Security Directory

V

Viessmann Technologies GmbH

viessmann-vitec.com

65

Viessmann Technologies GmbH operates as a specialized provider of cleanroom and controlled air solutions targeting industries such as healthcare, life sciences, high-tech manufacturing, and indoor growing. The company positions itself as a competent partner for industry-specific cleanroom technology applications, supported by a professional website that highlights their solutions, project management expertise, and references. The website reflects a medium-sized business with a clear affiliation to the Viessmann Group, enhancing its market credibility. Technically, the website is built on the Scrivito CMS platform and integrates modern analytics and marketing tools such as Microsoft Clarity and Pardot. The site is mobile-optimized with good SEO practices and a cookie consent mechanism compliant with GDPR. However, some security headers are not explicitly detected, and the WHOIS data for the domain is missing, which raises concerns about domain registration transparency. From a security perspective, the site enforces HTTPS and employs cookie consent tools, but lacks visible security policy pages or incident response contacts. No vulnerabilities or exposed sensitive data were found in the HTML content. The absence of WHOIS data and security headers suggests areas for improvement to enhance trust and compliance. Overall, the website is professional and trustworthy in appearance but would benefit from improved transparency in domain registration and enhanced security header implementation. Strategic recommendations include adding explicit security policies, incident response contacts, and regular third-party script audits to strengthen security posture and compliance.

H

Top Porn Videos Free - Full HD and 4K Porn XXX Tube

hitporntube.com

56

The website www.hitporntube.com operates as an adult entertainment platform offering free streaming and downloadable pornographic videos in HD and 4K quality. It targets an adult audience exclusively, providing a wide range of explicit content categorized by various adult genres. The business model appears to rely primarily on advertising revenue through third-party ad networks and tracking services. The site lacks visible corporate or contact information, privacy policies, or terms of service, which limits transparency and user trust. Technically, the site uses standard web technologies including jQuery and JavaScript, with a basic but functional design optimized for mobile devices. HTTPS is enabled, ensuring encrypted connections; however, the absence of advanced security headers such as Content-Security-Policy and HSTS reduces the overall security posture. The site loads moderately fast but could benefit from performance and accessibility improvements. From a security perspective, the site does not expose sensitive data but lacks comprehensive security best practices. The missing WHOIS data and domain registration details raise concerns about legitimacy and transparency, common in adult content domains but detrimental to trustworthiness. No privacy or cookie policies were found, indicating poor compliance with data protection regulations such as GDPR. Overall, the website presents moderate risks related to privacy, security, and business credibility. Strategic improvements in transparency, security headers, and compliance documentation are recommended to enhance trust and reduce potential legal and security risks.

H

Hirose Electric Co., Ltd.

hirose.com

53

Hirose Electric Co., Ltd. is presented as a leading global supplier of electrical and electronic connectors, focusing on innovative interconnect solutions and worldwide manufacturing capabilities. However, the website content is minimal, lacking detailed information, contact details, or policies, which limits the ability to fully assess the company's digital maturity. The technical infrastructure appears basic with standard HTML, CSS, and a single analytics script, but no advanced frameworks or CMS detected. Security posture is weak due to absence of HTTPS confirmation, security headers, and privacy compliance indicators. The WHOIS data is missing or inaccessible, raising concerns about domain legitimacy despite the presence of website content. Overall, the site appears to be a minimal or placeholder page rather than a fully developed corporate website.

K

Krinolína Art - Nikola Tylšová

krinolinaart.cz

41

Krinolína Art - Nikola Tylšová is a small artisan business specializing in hand-embroidered jewelry based in the Czech Republic. The website serves as an informational and branding platform with links to social media and contact details. The e-commerce shop is under preparation, indicating a startup phase. The business targets general consumers interested in unique handmade jewelry. Technically, the website is built on WordPress, hosted by Wedos, and uses modern web fonts and responsive design techniques. However, it lacks advanced security headers and privacy policies, which are important for compliance and trust. The security posture is moderate with HTTPS usage but no visible security enhancements. Overall, the site is functional and professional but would benefit from improved privacy compliance and security hardening.

B

Biskupství ostravsko-opavské

varhanyproostravu.cz

57

The website 'VARHANY PRO OSTRAVU' is a dedicated non-profit project aimed at supporting the installation of new cathedral organs in the Ostrava Cathedral of the Divine Savior. It is operated under the auspices of the Biskupství ostravsko-opavské (Ostrava-Opava Diocese), targeting donors, cultural enthusiasts, and the local community. The site provides detailed information about the project, donation mechanisms including online adoption of organ pipes, and updates on progress. The business model is donation-based, focusing on cultural heritage preservation and community engagement. Technically, the website is built on WordPress using Elementor, with integrations for GDPR compliance (Complianz plugin), Google Analytics for visitor tracking, and Google Translate for multilingual support. Hosting and domain registration are managed by WEDOS, a reputable Czech provider. The site demonstrates good SEO practices, mobile responsiveness, and moderate performance. Accessibility is basic but functional. From a security perspective, the site enforces HTTPS and uses a cookie consent mechanism aligned with GDPR. While some security headers are not explicitly detected, no critical vulnerabilities or exposed sensitive data were found. The domain registration is recent but consistent with the project's timeline, and no suspicious WHOIS patterns were identified. Overall, the security posture is good but could be improved with additional headers and a vulnerability disclosure policy. The overall risk assessment is low, with the site presenting a trustworthy and professional front for a cultural non-profit initiative. Strategic recommendations include enhancing security headers, adding a security.txt file, and improving accessibility features to further strengthen compliance and user trust.

