High-risk security reports

The website oxygenforensics.com is currently inaccessible due to a Cloudflare security challenge page that blocks direct content access. This challenge page is designed to verify visitor legitimacy before granting access to the actual website content. As a result, no business-related content, contact information, or policies are visible for analysis. The domain is registered since 2013 with NameCheap, Inc. and uses Cloudflare for DNS and security services, indicating a legitimate and established domain. However, the lack of accessible content limits the ability to assess the company's business model, services, or compliance posture. The technical infrastructure includes modern JavaScript and Web Worker usage for the captcha challenge, but no SEO or accessibility optimizations are evident on the challenge page itself. Security headers and privacy policies are not visible, which is typical for a challenge page but limits security posture evaluation.

C

COSMO Wissenschaftsforum

cosmo-wissenschaftsforum.de

44

COSMO Wissenschaftsforum is a science communication and exhibition platform located in Dresden, Germany, focused on engaging the public with current scientific research in areas such as artificial intelligence, robotics, and medical technology. It offers interactive exhibitions, workshops for children and youth, guided tours, and space rental services. The website is built on WordPress with Elementor and integrates various plugins for social media feeds, event management, and GDPR compliance. The technical infrastructure is modern and hosted on OVH, with good mobile optimization and moderate performance. Security posture is solid with HTTPS and secure forms, though some security headers and policies could be improved. Privacy compliance is well addressed with a comprehensive privacy and cookie policy. Overall, the website presents a professional and trustworthy image suitable for its educational mission.

I

innovationen-sachsen.de

innovationen-sachsen.de

44

The website at wisawi-vernetzt.de currently presents only a minimal loading spinner with no accessible content, indicating that the site is either under construction, blocked, or improperly configured. The domain is hosted on agenturserver nameservers and uses assets from the Innoloft platform, but no business or contact information is available on the site. This severely limits the ability to assess the business model, market position, or services offered. Technically, the site uses modern JavaScript modules and CSS but lacks visible SEO, accessibility, or performance optimizations. Security posture is weak due to absence of HTTPS confirmation and missing security headers. No privacy or cookie policies are present, indicating non-compliance with GDPR and related regulations. Overall, the site is not currently functional or informative, posing a risk for trust and credibility.

B

Bootstrap Package

bootstrap-package.com

46

Bootstrap Package is an open source project providing a fully configured frontend theme for TYPO3 CMS based on the Bootstrap CSS Framework. It targets TYPO3 users and developers seeking advanced theming capabilities and modern templating without reliance on third-party extensions. The project is maintained openly on GitHub and distributed via the TYPO3 Extension Repository and Packagist, positioning itself as a leading theme package within the TYPO3 ecosystem. Technically, the website leverages TYPO3 CMS with Bootstrap 5, enhanced by JavaScript libraries such as Photoswipe and Prism.js. It employs Google Tag Manager for analytics and tracking, and the site is mobile-optimized with good accessibility and SEO practices. The site uses HTTPS with strong SSL configuration but lacks some advanced security headers. From a security perspective, the site demonstrates good practices including HTTPS enforcement and cookie consent mechanisms. However, it lacks explicit security policies, incident response information, and vulnerability disclosure channels. The absence of WHOIS registration data limits domain legitimacy verification, though the open source nature and professional presentation suggest a trustworthy project. Overall, the site presents a professional, well-structured, and content-rich platform for TYPO3 theming, with moderate security posture and good privacy compliance. Strategic improvements in security headers, contact transparency, and domain registration clarity would enhance trust and compliance.

M

Munich Intellectual Property Law Center (MIPLC)

miplc.de

45

The Munich Intellectual Property Law Center (MIPLC) is a specialized academic institution offering a one-year LL.M. program focused on intellectual property, innovation, and competition law. It operates with strong partnerships including the Max Planck Institute for Innovation and Competition and prominent universities, positioning itself as a niche leader in legal education for innovation-driven economies. The website reflects a high level of professionalism, with comprehensive content, multimedia integration, and clear navigation tailored to prospective students and academic audiences. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and frameworks, ensuring good performance and mobile responsiveness. Security posture is solid with HTTPS enforced and privacy-conscious analytics via Matomo with cookies disabled. However, some security headers and explicit security policies are missing, and no direct contact emails or phone numbers are provided, relying instead on contact forms. Overall, the site is trustworthy, well-maintained, and compliant with GDPR, though improvements in transparency and security documentation could enhance user trust further.

B

beckers-ulm

cafe-restaurant-stadthaus.de

47

beckers-ulm operates a hospitality business focused on café and restaurant services located in Ulm, Germany. The website highlights their offerings including lunch menus, homemade cakes, and coffee from their own roastery, targeting local customers and visitors. The business maintains a professional online presence with clear contact details and a user-friendly reservation system. Technically, the site is built on WordPress with WooCommerce and Elementor, leveraging SEO and privacy plugins to enhance user experience and compliance. Security posture is good with HTTPS and cookie consent mechanisms, though some security headers could be improved. Overall, the site is trustworthy and well-maintained, supporting the business's local market position effectively.

