Security Directory

F

Forsta

confirmit.com

66

Forsta GmbH is a German-based technology company specializing in customer experience and market research technology solutions. Their website targets business clients seeking advanced data analytics and research tools to improve customer insights. The company positions itself as an established player in the B2B SaaS market with a focus on delivering comprehensive customer experience management platforms. The website is professionally designed, primarily in German, and provides clear information about their services and contact channels. Technically, the site is built on WordPress and leverages modern web technologies including New Relic for performance monitoring and Google Tag Manager for analytics. The site is mobile-optimized and includes privacy and cookie policies compliant with GDPR standards. Security-wise, the website enforces HTTPS and includes standard security headers, but lacks a dedicated security policy or incident response information. WHOIS data is unavailable, which slightly reduces trust but does not indicate malicious intent. Overall, the site demonstrates a mature digital presence with room for improvement in transparency around security and incident response.

Capsis B.V. is a specialized technology company based in the Netherlands, founded in 2004, offering professional web archiving solutions including software packages and online services. Their market position is niche-focused, targeting organizations that require reliable and user-friendly website archiving to preserve digital cultural heritage and ensure compliance with public records requirements. The company provides two main products: NetTrack, an online archiving service, and Presurf, a software package for large-scale archiving. Technically, the website employs standard web technologies such as HTML, CSS, JavaScript, and jQuery 1.7.1, along with the Nivo Slider plugin for image display. The site is moderately optimized for performance and basic mobile responsiveness but lacks modern frameworks or CMS platforms. DNSSEC is enabled on the domain, indicating some attention to domain security, but no security headers or HTTPS enforcement details were found in the provided data. From a security perspective, the site shows moderate maturity with no visible vulnerabilities or exposed sensitive data. However, the absence of privacy and cookie policies, outdated JavaScript libraries, and lack of security headers represent areas for improvement. No incident response or vulnerability disclosure information is provided, which could impact trust and compliance. The domain's WHOIS data is consistent and legitimate, supporting the company's credibility. Overall, Capsis B.V. presents a professional and trustworthy web presence with solid business credibility but would benefit from enhanced security practices and privacy compliance measures to strengthen its risk posture and regulatory alignment.

F

Feelingz

mijnfeelingz.nl

47

MijnFeelingz.nl is an e-commerce platform based in the Netherlands specializing in personalized gift selection accessible via a personal order code. The website presents a clean, modern login interface with a focus on privacy and compliance with GDPR, as evidenced by the cookie consent banner and privacy policy. The business holds the Thuiswinkel Waarborg certification, a recognized trust mark in Dutch e-commerce, enhancing its credibility. The domain has been active since 2013, indicating a stable online presence. Technically, the site uses modern JavaScript modules and CSS with some React-like structure implied. Hosting appears to be managed by Novulo, a known hosting provider. The site is mobile-optimized with good design quality and basic accessibility features. However, no advanced SEO or structured data markup was detected, which could be improved for better search visibility. From a security perspective, HTTPS is used, and cookie policies are transparent with no third-party tracking cookies detected. However, the absence of explicit security headers such as CSP and HSTS is a gap. No incident response or vulnerability disclosure information is provided, which could be a concern for security maturity. The site does not expose sensitive data or show signs of vulnerabilities in the analyzed content. Overall, the website scores well in content quality, privacy compliance, and business credibility but has room for improvement in security posture and technical SEO. Strategic recommendations include implementing security headers, publishing incident response contacts, enhancing SEO with structured data, and maintaining transparency in data protection practices.

N

Netzbegruenung - Verein fuer gruene Netzkultur e.V.

gruene.social

66

gruene.social is a Mastodon social networking instance operated by Netzbegruenung - Verein fuer gruene Netzkultur e.V., a German non-profit organization aligned with the Green Party. The platform serves a niche audience interested in green politics and federated social media, providing a community-focused environment without commercial advertising or intrusive tracking. The website uses Mastodon version 4.4.2 with a modern React-based frontend, indicating a contemporary technical infrastructure with good mobile optimization and moderate performance. Security posture is adequate with HTTPS usage and no exposed sensitive data, but lacks advanced security headers and explicit incident response policies. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism or terms of service published. Overall, the site is trustworthy and professionally maintained, suitable for its target audience and business model.

A

2025 AGI Open Ho Chi Minh City - AGI Open

agi-open.com

56

AGI Open is a niche event organization focused on hosting a global design leadership conference in Ho Chi Minh City, Vietnam in November 2025. The website serves primarily as an informational landing page with minimal content, promoting the event and offering a subscription form for updates. The technical infrastructure includes modern JavaScript and CSS assets, with Cloudflare DNS and multiple third-party tracking scripts such as Facebook Pixel and Quantcast. The site is mobile optimized but lacks comprehensive content and accessibility features. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers. Privacy compliance is weak due to absence of privacy and cookie policies. Business credibility is moderate given the domain age and event focus, but contact information and trust signals are minimal.

B

Bumper

wearebumper.com

62

Bumper is a Canadian-based small media company specializing in podcast data and growth services. They provide a proprietary analytics dashboard and expert guidance to help podcasters and related businesses make smarter decisions and grow their audiences effectively. The website is built on Squarespace, leveraging modern web technologies and Cloudflare DNS, with a professional design and good user experience. Security posture is strong with HTTPS and HSTS enabled, though DNSSEC is not configured. Privacy compliance is partial, with a cookie policy present but lacking an active consent mechanism and no explicit privacy or terms of service pages. Contact information is not directly available on the site, which may impact user trust and compliance. Overall, the site is trustworthy and well-positioned in its niche but could improve compliance and transparency.

