High-risk security reports

S

Südtiroler Weinmuseum

weinmuseum.it

46

The Südtiroler Weinmuseum is a regional cultural institution dedicated to the history and culture of wine in South Tyrol, Italy. It offers museum exhibitions, educational programs, guided tours, and events focused on wine heritage. The museum is positioned as a trusted cultural destination with a strong local presence and a focus on preserving traditional wine varieties and history. Technically, the website employs modern web technologies including JavaScript libraries and cookie compliance tools, ensuring a good user experience and compliance with privacy regulations. Security posture is solid with HTTPS enforcement and security headers, though formal security policies and incident response contacts are not published. Overall, the website is professional, trustworthy, and compliant with GDPR and cookie regulations, serving a mature audience interested in wine culture.

S

Südtiroler Landesmuseum für Volkskunde

volkskundemuseum.it

41

The Südtiroler Landesmuseum für Volkskunde is a regional cultural museum located in Dietenheim near Bruneck, Italy, dedicated to showcasing the rural life and folk culture of South Tyrol. The museum offers permanent and special exhibitions, events, workshops, and research services, targeting a broad audience including families, schools, and cultural visitors. The website reflects a well-maintained digital presence with clear business information and visitor resources. Technically, the site employs modern web technologies including JavaScript libraries and cookie consent solutions, with good mobile optimization and SEO practices. Security posture is solid with HTTPS enforced and privacy compliance via Iubenda cookie management, though explicit security policies and incident response contacts are absent. Overall, the domain registration and website content align well, indicating a legitimate and trustworthy institution.

R

Racines-Giovo

racines-giovo.it

48

Racines-Giovo operates as a regional ski resort in Italy, offering modern ski lifts, cable cars, and a variety of winter sports and tourism services. The website targets tourists, families, and winter sports enthusiasts, providing live updates on ski lifts, weather, and related activities. The business is positioned as a medium-sized player in the transportation and hospitality sectors within the alpine tourism market. Technically, the site uses a modern CMS (Consisto), integrates Google Analytics and Tag Manager for tracking, and employs a comprehensive cookie consent mechanism compliant with GDPR. Security posture is solid with HTTPS, security headers, and no visible vulnerabilities, though explicit security policies and incident response contacts are not published. Overall, the website is professional, trustworthy, and safe for general audiences.

The domain pghub.io is registered to Tapad, Inc., a US-based technology company founded in 2020. The website content accessible is minimal and consists primarily of an XML listing of JavaScript and XML files stored in a Google Cloud Storage bucket, indicating the site serves as a backend or resource repository rather than a public-facing marketing website. The company appears to operate in the advertising technology sector, providing SDKs and wrappers for video advertising and data connectivity services. The technical infrastructure leverages Google Cloud Storage and DNS services, with JavaScript-based SDKs and XML wrappers for ad delivery. Security posture is weak based on the available data, with no visible security headers, privacy or cookie policies, or contact information on the site. The domain registration is consistent and legitimate, with no privacy protection and a registrant matching the business entity. Overall, the website lacks public-facing content and transparency, limiting its trustworthiness and user engagement potential.

D

Datamatic Sistemi & Servizi S.p.A.

sistemieservizi.net

48

Datamatic Sistemi & Servizi S.p.A. is an Italian company specializing in healthcare IT solutions, cybersecurity and digital forensics, IT storage, and marketing & communication services. The company targets healthcare institutions, law enforcement, public and private organizations, offering a comprehensive portfolio of technology-driven services. Their market position is that of a versatile and professional group with vertical expertise in multiple sectors. The website reflects a medium-sized enterprise with consistent branding and professional content. Technically, the website uses a modern tech stack including jQuery, Bootstrap, Flexslider, and Google Tag Manager for analytics. It is built on Vida CMS 3.0 and shows good mobile optimization and SEO practices. Performance is moderate, with room for improvement in accessibility features. The site is fully accessible without any WAF or blocking mechanisms. From a security perspective, the site enforces HTTPS and implements cookie consent mechanisms, indicating GDPR compliance. However, it lacks visible security headers, published security policies, incident response contacts, and vulnerability disclosure information. The absence of WHOIS data raises concerns about domain registration transparency, which impacts the overall trustworthiness assessment. Overall, the website is professional and trustworthy based on content and design, but the missing WHOIS data and limited security disclosures suggest areas for improvement. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and verifying domain registration details to improve legitimacy and trust.

S

SUN Sportmanagement GmbH

illerlauf-senden.de

46

Iller-Lauf Senden is a regional running event organized by SUN Sportmanagement GmbH, targeting runners of all ages and fitness levels in Germany. The event features multiple race categories including a 10-km main run, youth and kids runs, and walking events, complemented by local markets and a consumer fair. The website is built on WordPress using Elementor and integrates modern web technologies and SEO best practices, hosted likely by a partner domain einsteinmarathon.de. Security posture is good with HTTPS and no exposed sensitive data, though improvements are recommended in security headers and cookie consent mechanisms. Contact information and business details are clearly presented, enhancing business credibility. Overall, the site is professional, trustworthy, and well-structured for its purpose.