H

Hagmann Umzüge GmbH

hagmann-umzug.com

37

Hagmann Umzüge GmbH is a well-established moving and logistics company based in Ulm, Germany, founded in 2000. The company offers a broad range of services including private and corporate relocations, transport, storage solutions, and specialized moving services such as high-tech and international moves. Their market position is regional with a focus on quality service for both private individuals and businesses. The website reflects a professional business model with clear service offerings and a consistent brand presence. Technically, the website employs modern tracking and consent management technologies such as Cookiebot, Google Tag Manager, Google Analytics, and Facebook Pixel, indicating a mature digital infrastructure. The site is hosted by IONOS SE, a reputable provider, and uses HTTPS with a clientTransferProhibited domain status, enhancing security. Mobile optimization and SEO practices are good, though accessibility could be improved. From a security perspective, the site demonstrates good practices including HTTPS enforcement and cookie consent compliance. However, it lacks advanced security headers and explicit security or incident response policies. No vulnerabilities or suspicious patterns were detected, and the domain registration is consistent with the business history, supporting legitimacy. Overall, the website is secure, compliant with GDPR, and professionally maintained, with minor recommendations to enhance DNS security and publish explicit security policies. The risk profile is low, and the company appears trustworthy and credible in its sector.

B

Brunnenverwaltung Bad Dietenbronn GmbH

dietenbronner.de

46

Brunnenverwaltung Bad Dietenbronn GmbH operates the Dietenbronner Mineralwasser brand, a regional mineral water and beverage producer based in Oberschwaben, Germany. The company has a long-standing family ownership of over 90 years and offers a range of products including mineral water, schorlen, fruit juice beverages, and lemonades. The website reflects a professional and consistent brand image targeting general consumers interested in natural and regional products. Technically, the site is built on TYPO3 CMS with modern frontend technologies such as Bootstrap and JavaScript libraries, providing a responsive and accessible user experience. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers and explicit policies could be improved. Overall, the site is trustworthy, well-maintained, and compliant with GDPR requirements.

H

Häussler Technische Orthopädie GmbH

haeussler-ulm.de

45

Häussler Technische Orthopädie GmbH is a well-established healthcare provider specializing in orthopaedic and rehabilitation technology, medical supplies, and homecare services. With over 100 years of history and multiple physical branches primarily in the Ulm region of Germany, the company offers personalized consultation and a broad range of healthcare products. Their market position is that of a trusted regional family business with a strong local presence and comprehensive service offerings. Technically, the website is built using modern frontend technologies including Vue.js and Tailwind CSS, with good mobile optimization and performance. The site integrates Google Tag Manager and Google Identity Services for analytics and marketing purposes. Security posture is solid with HTTPS enforced and cookie consent implemented, although explicit security headers and a public security policy are absent. Privacy compliance is good, with a comprehensive privacy policy and cookie consent mechanism in place. Overall, the website presents a professional, trustworthy, and user-friendly digital presence aligned with the company's business objectives.

B

basemap.de

basemap.de

46

basemap.de is a specialized provider of official cartographic products and web mapping services for Germany, targeting government agencies and GIS professionals. The website presents a professional and consistent brand image with a focus on official geospatial data products derived from centralized data sources. The technical infrastructure is based on a modern WordPress CMS with popular plugins and frameworks, hosted on German servers, indicating a mature digital presence. Security posture is adequate with HTTPS and no visible vulnerabilities, but lacks advanced security headers and incident response disclosures. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the website is trustworthy and well-positioned in its niche, though improvements in security and compliance would enhance its profile.

P

Panoramahotel Oberjoch

panoramahotel-oberjoch.de

49

Panoramahotel Oberjoch is a 4-star superior wellness hotel located in the Allgäu region of Germany, offering services such as pools, saunas, massages, fine dining, and alpine spa experiences. The website positions the hotel as a premium destination for wellness and leisure travelers, supported by a strong customer rating and active social media presence. Technically, the site is built on TYPO3 CMS, integrates modern marketing and analytics tools like Mailchimp and Google Tag Manager, and is hosted on raidboxes.net, indicating a professional digital infrastructure. Security posture is moderate with HTTPS implied but lacks visible security headers and formal privacy or cookie policies, which are recommended for compliance and trust. Overall, the website is well-designed, content-rich, and trustworthy, with room for improvement in privacy compliance and security best practices.

The website www.rinascente.it is currently inaccessible due to geo-blocking restrictions, presenting only a minimal HTML page with an iframe pointing to a maintenance or geo-block notice. Rinascente is a retail business based in Italy, likely operating in the luxury or fashion sector, but no direct content or business details are accessible on the landing page. The domain registration data is consistent with a legitimate retail company in Italy, supporting the business credibility despite the lack of accessible content. Technically, the site does not expose any metadata, scripts, or contact information in the provided HTML, limiting the ability to assess technical maturity or security posture. Security evaluation is constrained by the lack of accessible content and headers, but no immediate vulnerabilities or risks are evident from the data. Overall, the site is safe with no adult or explicit content, but the geo-blocking significantly limits analysis and user experience.

E

Eventbanditz

eventcloud9.com

40

Eventbanditz appears to be a technology platform focused on event-related services, accessible via a login portal. The website content is minimal, primarily serving as an authentication gateway for users. The technical infrastructure leverages modern frontend technologies such as Bootstrap, jQuery, and OneUI framework, hosted on Microsoft Online infrastructure, indicating a professional setup. However, the site lacks public-facing business information, privacy policies, and security headers, which limits transparency and compliance visibility. Security posture shows basic best practices like POST method for login but lacks advanced protections such as DNSSEC and security headers. Overall, the site is functional but requires enhancements in privacy compliance, security hardening, and business transparency to improve trust and user confidence.