U

Ubisoft Entertainment S.A.

ubisoftconnect.com

55

Ubisoft is a leading global video game publisher and developer, operating the Ubisoft Connect platform which provides a multi-platform ecosystem for player services including game management, social features, rewards, and cross-platform progression. The website is professionally designed, mobile-optimized, and uses modern web technologies such as React and Algolia for search. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities. Privacy and legal policies are comprehensive and GDPR compliant, with clear links to data protection officer resources. WHOIS data is unavailable, likely due to registry restrictions or privacy measures, but the website's branding and external references strongly support legitimacy. Overall, Ubisoft Connect represents a mature, enterprise-level digital service platform with a high level of trust and professionalism.

S

Sketch

sketch.com

68

Sketch is a well-established design software company targeting designers and creative professionals with a macOS native application focused on design, prototyping, collaboration, and developer handoff. The website is professionally designed, rich in content, and demonstrates a mature digital presence with modern technologies and privacy-conscious analytics. Security posture is strong with HTTPS and security headers, though explicit security policies and incident response information are not publicly detailed. WHOIS data is unavailable or privacy protected, which slightly reduces trust but is common for established brands. Overall, Sketch presents a trustworthy and professional business with a strong market position in the design software industry.

K

Krajowa Izba Rozliczeniowa S.A.

kir.pl

63

Krajowa Izba Rozliczeniowa S.A. (KIR) is a key technological hub and infrastructure provider for the Polish payment system, offering a broad range of digital solutions for banks, companies, public sector entities, and individual clients. Their services include interbank settlements (Elixir), instant payments (Express Elixir), electronic signatures (Szafir and mSzafir), electronic identification (mojeID), and open banking interfaces (HUB PSD2). The company holds a strong market position as a critical infrastructure entity in Poland's financial ecosystem. Technically, the website employs modern web technologies including Google Tag Manager and Google reCAPTCHA, with a CMS platform (edito) supporting content management. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital presence. Security measures such as HTTPS, CSRF tokens, and bot protection are implemented, though explicit security headers could be further verified. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy and cookie policies are comprehensive and GDPR compliant, supporting user data protection. However, no explicit incident response or vulnerability disclosure policies were found, which could enhance trust and security readiness. Overall, the website and business present a low-risk profile with strong credibility and professional digital infrastructure. Strategic recommendations include enhancing security header transparency, publishing vulnerability disclosure information, and improving contact information visibility to further strengthen trust and compliance.

M

Marijke Rosmolen Fotografie

marijkerosmolen.nl

55

Marijke Rosmolen Fotografie is a small local photography business based in Ridderkerk, Netherlands, specializing in funeral photography and related event photography services. The website is built on the Wix platform, leveraging Wix's Thunderbolt framework and standard web technologies such as HTML5, CSS, and JavaScript. The business targets individuals and families seeking respectful and professional photography services for funerals and life events. The website presents a professional design with clear navigation and relevant content, although it lacks some compliance elements such as privacy and cookie policies. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, but could be improved by adding security headers and incident response information. Overall, the website is legitimate and functional but would benefit from enhanced privacy compliance and security best practices.

N

National Park Service

nps.gov

67

The National Park Service website (nps.gov) serves as the official digital presence of the U.S. federal agency responsible for managing national parks and cultural heritage sites. It provides comprehensive information for visitors, educators, volunteers, and partners, including park details, educational resources, event information, and multimedia content. The site is authoritative and well-positioned as the primary source for national park information in the United States. Technically, the website employs a mature infrastructure with CommonSpot CMS, legacy jQuery 1.12, and modern web standards including HTTPS and responsive design. The site demonstrates good mobile optimization, accessibility, and SEO practices, although some legacy scripts and lack of explicit cookie consent mechanisms indicate areas for modernization. From a security perspective, the site benefits from HTTPS encryption and published privacy and vulnerability disclosure policies. However, the absence of explicit security headers and cookie consent banners suggests room for improvement in compliance and defense-in-depth. The WHOIS data is incomplete but typical for a .gov domain, which inherently carries high trust and legitimacy. Overall, the website is a high-quality, trustworthy government resource with strong content and user experience. Strategic enhancements in security headers, privacy compliance, and incident response transparency would further strengthen its posture and user trust.

Make-A-Wish Nederland is a well-established non-profit organization founded in 2011, dedicated to fulfilling the wishes of seriously ill children in the Netherlands. The website serves as a platform for donors and supporters to contribute financially to this cause. The organization maintains a consistent brand presence and targets a general audience interested in charitable giving. Technically, the website is built on Craft CMS, uses Cloudflare for DNS and CDN services, and integrates modern tools such as Google Tag Manager and Cookiebot for analytics and privacy compliance. The site is mobile-optimized and demonstrates good SEO practices. Security-wise, the site enforces HTTPS, uses CSRF tokens, and implements cookie consent mechanisms, although there is room for improvement in DNSSEC and explicit security headers. Overall, the domain registration data aligns well with the organization's claims, supporting its legitimacy. No blocking or WAF challenges were detected, allowing full content access and analysis.

P

Postcode Lottery Group

werkendoejebij.nl

70

The website www.werkendoejebij.nl represents the Postcode Lottery Group, a well-established non-profit organization operating lotteries in the Netherlands to raise funds for charitable causes. The site targets job seekers interested in working for this organization and provides detailed information about departments, vacancies, and the company's mission. The business is large, founded in 1989, and has a strong market position in the Dutch lottery and charity sector. The website content is professionally presented, consistent in branding, and includes rich media such as videos and employee stories. Technically, the site uses modern web technologies including the Elm framework for interactive components, Google Tag Manager and Google Analytics for tracking, and embedded YouTube videos served via privacy-enhanced domains. The site is mobile-optimized and SEO-friendly with proper metadata and structured data. Cookie consent is implemented with granular user control, reflecting good privacy practices. From a security perspective, the site enforces HTTPS and employs cookie consent mechanisms to comply with GDPR. However, no explicit security headers or incident response policies are published, and no vulnerability disclosure information is available. No critical vulnerabilities or exposed sensitive data were detected in the HTML content. Overall, the website is trustworthy, professionally maintained, and compliant with privacy regulations. Strategic improvements could include publishing security policies, enhancing security headers, and providing clearer contact information for security incidents.

