights. Security posture is solid with HTTPS enforced and a comprehensive cookie consent mechanism, although explicit security headers and incident response information are absent. The absence of WHOIS data for the domain raises some concerns about domain registration legitimacy, which should be further investigated. Overall, the site is functional, privacy compliant, and trustworthy but could improve transparency and contact availability.

A

AlskadeStad.se

alskadestad.se

60

The website AlskadeStad.se presents a minimalistic digital presence with a focus on cookie consent and privacy compliance. The site uses modern technologies including Episerver CMS, Microsoft Azure hosting, and multiple analytics tools such as Microsoft Application Insights, Piwik Pro, and New Relic. However, the lack of substantive content, absence of contact information, and missing WHOIS registration data for the domain reduce the overall credibility and business transparency. The cookie consent mechanism is comprehensive and GDPR compliant, indicating a good privacy posture. Security-wise, HTTPS is enforced and monitoring tools are in place, but security headers and explicit security policies are missing. The domain's WHOIS data is unavailable, suggesting it may be a subdomain or alias, which impacts trustworthiness. Overall, the site is functional but lacks business and security transparency, limiting its trust and professional appeal.

1

Changing food together | The 10 Billion Challenge

10billionchallenge.org

59

The 10 Billion Challenge website is a professionally designed platform focused on transforming the global food system through societal collaboration and circular partnerships. The site targets stakeholders interested in sustainability and food security, presenting a clear mission and relevant content. Technically, the website leverages modern technologies including EPiServer CMS, Microsoft Azure hosting, and advanced analytics tools such as Matomo, Piwik Pro, and Microsoft Application Insights. The site is mobile optimized and includes a comprehensive cookie consent mechanism, reflecting good privacy compliance practices. Security posture is solid with HTTPS enforced, though explicit security headers are not detected, and no contact or incident response information is provided, which could be improved. Overall, the domain WHOIS data is unavailable, likely due to privacy protection, which is reasonable for this type of initiative. The website scores well on content quality and privacy compliance but could enhance trust and security transparency by adding contact details and security policies.

The website pinecast.com is currently inaccessible due to a Cloudflare Turnstile human verification challenge, indicating that the content is blocked pending user verification. As a result, no business-specific content, contact information, or policies are available for analysis. The domain is registered with Cloudflare, Inc. since 2015, which suggests a legitimate registration but lacks detailed registrant information. The technical infrastructure relies on Cloudflare's security and WAF services, providing protection but limiting content visibility. Due to the blocked content, the security posture cannot be fully assessed, but the presence of Cloudflare's WAF and Turnstile indicates a baseline security mechanism. Overall, the site cannot be fully evaluated until the challenge is passed, and no privacy or compliance policies are visible in the current state.

C

Classictic.com

classictic.com

68

Classictic.com is an established online ticketing platform specializing in classical music concerts and opera events worldwide. Operating since 2002, it serves a global audience of classical music enthusiasts by providing secure online ticket purchases and official partnerships with prestigious venues. The website supports multiple languages and currencies, enhancing accessibility for international users. Technically, the site employs modern JavaScript libraries such as jQuery, Lightbox2, and tracking tools including Google Tag Manager and Hotjar, indicating a mature digital infrastructure. The site is well-optimized for mobile devices and SEO, with a professional design and clear navigation. Security posture is strong with HTTPS enforced and consent management implemented, though some security headers and explicit policies are missing. The absence of WHOIS data is a notable anomaly, but the website's trust indicators and certifications partially mitigate concerns. Overall, Classictic.com presents a reliable and professional service with room for improvement in transparency and security documentation.

G

Grünfin

grunfin.com

55

Grünfin's website indicates that the business is closed, with minimal content and no active business information or contact details. The site is hosted on Google Sites and uses HTTPS with good SSL configuration, but lacks privacy policies, terms of service, and security headers. The WHOIS data is unavailable, suggesting the domain may be unregistered or expired, which aligns with the business closure message. Overall, the digital presence is minimal and does not support active business operations.