W

Würzburg-Dresden Cluster of Excellence ct.qmat

ctqmat.de

43

The Würzburg-Dresden Cluster of Excellence ct.qmat is a prominent academic research center specializing in topological and complex quantum matter. Established in 2019, it unites leading research hubs from Universität Würzburg and Technische Universität Dresden, focusing on advancing quantum materials research, education, and public outreach. The website reflects a professional and well-maintained digital presence with comprehensive content targeted at researchers, students, and the interested public. Technically, the site employs modern web standards, responsive design, and uses Matomo analytics for privacy-conscious tracking. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security policies and incident response contacts are absent. Privacy compliance is good with a clear privacy policy but lacks a cookie consent mechanism. Overall, the site is trustworthy and authoritative within its academic domain.

H

Hochschulallianz für den Mittelstand

hochschulallianz.de

45

Hochschulallianz für den Mittelstand is a German nationwide alliance of application-oriented universities focused on supporting small and medium-sized enterprises (SMEs). The organization facilitates networking, research collaboration, and knowledge exchange among universities and the Mittelstand sector. The website reflects a professional and consistent brand presence, targeting educational institutions and SMEs in Germany. Technically, the site is built on WordPress with modern plugins such as Yoast SEO and WPBakery Page Builder, ensuring good SEO and user experience. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms in place, although explicit security policies and incident response contacts are not published. Overall, the site is trustworthy, GDPR compliant, and well-structured, serving its educational and networking mission effectively.

H

Hanse Werbeshop

hanse-werbeshop.com

49

Hanse Werbeshop is a small German e-commerce retailer specializing in advertising and promotional products such as signs, stickers, stamps, textile advertising, business prints, and banners. The website is built on the Shopware 6 platform and integrates PayPal for payment processing and Matomo for analytics. The technical infrastructure is modern and moderately optimized for performance and mobile use, with good accessibility features. However, the site lacks explicit privacy and cookie policies, contact information, and security headers, which are important for compliance and trust. The domain registration is consistent with the business profile, indicating legitimacy. Overall, the site presents a basic but functional online retail presence with room for improvement in privacy and security compliance.

U

Unglaublich wichtig

unglaublich-wichtig.de

42

Unglaublich wichtig is an informational platform highlighting the contributions of German Universities of Applied Sciences (HAWs) in various sectors such as energy, mobility, healthcare, and digital innovation. The website serves as a knowledge hub providing educational content, news, and insights into applied sciences research and practical solutions. It targets a general audience interested in the future of technology and society, emphasizing the importance of HAWs in addressing contemporary challenges. Technically, the website is built on WordPress using the Enfold theme, leveraging modern web technologies including jQuery, FontAwesome, and Borlabs Cookie for consent management. The site is mobile-optimized with good SEO practices and moderate performance. It integrates marketing tools like CleverReach for newsletter management but avoids intrusive tracking or advertising. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, but lacks explicit security headers and published security policies. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong with a comprehensive privacy policy and cookie management in place. Overall, Unglaublich wichtig presents a professional, trustworthy, and well-maintained digital presence with a clear educational mission. Strategic improvements in security headers, incident response policies, and accessibility could further enhance its posture and user trust.

Campus Halensis serves as the official news and information portal for Martin-Luther-Universität Halle-Wittenberg, providing timely updates on academic events, research, and campus life primarily targeting students, faculty, and researchers. The website is well-branded and consistent with the university's identity, offering content in German with an English language option. It functions as a communication channel to keep the university community informed and engaged. Technically, the site uses a moderate technology stack including jQuery, Magnific Popup, Slick Carousel, and Piwik/Matomo for analytics, hosted likely on university infrastructure. The site is mobile-optimized with good navigation and content structure, though accessibility features are basic. Performance is moderate, and SEO practices are adequately implemented. From a security perspective, the site uses HTTPS and implements cookie consent mechanisms, but lacks visible security headers and explicit security or incident response policies. No vulnerabilities or exposed sensitive data were detected. Privacy compliance is good, with a clear privacy policy and cookie banner. The WHOIS data aligns well with the university's domain infrastructure, indicating legitimacy and trustworthiness. Overall, the website is a professional, trustworthy academic portal with good content quality and privacy practices. However, improvements could be made in security header implementation, incident response transparency, and accessibility compliance to enhance the security posture and user experience.

The QS-Akademie website serves as a specialized educational platform offering training and continuing education for companies involved in the fresh food supply chain, including sectors such as feed production, animal husbandry, meat processing, trade, and the fruit and vegetable industry. The platform targets professionals and businesses seeking sector-specific knowledge and certification. Technically, the site is built on the ILIAS LMS platform, utilizing a modern tech stack including jQuery, Bootstrap, and various UI and calendar libraries, hosted by Schlund Technologies. The website is well-structured, mobile-optimized, and includes essential privacy and cookie consent mechanisms, reflecting a moderate to high level of digital maturity. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though formal security policies and incident response contacts are not published. Overall, the site presents a professional and trustworthy educational service with room for improvement in security transparency and accessibility.