Capsis B.V. is a specialized technology company based in the Netherlands that provides website archiving solutions to organizations seeking to preserve their web communications and digital heritage. Their offerings include an online archiving service (NetTrack) and a software package (Presurf) designed for professional and large-scale website archiving. The company positions itself as a niche provider with a clear focus on digital preservation and compliance with public records requirements. The website infrastructure is built on standard web technologies including HTML, CSS, JavaScript, and jQuery, with a slider component for visual presentation. While functional and professionally designed, the technical stack shows signs of aging (e.g., use of jQuery 1.7.1) and lacks modern security headers and advanced SEO or accessibility features. The site is moderately optimized for performance and mobile use but could benefit from modernization. From a security perspective, the site is accessible without WAF or blocking mechanisms and does not expose sensitive data. However, it lacks visible security headers and privacy compliance documentation such as privacy and cookie policies, which are critical for GDPR compliance. No forms or user input fields are present on the analyzed page, reducing immediate data protection risks. WHOIS data confirms the legitimacy of the domain and company, with consistent registrant information matching the website's claims. Overall, Capsis B.V. presents a trustworthy and professional web presence with room for improvement in privacy compliance and security best practices. Strategic enhancements in these areas would strengthen their security posture and regulatory adherence, supporting their business credibility and customer trust.

G

GoodUp CSR Software

goodup.com

64

GoodUp CSR Software is a mature, established SaaS provider specializing in corporate social responsibility platforms that engage employees in sustainability, social impact, diversity, and wellbeing initiatives. The company offers a comprehensive platform with modules for events, volunteering, challenges, giving, and reporting, targeting businesses aiming to enhance their CSR efforts. The website reflects a professional and consistent brand image with excellent content quality and user experience. Technically, the site is built on WordPress with modern plugins and integrates marketing and analytics tools such as Hubspot, Google Ads, and LinkedIn Insight Tag. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and no visible vulnerabilities. Privacy compliance is well addressed with clear policies and consent management. Overall, the website and domain registration data indicate a trustworthy and credible business presence.

O

Outreach

outreach.io

77

Outreach is an enterprise-level SaaS company specializing in AI-powered revenue workflow and sales engagement platforms. Their website clearly targets sales, marketing, revenue operations, and go-to-market teams, positioning themselves as a leader in the sales engagement technology space. The platform offers AI-driven workflows to optimize revenue success, supported by a professional and well-branded digital presence. The technical infrastructure is modern, leveraging React and Next.js frameworks, with extensive use of analytics and consent management tools, indicating a mature digital strategy. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, though explicit security policies and incident response contacts are not publicly disclosed. Overall, the website is professional, trustworthy, and compliant with privacy regulations, reflecting a credible and established business.

The domain financefear.com currently serves a 404 Not Found error page and does not host any accessible business content. The domain is used by Admiral, a service provider specializing in copyright access control and privacy consent management for digital publishers. The page content describes the service's role in enabling GDPR compliance and subscription support but lacks any direct business or user-facing information. Technically, the domain is hosted on Google Cloud Platform with AWS DNS servers and employs industry-standard encryption and certificate rotation. Security practices are described in general terms, with no executable files or downloads hosted, and a security contact email is provided. However, no privacy or cookie policies, contact forms, or business details are present, limiting the ability to assess compliance and user engagement. The domain WHOIS data is transparent, registered with NameCheap, Inc., and consistent with a legitimate service domain created in 2022. Overall, the site is not currently functional as a business website and scores low on content quality and business credibility.

O

Outdoor Stereo Festival

outdoorstereo.nl

55

Outdoor Stereo Festival is a small-scale event organizer focused on hosting an outdoor music festival in the Netherlands, scheduled for August 30, 2025. The website serves primarily as a promotional platform to showcase the event, artists, and facilitate ticket sales through a third-party vendor. The target audience is music enthusiasts, particularly those interested in outdoor festivals within the Dutch region. The business model revolves around event organization and ticketing. Technically, the website is built using modern web technologies including Next.js and React, ensuring a responsive and visually appealing user experience. Performance is moderate with good mobile optimization and basic accessibility features. SEO practices are adequately implemented with proper meta tags and Open Graph data. From a security perspective, the site enforces HTTPS and uses asynchronous loading for scripts, but lacks explicit security headers and does not provide visible security or incident response policies. Privacy compliance is limited due to the absence of a privacy policy and terms of service, though a cookie consent mechanism is present. Overall, the website is professional and trustworthy for its purpose but would benefit from enhanced privacy and security disclosures to improve compliance and user trust.

C

Cosmic

designbycosmic.com

70

Cosmic is a specialized creative agency focused on empowering social impact organizations, particularly nonprofits and mission-driven entities, to build compelling brands and digital presences that succeed in the modern attention economy. Their services include brand strategy, web design and development, and marketing campaigns tailored to drive engagement and real-world action. The company positions itself as a partner for social impact leaders seeking to modernize their communications and digital strategies. Technically, the website is built on a modern React and Next.js stack, hosted with Cloudflare CDN, ensuring fast performance and mobile optimization. The site demonstrates good SEO and accessibility practices, with comprehensive privacy and cookie policies in place. Security posture is strong with HTTPS enforced and standard security headers present, though explicit security policies and incident response contacts are not found. Overall, the domain registration data aligns well with the business claims, indicating legitimacy and trustworthiness. The website provides clear contact information and social media presence, enhancing business credibility. Recommendations include adding a dedicated security policy and vulnerability disclosure page to further strengthen trust and compliance.