R

RideBee

stuttgart-faehrt-mit.de

48

The website "Stuttgart fährt mit" is a German-language platform focused on facilitating carpooling and ride-sharing for commuters in Stuttgart. It targets employees of companies, universities, hospitals, and event attendees, offering a sustainable and cost-effective alternative to solo commuting. The platform is supported by the German Federal Ministry for Digital and Transport (BMDV), enhancing its credibility and market position. Key services include ride matching, chat functionality, calendar integration, and digital payment options. The business model is based on cooperation agreements with companies, providing the service free to end users. Technically, the site is a modern Angular 13 single-page application, hosted with Google Domains DNS, and integrates analytics tools such as Google Tag Manager and Hotjar. The site is mobile-optimized and provides a good user experience with clear navigation and professional design. Security posture is solid with HTTPS enforced and no exposed sensitive data, though security headers could be improved. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism detected. Contact information is comprehensive, including email, phone, physical address, and a contact form. Overall, the site is trustworthy and professionally maintained, with room for enhancements in privacy and security transparency.

The website termine-reservieren.online currently serves only a 404 Not Found error page, indicating that no active content or business service is available at this domain. The domain is recently registered in April 2023 with a reputable registrar, Key-Systems LLC, and is set to expire in 2026. There is no evidence of any business information, contact details, or policies on the site. Technically, the site is powered by LiteSpeed server technology but lacks HTTPS and security headers, which are critical for secure web operations. The absence of privacy and cookie policies also indicates non-compliance with GDPR and related regulations. Overall, the website is non-operational and does not provide any business or security assurances.

The Corrie-ten-Boom-Schule is a small, state-recognized private secondary school located in Berlin-Prenzlauer Berg, operated under the Christburg Campus umbrella. It offers integrated secondary education culminating in the Mittlerer Schulabschluss and Abitur, with a Christian pedagogical perspective. The website reflects a well-structured, content-rich platform targeting students, parents, and educators in the local community. Technically, the site is built on TYPO3 CMS with modern JavaScript libraries and includes a cookie consent mechanism and Matomo analytics for user tracking. Security posture is good with HTTPS enforced, but lacks visible security headers and explicit security policies. No privacy policy or terms of service pages were detected, indicating room for compliance improvement. Social media integration is strong, enhancing community engagement. WHOIS data aligns well with the website's claims, indicating legitimacy and stable domain registration.

Kita Bunte Burg is a small, Christian-oriented childcare provider in Berlin, operating since 2013 under the parent organization Christburg Campus. The website is professionally built using TYPO3 CMS and modern JavaScript libraries, providing good user experience and mobile optimization. The site includes social media integration and a cookie consent mechanism, but lacks explicit privacy and terms of service pages. Security posture is adequate with HTTPS and no visible vulnerabilities, though security headers could be improved. Overall, the site is trustworthy and well-positioned for its niche audience.

Elisabeth-Abegg-Grundschule is a private primary school in Berlin offering education for grades 1 to 6 with a Christian perspective. The website is built on TYPO3 CMS and integrates modern frontend technologies such as jQuery and Parsley.js for form validation. It features a clean, professional design with good navigation and mobile optimization. Social media presence and testimonials enhance trustworthiness. However, the site lacks explicit privacy policy, terms of service, and direct contact information, which are important for compliance and user trust. Security posture is good with HTTPS and no visible vulnerabilities, but security headers and incident response details are missing. Overall, the site is suitable for its educational audience and demonstrates moderate to good digital maturity.

Kita Helles Nest is a small, modern childcare facility in Germany focused on providing early childhood education with Christian values. The website is built on TYPO3 CMS and features a professional design with good navigation and mobile optimization. It integrates Matomo analytics and includes a cookie consent mechanism, though lacks explicit privacy and terms of service pages. Social media presence is strong, enhancing community engagement. Security posture is good with HTTPS enabled but could be improved by adding security headers and explicit security policies. No contact emails or phone numbers were found in the provided content, which may impact user trust and compliance. Overall, the site is trustworthy and well-positioned in its niche market.

The Sabine-Ball-Grundschule website represents a small private primary school in Germany with a Christian educational perspective. The site provides comprehensive information about the school, its pedagogical approach, enrollment procedures, and after-school care (Hort). The school targets parents and guardians of primary school children and positions itself as a nurturing and family-oriented institution. The website is built on TYPO3 CMS and uses modern web technologies including jQuery and Parsley for form validation, with Matomo for analytics, indicating a moderate level of digital maturity. The site is well-structured, mobile-optimized, and includes social media integration to engage the community. Security posture is adequate with HTTPS usage and no visible vulnerabilities, though security headers and explicit policies could be improved. Privacy compliance is basic, with a cookie consent mechanism present but no visible privacy policy or terms of service pages. Overall, the website is professional, trustworthy, and safe for general audiences.

Immanuel-Kita is a small, specialized childcare provider in Germany focusing on Christian early childhood education. The website is professionally designed using TYPO3 CMS and integrates modern web technologies such as jQuery and Parsley.js for form validation. The site includes a cookie consent mechanism and uses Matomo for analytics, reflecting a moderate level of user tracking with privacy considerations. Social media integration is strong, linking to Facebook, Instagram, and YouTube, enhancing community engagement. However, explicit privacy policies and terms of service pages are not found, which could be improved for compliance and transparency. Security posture is good with HTTPS enforced but lacks advanced security headers and a public security policy or incident response contact. Overall, the website is trustworthy, content-rich, and well-positioned within its niche educational sector.

