Security Directory

C

Cyberhaven

cyberhaven.com

59

Cyberhaven is a technology company specializing in advanced data security solutions focused on tracing data lineage to prevent insider risks and data exfiltration. Positioned as an innovative leader in the data loss prevention and insider risk management market, Cyberhaven offers AI-driven services tailored for enterprise clients. Their website demonstrates a mature digital presence with comprehensive resources, customer testimonials, and a strong emphasis on trust and compliance. The technical infrastructure leverages modern web technologies including Webflow CMS, HubSpot marketing tools, and multiple analytics platforms, ensuring fast performance and good user experience across devices. Security posture is robust with HTTPS enforcement, security headers, and privacy compliance mechanisms including GDPR-aligned policies and cookie consent. No critical vulnerabilities or suspicious indicators were found, supporting a high trust level. Overall, Cyberhaven presents a professional, secure, and compliant online presence aligned with its business objectives.

Gamedev Place is a small community-focused website hosting a Mastodon instance dedicated to game developers and discussions about game development. The platform serves a niche audience of approximately 20,000 users as of late 2022. The website is minimalistic, providing basic information and links to the Mastodon instance and a code of conduct. The operator is an individual named Aras Pranckevičius, with domain registration protected by privacy services. The business model centers on community hosting rather than commercial services. Technically, the website uses basic HTML and CSS, hosted on DreamHost with standard DNS configuration. There is no evidence of advanced frameworks or CMS usage. Mobile optimization and accessibility are basic, and no analytics or advertising technologies are detected. The site lacks privacy and cookie policies, and no forms or data collection mechanisms are present. From a security perspective, the domain is protected with clientTransferProhibited status but lacks DNSSEC and security headers. No incident response or security policy information is provided. The absence of privacy and cookie policies and security headers indicates room for improvement in compliance and security posture. No vulnerabilities or exposed sensitive data were detected. Overall, the website is safe and suitable for a general audience with no adult or explicit content. The risk level is low but could be improved by implementing security best practices, privacy compliance, and clearer contact information.

Fastkets is a website representing an architectural firm named Études, which offers innovative and sustainable architectural solutions including renovation, consulting, project management, and app access for collaboration. The company targets homeowners, commercial developers, and architects, positioning itself as a creative and functional service provider in the architecture sector. The website is built on WordPress with a modern, responsive design and good accessibility features. However, it lacks critical compliance elements such as privacy and cookie policies, contact information, and security incident response details. The security posture is basic with HTTPS enabled but missing important security headers. No WHOIS registrant data is available due to ROTLD privacy restrictions, which limits trust assessment. Overall, the site is professional but could improve transparency and compliance.

The XSPF website represents the Xiph.org Foundation's open XML playlist format project. The foundation is a small, technology-focused non-profit entity based in Canada, with a long-established domain dating back to 2004. The website primarily serves developers and users interested in open multimedia standards, offering documentation and links to related codec projects under the Xiph.org umbrella. The site content is technical, focused on open standards without commercial or advertising elements. Technically, the website uses basic HTML and CSS with no detected advanced frameworks or CMS. The site is moderately optimized for performance and accessibility but lacks modern SEO and mobile optimization features. No analytics or tracking scripts were detected, indicating a privacy-conscious approach. However, the site does not implement DNSSEC or security headers, and no HTTPS or SSL configuration details were provided, which may impact security posture. From a security perspective, the site is accessible without WAF or blocking mechanisms, but it lacks published privacy, cookie, or security policies. No contact information or incident response channels are provided, limiting transparency and user trust. The WHOIS data is consistent and trustworthy, showing a legitimate long-term registration by the Xiph.org Foundation. Overall, the site is low risk but would benefit from improved security and privacy practices. Strategically, the foundation should prioritize implementing security headers, publishing privacy and cookie policies, and providing clear contact information for security and general inquiries. These steps will enhance trust, compliance, and security posture while maintaining the foundation's open and community-driven ethos.

Speex.org is the official website for the Speex codec, an open source, patent-free audio compression format designed specifically for speech. The project is affiliated with xiph.org and the GNU Project, emphasizing free software principles. The website serves developers and organizations interested in speech codec technology, particularly for VoIP and internet audio streaming applications. Although Speex has been obsoleted by the Opus codec, it remains available for legacy use. The site provides technical documentation, downloads, and community engagement avenues such as mailing lists and roadmap information. Technically, the website is built with basic HTML, CSS, and minimal JavaScript, with no detected CMS or advanced frameworks. The site is moderately performant with basic mobile optimization and accessibility features. SEO is basic but sufficient for the niche audience. No analytics or tracking technologies are present, reflecting a privacy-conscious approach. However, the site lacks modern security headers and explicit HTTPS enforcement information, which could be improved. From a security perspective, the site shows minimal security configurations and no published security or incident response policies. The WHOIS data is consistent and trustworthy, showing a long domain age and clear registrant information matching the project. No privacy or cookie policies are present, which limits GDPR compliance. No contact emails or phone numbers are explicitly listed, though a contact page exists. Overall, the security posture is basic and could benefit from enhancements. The overall risk is low given the non-commercial, open source nature of the site, but improvements in security headers, privacy policies, and contact transparency are recommended to enhance trust and compliance.