S

Sdružení vlastníků obecních a soukromých lesů v ČR

kouzlolesa.cz

57

The website 'Kouzlolesa-cz' serves as an educational and informational platform focused on forestry, forest care, and related environmental topics primarily targeting forest owners and nature enthusiasts in the Czech Republic. It is operated by the Sdružení vlastníků obecních a soukromých lesů v ČR and supported by the Czech Ministry of Agriculture. The site offers blog articles, practical advice, and opportunities for advertising relevant to the forestry sector. Technically, the site is built on the Webnode CMS platform, leveraging modern web technologies including Amazon Cloudfront CDN, Google Tag Manager, and Facebook Pixel for analytics and marketing. The site is mobile-optimized and performs moderately well, with good SEO practices in place. Security-wise, the site uses HTTPS and some basic security headers but lacks advanced security headers and visible security policies. The absence of WHOIS data reduces domain trustworthiness, although the site content and branding suggest legitimacy. Privacy compliance is minimal, with no explicit privacy or terms of service pages found. Overall, the site is a functional, niche informational resource with moderate security and privacy posture.

A

Alexion

alexion.us

66

Alexion, a part of AstraZeneca Pharmaceuticals LP, operates a dedicated US website focused on delivering therapies for rare diseases. The company is positioned as a leader in rare disease research and patient support, targeting US audiences including patients, caregivers, and healthcare professionals. The website reflects a mature digital presence with comprehensive content, clear navigation, and strong branding consistent with its parent company. Technically, the site uses modern web technologies including Sitecore CMS, AWS hosting, and Google Tag Manager for analytics, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforcement and domain locking, though DNSSEC is not enabled and some advanced security headers are missing. Privacy compliance is well addressed with visible privacy and cookie policies and consent mechanisms. Overall, the site demonstrates high business credibility and trustworthiness with no signs of malicious activity or content safety concerns.

W

WPDreams

ajaxsearchpro.com

65

Ajax Search Pro is a specialized WordPress plugin developed by WPDreams, offering a customizable and efficient live search engine replacement for WordPress websites. The company positions itself as a niche leader in the WordPress plugin market, targeting website developers and administrators seeking enhanced search functionality. The website is built on WordPress, leveraging popular plugins such as Yoast SEO and Smart Slider 3, and is hosted behind Cloudflare DNS services, indicating a modern and scalable technical infrastructure. The site demonstrates good SEO practices and mobile optimization, providing a positive user experience. Security-wise, the site uses HTTPS with a good SSL configuration and domain status protections, but lacks advanced security headers and published security policies. Privacy compliance is weak due to the absence of privacy and cookie policies or consent mechanisms. Overall, the website is professional and trustworthy but would benefit from enhanced privacy and security disclosures to improve compliance and user trust.

S

Slovenská biblická spoločnosť

bibliaprenepocujucich.sk

53

The website 'Biblia pre nepočujúcich' is a non-profit project managed by the Slovenská biblická spoločnosť, providing biblical stories in Slovak sign language targeted at the deaf community in Slovakia. The project is educational and religious in nature, relying on donations for continuation. The site features video content, a sign language dictionary, and is designed with accessibility in mind, though some accessibility features could be improved. Technically, the website uses modern web technologies including HTML5, CSS3, JavaScript, JW Player for video playback, and integrates Google Tag Manager, Google Analytics, and Facebook Pixel for tracking and analytics. The site is mobile optimized and has good SEO practices, but lacks some advanced accessibility features and security headers. From a security perspective, the site uses HTTPS and includes a CSRF token, but does not expose security headers such as Content-Security-Policy or X-Frame-Options. No privacy or cookie policies are present, which is a compliance gap. No contact information for security incidents or data protection officers is provided. The domain uses privacy protection in WHOIS, which is justified for this non-profit. No vulnerabilities or suspicious patterns were detected. Overall, the website is functional, professional, and safe for general audiences, but improvements in privacy compliance, security headers, and contact transparency are recommended to enhance trust and security posture.

The website giftlegacy.com is currently inaccessible beyond a Cloudflare security challenge page employing Turnstile captcha, which prevents direct content access and analysis. The domain is long-established, registered since 1999 via GoDaddy.com, LLC, with no privacy protection enabled. Due to the WAF challenge, no business, contact, or policy information is visible, limiting the ability to assess the company's market position, services, or compliance posture. The technical infrastructure includes Cloudflare as a security and performance provider, but no further technology or CMS details are available. Security posture cannot be fully evaluated due to blocked content, but domain registration data suggests a stable and legitimate domain. Overall, the site requires removal or adjustment of WAF restrictions to enable proper content delivery and compliance transparency.

M

Ministerstvo pro místní rozvoj ČR

projektovezamery.cz

62

The website projektovezamery.cz serves as an official information system for project intents managed by the Czech Republic's Ministry of Regional Development (Ministerstvo pro místní rozvoj ČR). It provides authenticated access to project data via national identity systems such as JIP, NIA, and ISDS, targeting government officials and stakeholders involved in regional project planning. The platform is positioned as an authoritative government resource with a focus on transparency and centralized project management. Technically, the site is built using modern web technologies including React and Webpack, delivering a moderate performance experience with basic mobile optimization and accessibility features. The site lacks advanced SEO and comprehensive metadata but maintains a consistent and professional government branding. Hosting and SSL details are not explicitly provided but HTTPS usage is implied. From a security perspective, the website employs national authentication mechanisms but lacks visible security headers and published security or privacy policies. No vulnerabilities or exposed sensitive data were detected in the provided content. The absence of privacy and cookie policies, as well as contact information, reduces privacy compliance scores. The WHOIS data is consistent with the website's government affiliation, showing no suspicious patterns and a domain age appropriate for the service. Overall, the site is trustworthy and serves its government function adequately but would benefit from enhanced privacy compliance, security header implementation, and improved user contact options to strengthen its security posture and user trust.