Immanuel-Grundschule is a small, private primary school in Germany with a Christian educational perspective. The website is built on TYPO3 CMS and integrates modern JavaScript libraries and Matomo analytics for user tracking. It offers detailed information about the school, its pedagogical approach, and related services such as after-school care (Hort). Social media presence is active with links to Facebook, Instagram, and YouTube. The site lacks an explicit privacy policy and visible contact emails or phone numbers, which are areas for improvement. Security posture is moderate with HTTPS enabled but missing security headers and no published security or incident response policies. Overall, the website is professional, trustworthy, and well-structured for its audience.

K

Kompetenzzentrum Internationale Jugendarbeit und non-formale Bildung

kvleipzig-international.de

44

The Kompetenzzentrum Internationale Jugendarbeit und non-formale Bildung is a small non-profit organization based in Leipzig, Germany, focused on international youth work and non-formal education. The website presents a professional and consistent brand image, offering services such as youth exchanges, training seminars, and workshops. It targets youth and professionals in the youth work sector, supported by local and EU funding partners. Technically, the site is built on WordPress using modern themes and plugins, with good SEO and mobile optimization. Security posture is solid with HTTPS and no visible vulnerabilities, though some security headers could be improved. Privacy compliance is well addressed with clear policies and consent mechanisms. Overall, the site is trustworthy and well-maintained, reflecting the organization's mission and activities effectively.

C

ConFedersicurezza

confedersicurezza.it

49

ConFedersicurezza is an Italian federation coordinating private security associations, serving as a key industry representative and service provider. The website reflects a medium-sized organization with a clear focus on advocacy, publications, events, and member coordination. The technical infrastructure is based on standard web technologies including Bootstrap, jQuery, and Google Analytics with IP anonymization, indicating a moderate level of digital maturity. Security posture is adequate with HTTPS and cookie consent implemented, but lacks advanced security headers and visible CSRF protections on forms. Overall, the site is professional, GDPR compliant, and trustworthy, with room for security enhancements.

Ö

Österreichisches Spendengütesiegel

osgs.at

47

The Österreichisches Spendengütesiegel is an Austrian non-profit organization dedicated to certifying charitable organizations to ensure transparency and trust in the donation sector. The website serves as an informational and trust-building platform targeting donors and charitable entities within Austria. It offers certification services and promotes the quality seal as a mark of reliability. Technically, the website is built on WordPress using the Elementor framework, with modern fonts and responsive design elements, providing a good user experience and moderate performance. Security-wise, the site employs HTTPS and several security headers, indicating a solid baseline security posture, though it lacks visible incident response or security policy disclosures. Privacy compliance is limited, with no explicit privacy or cookie policies detected, which could be improved to meet GDPR standards. Overall, the domain registration data aligns well with the website's claims, supporting its legitimacy and trustworthiness.

C

Circus Pikard

circus-pikard.at

45

Circus Pikard is a small family circus based in Austria, offering live circus entertainment including artists, clowns, jugglers, and animal acts. The website promotes their 2025 tour and ticket reservation options, targeting a general family audience. The business operates regionally with a focus on live performances and seasonal events such as a winter circus. Technically, the website uses older web technologies like PHP, MySQL, Prototype.js, and Scriptaculous, with a basic but functional design. The site lacks modern CMS or advanced frameworks and shows moderate performance and SEO optimization. Security posture is weak, with no visible HTTPS enforcement or security headers, and no cookie consent mechanism, which raises compliance concerns under GDPR. Contact information is minimal, limited to a phone number and a Facebook page link. Overall, the site is trustworthy for its business purpose but requires improvements in security and privacy compliance.

Ö

Österreichische Krebshilfe

dontsmoke.at

46

The website www.dontsmoke.at is a professionally developed health awareness platform operated by the Österreichische Krebshilfe, focusing on smoking cessation and lung cancer prevention. It provides educational content, symptom checking tools (LUIS), and resources to support smokers and the general public in Austria. The site benefits from strong partnerships with reputable medical and research institutions, enhancing its credibility and outreach. Technically, the site is built on TYPO3 CMS with modern web technologies, offering good mobile optimization, accessibility, and SEO. Security posture is solid with HTTPS and cookie consent mechanisms, though explicit security headers and policies could be improved. Privacy compliance is well addressed with clear privacy and cookie policies. Overall, the site is trustworthy, user-friendly, and serves an important public health mission.

C

Culture accessible Genève

culture-accessible.ch

46

Culture accessible Genève operates as a non-profit platform dedicated to promoting cultural accessibility for people with disabilities in the Geneva region. The website provides comprehensive listings of accessible cultural events, venues, and accessibility measures, targeting disabled audiences and the general public interested in inclusive culture. The platform maintains partnerships with local government and accessibility organizations, reinforcing its regional leadership in this niche. Technically, the website is built on October CMS, leveraging modern web technologies including Google Analytics, Google Tag Manager, and ReadSpeaker for accessibility. The site demonstrates good mobile optimization, accessibility features, and SEO practices, although performance is moderate. The absence of explicit privacy and cookie policies indicates room for compliance improvement. From a security perspective, the site uses HTTPS and implements basic anti-spam measures in its contact form. However, it lacks explicit security headers and a vulnerability disclosure policy. No critical vulnerabilities or exposed sensitive data were detected. The domain registration is privacy protected but consistent with the non-profit nature of the project, supporting legitimacy. Overall, the website is trustworthy, well-designed, and focused on its mission, but should enhance privacy compliance and security headers to improve its security posture and regulatory adherence.