X

Xiph.org Foundation

theora.org

49

Theora.org is the official website for Theora, a free and open video compression format developed by the Xiph.org Foundation. The site serves as an informational resource about the codec, its features, and related multimedia projects under the Xiph umbrella. Theora targets developers, multimedia distributors, and open source enthusiasts seeking royalty-free video technology. The website is modest in design, primarily static HTML with basic CSS, and lacks modern interactive features or extensive content beyond core descriptions. Technically, the site is simple and performs moderately well but lacks advanced SEO, accessibility, and mobile optimization features. Security posture is minimal with no detected security headers or DNSSEC enabled, and no explicit HTTPS enforcement information is available. Privacy and compliance policies are absent, and no contact forms or direct communication channels are provided except a PayPal donation link. The domain WHOIS data is consistent with the organization, showing a long-established presence since 2002, reinforcing legitimacy. Overall, the site is trustworthy but could benefit from enhanced security, privacy compliance, and richer content to improve user engagement and trust.

X

Xiph.Org Foundation

xiph.org

52

The Xiph.Org Foundation is a well-established non-profit organization dedicated to the development and protection of open multimedia protocols and codecs. Their website reflects their mission by providing resources, downloads, and documentation related to their open-source projects such as Opus, FLAC, Vorbis, and Theora. The foundation targets developers, businesses, and the general public interested in free multimedia technologies. Their market position is strong within the open-source multimedia community, supported by a domain age dating back to 1999 and consistent WHOIS data. Technically, the website is built with basic HTML and CSS, lacking modern frameworks or CMS platforms. The site performs moderately with basic mobile optimization and accessibility features. No advanced analytics or tracking technologies are detected, indicating a privacy-conscious approach but also a lack of modern marketing tools. The absence of privacy and cookie policies suggests room for improvement in compliance. From a security perspective, the site uses HTTPS but lacks DNSSEC and security headers, which are recommended to enhance protection. No forms with sensitive data collection were found, reducing risk exposure. The WHOIS data is transparent and consistent with the organization's identity, supporting legitimacy. Overall, the security posture is moderate but could benefit from implementing best practices such as security headers and DNSSEC. The overall risk assessment is low given the non-commercial, non-sensitive nature of the site and its content. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and providing clear incident response and vulnerability disclosure information to enhance trust and compliance.

C

Craig Hockenberry

furbo.org

50

furbo.org is a personal website and blog operated by Craig Hockenberry, focusing on software development, design, and Apple ecosystem technologies. The site serves as a platform for sharing insights, promoting apps, and engaging with the developer community. It maintains a niche position with high-quality content targeted at developers and technology enthusiasts. Technically, the site is built on WordPress with custom theming and uses modern web technologies including JavaScript and CSS. It is mobile-optimized and performs well with good accessibility and SEO practices. Security posture is adequate with HTTPS enabled and domain transfer protection, but lacks advanced security headers and DNSSEC. Privacy compliance is weak due to absence of privacy and cookie policies and no consent mechanism. The site uses Google Analytics for tracking without visible user consent. Overall, the domain is long-established with privacy protection justified for a personal site. No suspicious or malicious indicators were found. Recommendations include adding privacy and cookie policies, implementing security headers, enabling DNSSEC, and providing contact information for improved trust and compliance.

T

The Iconfactory, Inc.

wallaroo.app

51

Wallaroo.app is a specialized wallpaper application developed and maintained by The Iconfactory, Inc., targeting Apple device users on iOS and macOS platforms. The service offers a curated and regularly updated collection of wallpapers with features such as interactive widgets and shortcut integration for ease of use. The website reflects a focused business model centered on app distribution via the Apple App Store, with a clear emphasis on user experience and content quality. Technically, the site employs modern web standards, uses Google Analytics for minimal tracking, and integrates Adobe Typekit fonts for branding consistency. Security posture is solid with HTTPS enforced and minimal attack surface due to lack of forms, though it lacks some advanced security headers and explicit privacy compliance mechanisms. Overall, the domain registration and WHOIS data align well with the business identity, supporting legitimacy and trustworthiness. Strategic improvements in privacy compliance and security policies would enhance the site's overall security and user trust.

The website represents the General Oncology Hospital of Kifisia "The Holy Anargyroi", a specialized healthcare institution in Greece focused on oncology services. It provides medical, surgical, radiotherapy, diagnostic, and administrative information primarily targeting patients, medical staff, and the general public. The site content is in Greek and includes announcements, departmental information, and service details. Technically, the website uses legacy technologies such as Flash, which is deprecated and poses security and accessibility challenges. The site lacks modern security features such as HTTPS enforcement and security headers, and no privacy or cookie policies are present, indicating compliance gaps. Contact information is limited to a phone number, with no email or physical address explicitly provided. Overall, the site is functional but requires modernization and improved security and privacy compliance to meet current standards.

I

Info-Safety, LLC

info-safety.com

58

Info-Safety, LLC is a small IT consulting and computer support company based in Fairfax, Virginia, serving residential and small business clients primarily in Northern Virginia. The company specializes in personal IT consulting, corporate IT advisory, security awareness training, and technology frustration remediation. Their market position is that of a trusted local provider with a long-standing presence since 2003. The website reflects a professional but basic digital presence with clear contact information and relevant service descriptions. Technically, the site uses standard HTML, CSS, and JavaScript with Twitter widgets for social media integration and is hosted behind Cloudflare DNS services. Security posture is moderate with no advanced security headers or DNSSEC enabled, and privacy compliance is basic with a privacy policy page but no cookie consent mechanism. Overall, the site is safe, trustworthy, and well-aligned with the business's local service focus.