P

ProRail

prorail.nl

78

ProRail is the Dutch government agency responsible for managing and maintaining the national railway infrastructure. The website clearly communicates its mission to ensure safe, timely, and sustainable rail transport for passengers and freight. The site targets a broad audience including travelers, freight operators, and government stakeholders. Technically, the site uses modern web technologies including JavaScript modules, consent management via Cookiebot, push notifications with OneSignal, and analytics tools such as Google Analytics and Hotjar. The site is hosted securely with HTTPS and employs multiple security headers, reflecting a mature security posture. However, explicit security policies and incident response contacts are not publicly available, representing an area for improvement. Overall, the website is professional, trustworthy, and compliant with GDPR regulations, with a strong alignment between domain registration data and business identity.

U

Ubisoft Entertainment

forhonorgame.com

70

Ubisoft Entertainment operates the official website for the game 'For Honor', a multiplayer melee action game available on multiple platforms including PlayStation, Xbox, and PC. The website serves as a comprehensive hub for game information, updates, community engagement, and digital sales. Ubisoft is a well-established global game publisher with a strong market position and a large enterprise footprint. The website demonstrates a mature technical infrastructure leveraging modern web technologies such as React, Google Tag Manager, and OneTrust for consent management, ensuring a performant and user-friendly experience. Security posture is strong with HTTPS enforcement, security headers, and privacy compliance evident through detailed policies and cookie consent mechanisms. No critical vulnerabilities or suspicious activities were detected. WHOIS data for the domain is unavailable, likely due to registry or privacy policies, but the website's trustworthiness is supported by multiple trust signals and official branding. Overall, the site is professional, secure, and compliant, serving its target audience effectively.

U

Ubisoft

assassinscreed.com

67

Ubisoft is a leading global video game developer and publisher, with the Assassin's Creed franchise being one of its flagship properties. The website serves as a comprehensive portal for fans and gamers, offering detailed information about the games, news updates, merchandise, and community engagement. The site is well-branded, professionally designed, and optimized for both desktop and mobile platforms, reflecting Ubisoft's strong digital maturity. Technically, the site leverages modern web technologies including React, Contentful CMS, and integrates third-party services such as Algolia for search and YouTube for video content. Security best practices are observed with HTTPS enforcement and appropriate security headers, although WHOIS data is not publicly available due to registry restrictions, which is common for large brands. Privacy and cookie policies are present and GDPR compliant, with consent mechanisms implemented. Overall, the site demonstrates a high level of professionalism, trustworthiness, and user engagement.

U

Ubisoft

ubi.com

66

Ubisoft is a globally recognized video game developer and publisher, known for iconic franchises such as Assassin's Creed, Rainbow Six, and Far Cry. Their official website serves as a comprehensive platform for game promotion, news updates, and digital services including Ubisoft+ subscription and Ubisoft Connect. The site targets a broad audience of gamers and enthusiasts worldwide, offering rich multimedia content and seamless navigation. Technically, the website employs modern web technologies including React and Next.js, ensuring fast performance, mobile optimization, and accessibility. The integration of consent management tools like OneTrust and marketing platforms such as Google Tag Manager and Abtasty reflects a mature digital infrastructure focused on privacy and user experience. From a security perspective, the site enforces HTTPS, utilizes robust security headers, and manages cookie consent effectively. No critical vulnerabilities or exposed sensitive data were detected. However, the absence of publicly visible incident response contacts or vulnerability disclosure programs suggests areas for improvement. Overall, the website demonstrates a high level of professionalism, trustworthiness, and compliance with privacy regulations. The missing WHOIS data is likely due to privacy or registrar policies and does not detract from the site's legitimacy. Strategic recommendations include enhancing transparency around security incident response and vulnerability reporting to further strengthen trust.

S

Spark Plugin

sparkplugin.com

63

Spark Plugin is a specialized technology company offering a design toolkit plugin for Squarespace users, enabling code-free, one-click customizations to create unique websites. The company targets designers, creatives, and small businesses seeking enhanced design flexibility within the Squarespace platform. The website is professionally designed, mobile-optimized, and integrates modern analytics and tracking tools such as Mixpanel and Microsoft Clarity, reflecting a mature digital infrastructure. Security posture is strong with HTTPS and HSTS enabled, though explicit security policies and incident response documentation are absent. Privacy compliance is addressed with a privacy policy and cookie consent banner, but terms of service and vulnerability disclosure mechanisms are missing. The WHOIS data is notably absent or inaccessible, raising concerns about domain registration legitimacy, which impacts overall trustworthiness. Despite this, the website presents strong trust indicators including a high Trustpilot rating and active social media presence. Overall, the site scores well on content quality, technical implementation, and security, but business credibility and privacy compliance could be improved.

M

Middlebury College Publications

middleburymagazine.com

50

Middlebury Magazine is a well-established publication affiliated with Middlebury College, serving primarily the college's alumni and community with rich editorial content including features, essays, podcasts, and videos. The website demonstrates a professional and consistent brand presence with high-quality content and a clear focus on educational and alumni engagement. Technically, the site is built on WordPress using the Genesis Framework, hosted likely by Middlebury College or its affiliates, with moderate performance and good mobile optimization. Security posture is solid with HTTPS enforced and domain registration consistent with the institution, though improvements such as enabling DNSSEC and adding security headers are recommended. Privacy compliance is weak due to the absence of explicit privacy and cookie policies, which should be addressed to meet modern standards. Overall, the site is trustworthy and professional but could enhance its privacy and security transparency.