K

Krolstudio

krolstudio.com

38

Krolstudio is a small, Geneva-based design and communication agency specializing in graphic design, web design, photography, video, and event communication services. The company emphasizes high-quality visual identity creation and a multidisciplinary approach to meet client needs. The website reflects a professional business with clear service offerings and contact information, targeting businesses and individuals seeking creative design solutions. Technically, the website is built on WordPress with common plugins such as Yoast SEO, and uses jQuery and tracking tools like Google Analytics and Facebook Pixel. Hosting is provided by Infomaniak Network SA, a reputable Swiss hosting provider. The site is moderately optimized for performance and mobile, though SEO is limited by a noindex,nofollow robots meta tag. From a security perspective, the site uses HTTPS and has domain transfer protection, but lacks DNSSEC and security headers. There is no visible privacy or cookie policy, which is a compliance gap. Tracking scripts indicate moderate user tracking without explicit consent mechanisms. Overall, the security posture is average with room for improvement. The website content is safe for general audiences, with no adult or questionable content detected. The domain registration is consistent with the business age and location, supporting legitimacy. Strategic recommendations include adding privacy and cookie policies, enabling DNSSEC, implementing security headers, and improving SEO settings to enhance visibility and compliance.

B

BE MOVIE

be-movie.ch

47

BE MOVIE is a cultural event platform dedicated to showcasing Bernese films through cinema screenings and online streaming. It targets film enthusiasts, families, and youth, offering workshops and awarding film prizes. The website is built on WordPress with Elementor, using modern web technologies and includes social media integration and Google reCAPTCHA for form security. While the site demonstrates good technical implementation and business credibility, it lacks explicit privacy and cookie policies, which impacts its privacy compliance score. Security posture is solid with HTTPS and security headers present, but incident response information is missing. Overall, the website is trustworthy and professionally presented, serving as a regional media event hub.

B

BIM-Handbuch

bimhandbuch.at

45

BIM-Handbuch.at is a specialized educational platform providing comprehensive resources for Building Information Modeling (BIM) targeted at planning professionals such as architects and engineers primarily in Austria. The website offers a freely downloadable BIM handbook, print versions for sale, video tutorials, and practical downloadable materials. It is supported by professional chambers and federations, enhancing its credibility and trustworthiness. Technically, the site is built using the Hugo static site generator with Bootstrap and jQuery, delivering a fast, mobile-optimized, and accessible user experience. Security posture is solid with HTTPS and secure form handling, though it lacks explicit cookie consent and some security headers. Privacy compliance is basic but includes a privacy policy and GDPR consent on newsletter subscription. Overall, the site is professional, trustworthy, and well-positioned as a niche educational resource in the BIM domain.

B

Bundeskammer der Ziviltechniker:innen I Arch + Ing

arch-e.eu

46

ARCH-E is a European platform dedicated to promoting architectural design competitions (ADCs) across Europe, focusing on increasing participation especially among small and female-led architectural practices. The platform offers research, practical tools, and advocacy, supported by a consortium reaching over 560,000 architects and co-funded by the European Union. The website provides extensive resources including reports, a network, glossaries, maps, and evaluation tools to support ADCs. Technically, the site uses modern web technologies such as Bootstrap, Masonry.js, and Piwik PRO analytics, with good mobile optimization and a professional design. Security posture is solid with HTTPS and CSRF protections, though some improvements are recommended in cookie consent and security policy disclosures. Overall, the site is trustworthy, well-branded, and serves a specialized professional audience effectively.

The domain idqsa.com is registered with a reputable registrar and has a valid registration period until 2026. However, the website itself is inaccessible, returning a 404 Not Found error with no meaningful content or metadata. There are no visible business details, contact information, or policies published on the site. The technical infrastructure appears minimal with no detectable CMS, frameworks, or analytics tools. Security posture is basic with no advanced headers or DNSSEC enabled. Overall, the site lacks digital maturity and does not provide sufficient information to assess business credibility or security readiness.

C

CoESS

coess.org

49

CoESS is a well-established European confederation representing the private security industry, advocating for quality, compliance, and public-private collaboration. The organization serves as a voice for 23 national associations across 17 EU member states, representing a significant portion of the private security sector. Their website reflects a professional and consistent brand image, targeting industry stakeholders and EU institutions. Technically, the site uses a custom or unknown CMS with common JavaScript libraries and cookie consent tools, hosted by a reputable provider. Security posture is generally good with HTTPS and cookie consent, though improvements are recommended in DNSSEC, security headers, and fixing minor PHP warnings. Privacy compliance is adequate with a privacy policy and cookie banner. Overall, the site is trustworthy and functional with moderate technical sophistication.