T

The Iconfactory

iconfactory.world

58

The website iconfactory.world/about is the official Mastodon instance for The Iconfactory, a small technology and design company specializing in icons, app interfaces, and software development. The site serves as a decentralized social media platform for the Iconfactory community and its products, leveraging the Mastodon open source platform version 4.2.7. The business model focuses on community engagement and product promotion within a niche market. The website content is well-structured, professionally designed, and consistent with the brand identity, targeting users interested in the Iconfactory's offerings. Technically, the site uses modern web technologies including JavaScript, CSS, and HTML5, hosted under a domain registered with privacy protection via NameCheap. The performance is moderate with good mobile optimization and basic accessibility features. SEO is basic but sufficient for the niche audience. No CMS is detected, and the hosting provider beyond the registrar is not explicitly identified. From a security perspective, the site enforces HTTPS and has domain status clientTransferProhibited, but lacks DNSSEC and security headers such as CSP or HSTS. No cookie consent mechanism or terms of service are published, which limits privacy compliance. No incident response or security policies are visible. The domain registration is privacy protected but consistent with the small community server use case, and no suspicious patterns are detected. Overall, the website is safe, professional, and trustworthy for its intended audience. Recommendations include enabling DNSSEC, adding security headers, publishing privacy and security policies, and implementing cookie consent to improve compliance and security posture.

The UDiManager platform is an official Romanian government digital service developed by the Executive Agency for Higher Education, Research, Development and Innovation Funding (UEFISCDI). It serves as a centralized portal to facilitate the management and implementation of research and development project calls, supporting national and international funding programs. The platform targets researchers, research institutions, and organizations involved in R&D funding, aiming to reduce administrative burdens and streamline funding processes. The website is well-branded, consistent, and provides detailed information about current and closed funding calls.

G

GENCOM STAR E-M SRL

suport-lcd.ro

38

GENCOM STAR E-M SRL operates the website suport-lcd.ro as a specialized importer and retailer of TV supports including LCD, LED, OLED, and plasma mounts. The company targets Romanian retailers and end customers, offering a catalog of over 100 products with competitive pricing. The website presents basic but functional content with clear contact information and references to notable clients such as DEDEMAN and AUCHAN, indicating a stable market position within the Romanian retail sector. Technically, the site uses standard HTML, CSS, and JavaScript with Google Analytics for visitor tracking. The infrastructure is basic with no detected CMS or advanced frameworks, and performance is moderate with basic mobile optimization. Security posture is adequate with HTTPS enabled but lacks important security headers and explicit cookie consent mechanisms. No critical vulnerabilities or exposed sensitive data were found. Overall, the site is legitimate but could benefit from enhanced security and privacy compliance measures.

A

AKCENTA CZ a.s.

akcenta.com

59

AKCENTA CZ a.s. is a well-established financial services company specializing in foreign exchange, international payments, and hedging solutions for companies and entrepreneurs primarily in Central Europe. With over 25 years of market presence and more than 54,000 clients across six markets, the company offers tailored currency exchange and payment services designed to optimize savings and reduce exchange rate risks. Their business model focuses on providing individual solutions with a strong emphasis on speed, reliability, and competitive rates. The website reflects a mature digital presence with modern technology and comprehensive service information.

T

The Iconfactory, Inc.

triode.app

52

Triode is a specialized internet radio application developed by The Iconfactory, Inc., targeting Apple device users who want seamless access to internet radio stations across iOS, macOS, and tvOS platforms. The app emphasizes integration with Apple Music, iCloud syncing, and features like CarPlay and AirPlay 2 support, positioning itself as a niche player in the music streaming ecosystem. The website reflects a professional and consistent brand image with comprehensive version history and user testimonials from reputable tech media. Technically, the website is built with standard web technologies including HTML5, CSS, and JavaScript, and uses Google Analytics for visitor tracking. The site is mobile-optimized and accessible, with good SEO practices evident from meta tags and Open Graph data. However, there is room for improvement in security headers and cookie consent mechanisms. The absence of forms and personal data collection on the site reduces immediate privacy risks. From a security perspective, the site uses HTTPS (implied by Apple App Store links and Google Analytics script loading over HTTPS), but no explicit security headers were detected in the provided data. There is no published security policy or incident response contact information, which could be enhanced to improve trust and compliance. The WHOIS data aligns well with the company identity, supporting legitimacy and trustworthiness. Overall, the website and business demonstrate a mature digital presence with strong branding and user focus, but could benefit from enhanced privacy compliance and security transparency to further strengthen user trust and regulatory alignment.

M

MIA „Rossiya Segodnya“

sputniknews.in

67

Sputnik India is a global news media platform operated under the parent organization MIA „Rossiya Segodnya“. It focuses on delivering the latest news from India and the South Asia region, covering politics, economy, defense, science and technology, and social media trends. The website is positioned as an international news outlet with a regional focus, targeting a general audience interested in current affairs. The business model revolves around news publishing supported by advertising and analytics services. Technically, the site employs modern web technologies including JavaScript, CSS, and uses Google Tag Manager and Yandex Ads for marketing and tracking. The site is mobile-optimized and includes SEO best practices. Security posture is strong with HTTPS, security headers, and no visible vulnerabilities. Privacy compliance is evident with comprehensive privacy and cookie policies and consent mechanisms. Contact information is clearly provided, enhancing business credibility. Overall, Sputnik India presents as a professional and legitimate news media website with moderate tracking and advertising transparency.

Direct Expressions LLC is a small independent information publishing company based in the US, founded in 2006. The company offers specialty publications focused on delivering information, thoughts, and opinions aimed at enriching readers' lives. Their market position is niche, targeting readers interested in thoughtful and engaging content. The website references a partner site, Economic Prism, which offers related publications. Technically, the website is basic with standard HTML, CSS, and JavaScript, utilizing Facebook Pixel and AWeber for marketing and tracking. Hosting is via Bluehost, and no CMS or advanced frameworks are detected. Security posture is limited, with no DNSSEC, no security headers, and no visible HTTPS enforcement details. Privacy and cookie policies are absent, indicating compliance gaps. Contact information is clearly provided, enhancing business credibility. Overall, the site is functional but basic in design and security.