A

Associazione IWA Italy (International Web Association Italia)

iwa.it

47

IWA Italy is a well-established professional association founded in 2000, dedicated to supporting and enhancing the professionalism of web practitioners in Italy. It offers certifications, training, advocacy, and networking opportunities, positioning itself as a key player in the Italian digital professional landscape. The website reflects a clear focus on quality, ethical standards, and community building among web professionals. Technically, the site uses a modern tech stack including Bootstrap and jQuery, with integrations for social media and privacy compliance via Iubenda. Security posture is solid with HTTPS and cookie consent mechanisms, though it lacks explicit security policy and incident response information. Overall, the site is professional, trustworthy, and compliant with GDPR requirements.

P

Paulbergman GmbH

alumnii.de

49

Alumnii, operated by Paulbergman GmbH, is a specialized SaaS platform focused on providing comprehensive alumni network management solutions primarily for educational institutions, companies, foundations, and associations in Germany. The platform offers integrated services including member management, newsletters, payment processing, event management, job boards, and mentoring functionalities. The company positions itself as a niche provider with a strong emphasis on GDPR compliance and German-based hosting. Technically, the website is built using modern web technologies such as Jekyll for static site generation, Bootstrap for responsive design, and integrates analytics via Matomo. The site is mobile-optimized, accessible, and SEO-friendly, reflecting a mature digital infrastructure. Security measures include HTTPS with strong encryption and Google reCAPTCHA to protect forms, although additional security headers and explicit cookie consent mechanisms are absent. From a security perspective, the site demonstrates good practices with encrypted communications and data protection aligned with GDPR. However, the absence of published incident response contacts and vulnerability disclosure policies suggests room for improvement in transparency and readiness. The WHOIS data aligns well with the website's claims, showing consistent domain registration and hosting in Germany without privacy protection, enhancing trustworthiness. Overall, Alumnii presents a professional, trustworthy, and well-structured online presence suitable for its target audience. Strategic enhancements in security policies and privacy mechanisms would further strengthen its compliance and user trust.

R

Rechtsanwaltskanzlei Nolte › ‹ Pustejovsky

np-recht.de

44

Rechtsanwaltskanzlei Nolte › ‹ Pustejovsky is a specialized law firm based in Freiburg, Germany, offering expert legal services in areas such as corporate law, labor law, inheritance law including business succession, family law, data protection, IT law, and intellectual property law. The firm targets both companies and private individuals, positioning itself as a boutique legal service provider with a strong focus on specialized legal fields. Their website reflects a professional and consistent brand image with comprehensive service descriptions and regular legal updates via their blog and social media channels. Technically, the website is built on WordPress with modern SEO and caching plugins, ensuring moderate performance and good mobile optimization. The hosting is managed via kasserver.com, and the site uses HTTPS with a good SSL configuration. However, some security best practices such as security headers and incident response disclosures are missing, which could be improved to enhance the security posture. From a security perspective, the site shows no signs of vulnerabilities or exposed sensitive data. The absence of a cookie consent mechanism and security headers are minor gaps in GDPR compliance and security hardening. The WHOIS data aligns well with the website content, showing consistent domain registration and no privacy protection, which supports the legitimacy of the business. Overall, the website is trustworthy, professionally maintained, and suitable for its target audience. Strategic improvements in privacy compliance and security policies would further strengthen its position and user trust.

The website diviblock.com currently serves a single purpose: to block browser inspect tools with a message instructing users to close such tools and refresh the page. There is no accessible business content, product information, or service descriptions. The domain is registered via NameCheap since 2020, indicating a relatively recent but stable registration. The site appears to be related to a WordPress plugin or tool designed to prevent inspection of website code, but no further business details are provided. Technically, the site uses WordPress and Google Fonts but lacks visible security headers or HTTPS confirmation in the provided data. The security posture is minimal, with DNSSEC not enabled and no privacy or cookie policies present. Overall, the site is low in content quality and business credibility due to the lack of accessible information and blocking mechanisms.

D

Divi.Help

divi.help

46

Divi.Help operates as a specialized community forum providing free support for users of the Divi WordPress theme. It also offers premium memberships granting access to a suite of Divi-related plugins, child themes, and AI-powered design tools. The business targets Divi users and web designers seeking both community assistance and advanced Divi products. The website is built on the XenForo forum platform with a UI.X theme, hosted on StableHost, and incorporates standard web technologies such as jQuery and Font Awesome icons. The site demonstrates good content quality, clear navigation, and mobile responsiveness, supporting a positive user experience. However, it lacks visible privacy, cookie, and terms of service policies, which impacts compliance and trust.

R

RPM Invest

rpm-invest.de

41

RPM Invest operates as the strategic investment unit of the Rheinische Post Mediengruppe, focusing on fast-growing technology and digital media companies with proven business models. The company provides capital, expertise, and a broad network to support founders and entrepreneurs through long-term partnerships and flexible investment structures. The website reflects a professional and consistent brand presence, showcasing portfolio companies and investment criteria. Technically, the site is built on WordPress using Elementor and Gravity Forms, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced, though security headers and explicit privacy policies are missing. No blocking or WAF challenges were detected, allowing full content access and analysis.

The website hatartalannyar.hu represents the MOL – Új Európa Alapítvány, a cultural foundation focused on sponsoring and promoting a wide range of cultural festivals and events in Hungary and neighboring regions. The foundation supports music, theater, dance, literature, film, gastronomy, and folk traditions, positioning itself as a key player in the cultural sponsorship landscape. The site content and branding align well with the foundation's mission and target audience, primarily Hungarian cultural event attendees. Technically, the website is built on Joomla CMS with modern libraries such as jQuery and Bootstrap, providing a responsive and user-friendly experience. The presence of Google Analytics indicates moderate user tracking, balanced with basic privacy compliance through downloadable privacy and cookie policies. Security posture is moderate with HTTPS usage and CSRF tokens but lacks explicit security headers and incident response information. Overall, the site is professional, trustworthy, and well-aligned with its business purpose, though improvements in security and privacy mechanisms are recommended.