The website federsicurezza.it is currently inaccessible due to a bot challenge screen that blocks normal content access. This challenge uses a JavaScript proof-of-work captcha mechanism and includes a noindex meta tag, indicating a security or WAF layer is active. Due to this, no business, contact, or policy information is available for analysis. The domain WHOIS data is suspicious, showing a creation date in the future (2025), which undermines trust in the domain's legitimacy. The technical infrastructure includes use of Cloudfront CDN and modern JavaScript features for bot mitigation, but lacks visible security headers and DNSSEC. Overall, the site is not currently providing meaningful content or transparency about its operations.

C

Con Magazine

conmagazine.it

44

Con Magazine is an Italian online video magazine dedicated to exploring social issues and their intersection with culture, education, sports, economy, and communication. Established in 2014 and registered as a periodical in Rome, it serves a niche audience interested in social cohesion and community development. The website leverages WordPress CMS with modern front-end technologies such as Bootstrap and jQuery, ensuring a responsive and user-friendly experience. Privacy compliance is robust, with integrated Iubenda cookie consent and a comprehensive privacy policy. Security posture is good with HTTPS and privacy-conscious analytics (Matomo with disabled cookies), though some security headers could be enhanced. Contact information is clearly provided, and partnerships with notable organizations like Con i Bambini and Fondazione Con il Sud reinforce credibility.

I

INDIGO FILM SRL

indigofilm.it

49

Indigo Film SRL is an established independent film production company based in Italy, specializing in films, TV series, documentaries, and factual content. The company maintains a professional and well-branded online presence with a website optimized for both desktop and mobile users. Their market position is that of a medium-sized player in the Italian media production industry, targeting a general audience interested in independent film and television content. The website demonstrates good digital maturity with a modern WordPress CMS, SEO optimization via Yoast, and compliance with GDPR through an integrated cookie consent mechanism. Security posture is solid with HTTPS enforced and no visible vulnerabilities, although formal security policies and incident response information are not published. Overall, the site is trustworthy and professionally managed, with strong social media integration and clear business information. Strategic recommendations include enhancing security headers, publishing a security policy, and providing incident response contacts to further improve trust and compliance.

The website ydea.it is currently a parked domain page primarily advertising the domain for sale. The content is minimal, with no business services or company information presented. The domain was registered in 2012 and is consistent with a long-held domain now offered for resale. Technically, the site uses basic JavaScript and external ad network scripts, hosted via Amazon Cloudfront CDN. There is no evidence of a CMS or advanced frameworks. Security posture is weak with no visible security headers or privacy policies, and no HTTPS status provided. The site lacks contact information, privacy, cookie, or terms of service policies, indicating low compliance and business credibility. Overall, the site is low trust and low content quality, suitable only for domain investors or buyers.

G

gastroevents GmbH & Co. KG

ulmmesse-catering.de

41

The website www.ulmmesse-catering.de represents gastroevents GmbH & Co. KG, a small hospitality business specializing in catering services for the Ulm Messe trade fair. The site provides information about catering offerings, job opportunities, and accommodation partnerships, targeting event organizers and visitors. The business operates locally with a clear focus on event catering and hospitality services. Technically, the website is built on WordPress using the Divi theme, with jQuery and a cookie consent plugin. Hosting is provided by cloudpit, as indicated by the nameservers. The site is moderately performant, mobile-optimized, and has basic accessibility and SEO features. Security posture is good with HTTPS enforced and a cookie consent mechanism, but lacks security headers and explicit security policies. Privacy compliance is strong with a clear privacy policy and GDPR-compliant cookie consent. Contact information is available with a physical address and company email. No social media or phone contact is explicitly provided. Overall, the site is professional, trustworthy, and safe for general audiences.

The website 'Parken in Ulm' serves as an informational platform providing live updates on parking availability across multiple parking facilities in Ulm, Germany. It targets drivers and cyclists looking for parking options, offering real-time data, route guidance, and facility details. The business behind the site appears to be the Ulmer Parkbetriebs-GmbH, a local parking management entity. The site is well-branded, consistent, and provides clear contact information, enhancing its credibility. Technically, the site is built on the Odoo CMS platform and leverages modern web technologies including MapLibre GL for interactive maps and FontAwesome for icons. The site is mobile-optimized with good navigation and SEO practices. Hosting is managed via the d9t.de infrastructure, consistent with the domain's nameservers. Performance is moderate with no major technical issues detected. From a security perspective, the site uses HTTPS and includes CSRF tokens, but lacks visible HTTP security headers and a cookie consent mechanism, which are areas for improvement. No forms or data collection points are present on the main page, reducing immediate data exposure risks. No incident response or security policies are published, which could be enhanced to improve trust. Overall, the website is safe, professional, and trustworthy with a solid business focus on transportation services. Strategic improvements in privacy compliance and security headers would elevate its security posture and regulatory adherence.