C

Home | Contra Corner | Bob Peterson

contracorner.com

52

ContraCorner.com is a personal website operated by Bob Peterson, focusing on contra dance calling, public domain music streaming, iOS app development blogging, and memorial pages. The site serves a niche community audience interested in folk dance and personal projects rather than commercial business activities. The website is built using Sandvox CMS and hosted on A2 Hosting, with a technology stack including HTML5, CSS, JavaScript, and jQuery 1.9.1. The site is moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but no DNSSEC or security headers implemented. No privacy or cookie policies are present, and no contact information is provided, limiting compliance and user trust. Overall, the site is safe, with no adult or explicit content, and accessible without WAF or blocking mechanisms.

D

Domain Protection Services, Inc.

e-mistic.org

40

The website e-mistic.org is a niche religious and software platform primarily focused on Orthodox Christian content, including apps like MicroSinaxar and BibleExplorer for Android. It provides informational content such as monastery maps, religious calendars, and sinaxar data. The site targets users interested in Orthodox Christianity and related software tools. The business model appears to be centered on providing free or downloadable religious software and informational resources, with a small market presence and limited commercial activity. Technically, the website is built using basic HTML, CSS, and JavaScript without modern frameworks or CMS. Hosting is provided by Hosterion, with domain privacy protection enabled. The site shows moderate performance and basic mobile optimization but lacks advanced SEO and accessibility features. There is no evidence of modern analytics or tracking tools. From a security perspective, the domain is long-established with privacy protection and clientTransferProhibited status, indicating some domain security awareness. However, the site lacks DNSSEC, security headers, HTTPS enforcement details, and published privacy or cookie policies, reflecting a low security and compliance maturity. No contact or incident response information is provided, limiting trust and transparency. Overall, the website is functional and safe for general audiences but requires significant improvements in security posture, privacy compliance, and business transparency to enhance trustworthiness and professional standing.

E

eKomi

ekomi.co.uk

59

eKomi is a UK-based technology company specializing in customer feedback and review management solutions. Their platform enables businesses to collect and display verified customer reviews to enhance trust and improve sales performance. The website is built on WordPress and uses Bootstrap for responsive design, indicating a moderate level of digital maturity. The site is professionally designed with good content relevance and navigation clarity, targeting businesses seeking review management services. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and explicit privacy or cookie policies. The absence of WHOIS registration data for the exact domain queried introduces some uncertainty about domain legitimacy, although the website content and branding appear consistent and professional. Overall, the site presents a moderate risk profile with recommendations to improve privacy compliance and security best practices.

S

SchoolForge

schoolforge.net

41

SchoolForge is a small, long-established non-profit organization focused on advocating and providing resources for open educational software and open educational resources. Their website serves as a directory and community hub for free educational software, lesson plans, and case studies, targeting educators, developers, and advocates of open education. The site is built on Drupal 7 and uses common web technologies including jQuery and Google Analytics for tracking. While the domain is stable and legitimate, the technical infrastructure shows signs of aging, with no modern security headers or DNSSEC enabled. Privacy and cookie policies are absent, indicating compliance gaps. The website content is safe, educational, and relevant, but the user experience and design are basic. Overall, the site demonstrates moderate digital maturity with room for improvement in security and privacy compliance.

ENTRE.PL Team is a Polish sports club specializing in long-distance running, marathons, ultramarathons, orienteering, adventure racing, and triathlon events. The club serves both professional athletes and advanced amateurs, organizing multiple running events and maintaining an active community presence. The website provides event information, news updates, galleries, and contact details primarily in Polish. Technically, the site uses basic HTML, CSS, and JavaScript with Google Analytics for tracking but lacks modern security features such as HTTPS and security headers. The absence of privacy and cookie policies indicates compliance gaps. The WHOIS data is unavailable, which raises concerns about domain registration legitimacy. Overall, the site is functional but requires modernization and improved security and privacy practices.

The website sztukabiegania.pl is an online photography gallery dedicated to sports photography, with a particular focus on running and other athletic activities including triathlon, swimming, extreme sports, and events involving people with disabilities. The site serves a niche audience of sports enthusiasts and photography lovers, offering curated photo reportages. The business appears to be small and Poland-based, with a domain registered since 2011, consistent with the website's content and language. Technically, the website uses basic web technologies including HTML, CSS, JavaScript, and jQuery, along with Google Analytics for visitor tracking. The site lacks modern CMS or frameworks and shows limited mobile optimization and accessibility features. SEO is basic with minimal meta tags and no structured data formats like JSON-LD or Open Graph present. From a security perspective, the site uses HTTPS but lacks important security headers such as Content-Security-Policy and X-Frame-Options. DNSSEC is not enabled, and no privacy or cookie policies are present, indicating poor GDPR compliance. The site does not have forms or interactive inputs on the homepage, reducing attack surface but also limiting user engagement. Overall, the security posture is basic and could be improved. The overall risk is moderate with no critical vulnerabilities detected but with room for improvement in privacy compliance, security headers, and mobile usability. Strategic recommendations include implementing security headers, enabling DNSSEC, adding privacy and cookie policies, and enhancing mobile and accessibility features to improve user experience and compliance.

