Security Directory

L

LGT Logistics

lgtlogistics.dk

62

LGT Logistics is a well-established Nordic specialist in furniture logistics, providing a range of tailored transport and supply chain services across Europe. The company positions itself as a leader in the Nordic market, serving furniture companies with high-quality logistics solutions. The website is built on Drupal 10 and integrates modern UI libraries and a comprehensive cookie consent mechanism, reflecting a mature digital infrastructure. Security posture is solid with HTTPS and domain transfer protections, though improvements such as DNSSEC and security headers could enhance resilience. Privacy compliance is addressed through Cookiebot consent management, but explicit privacy and security policies are not found on the analyzed page. Overall, the site demonstrates good professionalism and trustworthiness, with moderate tracking via Google Analytics and clear user consent controls.

B

BTX Group A/S

btx-group.com

68

BTX Group A/S is a well-established Scandinavian fashion supplier specializing in women's clothing, operating primarily through wholesale, retail, and private label business models. The company leverages over 85 years of experience in design and quality, positioning itself as a leading player in the Scandinavian fashion retail sector. Their website reflects a professional e-commerce presence built on the Shopify platform, targeting fashion-conscious women in the region and beyond. The site offers a clear brand portfolio and retail channels, supporting their market position effectively. Technically, the website is built on a modern Shopify infrastructure using the Dawn theme, with good mobile optimization and moderate performance. The use of Shopify's CDN and analytics tools indicates a mature digital infrastructure. SEO and accessibility are adequately addressed, though accessibility could be improved further. The site employs HTTPS with a good SSL configuration, but lacks DNSSEC and some advanced security headers. From a security perspective, the site demonstrates solid baseline protections including HTTPS enforcement and domain transfer locks. However, it lacks published security policies, incident response contacts, and vulnerability disclosure mechanisms, which are important for transparency and trust. No critical vulnerabilities or exposed sensitive data were detected. Privacy compliance is strong, with a GDPR-compliant privacy policy and cookie consent mechanism in place. Overall, BTX Group's website is a credible, professional, and secure platform supporting their retail business. Strategic improvements in security transparency and DNS security would enhance their posture further.

Microsys is a Danish software development company established in 1978, specializing in SEO tools, software applications, and web solutions. Their product suite includes the A1 Webmaster and SEO Tools and the all-in-one TechSEO360 software, targeting webmasters, website owners, and search marketers primarily on Windows and Mac platforms. The company is family owned and emphasizes long-term stability and continuous product development. Technically, the website is built with standard HTML, CSS, and JavaScript, offering moderate performance and basic mobile optimization. Security posture is moderate with HTTPS implied but lacking explicit security headers and formal security policies. Privacy and cookie policies exist but lack active consent mechanisms. The absence of WHOIS registration data for the domain raises concerns about domain legitimacy, although the website content and business information appear professional and consistent with a long-established company. Overall, the site scores well on business credibility and content quality but should improve security and privacy compliance to enhance trust.

D

Danoffice IT

danoffice.com

77

Danoffice IT is a well-established supplier of IT infrastructure serving both public and private sectors globally, with a strong focus on international governmental and non-governmental organizations. The company positions itself as a leading provider in its niche, offering comprehensive IT solutions and infrastructure services. The website reflects a professional and consistent brand image, targeting a specialized audience with clear business offerings. Technically, the site employs modern web technologies including lazy loading, cookie consent management, and Matomo analytics, indicating a mature digital infrastructure. Security-wise, the site enforces HTTPS, uses security headers, and implements privacy compliance mechanisms, though it lacks a publicly visible security policy or incident response details. The absence of WHOIS data for the domain is a notable concern, impacting the trustworthiness of the domain registration information. Overall, the website is professional and secure, but domain registration transparency should be improved to enhance trust.