M

Marathon-Photos.com Limited

marathon-photos.com

37

Marathon Photos Live is a globally operating sports photography company specializing in mass participation event photography, with a presence in 70 countries and a large volume of images and athletes served. The company positions itself as a world leader in this niche, offering event photography services and image sales primarily targeting athletes and event organizers. The website is professionally designed using modern web technologies such as Vue.js, with good mobile optimization and SEO practices. Privacy and cookie policies are implemented with user consent mechanisms, supporting GDPR compliance. However, direct contact information such as emails or phone numbers is not publicly listed, relying on contact forms instead. The WHOIS data is privacy protected, limiting verification of domain age and registrant details, but the website's content and social media presence support its legitimacy. Security posture is adequate with HTTPS enforced, but lacks visible security headers and explicit security policies. Overall, the site demonstrates a good balance of business credibility, technical implementation, and privacy compliance, with room for improvement in security transparency and accessibility.

S

SUN Sportmanagement GmbH

ulmer-klimalauf.de

46

Ulmer Klimalauf is a virtual running event organized by SUN Sportmanagement GmbH, focused on climate protection through community participation. The event encourages participants to collect kilometers by running, walking, or hiking, supporting climate-related projects such as water supply initiatives in Uganda. The website is well-branded, professionally designed, and provides comprehensive information about the event, partners, and sustainability efforts. Technically, the site is built on WordPress with Elementor and uses Cloudflare DNS for performance and security. Security posture is good with HTTPS and no visible vulnerabilities, though security headers and cookie consent mechanisms could be improved. Contact information and privacy policies are clearly presented, supporting GDPR compliance. Overall, the site is trustworthy and serves its target audience effectively.

anonystats.de is a small-scale, internal-use web analytics service focused on anonymous and GDPR-compliant web logging. The website content is minimal, indicating the service is not publicly marketed but used internally. The technical infrastructure is simple, leveraging Bootstrap for styling and a custom JavaScript analytics script. There is no evidence of complex CMS or third-party analytics services, reflecting a lightweight and privacy-conscious approach. Security posture is moderate; while no security headers or cookie consent mechanisms are detected, the absence of forms and minimal external dependencies reduce attack surface. The WHOIS data shows consistent domain registration and legitimate name servers, supporting the domain's trustworthiness. Overall, the website is safe, with no adult or questionable content, but lacks public business and contact information, limiting external trust signals.

A

adfocus GmbH

getback.ch

45

Getback, operated by adfocus GmbH, is a Swiss-based technology company specializing in conversion optimization and web-push notification services tailored for e-commerce platforms. The company offers a SaaS solution that tracks user behavior on online shops and delivers targeted campaigns to increase conversion rates and customer engagement. Their market position is supported by a portfolio of reputable clients including Ikea, Tchibo, and Jumbo, indicating strong industry trust and relevance. The website is professionally designed, multilingual, and provides comprehensive information about their services and benefits. Technically, the website is built on WordPress with modern plugins such as Gravity Forms and Yoast SEO, and integrates Google Analytics and Tag Manager for user tracking and performance analysis. The site is mobile-optimized and demonstrates good SEO practices. Security-wise, HTTPS is enforced with anonymized IP tracking in analytics, and anti-spam measures are implemented in forms. However, explicit security headers and cookie consent mechanisms are lacking, representing areas for improvement. Overall, the security posture is solid but could be enhanced by adopting additional HTTP security headers and publishing formal security policies. Privacy compliance is adequate with a clear privacy policy, but cookie consent is missing. The domain registration is transparent and consistent with the business identity, reinforcing legitimacy. There are no indications of malicious content or blocking mechanisms, allowing full access to the site. Strategically, Getback is well-positioned in the e-commerce marketing technology sector with a clear value proposition and trusted client base. Enhancing security and privacy features would further strengthen their market credibility and compliance posture.

The website redintelligence.net is minimalistic, consisting solely of a frameset that loads an external domain (www.redvertisment.com). There is no substantive content, metadata, or business information present on the site. The domain is registered since 2012 with INWX GmbH and is currently active with no privacy protection enabled. The lack of HTTPS and security headers indicates a weak security posture. No privacy, cookie, or terms of service policies are available, and no contact information or social media presence is found. Overall, the site appears to be a placeholder or redirect without meaningful business presence or user engagement features. Technically, the site uses outdated HTML frameset technology and lacks modern web standards such as responsive design, SEO metadata, or analytics. The hosting provider is inferred from the registrar data but no direct hosting details are available. Performance and accessibility cannot be fully assessed due to minimal content. From a security perspective, the absence of HTTPS and security headers is a significant concern. The domain registration is stable and consistent, but the website itself does not demonstrate compliance with privacy regulations or security best practices. No vulnerabilities or malicious indicators are detected, but the site’s minimalism and redirection behavior warrant caution. Overall risk is moderate due to lack of content and security features. Strategic recommendations include enabling HTTPS, adding privacy and cookie policies, improving website content and structure, and implementing security headers to enhance trust and compliance.

Digitális Erőmű is a Hungarian educational and cultural institution focused on providing digital pedagogical resources and interactive exhibition spaces. It serves teachers, students, and the local community by offering modern educational tools such as the Digipédia system and hosting various exhibitions and events. The website reflects a regional cultural hub with a clear focus on education and community engagement. Technically, the site is built on WordPress and uses common front-end libraries like jQuery and Bootstrap, delivering a moderate performance with good mobile optimization. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, though it lacks advanced security headers and explicit incident response information. Privacy compliance is partially met with a privacy policy present but no cookie consent mechanism. Overall, the site is professional, trustworthy, and well-aligned with its business purpose.