SEUL.org is a volunteer-driven open source project hub dedicated to providing a comprehensive suite of GPL-licensed applications for the Linux platform, with a focus on education, science, and advocacy for free software. The website hosts and coordinates numerous projects, serving a niche community of Linux users, developers, educators, and free software advocates. The business model is community and volunteer-based, emphasizing open collaboration and resource sharing. Technically, the website uses basic HTML 4.01, CSS, and JavaScript without modern frameworks or CMS. The site lacks mobile optimization and advanced accessibility features, reflecting a modest technical infrastructure. Performance is moderate, and SEO is basic. No advanced analytics or tracking tools are detected, indicating a privacy-conscious approach. From a security perspective, the site lacks HTTPS enforcement and security headers, which are critical for protecting user data and ensuring secure communications. Forms do not show advanced security features like CSRF protection. The absence of privacy and cookie policies indicates compliance gaps with GDPR and other privacy regulations. WHOIS data is malformed or unavailable, reducing domain trustworthiness, though the site content and external project links suggest legitimacy. Overall, SEUL.org presents a trustworthy but technically basic and security-light profile. Strategic improvements in HTTPS deployment, security headers, privacy compliance, and WHOIS transparency would significantly enhance its security posture and user trust.

The domain skullmagnets.com currently serves as a 404 Not Found error page with no accessible business content. The domain is used by Admiral, a service provider specializing in copyright access control and privacy consent management for digital publishers. The website content is minimal and primarily informational about Admiral's service offering, with no active business-facing pages or user interaction elements. Technically, the site is hosted on Google Cloud Platform with standard encryption and no WAF or security challenges detected. Security posture is reasonable with enforced HTTPS and no executable content hosted, but lacks advanced security headers and DNSSEC. Privacy compliance is basic with a privacy statement present but no cookie consent mechanism. Business credibility is low due to lack of contact information and active content. Overall, the site appears legitimate but non-functional as a public-facing website, serving mainly as a service endpoint or placeholder.

M

Mark E. Jeftovic is The Bombthrower

bombthrower.com

46

The website 'bombthrower.com' is a personal blog and commentary platform operated by Mark E. Jeftovic, focusing on political and social topics. It has been active since 2004, indicating a long-standing presence in its niche. The site uses WordPress as its CMS and integrates common web technologies including JavaScript, CSS, and external services such as ShareThis and Google Tag Manager for social sharing and analytics. The design and content quality are good, with a clear focus on delivering commentary and podcast content to a general audience. However, the site lacks formal privacy, cookie, and terms of service policies, which impacts its compliance posture.

V

ver.di - Vereinte Dienstleistungsgewerkschaft

dju.social

48

The website dju.social is a Mastodon-based decentralized social network instance operated by the German trade union ver.di, specifically its Deutsche Journalistinnen- und Journalisten-Union (dju) division. It provides a platform for media professionals and interested parties to engage in friendly and constructive social exchange. The platform leverages the open-source Mastodon software (version 4.2.17) and offers features such as user profiles, content discovery, and hashtag exploration. The domain registration is consistent with the organization's identity and country, indicating legitimacy and trustworthiness. Technically, the site uses modern web technologies including React and WebSockets, with a moderate performance profile and good mobile optimization. However, some security best practices such as enabling DNSSEC and implementing security headers are missing. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information and security policies are not explicitly provided on the explored page. The security posture is generally good with HTTPS enforced and domain transfer protection enabled, but improvements are recommended to enhance DNS security and security headers. The content is safe for general audiences, focusing on media and journalism without any adult or explicit content. Overall, the site is professionally designed, trustworthy, and serves a niche community effectively.

W

Webtasy, d.o.o.

celjepomoje.si

57

The website celjepomoje.si serves as a participatory budgeting platform for the municipality of Celje, Slovenia, enabling citizens and youth to engage in local budget allocation decisions. It is built on the open source Consul Democracy platform and managed by Webtasy, d.o.o., a Slovenian company. The platform is well-positioned as a government civic engagement tool with clear project information and a focus on transparency and community participation. Technically, the site uses modern web technologies including Ruby on Rails and Turbolinks, with a moderate performance profile and good mobile optimization. Security posture is adequate with HTTPS and CSRF protections, but lacks some security headers and formal privacy/cookie policies. Analytics usage is minimal and privacy-friendly via Plausible Analytics. Overall, the site is professional, trustworthy, and safe for general audiences, though improvements in privacy compliance and security hardening are recommended.

The website odontotos.com is dedicated to promoting the Odontotos rack railway, a historic and scenic narrow-gauge railway line in Greece connecting Diakopto and Kalavryta. It serves as an informational portal targeting tourists and railway enthusiasts, providing detailed historical context, technical specifications, renovation updates, schedules, ticket prices, and regional tourism links. The site is primarily in Greek with some English navigation options, reflecting its regional focus. From a technical perspective, the website is built using basic HTML, CSS, and JavaScript without modern CMS or frameworks. The design is dated and lacks mobile optimization and accessibility features. There is no evidence of HTTPS enforcement or security headers, which raises concerns about security posture. No privacy, cookie, or terms of service policies are present, indicating low privacy compliance. Contact information is limited but includes an email and phone numbers, and social media presence is limited to a Facebook group link. Security-wise, the site lacks modern security best practices such as HTTPS, security headers, and secure forms. There are no visible vulnerabilities but also no advanced protections. The absence of privacy and cookie policies suggests non-compliance with GDPR and related regulations. Overall, the site is functional for informational purposes but requires significant improvements in security, privacy, and technical modernization. The overall risk is moderate given the lack of security controls and privacy compliance, but the content is safe and non-malicious. Strategic recommendations include implementing HTTPS, adding security headers, publishing privacy and cookie policies, improving mobile responsiveness, and enhancing user experience and trust signals.