S

Beste Online Casino Österreich | 50+ Seriöse Online Casinos

spielautomatcasinos.at

71

The website spielautomatcasinos.at serves as an informational platform focused on online casinos in Austria, particularly slot machine casinos. It provides reviews, comparisons, and guides aimed at Austrian online gambling enthusiasts. The business model appears to be affiliate marketing and content provision within the gambling niche. Technically, the site employs Cloudflare for DNS and CDN services and likely uses WordPress as its CMS. The site implements lazy loading scripts to optimize performance and is mobile-friendly, though accessibility features are basic. Security posture is moderate with HTTPS likely enabled but lacks visible security headers and formal privacy or cookie policies, which are critical for GDPR compliance. Contact and incident response information are absent, limiting user trust and compliance transparency. Overall, the site is functional and professionally designed but requires improvements in privacy compliance and security best practices to enhance trustworthiness and regulatory adherence.

The website vizia.lv is currently inaccessible beyond a Cloudflare Turnstile human verification challenge page, which blocks direct access to any substantive content. Due to this, no business information, contact details, or policies are visible. The site is protected by Cloudflare's security infrastructure, indicating an intent to secure the site from automated access or attacks. However, the lack of accessible content and absence of privacy or cookie policies limits the ability to assess the business or compliance posture. The technical infrastructure relies on Cloudflare services, but the user experience is negatively impacted by the challenge page. Security posture benefits from Cloudflare's protections but lacks visible security headers or policies. Overall, the site presents a low trust and content quality profile due to blocked access.

S

Sorglos Design AG

sorglos-design.ch

57

Sorglos Design AG is a Swiss-based company specializing in the retail and exhibition of premium wellness and outdoor living products including solid wood saunas, the Round Cube Sauna, sauna stoves by Huum, hot tubs, the proprietary low-smoke fireplace 'Feuerzunge', glamping accommodations, and garden furniture. The company targets consumers seeking high-quality wellness and outdoor lifestyle products, positioning itself as a niche premium provider in the Swiss market. The website reflects a professional and consistent brand image with a clear product focus and multiple social media channels to engage customers. Technically, the website employs modern web technologies such as Font Awesome 6 Pro, Google Fonts, and the Splide.js slider, likely built on Ruby on Rails given the presence of CSRF tokens and asset pipeline conventions. The site is mobile-optimized with good SEO practices and moderate performance. Google Analytics is integrated for user tracking, though no explicit cookie consent mechanism or privacy policy is present. From a security perspective, the site uses HTTPS with a valid SSL configuration and includes CSRF protection tokens, indicating a baseline security posture. However, it lacks advanced security headers and does not provide a vulnerability disclosure or security.txt file. No critical vulnerabilities or exposed sensitive data were detected. WHOIS data is consistent with the business claims, supporting legitimacy. Overall, the website is functional, professional, and secure at a basic level but would benefit from enhanced privacy compliance and security best practices to improve trust and regulatory adherence.

Positus.global is a minimally developed website with very limited content, presenting only the brand name 'Positus' on a blank page. The domain is registered through GoDaddy with privacy protection via Domains By Proxy, and hosted on DigitalOcean. There is no visible business description, contact information, or user engagement features, indicating an early-stage or placeholder site. The technical infrastructure is basic, relying on standard web fonts and minimal styling, with no advanced frameworks or CMS detected. Security posture is weak due to lack of DNSSEC, security headers, and privacy policies, though the domain registration and hosting providers are reputable. Overall, the site lacks transparency and professionalism, resulting in a low trust and compliance rating.

The website dooki.com.br is currently inaccessible due to a Cloudflare 520 error indicating an unknown issue between Cloudflare and the origin web server. This prevents any meaningful content from being displayed or analyzed. The site lacks any visible privacy, cookie, or terms of service policies, and no contact or business information is available. The technical infrastructure relies on Cloudflare for DNS and CDN services, but the origin server is not responding correctly. Security posture is weak due to the error and absence of security headers or policies. Overall, the site is not functional and scores very low on content quality, technical implementation, security, privacy compliance, and business credibility.