3dorszagjaro.hu is a Hungarian website dedicated to providing virtual 3D tours of cultural heritage sites across Hungary. The platform showcases 128 digitized locations, enabling users to explore these sites virtually. The business operates in a niche market focused on cultural tourism and digital heritage preservation. The website is built on WordPress and employs common web technologies such as jQuery, Bootstrap, and Google Analytics for tracking visitor interactions. The site is well designed with good navigation and mobile optimization, providing a positive user experience. However, it lacks some privacy compliance features such as a cookie consent mechanism and does not provide direct contact information or detailed security policies. The domain registration is consistent with the business age and content, indicating legitimacy. Overall, the website demonstrates moderate technical maturity and a good content offering but could improve in security and privacy compliance aspects.

The website digiko.tech currently returns a 403 Forbidden error page, indicating that the content is inaccessible to the public. Due to this restriction, no business information, contact details, or policies are available for analysis. The domain is relatively new, registered in August 2022, and managed by Tucows.com Co. with standard domain transfer protections enabled. DNSSEC is not enabled, which is a minor security gap. The hosting appears to be provided by host-anycast.it and host-anycast.com. The lack of accessible content and metadata prevents a full assessment of the company's business model, services, or market position. Technically, the site shows minimal implementation with no visible scripts, forms, or SEO optimizations. Security posture is limited by the absence of security headers and DNSSEC, but no critical vulnerabilities are evident from the data provided.

#

#clicksgefühle

clicksgefuehle.at

49

Clicksgefühle is a Vienna-based digital agency specializing in TYPO3 and WordPress web development, AI optimization, SEO, and UX consulting. They serve B2B clients, medium-sized enterprises, government agencies, universities, and public institutions primarily in Austria, Germany, and Switzerland. The agency positions itself as a trusted partner with a strong focus on user-friendly, scalable, and future-proof websites and online shops. Their market presence is reinforced by long-term client relationships and multiple certifications, including Google Partner and Certified Web Accessibility Expert. Technically, the website leverages modern web technologies such as WordPress CMS, Gravity Forms, Yoast SEO, Google Tag Manager, and various JavaScript libraries like Alpine.js and GSAP. The site demonstrates excellent mobile optimization, accessibility, and SEO practices, contributing to a fast and professional user experience. Tracking and marketing tools are integrated responsibly, with standard industry ad networks and pixels. From a security perspective, the site uses HTTPS and shows no obvious vulnerabilities or exposed sensitive data. However, it lacks explicit security headers and published privacy or cookie policies, which are important for GDPR compliance and user trust. The absence of WHOIS data limits domain trust verification, but the website's content quality and certifications mitigate some concerns. Overall, Clicksgefühle presents a professional and credible digital agency with strong technical and business maturity. To enhance security posture and compliance, they should publish comprehensive privacy and cookie policies, implement security headers, and provide clear contact information for incident response.

1

1749

1749.hu

45

1749.hu is a Hungarian literary and cultural media platform founded in 2020, offering a variety of content including prose, poetry, essays, interviews, and news. The website targets a general audience interested in literature and culture, positioning itself as a niche content provider with a consistent brand and good content quality. Technically, the site uses modern frontend technologies such as Bootstrap, AOS, and integrates analytics tools like Gemius, Hotjar, and Google Tag Manager. The site is mobile optimized and SEO friendly, though accessibility features are basic. Security posture is solid with HTTPS enforced and no exposed sensitive data, but lacks security headers and a formal security policy. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Contact information is limited to a contact form without direct emails or phone numbers. Overall, the site is trustworthy and professionally maintained but could improve in privacy and security transparency.

H

Halmos Béla Program

halmosbelaprogram.hu

44

Halmos Béla Program is a Hungarian cultural initiative dedicated to promoting folk music bands, folk clubs, and related cultural activities. The website serves as an informational and promotional platform targeting folk music enthusiasts and the cultural community in Hungary. It operates as a non-profit cultural program with institutional backing, providing news, event information, and support for folk culture. Technically, the site is built on WordPress with common plugins and scripts such as jQuery, Google Analytics, and Facebook Pixel, indicating a moderate level of digital maturity. The site is mobile-optimized and has good SEO practices but lacks some accessibility features. Security posture is adequate with HTTPS enabled and no visible vulnerabilities, though it lacks advanced security headers and explicit security policies. Privacy compliance is partial, with a privacy policy present but no cookie consent mechanism. Overall, the site is trustworthy and professional but could improve in privacy and security transparency.

M

MOL-Új Európa Alapítvány

molujeuropaalapitvany.hu

44

MOL-Új Európa Alapítvány is a Hungarian non-profit foundation established in 2022, focusing on supporting Central European contemporary art, cultural, social, sports, and sustainability programs. The foundation operates primarily through grant programs and partnerships, targeting a broad audience interested in cultural and social development. The website reflects a consistent brand identity and provides relevant information about its activities and supported initiatives. Technically, the site is built on Joomla CMS with Bootstrap framework, offering a responsive and moderately performant user experience. Security posture is adequate with HTTPS and CSRF protections, though lacking some security headers and explicit incident response policies. Privacy compliance is partially met with available privacy and cookie policies but missing explicit consent mechanisms. Overall, the site is professional, trustworthy, and well-positioned within its sector.