DRIVE business is a Danish exclusive business network that connects companies and business leaders around the shared passions of golf and business. The website presents a professional and consistent brand focused on organizing business and golf events, fostering long-term relationships, and providing unique networking opportunities. The target audience is business leaders and decision makers interested in combining business growth with golf activities. The business model is membership-based, emphasizing exclusive experiences and business development through events and partnerships. Technically, the website uses standard HTML, CSS, and JavaScript with a moderate performance profile and good mobile optimization. There is no clear CMS or advanced frameworks detected. SEO and navigation are well implemented, though accessibility features are basic. The site is fully accessible without any WAF or blocking mechanisms. From a security perspective, HTTPS is assumed but no explicit security headers or policies are visible. There are no visible vulnerabilities or exposed sensitive data. Privacy and cookie policies exist but lack an explicit consent mechanism. No incident response or security policy pages are found. Contact information is clearly provided, enhancing trust. Overall, the security posture is moderate but could be improved with better headers and explicit policies. The overall risk is low given the business nature and content, but improvements in privacy compliance and security best practices are recommended to enhance trust and regulatory adherence.

F

Forsikrings- og pensionsakademiet A/S

forsikringsakademiet.dk

61

Forsikrings- og pensionsakademiet A/S operates the website forsikringsakademiet.dk, providing specialized education, certification, and consulting services primarily for the insurance and pension sectors in Denmark. The company targets professionals and students seeking lifelong learning, compliance training, and industry-specific knowledge. The website is well-structured, professionally designed, and offers a variety of educational resources including e-learning, seminars, and tailored solutions. Technically, the site is built on TYPO3 CMS and integrates modern analytics and consent management tools, reflecting a moderate to good digital maturity level. Security posture is solid with HTTPS enforced and cookie consent implemented, though the absence of security headers and explicit security policies suggests room for improvement. The lack of WHOIS data is a concern for domain legitimacy but is mitigated by clear company contact information and professional content. Overall, the site presents a trustworthy and functional platform for its niche audience.

A

Academic Work

academicwork.dk

60

Academic Work is a leading Danish staffing and recruitment company specializing in early-career professionals. The website presents a strong market position with comprehensive services including job search, career change programs, and recruitment solutions for companies. The digital infrastructure is modern, leveraging React and Next.js frameworks, ensuring good performance and mobile optimization. Security posture is solid with HTTPS enforcement and security headers, though explicit security policies and incident response information are absent. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website is professional, trustworthy, and well-structured, supporting Academic Work's business credibility despite the lack of WHOIS data limiting domain registration trust verification.

P

Peab

peabasfalt.dk

66

Peab Asfalt is a regional construction and infrastructure company specializing in asphalt production and laying services for roads, motorways, bridges, and specialized industrial applications. Operating across Nordic countries with a workforce of approximately 16,000, the company emphasizes local resource utilization and sustainability initiatives such as eco-asphalt and certified biogas. The website reflects a mature digital presence with comprehensive service descriptions and a clear focus on sustainability and social responsibility. Technically, the site employs modern web technologies including asynchronous loading of marketing and tracking scripts, cookie consent management via OneTrust, and uses HTTPS with good SSL configuration. Security posture is solid though could be improved with enhanced security headers and explicit incident response policies. The domain registration is consistent with the business profile, showing no suspicious patterns and appropriate domain age. Overall, the website is professional, trustworthy, and compliant with GDPR requirements.

M

Meta

baubaushop.com

80

Instagram, owned by Meta, is a leading global social media platform that enables users to share photos, videos, and stories. The platform targets a broad audience including individuals, content creators, and businesses, operating primarily on an advertising-based business model. The login page analyzed is professionally designed, mobile-optimized, and secure, reflecting Instagram's high digital maturity and technical infrastructure built on modern web technologies such as React and JavaScript. Security measures include HTTPS enforcement and comprehensive security headers, contributing to a strong security posture. Privacy policies and terms of service are clearly linked and GDPR compliant, supporting robust privacy compliance. Overall, Instagram demonstrates a high level of trustworthiness and professionalism, with no critical vulnerabilities detected in the analyzed content.