Felhangolva.hu is a Hungarian cultural platform launched in 2023, focusing on promoting emerging Hungarian music talents and organizing concerts and events in partnership with established cultural institutions such as MOL - Új Európa Alapítvány, A38 Hajó, Budapest Music Center, and Müpa. The website is built on Joomla CMS with Bootstrap and jQuery technologies, providing a moderately performant and mobile-optimized user experience. However, it lacks visible privacy and cookie policies, contact information, and security headers, which are important for compliance and trust. The site uses HTTPS and includes Google Analytics for visitor tracking but does not provide cookie consent mechanisms, indicating privacy compliance gaps. Overall, the platform serves a niche cultural community with good content relevance and professional branding but would benefit from enhanced security and privacy practices.

B

Berufsbildende Schulen Cuxhaven

bbs-cux.de

48

Berufsbildende Schulen Cuxhaven is a regional vocational education center in Germany offering a broad spectrum of full-time and dual training programs, international projects such as Erasmus+, and various educational support services. The institution targets students, apprentices, educators, and local businesses, positioning itself as a key regional player in vocational education. The website reflects a well-structured, content-rich platform with consistent branding and clear navigation, supporting its educational mission effectively. Technically, the website is built on WordPress with a modern plugin ecosystem including Smart Slider 3 and Download Manager. It is hosted on a German hosting provider with HTTPS enabled, ensuring secure communication. The site demonstrates good mobile optimization and moderate performance, though accessibility features are basic. No advanced security headers were detected, and no cookie consent mechanism was found, indicating areas for compliance improvement. From a security perspective, the site maintains a good posture with HTTPS and no visible vulnerabilities or exposed sensitive data. However, the absence of security headers, vulnerability disclosure, and incident response information suggests room for enhancement. Privacy compliance is partially met with a comprehensive GDPR privacy policy but lacks cookie consent mechanisms. The WHOIS data aligns well with the website's identity, supporting legitimacy. Overall, the website is professional, trustworthy, and suitable for its educational purpose. Strategic improvements in security headers, cookie consent, and incident response transparency would further strengthen its security and compliance posture.

E

ELAN e.V.

elan-ev.de

48

ELAN e.V. is a German non-profit organization specializing in the development and support of open source software tailored for higher education institutions. With over 15 years of active involvement in open source communities, ELAN e.V. empowers universities by providing flexible, secure digital teaching and learning tools. Their market position is strengthened by their community engagement and recognized certifications such as the Open EdTech Associate Membership. The organization offers services including software development, consulting, hosting, and support, targeting educators and students in the academic sector. Technically, the website is built on a modern WordPress platform enhanced with plugins like Rank Math PRO for SEO, Matomo for privacy-conscious analytics, and Oxygen Builder for design flexibility. Hosting and DNS services are managed via Cloudflare, ensuring robust performance and security. The site demonstrates good mobile optimization and accessibility, with a professional and consistent branding approach. From a security perspective, the site enforces HTTPS and employs privacy-respecting analytics. However, it lacks visible cookie consent mechanisms and explicit security or incident response policies. No vulnerability disclosure or security.txt files are present, which could be improved to enhance transparency and trust. Overall, the security posture is solid but could benefit from additional compliance features. The overall risk assessment is low, with the website presenting a trustworthy and professional front for ELAN e.V. Strategic recommendations include implementing cookie consent, publishing security policies, and adding vulnerability disclosure information to further strengthen compliance and user trust.

F

Flachsland Zukunftsschulen gemeinnützige GmbH

flachsland-zukunftsschulen.de

48

Flachsland Zukunftsschulen gemeinnützige GmbH is a non-profit educational organization based in Hamburg, Germany, operating bilingual and integrative kindergartens, a combined kindergarten and school facility, and a vocational school for social pedagogy. It is a subsidiary of Kinderwelt Hamburg gGmbH, leveraging over 30 years of experience in child and youth education. The website serves as an informational portal for families and stakeholders, providing details about the institutions, donation options, and contact information primarily via email. The organization targets families and educators seeking quality educational services in Hamburg. Technically, the website is built on WordPress using the Elementor page builder, with standard web technologies such as jQuery and Font Awesome. Hosting is provided by netcup, as inferred from the DNS nameservers. The site is moderately optimized for performance and mobile devices, with basic accessibility and SEO features. No advanced analytics or tracking tools are detected, indicating a privacy-conscious approach. From a security perspective, the site uses HTTPS with good SSL configuration but lacks visible security headers and cookie consent mechanisms. There is no published security policy or incident response contact, and no vulnerability disclosure information is available. The WHOIS data is consistent and transparent, with no privacy protection or suspicious patterns, supporting the legitimacy of the domain and organization. Overall, the website presents a professional and trustworthy image suitable for its educational mission. However, improvements in security headers, privacy compliance (cookie consent), and transparency around security policies would enhance its security posture and compliance with GDPR requirements.