S

Státní fond životního prostředí ČR

opst.cz

63

The website represents the official online presence of the Operační program Spravedlivá transformace, a Czech government-backed funding program focused on supporting regions affected by the transition away from coal energy. Managed by the State Environmental Fund of the Czech Republic, the program offers substantial financial resources to regional projects in energy, research, innovation, and social development. The site serves as a comprehensive portal for information, application submission, and updates related to the program. Technically, the site is built on WordPress with modern design and responsive features, integrating Google Analytics for minimal user tracking and employing cookie consent mechanisms to comply with privacy regulations. Security posture is solid with HTTPS enforced and no evident vulnerabilities, though some security headers could be improved. The domain registration is consistent with the program's timeline and official nature, hosted by reputable Czech providers. Overall, the site is professional, trustworthy, and well-aligned with its governmental mission.

The website newton.tv is currently a minimal placeholder site with no substantive content or business information. It appears to be a parked domain primarily serving advertising scripts from third-party domains. The domain is registered through a privacy protection service, Super Privacy Service LTD c/o Dynadot, which obscures registrant details and reduces transparency. There is no visible privacy policy, cookie policy, terms of service, or contact information on the site. Technically, the site uses basic JavaScript and external ad/tracking scripts but lacks modern security headers and HTTPS information. The overall security posture is weak, with potential privacy and tracking concerns due to unknown third-party scripts. The site does not appear to be blocked by any WAF or security challenge but is functionally minimal and not professionally developed. The domain age is relatively recent (2020), and the use of privacy protection is not justified by any visible business presence. Overall, the site scores low on content quality, security, privacy compliance, and business credibility.

Look Cycle is a specialized manufacturer and retailer of carbon bicycles and automatic pedals, targeting cycling enthusiasts and professionals across road, track, gravel, and e-bike segments. The company positions itself as a leader in automatic pedal technology with a comprehensive product catalog and a professional online presence. The website demonstrates a mature digital infrastructure with modern analytics and marketing tools integrated, including Google Tag Manager, Microsoft Clarity, Hotjar, and Facebook Pixel. The site is well-optimized for mobile and accessibility, with clear navigation and rich content. Security posture is strong with HTTPS enforcement and security headers, though the absence of a public security policy and incident response contacts suggests room for improvement. The lack of WHOIS data is a concern for domain legitimacy but does not detract significantly from the overall trustworthiness given the professional site and compliance with privacy regulations. Strategic recommendations include enhancing transparency around security and incident response, verifying domain registration details, and expanding direct contact information to improve business credibility and user trust.

T

Tadao

tadao.fr

61

Tadao operates as a regional public transportation network serving the Artois and Gohelle sectors in France, providing bus schedules, route planning, traffic updates, and on-demand transport services. The website reflects a medium-sized organization with a clear focus on user accessibility and service information, supported by a parent company, Transdev, a known global transport operator. The digital infrastructure is modern, leveraging JavaScript frameworks, cookie consent management, and analytics tools, with a CMS platform (ActiPAGE) generating the site content. Security posture is strong with HTTPS enforced and cookie consent mechanisms in place, though some security best practices like explicit security headers and incident response information could be improved. Privacy compliance is well addressed with accessible privacy and cookie policies in French, aligned with GDPR requirements. Overall, the site is professional, trustworthy, and well-positioned in its market niche.

S

Swiss National Bank

snb.ch

75

The Swiss National Bank (SNB) operates as Switzerland's central bank, providing essential services including monetary policy implementation, issuance of banknotes and coins, payment transaction facilitation, asset investment, and financial stability oversight. The website serves a broad audience including the general public, financial market participants, media, researchers, and government entities. It positions itself as a key national financial institution with a strong market presence and government backing. Technically, the website employs modern web technologies such as JavaScript, SVG icons, and CSS, likely managed via a custom CMS. It demonstrates excellent performance, mobile optimization, accessibility, and SEO practices. The site uses HTTPS with strong SSL configuration and includes a cookie consent mechanism aligned with GDPR requirements. From a security perspective, the site enforces HTTPS, avoids exposing sensitive data, and implements secure forms. However, explicit security policies and incident response contacts are not published, and no vulnerability disclosure or security.txt files are found. Analytics are conducted via a custom SNB service with moderate user tracking and a two-year data retention policy. Overall, the website is professional, trustworthy, and compliant with privacy regulations, with a high legitimacy score based on WHOIS data consistency. Strategic recommendations include publishing explicit security policies, incident response contacts, and vulnerability disclosure mechanisms to enhance transparency and security posture.

A

Alexion Pharmaceuticals, Inc.

ultsolrems.com

70

The website ultsolrems.com serves as the official portal for the ULTOMIRIS and SOLIRIS Risk Evaluation and Mitigation Strategy (REMS) program managed by Alexion Pharmaceuticals, Inc. It provides critical information and resources aimed at healthcare providers, pharmacies, and healthcare settings to ensure safe prescribing and dispensing of these medications. The site emphasizes patient safety through vaccination and awareness of meningococcal infection risks, aligning with FDA REMS requirements. The business model is focused on regulatory compliance and education within the pharmaceutical healthcare sector, targeting US-based healthcare professionals and institutions.

I

ispmanager

ispmanager.com

69

ispmanager operates as a Linux-based hosting control panel provider, targeting web developers, system administrators, website managers, and hosting providers. The company offers software solutions for managing web servers, mail servers, SSL certificates, and security features, supported by a partner program and a global user base. The website reflects a mature business with 20 years of market presence and millions of websites supported worldwide. Technically, the site uses modern web technologies including JavaScript modules, CSS, and integrates analytics and consent management tools, providing a fast, mobile-optimized, and accessible user experience. Security posture is generally good with HTTPS enforced and cookie consent implemented, but lacks explicit security headers and a published security policy. The absence of WHOIS data for the domain is a notable risk factor, potentially indicating domain registration issues or privacy blocking, which detracts from overall trustworthiness. Strategic recommendations include enhancing security transparency, publishing incident response contacts, and verifying domain registration legitimacy to improve business credibility and security posture.