Revolution Hall + Show Bar operates a small-scale e-commerce website selling branded merchandise such as apparel and gift cards related to their music venue and show bar. The website is built on the Shopify platform using the Dawn theme, providing a modern, responsive, and accessible user experience. The business targets fans and patrons of the venue, offering a straightforward online shopping experience. The domain is recently registered in 2023, consistent with the new business launch. Technically, the site leverages Shopify's infrastructure and scripts, ensuring secure payment processing and integration with digital wallets. Performance and SEO are adequate, with proper meta tags and structured data present. However, the site lacks explicit privacy, cookie, and terms of service pages, which are critical for compliance and user trust. No direct contact information or security policies are published, limiting transparency. From a security perspective, HTTPS is enforced, and domain transfer protections are in place. However, DNSSEC is not enabled, and no security headers are detected, representing areas for improvement. No vulnerabilities or malicious content were found. The site uses tracking pixels and analytics typical for e-commerce but lacks visible cookie consent mechanisms. Overall, the website is functional and professional but would benefit from enhanced privacy compliance, security hardening, and improved transparency to increase trustworthiness and regulatory adherence.

E

Engrain

creativebyengrain.com

59

Creative Services by Engrain is a boutique agency specializing in brand development and custom website design for the multifamily real estate industry. The company positions itself as a top-tier creative partner focused on storytelling and impactful design to connect communities and enhance brand presence. The website is professionally designed using the Squarespace platform, featuring clear navigation and relevant content that aligns with its business focus. Technical infrastructure is modern and leverages Squarespace's hosting and content management capabilities, ensuring good performance and mobile optimization. Security posture is strong with HTTPS and HSTS enabled, though there is room for improvement in privacy compliance and explicit security policies. The absence of WHOIS data for the domain introduces some uncertainty regarding domain registration legitimacy, but the overall business presentation and contact information support a credible operation. Strategic recommendations include implementing cookie consent mechanisms, publishing security and incident response policies, and enhancing trust signals through certifications or client testimonials.

O

OD

oregondistilled.com

55

Oregon Distilled is an event-focused business organizing an annual distilled spirits tasting festival in Portland, Oregon. The website promotes the event, ticket packages, and participating distillers, chefs, and vendors. It targets adult consumers interested in spirits and cocktail culture. The business operates primarily through event ticket sales and partnerships with distillers and food vendors. Technically, the website is built on Squarespace, leveraging its CMS and hosting infrastructure, with a moderate performance and good mobile optimization. Security posture is adequate with HTTPS enforced but lacks advanced security headers and published policies. The absence of WHOIS data for the domain is a concern for trust but may be due to privacy protection or recent registration. Overall, the site is professional and functional but would benefit from enhanced privacy compliance and security best practices.

D

Datafy

datafyhq.com

65

Datafy is a specialized technology company offering an integrated analytics and advertising platform designed to empower businesses with data-driven marketing solutions. Their platform combines comprehensive data analytics, strategic advertising via an owned demand-side platform (DSP), and campaign measurement with attribution, targeting industries such as attractions, retail, and travel & tourism. The company emphasizes customization, transparency, and direct client engagement, supported by in-house software development and data science expertise. Technically, the website is built on modern frameworks including Next.js and React, with a strong focus on performance, mobile optimization, and user experience. The presence of a consent management platform (Osano) and Google Tag Manager indicates mature digital marketing and privacy compliance practices. However, the absence of visible security headers and explicit security policies suggests areas for improvement in security posture. Security-wise, Datafy demonstrates good practices such as HTTPS enforcement and SOC 2 certification, which are positive trust signals. Nonetheless, the lack of WHOIS data raises questions about domain registration legitimacy, which should be addressed to enhance trust. The site does not expose vulnerabilities or sensitive data visibly, but could benefit from publishing incident response contacts and vulnerability disclosure policies. Overall, Datafy presents a professional and trustworthy digital presence with strong business credibility and technical maturity. Addressing the WHOIS data gap and enhancing security transparency would further strengthen their risk profile and stakeholder confidence.

Make-A-Wish Nederland is a well-established non-profit organization dedicated to fulfilling the wishes of children aged 3 to 18 with serious or life-threatening illnesses. The organization operates primarily within the Netherlands and has been active since 2011. Their website reflects a professional and consistent brand image, targeting donors, volunteers, and families of children in need. The site provides clear information about their mission and services, supported by a modern technical infrastructure including Cookiebot for consent management and Google Tag Manager for analytics. The use of Craft CMS is inferred from cookie names, indicating a robust content management system. Security posture is solid with HTTPS enforced and CSRF protections in place, though some security headers could be explicitly implemented. Privacy compliance is well addressed with a comprehensive cookie policy and consent mechanism. However, contact information and formal security policies are not explicitly published, which could be improved to enhance trust and transparency. Overall, the website is trustworthy, professionally maintained, and compliant with GDPR requirements.

B

Bath Iron Works

gdbiw.com

78

Bath Iron Works is a full-service shipyard specializing in the design, construction, and support of complex surface combatants for the U.S. Navy. As a subsidiary of General Dynamics Marine Systems, it holds a significant position in the defense and transportation sectors, serving government and military clients. The website reflects a professional corporate presence with consistent branding and a focus on its core shipbuilding services. Technically, the site is built on WordPress with modern JavaScript frameworks and includes SEO and cookie consent tools, indicating a moderate level of digital maturity. Security posture is generally good with HTTPS enforced and cookie consent implemented, but lacks explicit security headers and published security policies. The absence of WHOIS registration data is a notable concern, though the website content and social media presence strongly support legitimacy. Overall, the site is professional and trustworthy but would benefit from enhanced transparency and security documentation.