G

GIT SECURITY

git-sicherheit.de

49

GIT SECURITY is a specialized media portal focused on security-related topics including management, IT security, fire protection, and safety. It serves security professionals and decision-makers by providing news, articles, product information, events, webinars, whitepapers, and videos. The portal is affiliated with Wiley-VCH, a reputable publishing company, enhancing its credibility and market position within the security media niche. The website is professionally designed with consistent branding and good content quality, targeting a medium-sized audience primarily in Germany.

D

Duo Security

duo.com

80

Duo Security, a Cisco company founded in 2009 and headquartered in Ann Arbor, Michigan, specializes in identity security and multi-factor authentication solutions. The company offers a comprehensive suite of products including MFA, Single Sign-On, Passwordless Authentication, Device Trust, and Identity Intelligence, targeting enterprises, SMBs, government agencies, and managed service providers. Duo Security holds a strong market position as a leading provider in identity security, leveraging Cisco's global presence and resources. The website reflects a mature, professional business with clear branding and consistent messaging. Technically, the site is hosted on Amazon AWS infrastructure, employs modern web technologies, and integrates advanced analytics and consent management tools, ensuring good performance, mobile optimization, and accessibility. Security posture is robust with HTTPS enforcement, security headers, and no visible vulnerabilities, although DNSSEC is not enabled, which is recommended for enhanced DNS security. Privacy compliance is well addressed with comprehensive privacy and cookie policies and active consent mechanisms. Contact information and social media presence are transparent and verified, enhancing business credibility. Overall, the website demonstrates a high level of digital maturity and trustworthiness, suitable for its enterprise audience.

T

The Compatriot Johann Puch - Janez Puh Juršinci Society

janez-puh.si

36

The Compatriot Johann Puch - Janez Puh Juršinci Society operates as a small non-profit organization focused on preserving the legacy of Johann Puch through museum management and cultural promotion in Slovenia. The website serves as an informational portal for the museum, society activities, and related heritage content, targeting general audiences interested in historical and technical heritage. The society has established partnerships with local government and corporate sponsors, enhancing its community presence. Technically, the website employs basic web technologies including HTML5, CSS, JavaScript with jQuery and Modernizr, but lacks modern CMS or advanced frameworks. Performance and mobile optimization are moderate, with room for improvement in accessibility and SEO. The site is accessible without WAF or blocking mechanisms, but lacks advanced security headers and visible SSL configuration details. Security posture is moderate with cookie consent implemented but missing critical elements such as privacy policy, security headers, and incident response contacts. No analytics or tracking scripts were detected, indicating minimal user tracking and privacy risk. The domain WHOIS data aligns well with the website content and business history, supporting legitimacy. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance, security hardening, and technical modernization to improve user trust and regulatory adherence.

A

Alumni Association

alumni-association.de

57

The website represents an Alumni Association based in Germany, likely serving a small community of alumni members. The business appears to be a non-commercial or community-focused entity with limited public-facing services. The website is powered by TYPO3 CMS and integrates Cookiebot for cookie consent management, indicating a basic level of digital maturity and compliance with cookie regulations. However, the absence of explicit privacy and terms of service pages limits its compliance posture. Technically, the site uses modern web technologies but lacks visible security headers and SEO optimization, which could impact discoverability and security. The security posture is moderate with HTTPS implied but no advanced security practices evident. Overall, the site is functional but would benefit from enhanced compliance documentation and security hardening.

V

Vereinigung zur Förderung des Deutschen Brandschutzes e.V.

vfdb.de

58

The website www.vfdb.de represents the Vereinigung zur Förderung des Deutschen Brandschutzes e.V., a German non-profit association dedicated to advancing fire protection. The organization provides research, education, statistical data, and geodata services primarily targeting professionals and institutions involved in fire safety. The site is professionally designed using TYPO3 CMS, with a clear navigation structure and mobile optimization. Cookie consent is managed comprehensively via Cookiebot, ensuring GDPR compliance. The technical infrastructure is modern and secure, with HTTPS enforced and appropriate security headers in place. However, explicit security policies and incident response contacts are not published, representing an area for improvement. Overall, the domain registration and hosting details align well with the organization's profile, indicating legitimacy and trustworthiness.

S

Studo GmbH

studo.com

78

Studo GmbH is a medium-sized technology company specializing in digital solutions for students and universities primarily in the DACH region and Slovenia. Their flagship product, the Studo App, supports over 500,000 students daily and offers a suite of modules aimed at improving academic communication, administration, and student engagement. The company positions itself as a trusted partner for universities, emphasizing quality, sustainability, and personal collaboration. Their market presence is reinforced by partnerships with over 50 universities and student unions and multiple industry certifications including TÜV SÜD and ISO standards. Technically, the website is well-constructed with modern web technologies, hosted on Cloudflare, and uses privacy-conscious analytics (Piwik PRO). The site is mobile-optimized, accessible, and SEO-friendly. Security posture is strong with HTTPS enforced, domain transfer protection, and annual accessibility audits. However, DNSSEC is not enabled, and some security headers are not explicitly detected. Privacy compliance is good with a comprehensive privacy policy and GDPR adherence, though no explicit cookie consent mechanism was found. Overall, the security posture is robust with no visible vulnerabilities or exposed sensitive data. The company demonstrates a mature approach to data protection and software quality, supported by certifications and awards. The domain WHOIS data is consistent and supports the legitimacy of the business. The website content is safe for general audiences and professionally presented. Strategic recommendations include enabling DNSSEC, implementing a cookie consent banner, publishing a security.txt file, and adding more explicit security headers to further enhance trust and compliance.