F

Futura DDB

futuraddb.com

56

Futura DDB is a well-established integrated advertising agency based in Slovenia, offering a comprehensive suite of marketing services that blend digital and traditional approaches. Their market position is strong, supported by a notable client portfolio including major brands such as McDonald's Slovenija and Merkur, and multiple industry awards like the Agency of the Year title awarded 14 times. Their key services include branding, digital product development, communications, gaming and e-sport marketing, and media planning. The website reflects a professional and modern digital presence with excellent design quality and user experience, optimized for mobile devices and enriched with multimedia content.

F

Futura DDB

futura.si

55

Futura DDB is a professional integrated advertising agency based in Slovenia, offering a comprehensive range of marketing services including branding, digital product development, communications, gaming and e-sport marketing, and media planning. The company positions itself as a market leader with multiple industry awards, targeting businesses seeking integrated digital and traditional marketing solutions. The website reflects a mature digital presence with modern technologies such as Alpine.js, Livewire, and Google Analytics integrated for performance and user tracking. The site is well-optimized for mobile and desktop users, providing a seamless user experience with clear navigation and professional design. Security posture is generally good with HTTPS enforced and cookie consent mechanisms in place; however, the absence of security headers and WHOIS registration data introduces some risk factors. Overall, the site is trustworthy and professional but would benefit from enhanced transparency in domain registration and security policies.

P

Proceedings of the National Academy of Sciences (PNAS)

pnas.org

65

The Proceedings of the National Academy of Sciences (PNAS) website serves as a comprehensive platform for one of the world's most-cited multidisciplinary scientific journals. It offers access to high-impact research across biological, physical, and social sciences, targeting researchers and academics globally. The site supports author submissions, provides current and past issues, and maintains a professional and consistent brand image aligned with the National Academy of Sciences. Technically, the website employs modern web technologies including JavaScript frameworks, Google Tag Manager, and Cloudflare Insights for analytics and performance monitoring. It is hosted securely with HTTPS and includes responsive design for mobile optimization. Security posture is strong with secure login forms, nonce usage in scripts, and cookie consent mechanisms, although explicit security policies and vulnerability disclosures are not publicly available. The absence of WHOIS data is likely due to registry restrictions rather than suspicious activity, and the website's affiliation and content quality strongly support its legitimacy. Overall, the site demonstrates a mature digital infrastructure with good privacy compliance and a high level of trustworthiness.

W

Weland Solutions AB

welandsolutions.com

65

Weland Solutions AB is a Swedish company specializing in warehouse automation solutions, including compact lift automats and associated software products such as Compact Store and Compact Talk. The company targets manufacturing, logistics, and e-commerce sectors, offering hardware, software, and support services. Their market position is that of an established medium-sized business with over 25 years of experience, providing tailored solutions to optimize warehouse operations. Technically, the website employs modern JavaScript frameworks like Alpine.js, integrates Google Tag Manager and Cookiebot for analytics and privacy compliance, and uses Umbraco CMS. The site is well-designed, mobile-optimized, and accessible, with clear navigation and professional content. Security posture is moderate; HTTPS is implied but no explicit security headers or policies are published. Privacy compliance is good with a comprehensive privacy policy and cookie consent mechanism. However, WHOIS data is missing, which reduces domain registration transparency and slightly impacts trustworthiness. Overall, the website is professional and trustworthy but could improve in security transparency and domain registration clarity.

F

Framasoft

framaprout.org

56

Framaprout.org is a niche, playful web project operated by the French non-profit organization Framasoft, known for promoting free software and digital commons. The site offers an interactive 'Prout-o-mètre' application with humorous content and browser extensions to engage users in a lighthearted manner. The project targets a general audience interested in digital culture and community-driven initiatives. Technically, the site uses modern frontend technologies including Vue.js and Bootstrap, hosted by OVH sas, with good mobile optimization and privacy-respecting analytics. Security posture is adequate with HTTPS enforced and domain protections, though DNSSEC is not enabled and explicit security policies are not published. Privacy compliance is partial, with privacy and terms policies available on the parent site but no cookie consent mechanism on this site. Overall, the site is trustworthy, professionally presented, and aligned with Framasoft's mission.

F

Framasoft

framacolibri.org

62

Framacolibri is a community-driven forum platform operated by Framasoft, a French non-profit organization dedicated to promoting free and open-source software. The website serves as a hub for discussions, support, and collaboration around various Framasoft projects such as PeerTube, Mobilizon, and Yakforms. It targets users and contributors interested in decentralized and libre software solutions. The platform is built on the Discourse forum software, indicating a modern and scalable technical infrastructure. The website demonstrates good digital maturity with responsive design and clear navigation, although some accessibility features could be improved. From a security perspective, the site enforces HTTPS and uses a reputable domain registrar, Gandi SAS. However, it lacks DNSSEC and some recommended security headers, and does not publicly disclose a security policy or incident response contacts. Privacy compliance is limited, with no visible privacy or cookie policies, which could be improved to align with GDPR requirements. No advertising or tracking services were detected, indicating a privacy-respecting approach. Overall, Framacolibri presents a trustworthy and professional community platform with a solid technical foundation. The main risks relate to privacy policy transparency and security policy disclosures, which are recommended for enhancement to improve user trust and compliance. The domain registration details support the legitimacy and consistency of the website's non-profit mission.

K

Kadence WP

kadencewp.com

60

Kadence WP is a technology company specializing in the development and distribution of professional WordPress themes and plugins. Their offerings include both free and premium products designed to help creators and businesses build effective and visually appealing websites. The company maintains a strong market position within the WordPress ecosystem, supported by a professional website, active social media presence, and comprehensive SEO strategies. Technically, the website is built on WordPress using the Kadence Theme and Kadence Blocks, enhanced by performance optimization plugins such as Flying Press and SEO tools like Rank Math. The site demonstrates excellent mobile optimization, fast loading times, and good accessibility features, reflecting a mature digital infrastructure. From a security perspective, the site enforces HTTPS, employs standard security headers, and avoids exposing sensitive data. However, it lacks a publicly visible security policy or incident response information, which could be improved to enhance trust and compliance. The absence of WHOIS data for the domain introduces some uncertainty regarding domain legitimacy, although the website content and branding are consistent and professional. Overall, Kadence WP presents a trustworthy and well-maintained online presence with minor areas for improvement in transparency and security documentation. Strategic enhancements in these areas would further solidify their credibility and security posture.