The domain writingfort.com currently serves only a 404 Not Found error page with embedded information about Admiral, a service provider specializing in copyright access control and privacy compliance for digital publishers. The site lacks active business content, contact information, or interactive features, indicating it is either inactive or used solely as a service endpoint. The technical infrastructure is hosted on Google Cloud Platform with AWS DNS servers, showing a modern cloud hosting environment. Security practices mentioned include HTTPS enforcement and frequent certificate rotation, but no DNSSEC or advanced security headers are present. Overall, the security posture is adequate for a service endpoint but limited by the lack of visible business operations or user engagement. The domain registration is consistent and legitimate, with a mature age and no privacy protection, aligning with a professional service provider. However, the absence of contact details, terms of service, and cookie consent mechanisms limits privacy compliance and business credibility. The website is safe with no adult or questionable content detected. Given the lack of accessible content, the overall risk is low but the site offers minimal value to end users or customers.

CKEditor Cloud Services is a technology-focused business providing cloud-based services for the CKEditor rich text editor ecosystem. The website serves primarily as an informational landing page linking users to status monitoring, dashboard management, and documentation resources. The company, CKSource Holding sp. z o.o., is a medium-sized technology entity founded in 2017 and based in Poland. The business model centers on SaaS offerings for content editing tools targeting developers and organizations integrating CKEditor products. Technically, the website is minimalistic, built with standard HTML, CSS, and JavaScript, hosted on Amazon Web Services. It lacks advanced SEO, accessibility, and performance optimizations but provides a functional and consistent user experience. No CMS or complex frameworks are detected. The site is mobile responsive at a basic level. From a security perspective, the domain registration is stable and consistent with the business, with domain locks enabled to prevent unauthorized changes. However, the website lacks DNSSEC, security headers, privacy and cookie policies, and incident response contact information. No analytics or tracking scripts are present, indicating minimal user tracking. The security posture is moderate but could be improved by implementing standard security best practices and compliance documentation. Overall, the website is safe, professional, and trustworthy but limited in content and compliance features. Strategic improvements in privacy, security headers, and user engagement elements would enhance the site's credibility and compliance standing.

P

Pocket Gamer

steelserve.com

63

Pocket Gamer is a well-established media platform specializing in mobile and handheld videogame news, reviews, guides, and redeem codes. It targets mobile gaming enthusiasts and maintains a strong market position as a leading source of mobile gaming content. The website demonstrates a professional design with consistent branding and regularly updated content, supporting a medium-sized business model primarily driven by advertising revenue. Technically, the site uses modern web technologies including Google Fonts, Google Tag Manager, and various advertising and tracking scripts, hosted on Steelserve infrastructure. Performance and mobile optimization are good, though accessibility features could be improved. Security posture is solid with HTTPS enforced and secure form handling, but lacks some recommended security headers and explicit privacy and cookie policies. WHOIS data is unavailable, which slightly reduces trustworthiness but the site content and network affiliations support legitimacy. Overall, the site is safe for general audiences and provides valuable content for mobile gamers.

The domain merequartz.com currently serves only a 404 Not Found error page with no accessible business content. The page indicates that the domain is hosted by Admiral, a service provider specializing in copyright access control and privacy consent management for digital publishers. The domain is relatively new, registered in April 2023, and does not present any direct business or contact information. Technically, the site is hosted on Google Cloud Platform with AWS DNS services, uses HTTPS with frequent certificate rotation, and does not host any executable or malicious content. However, the lack of actual website content, privacy policies, and contact details significantly limits the ability to assess the business or security posture fully. The security posture is moderate based on hosting provider practices but lacks domain-level security enhancements such as DNSSEC. Overall, the site appears to be a placeholder or a domain intended for future use rather than an active business website.

The domain mowgoats.com currently serves a 404 Not Found error page with minimal content. The page indicates that the domain is hosted by Admiral, a service provider specializing in copyright access control, privacy consent management including GDPR compliance, and support for subscriptions and donations on behalf of digital publishers. There is no direct business branding or detailed company information visible on the site. The technical infrastructure is based on Google Cloud Platform with DNS hosted on AWS DNS servers. The site content is limited to static HTML, CSS, and JavaScript with no dynamic content or forms. Security practices are described in text but no technical security headers or policies are present on the page. The domain WHOIS data is consistent and registered with NameCheap, Inc. since 2019, with no privacy protection enabled. Overall, the site is not accessible for normal user interaction and lacks critical business and privacy information.

The domain loadedhearts.com currently serves a 404 Not Found error page with no accessible business content. The page indicates that the domain is used by Admiral (getadmiral.com) to provide copyright access control and privacy consent services for digital publishers. The domain is registered since 2009 with NameCheap and hosted on Google Cloud Platform, indicating a mature and stable technical infrastructure. However, the lack of actual website content, privacy policies, and contact information significantly limits the digital maturity and business credibility of the site. Security posture is moderate due to the use of encryption and frequent certificate rotation, but DNSSEC is not enabled and security headers are not visible. Overall, the site is not currently functional as a business website and requires significant improvements to content, compliance, and user experience.

H

HyprMX

hyprmx.com

67

HyprMX is a New York-based mobile advertising network specializing in brand-only ads within premium mobile applications. Established in 2012, the company positions itself as a premier ad network connecting top Fortune 500 advertisers directly with mobile app publishers. The website reflects a professional and modern digital presence, utilizing standard web technologies and third-party services such as Google Analytics and OneTrust for cookie consent management. The technical infrastructure appears solid, with AWS-hosted DNS and modern font loading techniques, although no CMS or advanced frameworks are detected. Security posture is adequate with HTTPS and IP anonymization in analytics, but lacks explicit security headers and published security policies. Privacy compliance is partially addressed through cookie consent but lacks a visible privacy policy or terms of service. Overall, the domain registration data aligns well with the business claims, indicating legitimacy and transparency.