W

Webtasy, d.o.o.

dravabike.si

55

Drava Bike is an official regional tourism website promoting the Drava Bike cycling route that spans four countries including Slovenia. The site provides comprehensive information about the cycling stages, accommodations, services, and experiences along the route. It targets cyclists of various skill levels and tourists interested in outdoor activities and cultural experiences. The website is multilingual and includes an online shop hosted on a partner domain. Technically, the site uses modern JavaScript frameworks like Alpine.js and Vite, with good mobile optimization and accessibility features. Security posture is adequate with HTTPS and anonymized Google Analytics tracking, but lacks some security headers and cookie consent mechanisms. Privacy compliance is basic with a privacy policy present but no explicit cookie consent. Overall, the domain registration data is consistent and supports the legitimacy of the business.

N

Najstarejša trta

najstarejsatrta.si

40

The website 'Najstarejša trta' appears to be a small Slovenian site focused on the theme of the oldest vine, likely related to wine or viticulture. The domain is recently registered in 2023 with a Slovenian registrar, consistent with the website's Slovenian language content. The site is built on WordPress, using standard web technologies such as PHP, JavaScript, and CSS, and includes common libraries like Google Fonts and Font Awesome. The technical infrastructure is basic but functional, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled and good SSL configuration; however, the absence of security headers and privacy policies indicates room for improvement. No contact or incident response information is provided, which limits transparency and trust. Overall, the site is safe for general audiences and does not contain adult or explicit content.

S

Sächsische Dampfschifffahrt

saechsische-dampfschifffahrt.de

51

Sächsische Dampfschifffahrt operates as a regional transportation and tourism company specializing in river cruises along the Elbe river in Germany. The company offers scheduled cruises, charter events, conference hosting, and onboard gastronomy services, targeting tourists and local travelers interested in scenic river journeys. The website is built on WordPress with multilingual support and employs modern web technologies including JavaScript and CSS. It features a cookie consent mechanism via the Borlabs Cookie plugin and uses Google Tag Manager for analytics. Security posture is adequate with HTTPS enabled, but lacks visible security headers and formal security policies. Privacy compliance is partial, with no explicit privacy or terms of service pages detected. Overall, the website is professional, user-friendly, and trustworthy, though improvements in privacy disclosures and security practices are recommended.

The Friends of Kensal Green Cemetery is a UK-based registered charity dedicated to the preservation and restoration of the historic Kensal Green Cemetery. The organization operates through community engagement, guided tours, events, and collaboration with the cemetery's owning company. Their market position is that of a niche heritage non-profit with a strong local and historical focus. Technically, the website is built with basic HTML, CSS, and JavaScript, with no detected CMS or advanced frameworks. The site is moderately optimized for mobile and accessibility but lacks advanced SEO and performance enhancements. Security posture is limited, with no visible HTTPS confirmation or security headers, and no public security or incident response policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is professional and trustworthy but could improve in security and privacy practices.

Z

Zentralverband der Deutschen Elektro- und Informationstechnischen Handwerke

dmh-eh.de

52

The Zentralverband der Deutschen Elektro- und Informationstechnischen Handwerke (ZVEH) operates the website dmh-eh.de to promote and organize the Deutsche Meisterschaften der E-Handwerke, a national competition for electrical trade apprentices and professionals. The site serves as an information hub for participants, sponsors, and the general public interested in the electrical trade sector in Germany. It is well-positioned as a central association with a clear focus on vocational excellence and youth development in the energy sector. Technically, the website uses a TYPO3 CMS platform hosted on rzone.de servers, leveraging modern JavaScript libraries and a consent management platform (Usercentrics) to comply with GDPR. The site integrates Google Tag Manager and TikTok analytics for tracking, with a moderate level of user tracking balanced by explicit consent mechanisms. The site is mobile-optimized and presents good SEO and accessibility basics. From a security perspective, the site enforces HTTPS and uses consent management for privacy compliance. However, it lacks explicit security headers and published security policies or incident response contacts, which could be improved to enhance trust and resilience. No vulnerabilities or exposed sensitive data were detected in the content. Overall, the website is professional, trustworthy, and compliant with privacy regulations, serving its audience effectively. Strategic improvements in security policy transparency and technical security headers would further strengthen its posture.

GRITH AG is a small German technology company founded in 2003 specializing in project management, process management, IT infrastructure consulting, and custom software development. Their market position is niche-focused, targeting associations, clubs, and organizations with tailored intranet solutions and project management training. The website content is primarily in German and provides detailed descriptions of their services and partner platforms. Technically, the website is built with basic HTML and CSS, with some references to technologies used in their software development services such as C#/.NET and PHP/MySQL. However, the website lacks modern web practices such as mobile optimization and advanced SEO features. Security posture is weak due to the absence of HTTPS, security headers, and privacy compliance mechanisms, which poses risks for user data protection and trust. Overall, the site is functional but dated, with room for significant improvements in security and privacy compliance.

I

INSURVISION

insurvision.de

53

INSURVISION is a German-based company specializing in digital sales solutions for insurance companies and brokers. The website targets insurance professionals and offers digitalization services for insurance sales processes. The company positions itself as a niche digital service provider within the finance sector, focusing on enhancing insurance distribution through technology. The website is built on WordPress using Elementor and Yoast SEO, indicating a moderate level of digital maturity with good SEO practices and mobile optimization. However, the absence of visible privacy and cookie policies, security headers, and contact information suggests room for improvement in compliance and security transparency. The security posture is moderate with no detected blocking or WAF mechanisms, but lacks advanced security best practices. Overall, the website is professional and trustworthy but would benefit from enhanced privacy compliance and security measures.