F

Framasoft

framalang.org

59

Framasoft is a reputable French non-profit organization dedicated to promoting free software, digital commons, and collaborative translation efforts through its Framalang project. The website serves as a portal for community members to participate in translating digital culture content, primarily from English to French, supporting the broader mission of open knowledge dissemination. The organization maintains a strong presence in the francophone free software ecosystem with multiple linked community platforms and projects. Technically, the site is built using modern static site generation tools (HonKit), ensuring good performance, mobile optimization, and accessibility. Security posture is solid with HTTPS enforced and no visible vulnerabilities, though improvements could be made by adding security headers and explicit cookie consent mechanisms. The WHOIS data is privacy protected, which is typical and justified for a non-profit entity, and does not detract from the domain's legitimacy. Overall, the site is trustworthy, well-maintained, and aligned with its community-driven mission.

L

LYNX.cz

lynx.cz

58

LYNX.cz is a prominent Czech brand specializing in the retail and manufacturing of gaming and office computers, along with related accessories. The company targets gamers and general technology consumers within the Czech Republic, offering a broad product lineup including gaming PCs, home and office computers, and peripherals. Their market position is strong locally, supported by a professional website and multiple customer support channels. Technically, the website employs modern JavaScript frameworks and analytics tools such as Google Tag Manager, Hotjar, and Microsoft Clarity, with a responsive design optimized for mobile devices. Security posture is adequate with HTTPS and cookie consent mechanisms, though there is room for improvement in security headers and incident response transparency. The absence of WHOIS data reduces domain trust slightly but does not detract from the overall legitimacy of the business. Strategic recommendations include enhancing security policies, publishing incident response contacts, and improving security header implementation.

F

Framasoft

mobilizon.fr

60

Mobilizon.fr is a community-driven event and group management platform operated by Framasoft, a French non-profit organization promoting free software and digital freedom. The website serves as an instance of the Mobilizon platform, enabling users to organize, mobilize, and manage events and groups. The platform targets general audiences interested in community engagement and activism. Technically, the site uses modern JavaScript frameworks such as Vue.js and UI libraries like Oruga, with good mobile optimization and accessibility features. The domain is registered with GANDI since 2019, consistent with the platform's operational timeline. Security posture is adequate with HTTPS enabled and domain transfer protections, but lacks some security headers and formal security policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is functional, trustworthy, and professionally presented but would benefit from enhanced privacy and security documentation.

F

Framasoft

framagames.org

54

Framagames is a small, community-driven platform operated by the non-profit organization Framasoft, offering free and open source games playable online or offline. The website targets a general audience interested in free software and gaming, positioning itself as a niche player within the open source gaming community. The platform provides downloadable games and online play options, supported by community engagement and guides hosted on the parent Framasoft domain. Technically, the site is built using modern web technologies including Vue.js and Font Awesome, hosted by Gandi SAS. The website is mobile optimized with good SEO and accessibility basics, though some improvements could be made in accessibility and performance. The domain is well maintained with HTTPS and clientTransferProhibited status, but lacks DNSSEC and security headers which could enhance security posture. Security-wise, the site enforces HTTPS and avoids exposing sensitive data, but lacks explicit security policies, incident response information, and cookie consent mechanisms. Tracking is minimal and privacy policies are hosted on the parent domain, indicating reasonable privacy compliance. No critical vulnerabilities or suspicious patterns were detected. Overall, Framagames presents a trustworthy, well-maintained platform with a strong community focus. Strategic improvements in security headers, cookie consent, and public security policies would enhance its security posture and compliance. The site is safe for general audiences and aligns well with its non-profit, open source mission.

F

Framasoft

framagroupes.org

63

Framasoft is a French non-profit association founded in 2004, dedicated to popular education on digital challenges and the cultural commons. The Framagroupes service provides a free, ethical platform for creating and managing email discussion groups, emphasizing user privacy, data autonomy, and community moderation. The organization is funded primarily by donations and operates with transparency and a strong ethical stance against surveillance capitalism. Technically, the website uses modern web technologies including Vue.js and the Sympa mailing list software, hosted by Gandi SAS. The site is well-designed, mobile-optimized, and accessible, with clear navigation and professional content. Security posture is good with HTTPS enforced and domain transfer protections, though DNSSEC is not enabled and security headers are missing. Privacy compliance is strong with a comprehensive privacy policy and terms of use, but lacks a cookie consent mechanism. Overall, the site is trustworthy, safe, and aligned with its mission of digital emancipation.

F

Framasoft

framalistes.org

63

Framasoft is a French non-profit organization providing ethical digital services, including Framalistes, a free mailing list platform focused on privacy and user autonomy. The organization is well-established with a domain age consistent with its founding and operates transparently with donation-based funding. The website is professionally designed, mobile-optimized, and accessible, reflecting a mature digital presence. Technically, it uses modern frameworks like Vue.js and the Sympa mailing list software, hosted by a reputable registrar, Gandi SAS. Security posture is good with HTTPS and domain transfer protections, though DNSSEC and explicit security policies could be improved. Privacy compliance is strong with minimal tracking and clear terms of use. Overall, the site is trustworthy and serves a niche audience seeking ethical alternatives to commercial mailing list services.

F

Framasoft

framagit.org

60

Framagit.org is a self-hosted GitLab instance operated by Framasoft, a French non-profit organization dedicated to promoting free software and digital commons. The platform provides hosting and collaboration tools for open source projects, targeting developers, contributors, and ethical digital communities. The website demonstrates a solid technical infrastructure leveraging GitLab, modern JavaScript frameworks, and privacy-conscious analytics via Matomo. Security posture is strong with HTTPS enforcement, CSRF protection, and domain transfer restrictions, although DNSSEC is not enabled and explicit security policies are absent. Privacy compliance is partial, with privacy and terms pages present but lacking cookie consent mechanisms. Overall, the site is trustworthy, professionally maintained, and serves a niche community with a focus on ethical technology.