The website yampi.io is currently inaccessible due to a Cloudflare origin DNS error (error 1016), indicating that the origin server is unreachable or DNS settings are misconfigured. As a result, no business content, metadata, or contact information is available for analysis. The domain is registered through Gandi SAS with a creation date in 2019 and a registrant country of Brazil, but lacks publicly available registrant organization details. The site uses Cloudflare services for DNS and security, but the misconfiguration prevents content delivery. No privacy, cookie, or terms of service policies are present, and no forms or contact details are found on the page.

L

LocalProber

localprober.com

47

The website www.localprober.com presents an extremely minimal digital presence, consisting solely of a single image hosted externally and a basic HTML structure with no textual content or metadata beyond a title. The absence of any contact information, privacy policies, or business descriptions severely limits the ability to understand the business purpose or market positioning. Technically, the site lacks modern web technologies, security headers, and any visible analytics or tracking mechanisms, indicating a very low level of digital maturity. The WHOIS data query returned no registration information, suggesting the domain is either unregistered, deleted, or otherwise not properly maintained, which raises significant legitimacy concerns. Security posture is poor due to lack of HTTPS and absence of security best practices. Overall, the site poses a high risk from a trust and compliance perspective and requires substantial improvements to meet basic standards.

M

Maidonjalostajien ja meijeritukkukauppiaiden liitto ry

maidonjalostajat.fi

62

Maidonjalostajien ja meijeritukkukauppiaiden liitto ry (M2L) is a Finnish dairy industry association founded in 2011, dedicated to promoting the business interests of milk producers and the dairy industry. The website serves as an informational platform targeting dairy producers, processors, and wholesale traders, providing industry news, contact information, and organizational details. The association holds a clear market position as a representative body within Finland's dairy sector, offering advocacy and business development support to its members. Technically, the website is built on WordPress with modern plugins such as Yoast SEO and Valio custom components, ensuring good SEO, mobile responsiveness, and accessibility. The use of Google Tag Manager and Adobe Typekit fonts indicates a mature digital infrastructure. Performance is moderate with good mobile optimization and clear navigation. From a security perspective, the site enforces HTTPS with strong SSL configuration and includes essential security headers. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is robust, with comprehensive privacy and cookie policies and an active consent mechanism. However, explicit security policies and incident response contacts are not published, representing an area for improvement. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance, with minor recommendations to enhance security transparency and incident readiness.

The website settlementapp.com is currently inaccessible due to geographic blocking enforced by Amazon CloudFront, resulting in a 403 error page. This prevents any meaningful extraction of business, security, or compliance information from the site. The domain is registered since 2011 with GoDaddy.com, LLC, indicating a potentially established entity, but no public privacy protection is used. Due to the lack of accessible content, no privacy policies, contact information, or security disclosures are available for review. The technical infrastructure includes Amazon CloudFront as a hosting or CDN provider, but no further technology stack details can be determined. Security posture cannot be assessed beyond the presence of blocking mechanisms, and no security headers or SSL details are visible. Overall, the site’s risk assessment is limited by the lack of accessible data, but the blocking itself suggests a restrictive security posture that may impact user trust and accessibility.

The website svenskaspelsidor.com is a newly established (2024) Swedish informational platform focused on providing comprehensive reviews, rankings, and expert analyses of licensed betting sites and bookmakers in Sweden for 2025. It targets Swedish sports bettors seeking trustworthy and licensed operators, offering detailed content on betting odds, bonuses, responsible gambling, and payment methods. The site uses WordPress CMS with Yoast SEO plugin and integrates modern JavaScript libraries like Swiper.js for UI enhancements. Hosting and DNS are managed via Cloudflare and GoDaddy registrar, ensuring reliable infrastructure. Security posture is adequate with HTTPS enabled and domain status protections, but lacks advanced security headers and explicit security or incident response policies on the site. Privacy and cookie policies are missing, representing a compliance gap. No contact information or social media presence is provided, which limits direct user engagement and trust signals. Overall, the site is well-structured, content-rich, and optimized for SEO and mobile, but would benefit from enhanced privacy compliance and security transparency.