S

SportlerPlus

sportlerplus.com

70

SportlerPlus is a German e-commerce retailer specializing in sports nutrition products such as protein powders and dietary supplements. The website is built on the Shopify platform, leveraging various third-party apps for customer reviews, product labeling, and upselling. The target audience primarily consists of fitness enthusiasts and athletes seeking high-quality nutrition products to enhance their performance. The site presents a professional design with good mobile optimization and clear navigation, supporting a positive user experience.

Krankenhaus-CIRS-Netz Deutschland 2.0 is a specialized German healthcare platform focused on reporting and learning from safety-relevant incidents in hospitals. It serves as an interprofessional and interdisciplinary tool to promote overregional learning and risk management in clinical settings. The website targets hospital staff and medical professionals, providing a structured environment for incident reporting and knowledge sharing. The platform is positioned as a niche service within the German healthcare sector, supported by recognized partner organizations.

P

Pflegeausbildungsfonds Niedersachsen GmbH

ausbildungsfonds-niedersachsen.de

48

Pflegeausbildungsfonds Niedersachsen GmbH is a government-related entity responsible for managing the financing of the new nursing training profession in Lower Saxony, Germany. The website serves as an information hub providing legal foundations, procedural details, and official publications related to nursing education financing. The company operates a secure online portal for data collection, accessible via an external login link. The organization holds ISO 9001 certification, indicating a commitment to quality management. Technically, the website is built on TYPO3 CMS with Bootstrap, offering good mobile responsiveness and accessibility. The site is well-structured with clear navigation and professional design, although no advanced analytics or advertising tools are detected, reflecting a focus on information dissemination rather than marketing. Security posture is moderate with HTTPS enforced but lacking explicit security headers and published security policies. No vulnerabilities or exposed sensitive data were found. Privacy compliance is adequate with a privacy policy and cookie consent mechanism present, though no terms of service or incident response contacts are published. Overall, the website is trustworthy and professional, serving its niche government function effectively. Strategic improvements in security headers, incident response transparency, and vulnerability disclosure would enhance its security maturity and stakeholder confidence.

Anolisgroup is a Slovenian-based creative and technology company established in 2010, specializing in visual communication, web and mobile application development, VR & AR solutions, and product design. Their portfolio showcases a variety of projects involving graphic design, programming, 3D modeling, and content preparation, targeting businesses seeking integrated digital and visual solutions. The website reflects a small-sized enterprise with a niche market position focused on creative technological services. Technically, the website employs traditional web technologies including HTML5, CSS, and JavaScript with libraries such as jQuery, Isotope, and Fancybox. The presence of older technologies like Cufon indicates some legacy components. The site is moderately optimized for performance and mobile devices but lacks advanced SEO and accessibility features. No CMS is explicitly identified, though custom CMS development is mentioned in project descriptions. From a security perspective, the website lacks HTTPS enforcement and security headers, which are critical for protecting user data and ensuring trust. There are no visible privacy or cookie policies, nor contact information for data protection or incident response, indicating gaps in compliance with GDPR and best practices. No forms or analytics scripts are detected, reducing data collection risks but also limiting user engagement tracking. Overall, the website is functional and professional in design and content but requires significant improvements in security posture, privacy compliance, and contact transparency to enhance trustworthiness and regulatory adherence. Strategic recommendations include implementing HTTPS, adding privacy and cookie policies, improving security headers, and providing clear contact information.

M

MagentaCLOUD

magentacloud.de

54

MagentaCLOUD is a cloud storage service operated under the Magenta brand, associated with Deutsche Telekom, targeting general users seeking secure file storage and sharing solutions. The website is built on the Nextcloud platform, leveraging modern web technologies including Vue.js and hosted on the Open Telekom Cloud infrastructure. The platform integrates multiple security features such as two-factor authentication, password policies, and end-to-end encryption, reflecting a mature security posture. However, the absence of visible privacy and cookie policies, as well as contact information for security incidents, indicates areas for compliance and transparency improvement. Overall, the site demonstrates a professional and trustworthy presence aligned with a major telecommunications provider.

The website trainex25.de is currently inaccessible beyond a Cloudflare security challenge page that verifies visitors are human via a Turnstile captcha. No actual business content, branding, or contact information is available for analysis. The domain uses Cloudflare DNS and security services, indicating some level of protection but also blocking direct content access. Due to this, the technical infrastructure assessment is limited to the presence of Cloudflare services and basic HTML/CSS. Security posture cannot be fully evaluated, but the use of Cloudflare suggests baseline protection. No privacy or cookie policies are present, and no contact or business details are visible, limiting trust and compliance evaluation. Overall, the site appears to be either under protection or in a transitional state, preventing a full security and business analysis.

C

CONCORDIA Versicherungen

concordia.de

61

CONCORDIA Versicherungen is a well-established German insurance provider offering a wide range of insurance products including vehicle, health, legal protection, retirement, home, and business insurance. The company targets private individuals and businesses, emphasizing personalized consultation and tailored insurance solutions. The website reflects a strong market position with comprehensive product information and a professional digital presence. Technically, the site is built on TYPO3 CMS, uses modern web technologies, and is hosted by a reputable provider. It includes cookie consent management and Google Tag Manager for analytics, indicating a mature digital infrastructure. Security posture is good with HTTPS enforced and no visible vulnerabilities, though security headers could be improved and a formal security policy or incident response contact is absent. Overall, the site is trustworthy, professionally designed, and compliant with GDPR requirements. Strategic recommendations include enhancing security headers, publishing a security policy, and adding vulnerability disclosure information to further strengthen trust and security.