C

Collectif CHATONS

chatons.org

59

The website www.chatons.org represents the Collectif CHATONS, a French non-profit collective initiated by Framasoft in 2016. It focuses on providing ethical, transparent, and decentralized online services as alternatives to major tech companies, targeting users concerned about privacy and digital sovereignty. The site offers resources to find service providers ('chatons') by service type, location, or other criteria, and promotes community collaboration and support. Technically, the site is built on Drupal 8, uses Matomo for privacy-respecting analytics, and demonstrates good mobile optimization and accessibility. Security posture is solid with HTTPS and privacy-conscious analytics, though explicit security headers and cookie consent mechanisms are absent. WHOIS data is unavailable or malformed, limiting domain trust assessment, but the association with Framasoft and the quality of content support legitimacy. Overall, the site is professional, trustworthy, and well-aligned with its mission.

A

Aquilenet

aquilenet.fr

59

Aquilenet is a small, non-profit associative Internet Service Provider based in the Aquitaine region of France. It focuses on providing open, neutral, and privacy-respecting Internet access to its members, leveraging open-source tools and community-driven values. The organization is registered with ARCEP and is a founding member of the Fédération FDN, reinforcing its credibility and commitment to ethical Internet services. The website serves as an information portal and access point to various member services including webmail, cloud storage, VPN, and more. Technically, the website uses standard web technologies including HTML5, CSS, JavaScript, and jCarousel for UI elements. It employs Piwik/Matomo analytics, indicating a privacy-conscious approach to user tracking. The site is mobile-optimized with a clear navigation structure, though accessibility features could be improved. No major CMS or hosting provider details are evident from the HTML content. From a security perspective, the site uses HTTPS URLs and does not expose sensitive data or vulnerable scripts. However, it lacks visible security headers and formal policies such as privacy or cookie policies, which are important for compliance and user trust. No forms collecting sensitive data are present on the homepage, reducing immediate risk. WHOIS data is unavailable, likely due to privacy protection or AFNIC policies, but the site content and affiliations suggest legitimacy. Overall, Aquilenet presents a trustworthy and community-focused ISP with a solid technical foundation but could enhance its compliance posture by publishing clear privacy and cookie policies and improving security headers. The risk level is low, but transparency improvements would benefit user trust and regulatory compliance.

M

Městské trhy, z.s.

vychodocesketrhy.cz

57

The website 'Farmářské trhy' represents a small, local non-profit organization named Městské trhy, z.s., focused on organizing farmers markets in Hradec Králové, Czech Republic. It serves as a community platform connecting local producers with residents and visitors, offering event schedules, vendor information, and community engagement activities. The site is built on the GoDaddy Website Builder platform, leveraging standard web technologies and third-party analytics and marketing tools such as Google Analytics and Facebook Pixel. The technical infrastructure is adequate for a small community site, with moderate performance and good mobile optimization. Security posture is basic with HTTPS enabled and cookie consent implemented, but lacks advanced security headers and explicit incident response policies. Overall, the site is trustworthy and professionally presented, though it could benefit from enhanced security practices and more transparent contact information. No blocking or WAF mechanisms interfere with content access.

S

SECTRON s.r.o.

gsmkey.cz

55

SECTRON s.r.o. operates the GSM KEY website offering GSM SMART KEY controllers that enable users to control garage doors, gates, and other devices via mobile phones. The company targets households, small businesses, and larger enterprises such as hotels and parking garages, providing both hardware and cloud-based management services. The website is professionally designed, mobile-optimized, and integrates modern marketing and analytics tools, reflecting a moderate level of digital maturity. However, the absence of WHOIS data and lack of published privacy and security policies indicate areas for improvement in transparency and compliance. Security posture is generally good with HTTPS and cookie consent mechanisms in place, but could benefit from enhanced security headers and incident response disclosures. Overall, the site is trustworthy and business-focused, but would gain from improved privacy compliance and domain registration transparency.

T

Tubebdsm.org - Real BDSM Porn Videos

tubebdsm.org

57

Tubebdsm.org is an adult entertainment website specializing in BDSM and fetish video content. It offers streaming and downloadable videos categorized by various adult themes and fetishes. The site targets an adults-only audience interested in niche BDSM content. Technically, the site uses DataLife Engine CMS with common frontend libraries such as jQuery and Bootstrap, hosted behind Cloudflare DNS services. While HTTPS is enabled, the site lacks important security headers and privacy compliance documentation, which are critical for user trust and regulatory adherence. No contact or business information is provided, limiting transparency. Overall, the site functions as a niche adult content platform with moderate technical implementation but weak privacy and security posture.

T

Tubxporn.com - Best Porn Videos. Stream or Download Movies

tubxporn.com

39

Tubxporn.com is an adult entertainment website offering pornographic video streaming and free downloads. The site appears to serve a niche adult audience with a basic content offering and minimal on-site content, primarily redirecting users to a partner site. The technical infrastructure is simple, relying on standard web technologies and Google PageSpeed scripts, with moderate performance and basic mobile optimization. Security posture is weak due to lack of visible HTTPS confirmation, absence of security headers, and no privacy or cookie policies. The WHOIS data is missing, raising concerns about domain legitimacy and trustworthiness. Overall, the site lacks business transparency and compliance features, which increases risk for users and partners.