D

Dia Art Foundation

diaart.blog

57

Dia Art Foundation operates an arts-focused blog hosted on Squarespace, providing weekly content related to artist projects, exhibitions, and public programs. The website targets a general audience interested in contemporary art and culture, positioning itself as a niche non-profit arts organization. The technical infrastructure is modern, leveraging Squarespace's platform with good mobile optimization and SEO practices. Security posture is solid with HTTPS enabled and no visible vulnerabilities, though security headers are absent and privacy compliance could be improved. The lack of direct contact information and WHOIS transparency slightly reduces trust but is typical for privacy-conscious non-profits. Overall, the site is professional and trustworthy within its domain.

AddToCalendar.com is a specialized technology service offering a free widget that enables users to add events to various calendar platforms such as Google Calendar, Outlook, iCal, and Yahoo. The service targets web developers, event organizers, and marketers, providing easy integration for event pages and email campaigns. The website is well-structured, with clear instructions and multiple style options for the widget, and is trusted by notable clients like Dell and Adidas. Technically, the site leverages modern web technologies including Bootstrap, JavaScript, and is hosted on Amazon Web Services, ensuring good performance and mobile optimization. Security-wise, the site enforces HTTPS and uses asynchronous JavaScript loading, but lacks advanced security headers and published security policies. Privacy compliance is weak due to the absence of privacy and cookie policies. Overall, the domain registration is consistent and legitimate, supporting the business credibility.

B

Bar Laika

laika.bar

56

Bar Laika is a small hospitality business operating a bar located at 224 Greene Avenue, Brooklyn, NY. The website presents the bar's location, contact information, and acknowledges indigenous land, positioning itself as a community-focused nightlife venue. The business is affiliated with e-flux, a known cultural organization, which adds credibility. The website uses modern frontend technologies such as Vue.js and is hosted via Hover DNS services. The site is accessible, mobile-optimized, and provides a good user experience with clear navigation and relevant content. However, it lacks formal privacy and cookie policies, which are important for compliance and user trust. Security posture is moderate with HTTPS enabled but missing security headers and DNSSEC. No WAF or blocking mechanisms are detected, allowing full content access. The domain is privacy protected but this is justified given the business type and age. Overall, the site is functional and professional but could improve compliance and security practices.

G

Greystar Worldwide, LLC

greystar.com

66

Greystar Worldwide, LLC operates a professional real estate website focused on apartment rentals and property management services across multiple U.S. cities. The company positions itself as a large, enterprise-level real estate management firm offering a wide portfolio of residential communities. The website is well-structured, with clear navigation, comprehensive privacy and terms policies, and a strong brand presence supported by social media channels. Technically, the site uses modern frameworks such as Next.js and Sitecore CMS, ensuring good performance and mobile optimization. Security posture is strong with HTTPS and security headers implemented, though no explicit incident response or vulnerability disclosure information is provided. The absence of WHOIS data is a notable anomaly but does not detract from the overall legitimacy indicated by the website content and external references.

T

TDH For The Win AB

tdh.me

58

The website tdh.me represents the personal brand of Thord D. Hedengren, an author, designer, and entrepreneur based in Sweden. The site functions primarily as a digital business card linking to various projects, social media profiles, and professional services. The business model centers on creative and open-source contributions alongside agency consulting. The domain is well-established since 2009, reinforcing credibility and maturity in the market niche. Technically, the website is built with standard HTML5, CSS, and JavaScript, incorporating Matomo analytics hosted on a custom domain, which suggests a privacy-conscious approach to user tracking. Hosting is via Cloudflare, providing reliable infrastructure and HTTPS security. The site is mobile-optimized with good SEO practices but lacks advanced accessibility features and security headers. From a security perspective, the site benefits from HTTPS and domain transfer protection but lacks DNSSEC and security headers that could enhance protection against common web threats. No privacy or cookie policies are present, which is a compliance gap especially under GDPR. No forms or sensitive data collection reduces risk exposure. The site shows no signs of vulnerabilities or malicious content. Overall, the website is trustworthy and professional but would benefit from improved privacy compliance and enhanced security headers. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, and implementing security headers to strengthen the security posture and regulatory compliance.

T

Trustlocal

trustlocal.es

62

Trustlocal is a Spanish online platform specializing in connecting consumers with local service providers across various sectors such as cleaning, photography, legal, and more. It operates under the parent company Trustoo and holds a leading market position in Spain for local service comparison. The platform offers users the ability to compare providers, read reviews, and contact companies directly, enhancing transparency and convenience in local service procurement. Technically, the website is built on a modern React and Next.js stack, ensuring fast performance and excellent mobile optimization. The site integrates multiple third-party analytics and marketing tools with proper cookie consent mechanisms, reflecting a mature digital infrastructure. Security-wise, the site enforces HTTPS, employs standard security headers, and manages user privacy responsibly, though it lacks a dedicated security policy or incident response information. Overall, Trustlocal presents a professional, trustworthy, and user-friendly service with strong business credibility and compliance with privacy regulations.

U

Untold Uptown

untolduptown.com

61

Untold Uptown is a small, youth-driven online publication based in New York City, focusing on social justice, culture, health, environment, and other topical issues relevant to its audience. The website is built on the WordPress platform, hosted by WordPress.com, and uses Jetpack for additional functionality and analytics. The content is well-organized and regularly updated, targeting a general audience interested in social and cultural topics. Technically, the site is moderately optimized with good mobile responsiveness and SEO practices, but lacks advanced security headers and DNSSEC implementation. The security posture is adequate with HTTPS enforced, but could be improved with additional security measures and privacy compliance documentation. Overall, the website presents a legitimate and trustworthy presence with room for enhancements in privacy and security policies.