N

NOZ/mh:n MEDIEN

noz-mhn.de

44

NOZ/mh:n MEDIEN is a large regional media group in Germany offering a diverse portfolio of print and digital media products including newspapers, magazines, and audio content. The company positions itself as a leading regional news provider with a focus on delivering timely and valuable information to its audience. The website is professionally designed using WordPress and Elementor, with good SEO and mobile optimization. The technical infrastructure includes modern plugins and analytics via Matomo, hosted on servers associated with basecom.de. Security posture is solid with HTTPS and cookie consent mechanisms in place, though explicit security policies and incident response information are not published. Overall, the site is trustworthy and compliant with GDPR requirements.

N

netzwerk n e.V.

plattform-n.org

49

netzwerk n e.V. operates plattform n, a specialized online community platform dedicated to sustainability initiatives at German higher education institutions. The platform offers a comprehensive suite of collaboration and networking tools including real-time chat, document collaboration, file storage, event management, and a marketplace, all integrated within a user-friendly and open source environment. The organization positions itself as a non-profit entity focused on fostering sustainable development through digital community engagement. Technically, the website is built on WordPress with modern plugins and integrates open source tools like Rocket.Chat and Nextcloud, reflecting a mature and well-maintained infrastructure. Security posture is solid with HTTPS and reCAPTCHA usage, though improvements such as DNSSEC and security headers are recommended. Privacy compliance is strong with clear policies and GDPR adherence, though cookie consent mechanisms could be enhanced. Overall, the platform demonstrates high professionalism, trustworthiness, and a clear mission aligned with its target audience of sustainability-focused academic groups.

A

ASW gGmbH

asw-berufsakademie.de

45

ASW gGmbH is a well-established educational institution based in Saarland, Germany, specializing in dual study programs and professional continuing education. The organization offers state-recognized and accredited bachelor degrees with a strong emphasis on practical and scientific learning. Their market position is supported by accreditations such as AQAS and recognition in the CHE ranking, positioning them as a reputable player in the education sector. The website targets prospective students and professionals seeking advanced training, providing comprehensive information and personalized counseling services. Technically, the website is built on TYPO3 CMS with Bootstrap 5, leveraging modern web technologies including jQuery and Leaflet.js for interactive maps. The site demonstrates good mobile optimization, accessibility, and SEO practices, ensuring a positive user experience. Hosting is managed via DomainControl, and the site uses HTTPS with a cookie consent mechanism to comply with privacy regulations. From a security perspective, the site enforces HTTPS and includes cookie consent management, but lacks explicit security headers and published security policies or incident response contacts. No vulnerabilities or exposed sensitive data were detected. Tracking is limited and consent-based, primarily using Google Tag Manager and OnSite tracking. Overall, the security posture is solid but could be enhanced by implementing additional security headers and formalizing incident response disclosures. The overall risk assessment is low, with the website presenting a professional, trustworthy, and compliant digital presence. Strategic recommendations include adding security headers, publishing a security policy, and introducing a vulnerability disclosure program to further strengthen trust and security culture.

D

Divi Ultimate - Divi Child Theme

diviultimate.com

48

Divi Ultimate is a specialized provider of Divi child themes for WordPress, offering a comprehensive product with over 200 reusable Divi library items and multiple pre-made homepage concepts. The business operates primarily through a subscription-based Pro Membership model, targeting web designers and developers who use the Divi WordPress theme. The website demonstrates a consistent brand presence and provides extensive product information, though lacks explicit privacy and cookie policies on the main site. Technically, the site is built on WordPress with WooCommerce and the Divi theme, leveraging modern web technologies and Google Fonts. Security posture is moderate with HTTPS enabled and domain transfer protection, but lacks DNSSEC and security headers. Marketing is supported by Facebook Pixel tracking, indicating moderate user tracking. Overall, the site is professional and trustworthy but would benefit from enhanced privacy compliance and security best practices.

DIE VIELEN is a German non-profit organization dedicated to promoting an open, solidaric, diverse, and democratic society. The website serves as a platform to present their advocacy campaigns, cultural projects, event calendar, and press resources. The organization targets a general audience interested in social justice and anti-right-wing extremism initiatives. The website is built on WordPress with modern frontend technologies such as Vue.js, indicating a moderate level of digital maturity. Hosting is managed via domaincontrol.com name servers, commonly associated with GoDaddy. From a security perspective, the website enforces HTTPS and uses secure form submission endpoints, but lacks visible security headers and explicit privacy or cookie policies, which are important for GDPR compliance. No incident response or vulnerability disclosure information is provided. The site does not appear to use analytics or tracking services, suggesting minimal user tracking. Overall, the security posture is adequate but could be improved with additional headers and compliance documentation. The website content is safe for general audiences with no adult or questionable content detected. Navigation and design quality are good, providing a professional user experience. Contact options are limited to forms without direct email or phone contacts. The WHOIS data is minimal but consistent with a legitimate domain registration. No WAF or blocking mechanisms were detected, allowing full content access for analysis.