The website bszleo.de currently serves only a TYPO3 default 404 error page indicating that no site configuration is found. There is no accessible business content, contact information, or policies available. The domain is hosted on nameservers belonging to belwue.de, a German academic network provider, suggesting institutional hosting. The technical infrastructure uses TYPO3 CMS but lacks any active content or user engagement features. Security posture cannot be assessed due to lack of HTTPS and security headers information. Overall, the site is non-functional and provides no business or compliance information, resulting in a very low trust and credibility score.

L

linuxmuster.net

linuxmuster.net

47

linuxmuster.net is a well-established open-source school network solution supported by a non-profit association and an active community. The website presents a professional and consistent brand image focused on providing reliable and customizable IT infrastructure for educational institutions. The technical infrastructure is based on WordPress CMS with modern plugins and technologies, offering a good user experience and mobile optimization. Security posture is adequate with HTTPS and reCAPTCHA integration, but lacks some security headers and explicit privacy policies. The absence of WHOIS data raises concerns about domain registration transparency, though the website content and community presence support legitimacy. Overall, the site is trustworthy and functional but would benefit from enhanced privacy compliance and security hardening.

G

Gymnasium Lüchow

gymnasium-luechow.de

46

Gymnasium Lüchow is a medium-sized educational institution in Germany, recognized as an open all-day school and a UNESCO project school. The website provides comprehensive information about the school’s educational offerings, projects, international partnerships (notably Erasmus+), and community engagement. The school targets students, parents, and educators, emphasizing sustainability, cultural education, and social responsibility. Technically, the site is built on TYPO3 CMS, hosted by SchlundTech, and employs modern web technologies with good mobile optimization and SEO practices. Security posture is solid with HTTPS and cookie consent mechanisms, though some security headers could be improved. No critical vulnerabilities or suspicious content were detected. Overall, the website reflects a professional and trustworthy educational institution with strong community ties.

D

data-quest Suchi & Berg GmbH

data-quest.de

45

data-quest Suchi & Berg GmbH is a specialized German company providing consulting, development, installation, and support services primarily for educational institutions, especially universities. They focus on open-source learning and campus management software, notably the Stud.IP system, which they co-develop and support. Their market position is that of a niche full-service provider with over 20 years of experience, serving a targeted audience of educational and administrative organizations. The website content is professional, well-structured, and clearly communicates their services and expertise. Technically, the site is built on WordPress with modern plugins and themes, offering good mobile optimization and SEO practices. Security posture is solid with HTTPS and no visible vulnerabilities, though improvements are possible in security headers and incident response transparency. Privacy compliance is good with a comprehensive privacy policy, but lacks a cookie consent mechanism. Overall, the site is trustworthy and credible, reflecting a mature business with strong industry ties.

S

Stud.IP e. V.

studip.de

41

Stud.IP e. V. operates a modern open-source learning management system primarily targeting educational institutions such as universities, authorities, associations, and companies. The platform serves as a central component of digital education concepts, offering services in teaching, learning, administration, and integration via interfaces. The website is professionally designed, content-rich, and clearly structured, supporting a German-speaking audience with a focus on education and technology sectors. The business model revolves around providing an open-source LMS solution with community and event engagement to foster adoption and development. Technically, the website is built on WordPress with modern front-end technologies including JavaScript and CSS, enhanced by SEO tools like Yoast and analytics via Koko Analytics. Hosting is provided by Cloudpit, a reputable provider, ensuring reliable infrastructure. The site demonstrates good mobile optimization and accessibility features, although SEO optimization is basic. Performance is moderate, with no critical technical issues detected. From a security perspective, the site enforces HTTPS with excellent SSL configuration but lacks explicit security headers and published security policies. Forms are secured with required fields, and no sensitive data exposure or vulnerable libraries were found. Privacy compliance is partial; while a privacy policy is present and GDPR compliance is implied, no cookie consent mechanism or detailed data retention policies are visible. Contact information is limited to a postal address without direct emails or phone numbers, and no incident response or vulnerability disclosure information is provided. Overall, the website presents a trustworthy and professional front for an established educational technology entity. Strategic improvements in privacy compliance, security policy transparency, and user data consent mechanisms would enhance trust and regulatory adherence.

The website www.digivalmedia.es is currently inaccessible, returning a 503 Service Temporarily Unavailable error indicating server maintenance or capacity issues. Due to this, no business content, metadata, or contact information is available for analysis. The WHOIS data is also inaccessible because the registrar restricts WHOIS queries to authorized IP addresses only, preventing extraction of domain registration details. This limits the ability to verify domain legitimacy or business credentials. Technically, the site lacks any detectable technologies, scripts, or frameworks due to minimal HTML content. There is no evidence of HTTPS enforcement, security headers, or privacy and cookie policies. The site is not optimized for mobile or SEO, and no analytics or tracking tools are present. The overall technical maturity and digital infrastructure cannot be assessed beyond the fact that the site is currently down. From a security perspective, the lack of accessible content and headers prevents a thorough evaluation. The site does not expose any sensitive data or forms, but the unavailability itself is a critical issue impacting user trust and business continuity. The absence of privacy and security policies further reduces compliance posture. WHOIS data restrictions add uncertainty to domain legitimacy. Overall, the site scores very low on content quality, technical implementation, security posture, privacy compliance, and business credibility. The primary risk is operational downtime and lack of transparency. Strategic recommendations include restoring site availability, publishing privacy and security policies, enabling HTTPS and security headers, and improving WHOIS data accessibility to enhance trust.