S

Students of the Sidewalk

studentsofthesidewalk.com

61

Students of the Sidewalk is a small educational and media blog hosted on the WordPress.com platform, focusing on diverse topics including politics, science, social justice, environment, health, entertainment, sports, food, and travel. The website aims to inform and inspire a general audience by publishing articles that include multiple perspectives. The site is relatively new, established in 2020, and leverages WordPress.com's managed hosting and infrastructure, ensuring baseline security and performance. The business model appears to be content publishing with potential monetization through readership and subscriptions. Technically, the website uses WordPress CMS with Jetpack and Newspack blocks, modern JavaScript, and CSS technologies. It is hosted by Automattic Inc., the official WordPress.com provider, and employs HTTPS with a valid SSL certificate. The site is mobile optimized and has good SEO practices including Open Graph and Twitter Card metadata. However, it lacks DNSSEC and security headers, which are recommended for enhanced security. From a security perspective, the site benefits from WordPress.com's managed environment, but it lacks explicit privacy and cookie policies, which are important for GDPR and other privacy regulations compliance. No direct contact emails or phone numbers are provided, limiting transparency and incident response readiness. No vulnerabilities or suspicious patterns were detected in the content or domain registration data. Overall, the website is a trustworthy and professional small media blog with good technical implementation but needs to improve privacy compliance and security best practices to enhance user trust and regulatory adherence.

A

Application Systems Heidelberg

asl-shop.com

47

Application Systems Heidelberg operates an e-commerce platform specializing in the sale of software applications and games across multiple operating systems including Mac, Windows, Linux, iOS, and Android. The website offers digital downloads and licenses, targeting consumers and professionals seeking software solutions. The business appears to be a small-sized entity with a niche market focus and has been operational since at least 2014. The platform is built on the Shopware CMS, indicating a modern e-commerce infrastructure with moderate performance and good mobile optimization. Security is enforced through HTTPS and CSRF tokens, but lacks advanced security headers and explicit incident response policies. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Contact is primarily via web forms without direct email or phone contacts listed. Overall, the website is professional and trustworthy but could improve in security and privacy compliance aspects.

B

Bluelinemedia Limited

bluelinemedia.co.uk

55

Bluelinemedia Limited is a small UK-based technology company specializing in bespoke web design and software development services, operating since 2001. The company targets businesses seeking tailored digital solutions including websites, e-commerce platforms, and integrated software systems. Their market position is that of a trusted local agency with a focus on long-term client relationships and personalized service. Technically, the website employs modern web standards including HTML5, CSS, JavaScript, Google Fonts, and Google Tag Manager for analytics. The site is well-structured with good SEO practices, mobile optimization, and moderate performance. However, no CMS or hosting provider details are explicitly identified. From a security perspective, the site uses HTTPS with good SSL configuration but lacks explicit security headers and public security policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is basic with a privacy policy and cookie notice present but no active consent mechanism. Contact information is clearly provided, enhancing business credibility. Overall, the website presents a professional and trustworthy digital presence with strong business legitimacy signals. The absence of WHOIS data is a limitation but likely due to querying the subdomain rather than the root domain. Strategic recommendations include enhancing security headers, adding incident response information, and improving cookie consent mechanisms to strengthen compliance and trust.

3

344 Design LLC

344design.com

49

344 Design LLC is a small boutique branding and design agency specializing in media and publishing sectors. The company offers brand strategy and design services aimed at engaging audiences through creative and efficient solutions. Their market position is supported by a professional portfolio featuring notable clients and long-term brand stewardship relationships. The website content is well-structured and professionally presented, targeting clients in arts, media, and publishing industries. Technically, the website uses standard web technologies including HTML5, CSS, JavaScript, and jQuery libraries. The site is moderately optimized for performance and mobile responsiveness, though accessibility and SEO optimizations are basic. There is no evidence of a CMS or advanced frameworks. Hosting details and SSL configuration are not available from the provided data. From a security perspective, the site lacks visible security headers and privacy or cookie policies, indicating gaps in compliance and security best practices. The absence of WHOIS registration data raises concerns about domain legitimacy, although the professional nature of the website and clear contact information mitigate some risk. No forms or analytics scripts were detected, suggesting minimal data collection and tracking. Overall, the website presents a professional business front but requires improvements in privacy compliance, security posture, and domain registration transparency to enhance trust and reduce risk.

I

International World Wide Web Conference Committee

iw3c2.org

46

The International World Wide Web Conference Committee (IW3C2) is a small, non-profit organization founded in 1994 and incorporated in 1996 under Swiss law, historically responsible for managing the WWW Conference series. Since 2022, the organization transitioned its mission to managing funds for awards related to conference publications, ceasing its association activities in 2025 with ACM/SIGWEB assuming responsibility. The website serves primarily as an archival and informational resource for the Web research community, hosting conference archives and award information. Technically, the website is built on basic HTML, CSS, and JavaScript without modern frameworks or CMS, hosted by OVH sas. The site is accessible and moderately optimized for mobile and SEO, though it lacks advanced accessibility features and modern performance optimizations. Security posture is basic, with HTTPS enabled but missing DNSSEC and security headers. No privacy or cookie policies are published, and no contact or incident response information is provided. Overall, the security posture is adequate for an informational archival site but would benefit from improvements in security headers, DNSSEC, and privacy compliance. The domain registration is consistent and trustworthy, reflecting the organization's long history and legitimacy. No adult or questionable content is present, making the site safe for general audiences. Strategic recommendations include enhancing security configurations, publishing privacy and cookie policies, and improving mobile and accessibility features to align with modern standards and user expectations.