PimpAndHost is a niche online platform providing free and premium image hosting and sharing services, primarily focused on adult content including pornographic images and related categories. The website offers users the ability to upload, share, and explore images, albums, and GIFs, with a business model that includes free anonymous usage and premium paid plans. The platform targets an adult audience and maintains a moderate market position within the adult image hosting niche. Technically, the site uses a custom CMS with Bootstrap framework, integrates Google Tag Manager for analytics, and leverages Cloudflare for DNS services. The website is moderately optimized for mobile and SEO, with a good user experience and clear navigation. Security posture is moderate but could be improved by enabling DNSSEC, adding security headers, and enhancing SSL/TLS configurations. Privacy compliance is basic, with a privacy policy present but no cookie consent mechanism detected. Contact information is limited to web forms without direct emails or phone numbers. Overall, the domain is aged and registered consistently, supporting the legitimacy of the business.

F

Fastpic

fastpic.org

47

Fastpic.org is a Russian-language free image hosting service established in 2016, offering users the ability to upload and share images, screenshots, and posters primarily for forums and online communities. The service provides multiple upload options including from local computer and via URL, with image resizing and optimization features. The business model relies on advertising revenue, with AdsKeeper ad network integrated and tracking pixels for analytics. The website targets a general audience seeking free and fast image hosting solutions, with a small-scale operation and moderate market presence in the niche image hosting sector. Technically, the site uses a traditional web stack with jQuery and FingerprintJS for user fingerprinting, hosted under a domain registered with Internet Domain Service BS Corp. The site shows moderate performance and basic mobile optimization but lacks advanced accessibility and SEO features. No CMS or modern frameworks are detected. Security practices are basic, with HTTPS implied but no DNSSEC or security headers observed. The upload form lacks CAPTCHA or bot mitigation, posing potential abuse risks. Security posture is moderate with room for improvement, especially in privacy compliance where no privacy or cookie policies are published, and no consent mechanisms are implemented. Contact information is limited to an email address for abuse and advertising inquiries. The domain WHOIS data is consistent and supports legitimacy, with no privacy protection or suspicious patterns. No WAF or blocking mechanisms are detected, allowing full content access. Overall, Fastpic.org is a functional but basic free image hosting service with moderate trustworthiness and security posture. Strategic improvements in privacy compliance, security headers, and abuse prevention would enhance its risk profile and user trust.

V

Viessmann Clean & Cold Solutions

viessmann-cold.com

65

Viessmann Clean & Cold Solutions operates as a leading European manufacturer specializing in energy efficient and sustainable cold and cleanroom solutions. Their website showcases a broad portfolio including cold and freezer rooms, total energy solutions, cleanroom solutions, and refrigerated cabinets, targeting industries such as food services, healthcare, convenience stores, and other segments requiring specialized refrigeration. The company positions itself strongly within the energy sector with a large-scale business model supported by the Viessmann Group. Technically, the website is built on the Scrivito CMS platform and integrates modern marketing and analytics tools such as Google Tag Manager, Microsoft Clarity, Pardot, and Usercentrics for consent management. The site is mobile optimized with good SEO practices and a professional design, although some accessibility features could be improved. Performance is moderate with no blocking or WAF detected. From a security perspective, the site enforces HTTPS and uses cookie consent mechanisms, but lacks visible security headers in the HTML source. No vulnerabilities or exposed sensitive data were detected. The absence of WHOIS data for the domain raises concerns about domain registration legitimacy, although the website content and branding are consistent with the Viessmann Group. Overall, the security posture is good but could be enhanced by adding security headers and explicit incident response information. The overall risk assessment is moderate with recommendations to verify domain registration status, implement additional security headers, and maintain compliance with privacy regulations. The website is trustworthy and professional, serving its business audience effectively.

S

schülke

schuelke.com

51

schülke is a long-established company specializing in hygiene and preservation products, with a corporate philosophy focused on combating diseases and contamination. The website presents professional content targeting healthcare professionals and industries requiring hygiene solutions. Technically, the site is built on the Weblication® CMS platform, with a moderate level of performance and good mobile optimization. However, the security posture is weak due to lack of visible security headers and missing SSL configuration details. Privacy compliance is also lacking, with no privacy or cookie policies detected. The WHOIS data is missing or indicates the domain may not be registered, which raises concerns about domain legitimacy. Overall, while the business content is credible and professional, the technical and security aspects require significant improvement to ensure trust and compliance.

E

Encavis

encavis.com

67

Encavis is a large European renewable energy company specializing in solar parks and wind farms, with over 3.8 GW installed capacity. The company targets institutional investors, energy-intensive companies, and partners such as landowners and project developers. The website is professionally designed, mobile-optimized, and provides comprehensive information about their services and recent business activities. Technically, the site uses modern web technologies including JavaScript libraries, consent management, and self-hosted analytics, reflecting a mature digital infrastructure. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, though there is room for improvement in publishing dedicated security policies and incident response contacts. WHOIS data is unavailable, which slightly reduces trust but does not outweigh the professional presentation and business legitimacy. Overall, the site is safe, trustworthy, and well-positioned in the renewable energy sector.

ISOPLUS is a European manufacturer specializing in pre-insulated piping systems that support the energy transition across Europe. The company serves sectors including district heating and cooling, bioenergy, agriculture, solar heating, industry, and carbon capture and storage (CCS). With a presence in over 30 countries and multiple production sites, ISOPLUS offers a comprehensive product portfolio and extensive service support, positioning itself as a key player in sustainable energy infrastructure. Technically, the website is built on TYPO3 CMS and employs modern web technologies including Bootstrap, Google Analytics, and Google Tag Manager. The site is well-optimized for mobile devices, features clear navigation, and implements cookie consent mechanisms aligned with GDPR requirements. Performance is moderate with good accessibility and SEO practices. From a security perspective, the site enforces HTTPS and uses cookie consent to manage tracking. However, explicit security headers are not detected in the HTML, and no public security or incident response policies are published. The WHOIS data is unavailable due to privacy protection, which is justified for a business of this scale. No critical vulnerabilities or exposed sensitive data were found in the site content. Overall, ISOPLUS presents a professional and trustworthy online presence with strong business credibility and compliance posture. Strategic improvements in security header implementation and transparency around security policies could further enhance trust and security maturity.