D

The DECODE Knowledge Project | Decodeknowledge

decodeknowledge.org

59

The website www.decodeknowledge.org is a Wix-hosted site with limited publicly accessible content and minimal business information. The site appears to be focused on knowledge or education themes but lacks detailed descriptions, contact information, or privacy and security policies. Technically, the site uses Wix's Thunderbolt framework and standard JavaScript libraries, with moderate performance and good mobile optimization. Security posture is basic with HTTPS enabled but no advanced security headers or policies detected. The absence of WHOIS data and registrant information raises concerns about domain legitimacy and trustworthiness. Overall, the site presents a low maturity level in business transparency and security compliance.

R

roi.lv

roi.lv

44

The website roi.lv appears to be a Latvian regional site likely related to financial or investment services, as inferred from domain and linked partner sites. The site uses modern web technologies such as Angular and includes cookie consent mechanisms via CookieHub, indicating some level of compliance with privacy regulations. However, the site lacks visible privacy policies, terms of service, and contact information, which limits transparency and user trust. The presence of multiple tracking and advertising scripts such as Google Analytics, Google Ads, Facebook Pixel, and LinkedIn Insight suggests a moderate level of user tracking and marketing activity. Technically, the site is moderately optimized but lacks explicit security headers and detailed security policies. WHOIS data shows the domain is active with consistent name servers and no privacy protection, supporting legitimacy but with limited registrant details. Overall, the site scores moderately on content quality, technical implementation, security posture, privacy compliance, and business credibility.

P

PremierCert+

premiercert.org

46

PremierCert+ operates as a specialized certification management platform requiring user authentication to access services. The website serves primarily as a login portal with minimal public-facing content, indicating a focus on registered users such as professionals or organizations involved in certification processes. The platform is powered by Isopyre technology and leverages ASP.NET Web Forms with DevExpress controls, reflecting a traditional Microsoft web technology stack. Client-side SHA256 hashing is implemented for password security, demonstrating some attention to protecting user credentials. Technically, the site uses a mature but somewhat dated technology stack with jQuery and ASP.NET AJAX. Performance and mobile optimization are basic, with no advanced SEO or accessibility features detected. Security posture shows moderate implementation with session timeout warnings and client-side hashing; however, the absence of security headers and anti-CSRF tokens indicates room for improvement. The lack of HTTPS verification and missing WHOIS data further reduce trustworthiness. Overall, the website is functional for its intended purpose but lacks comprehensive privacy, security, and business transparency features. The missing WHOIS data and absence of contact or policy pages limit the ability to fully verify legitimacy and compliance. Strategic improvements in security headers, privacy policies, and domain registration transparency are recommended to enhance trust and compliance.

P

Polish-Estonian Chamber of Commerce (POLESTCC)

polestcc.org

53

The Polish-Estonian Chamber of Commerce (POLESTCC) is a small, specialized business association established in 2020 to foster economic exchange and cooperation between Poland and Estonia. It serves entrepreneurs and companies operating or planning to operate in these countries by providing networking opportunities, business representation, and support for international development. The website reflects a professional and consistent brand image with clear business descriptions and active social media engagement. Technically, the site is built on WordPress with a modern theme and plugins, offering good SEO and mobile optimization. Security posture is solid with HTTPS, CAPTCHA on contact forms, and GDPR-compliant consent mechanisms, though DNSSEC is not enabled and some security headers are missing. Overall, the domain registration details align well with the business identity, supporting legitimacy. The site is accessible without WAF or blocking mechanisms, enabling full analysis.

The domain eis.ee is registered since 2010 under Zone Media OÜ, an Estonian registrar, indicating a legitimate and mature domain. However, the website content is currently inaccessible due to a Cloudflare Turnstile human verification challenge page, which blocks access to any business or informational content. This prevents extraction of any privacy policies, contact information, or business descriptions. The technical infrastructure relies on Cloudflare security services, including Turnstile captcha and Cloudflare Insights for analytics. Due to the blocking, the website's security posture cannot be fully assessed, but the presence of Cloudflare WAF indicates a baseline security measure. Overall, the site lacks visible content and compliance disclosures, resulting in a low AI score and limited trustworthiness assessment.