The website pruebascq.com is currently non-functional due to a critical PHP fatal error caused by a missing WordPress core file (wp-load.php). This prevents any content from being displayed or analyzed, resulting in a lack of visible business information, contact details, or policies. The domain is registered with a Spanish registrar since 2021 and has standard domain protections enabled, indicating legitimate registration. However, the absence of DNSSEC and security headers, combined with the site error, reflects a low technical maturity and security posture. No advertising, analytics, or tracking technologies are detected due to the inaccessible state of the site. Overall, the website is not currently serving its intended purpose and requires urgent technical remediation.

E

Economy for the Common Good - Sverige

ecgsverige.se

40

ECG Sverige is a small non-profit organization dedicated to promoting the Economy for the Common Good movement in Sweden. Their website provides information about their mission to create an economic system focused on societal and environmental well-being. They offer services such as the ECG-bokslut, which complements traditional financial statements by measuring societal contributions. The organization targets businesses, municipalities, and individuals interested in sustainable economic models. Technically, the website is built on WordPress using the Genesis Framework and Yoast SEO plugin, hosted by Oderland. It employs modern web technologies and includes a cookie consent mechanism and privacy policy, indicating good digital maturity. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks advanced security headers and DNSSEC. Overall, the site is professional, trustworthy, and compliant with GDPR requirements, though it could improve security policies and contact information visibility.

Zusteller gesucht - Mergelsberg Verlag operates as a local media company focused on recruiting newspaper delivery personnel for publications such as the Borkener Zeitung and Stadtanzeiger. The website targets individuals seeking flexible, part-time, or full-time delivery jobs, offering personal onboarding and fair compensation. The business model centers on employment recruitment within the media sector in Germany, serving a small regional market. Technically, the website is built on the memeSYS CMS platform, leveraging Bootstrap and jQuery for frontend functionality. The site is mobile optimized and provides a good user experience with clear navigation and relevant content. Security posture is moderate; while HTTPS is presumably enabled, no explicit security headers were detected, and no advanced security policies are published. Privacy compliance is good, with a clear cookie consent mechanism and a GDPR-compliant privacy policy. Contact information is transparent and complete, enhancing business credibility. Overall, the website is professional, trustworthy, and safe for general audiences.

D

domicil gGmbH

domicil-dortmund.de

47

domicil gGmbH operates a well-established live music and cultural venue in Dortmund, Germany, specializing in jazz and creative music since 1969. The organization hosts a variety of events including the notable Jazztage Dortmund festival, offers event space rentals, gastronomy services, and a fan merchandise shop. The website reflects a medium-sized non-profit cultural institution with a strong community focus and recognized awards, positioning it as a trusted local cultural hub. Technically, the website is built on the Contao Open Source CMS platform and utilizes common JavaScript libraries such as jQuery, Swiper.js, and Colorbox. The site is moderately performant, mobile-optimized, and has basic accessibility and SEO features. Hosting is provided by a regional hosting provider indicated by the nameservers. While HTTPS is enabled, the site lacks advanced security headers and cookie consent mechanisms, which are recommended for improved security and compliance. From a security perspective, the site shows no signs of vulnerabilities or exposed sensitive data. However, it lacks published security policies, incident response contacts, and a cookie consent banner, which are important for GDPR compliance and user trust. The domain WHOIS data is consistent with the business claims, showing no privacy protection and a legitimate registration history. Overall, domicil-dortmund.de is a credible and professionally maintained cultural website with good content quality and business credibility. Strategic improvements in privacy compliance and security posture would enhance trust and regulatory adherence.

Fritz-Henßler-Haus is a youth center operated by the City of Dortmund's Youth Office, providing cultural events, workshops, and spaces for youth engagement. The website serves as an information portal for upcoming events and general contact information, targeting youth and community members in Dortmund. Technically, the site is built on the Contao CMS platform, utilizing jQuery and a slider plugin for interactive content presentation. Hosting is provided by Hetzner, a reputable German hosting provider, ensuring stable infrastructure. Security posture is adequate with HTTPS enabled, but lacks advanced security headers and explicit incident response information. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Overall, the site is trustworthy and professionally maintained, suitable for its public sector role.

The website thinkers-doers.com is currently inaccessible due to a Cloudflare Web Application Firewall (WAF) block page. The content is completely blocked, showing only a security challenge message with no actual business or service information available. The domain WHOIS data is suspicious, showing a creation date in the future (July 24, 2025), which undermines the legitimacy and trustworthiness of the domain. No privacy policies, contact information, or business details are accessible for analysis. The technical infrastructure is limited to Cloudflare protection, with no other detectable technologies or frameworks. Due to the block, a full security and compliance assessment cannot be performed, and the overall risk assessment is high due to lack of transparency and suspicious domain data.

G

Global Impact Producers Alliance

globalimpactproducers.org

48

Global Impact Producers Alliance (GIPA) is a non-profit community-led network dedicated to nurturing and amplifying the work of impact producers. The organization provides resources, a directory, and a platform for community engagement, supported by reputable partners such as Doc Society and Perspective Fund. The website is professionally designed using WordPress and hosted on Linode, reflecting a moderate level of technical maturity with good mobile optimization and SEO practices. Security posture is adequate with HTTPS enabled and no exposed sensitive data, but lacks DNSSEC and security headers, which are recommended for improvement. Privacy compliance is weak due to the absence of privacy and cookie policies, and no contact information is provided on the homepage, which may affect user trust and regulatory compliance. Overall, the site is safe, trustworthy, and serves a niche non-profit audience effectively.