I

ISSA CZECH s.r.o.

cloverbooks.cz

56

Jazyková škola Cloverleaf Ostrava is a well-established language school operating since 1993, offering a broad range of language courses including English, Cambridge exam preparation, e-learning, and corporate training. The school targets a diverse audience including individuals, children, youth, and corporate clients, positioning itself as the largest language school in the Ostrava region. The website is professionally designed, mobile-optimized, and provides comprehensive information about courses, contact details, and policies. Technically, the site uses modern frameworks like Bootstrap and integrates multiple analytics and marketing tools such as Google Analytics, Facebook Pixel, and Seznam Retargeting. Security posture is good with HTTPS enforced and cookie consent mechanisms in place, though some security headers are missing and no explicit incident response or security policy pages are found. The absence of WHOIS data for the domain reduces trustworthiness slightly, but the overall business credibility remains high due to transparent contact information and professional presentation.

S

Severomoravské vodovody a kanalizace Ostrava a.s.

smvak.cz

63

Severomoravské vodovody a kanalizace Ostrava a.s. is a leading water utility company serving over one million residents in the Moravskoslezský and Olomoucký regions of the Czech Republic. The company provides high-quality potable water supply and wastewater treatment services, supported by a broad range of customer-focused offerings such as water meter management and consultation portals. The website reflects a professional and consistent brand image, with clear navigation and comprehensive service information. Technically, the site employs modern web technologies including Google Tag Manager and cookie consent mechanisms, ensuring GDPR compliance and user privacy awareness. Security posture is generally good with HTTPS enforced and no exposed sensitive data, though improvements could be made by adding security headers and publishing explicit security policies. The absence of WHOIS data is a notable gap, slightly reducing domain trustworthiness, but the association with the parent company Aqualia and visible certifications bolster credibility. Overall, the site is well-positioned to serve its audience with reliable information and services.

T

TLAPNET s.r.o.

tlapnet.cz

57

TLAPNET s.r.o. is a Czech Republic-based internet service provider offering residential and business internet, television, mobile tariffs, and corporate solutions. The company emphasizes stable and fast internet with zero initial costs, 24/7 customer support, and promotional discounts. Their market position is that of a regional ISP with a focus on customer proximity and technical support. The website is professionally designed with clear navigation and good content quality, targeting both residential and business customers in the Czech Republic. Technically, the website employs modern JavaScript frameworks such as Alpine.js and integrates multiple analytics and marketing tools including Google Tag Manager, Facebook Pixel, Microsoft Clarity, and Smartsupp Chat. The site is mobile optimized and uses HTTPS with good SSL configuration. However, no explicit security headers were detected, and no CMS or hosting provider information was found. Cookie consent is implemented with express consent mechanisms, indicating good privacy compliance. From a security perspective, the site shows good practices such as HTTPS enforcement and cookie consent but lacks published security policies or incident response contacts. The absence of WHOIS data for the domain reduces trustworthiness and raises questions about domain registration legitimacy. No vulnerabilities or exposed sensitive data were found in the HTML content. Overall, TLAPNET’s website presents a professional and trustworthy front for their ISP services, but the lack of WHOIS transparency and some missing security headers suggest areas for improvement. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and verifying domain registration details to improve trust and compliance.

S

starstrinec

starstrinec.cz

55

The website 'starstrinec' is a small business or organization site primarily in the Czech language, built using the Wix.com Website Builder platform. The site lacks detailed business descriptions, contact information, and privacy or cookie policies, which limits its transparency and trustworthiness. Technically, the site uses standard Wix technologies and scripts, with moderate performance and good mobile optimization. However, the absence of WHOIS data and registrant information raises concerns about domain legitimacy and registration transparency. Security posture is basic, with no advanced security headers or policies detected, and privacy compliance is minimal due to missing policies. Overall, the site appears functional but lacks critical trust and compliance elements.

I

I love Hummus, s.r.o

ilovehummus.cz

53

I love Hummus, s.r.o is a Czech-based small enterprise specializing in the production and distribution of natural chickpea-sesame spreads (hummus) and related food products. Established in 2011, the company has developed a strong local market presence with over 600 retail outlets and partnerships with major chains such as Tesco and Makro. The business emphasizes natural ingredients, vegan and gluten-free products, and has expanded its portfolio under the Beavia brand to include fermented foods. Technically, the website employs modern web technologies including Bootstrap, jQuery, and tracking tools like Google Analytics and Adform, delivering a good user experience with mobile optimization and clear navigation. Security posture is adequate with HTTPS enforced, but lacks some security headers and visible privacy compliance mechanisms. The absence of WHOIS data reduces domain trustworthiness, though the website content and business information appear professional and credible. Overall, the site is well-designed and functional but would benefit from enhanced privacy and security disclosures.

O

Obec Čeladná

celadna.cz

52

Obec Čeladná is the official municipal website for the village of Čeladná located in the Moravian-Silesian region of the Czech Republic. The site serves local residents and tourists by providing information about the municipality, local news, public notices, tourism opportunities including golf, spa, and hiking, and interactive virtual tours. The website positions itself as a modern, community-focused portal with a strong emphasis on regional tourism and public service. The domain has been registered since 2000, reflecting a stable and established online presence. Technically, the website employs modern web technologies including Bootstrap for responsive design, deferred JavaScript loading for performance, and Firebase Messaging integrated with Notifee for push notifications. The site is mobile-optimized and accessible, with good SEO practices evident from meta tags and structured content. Hosting appears to be managed by a Czech provider (web4u.cz), consistent with the domain's nameservers. From a security perspective, the site uses HTTPS and avoids exposing sensitive data. However, explicit security headers are not detected, and no cookie consent mechanism is present despite GDPR compliance documentation. No vulnerability disclosure or incident response contacts are provided. The WHOIS data is consistent and supports the legitimacy of the domain and its municipal purpose. Overall, the website is professional, trustworthy, and well-suited for its audience. Strategic improvements in security headers, cookie consent, and incident response transparency would enhance its security posture and compliance standing.