Ს

საქართველოს ახალგაზრდა ენერგეტიკოსთა ასოციაცია

aypeg.ge

42

The website represents the Georgian Young Energy Professionals Association, a non-profit organization focused on advancing sustainable energy knowledge and practices in Georgia. It offers training courses, research projects, and organizes events targeting young professionals and stakeholders in the energy sector. The site is built on WordPress with common plugins and hosted on HostGator, reflecting a moderate level of digital maturity. The content is primarily in Georgian and is professionally presented with clear navigation and relevant project information. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal vulnerability disclosure mechanisms. Privacy compliance is weak due to absence of privacy and cookie policies. Overall, the site is trustworthy and serves its niche audience effectively.

The website pod.link is currently inaccessible due to a Vercel Security Checkpoint, which acts as a Web Application Firewall (WAF) or security challenge page. This prevents access to any actual business content, metadata, or user-facing information. The domain is registered since 2017 with Tucows Domains Inc., showing stable and consistent registration data. However, no privacy policies, cookie policies, terms of service, contact information, or business descriptions are available on the accessible page. The site appears to be hosted on Vercel, leveraging their security infrastructure. Due to the blocking mechanism, a full security and compliance analysis cannot be performed, and the overall AI score is low, reflecting the lack of accessible content and compliance information.

V

Vibration 108

vibration108.ch

49

Vibration 108 is a Swiss regional radio station broadcasting hit music primarily in the Valais region via FM and DAB+ frequencies, with an extended online presence through multiple themed webradios. The website serves as a digital hub for streaming, news, and community engagement, targeting a general audience interested in music and local content. The business operates on a small scale with a clear focus on media broadcasting and online streaming services. Technically, the site is built on WordPress with a modern plugin ecosystem including Yoast SEO, Matomo analytics, and GDPR-compliant cookie management via Complianz. The site demonstrates good mobile optimization and SEO practices, though performance is moderate. Security posture is solid with HTTPS enforced and privacy-focused analytics, but lacks explicit security policies or incident response information. No critical vulnerabilities or exposed sensitive data were detected. Overall, the website is professional, trustworthy, and compliant with GDPR requirements, though it could improve transparency around security policies and expand contact information. Strategic recommendations include enhancing security headers, publishing a security policy, and adding terms of service to improve business credibility and user trust.

P

Candu123 {} Situs Agen Penyedia Permainan Bisa Menghasilkan CUAN KILAT

pestcontroleverything.com

42

The website 'pestcontroleverything.com' hosts content branded as 'Candu123', an online gaming affiliate platform promoting quick earnings through gaming activities. The business model revolves around affiliate marketing and online gaming services, targeting a mature audience interested in gambling. The site claims licensing by PAGCOR but lacks verifiable certification details. Technically, the site uses a modern but basic tech stack including Bootstrap, jQuery, and several UI libraries, hosted behind Cloudflare DNS but without advanced security headers or DNSSEC enabled. Security posture is moderate with HTTPS enabled but missing critical security headers and privacy policies. The domain name is unrelated to the website content, which raises trust concerns. Contact information is minimal, limited to an obfuscated email and a physical address in Paris, France. Overall, the site is functional but lacks comprehensive privacy, security, and compliance features.

H

Heel GmbH

heel-academy.de

46

Heel Academy is a professional healthcare education platform operated by Heel GmbH, targeting medical professionals such as doctors, veterinarians, pharmacists, midwives, and alternative practitioners. The platform offers a variety of educational content including live webinars, CME courses, videos, and practice materials to support healthcare professionals in their daily work. The website is well-branded, consistent, and provides clear contact information, reinforcing its credibility in the healthcare sector. Technically, the site is built on the Weblication® CMS platform, uses modern JavaScript libraries, and integrates a GDPR-compliant cookie consent mechanism via Usercentrics. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, though security headers and explicit policies could be improved. Overall, the site is professional, trustworthy, and compliant with privacy regulations, making it a reliable resource for its target audience.

The website underdogmedia.com currently serves a robot challenge screen implementing a proof-of-work CAPTCHA mechanism, indicating that access is blocked by a security or WAF layer. This prevents normal content access and analysis. The domain is long-registered since 2002 with GoDaddy.com, LLC and uses SiteGround nameservers, suggesting a stable hosting environment. However, no business or contact information, privacy or cookie policies, or terms of service are present on the accessible page. The technical implementation uses advanced client-side JavaScript for CAPTCHA challenges but lacks visible security headers or HTTPS configuration details. Overall, the site appears to be protected by a security mechanism that limits content visibility and user interaction.

The website sozowebdesign.co.uk currently hosts only a default placeholder template page indicating a newly installed or unconfigured site. The domain is registered since 2006 with a reputable UK hosting registrar, ANS Group Ltd (UKFAST), suggesting a legitimate domain ownership. However, the absence of any real business content, contact information, privacy policies, or security features significantly limits the website's credibility and user trust. Technically, the site uses modern CSS frameworks like Tailwind CSS and Google Fonts but lacks advanced SEO, accessibility, and security implementations. There is no evidence of HTTPS enforcement or security headers in the provided data, which are critical for secure web operations. Overall, the site is in an initial setup phase and requires substantial development and compliance work to be business-ready.