NAVICON A/S is a specialized software company providing maritime surveillance and navigation system software, serving professional users including the Royal Danish Navy and international maritime operators. The company has a long-standing market presence since 1997, focusing on AIS, VTS, command and control, and maritime data analysis solutions. Their niche expertise positions them as a trusted provider in the transportation and technology sectors. Technically, the website uses legacy technologies such as jQuery 1.3.2 and Cufon font replacement, indicating an outdated technical infrastructure with moderate performance and limited mobile optimization. Security posture is moderate with no visible HTTPS enforcement or security headers and use of outdated libraries, posing potential risks. Privacy compliance is minimal with a privacy policy present but no cookie consent mechanism or GDPR indicators. Business credibility is supported by the domain age, professional content, and known contracts with the Royal Danish Navy. Overall, the website is functional but would benefit from modernization and enhanced security and privacy practices.

MATILDA AI PLATFORM, operated by MegazoneCloud Corp., is a Korean-based enterprise AI platform provider specializing in MLOps and AI workload automation. The platform supports machine learning model development, deployment, and data management, targeting industries such as smart factories and PCB manufacturing. The company positions itself as a key player in digital transformation and cloud management, leveraging hybrid and multi-cloud environments to deliver efficient AI solutions. Technically, the website is built on modern frameworks like Next.js and React, with content managed via Notion, providing a good user experience and mobile optimization. However, the site lacks explicit privacy and cookie policies, contact information, and security certifications, which slightly impacts its security posture and privacy compliance. The domain WHOIS data is not publicly available, indicating privacy protection, which is common but reduces transparency. Overall, the website is professional and credible but would benefit from enhanced privacy disclosures and security practices.

V

Viatris SIA

aizcietejums.lv

60

The website aizcietejums.lv serves as an informational and promotional platform for Duphalac, a pharmaceutical laxative product marketed by Viatris SIA in Latvia. It provides comprehensive educational content on constipation causes, symptoms, treatment options, and detailed dosage guidelines. The site targets individuals experiencing constipation, including children, adults, and pregnant women, positioning itself as a trusted source for product and health information. The business model focuses on product awareness and directing users to partner pharmacies for purchase. Technically, the site employs a traditional web stack with HTML5, CSS, JavaScript, and libraries such as jQuery 1.11.1, JWPlayer, and BxSlider for UI components. Google Tag Manager is integrated for analytics and marketing purposes. The site is mobile optimized with good SEO practices and moderate performance. However, some libraries are outdated, and accessibility features are basic. From a security perspective, the site enforces HTTPS with excellent SSL configuration but lacks visible security headers and explicit security policies. No forms collecting personal data are present, reducing immediate risk exposure. Privacy and cookie policies are provided as PDFs hosted on Viatris assets, indicating GDPR compliance. No incident response or vulnerability disclosure information is found, suggesting room for improvement in transparency and security maturity. Overall, the website is professional, trustworthy, and well-branded, with consistent content quality and clear navigation. The absence of direct contact information and security policies slightly limits user trust and compliance visibility. The domain registration aligns well with the business entity, supporting legitimacy. Strategic enhancements in security headers, incident response transparency, and updated technical components would strengthen the site's security posture and compliance standing.

K

Korbit

korbit.co.kr

59

Korbit is a leading South Korean cryptocurrency exchange specializing in Bitcoin, Ethereum, and other digital asset trading, as well as global remittance services. The website positions itself as the first cryptocurrency exchange in South Korea, targeting Korean investors and traders. The platform uses modern web technologies including React and Gatsby, delivering a professional and mobile-optimized user experience. However, the absence of WHOIS registration data raises questions about domain legitimacy, although the active social media presence and professional site design support its operational status. Security posture is moderate with HTTPS enabled but lacks visible security headers and formal policies. Privacy compliance is weak due to missing privacy and cookie policies. Overall, the site is functional and credible but would benefit from enhanced transparency and security documentation.

E

European Union

betterinternetforkids.eu

74

Better Internet for Kids is an official European Union initiative aimed at creating a safer and better internet environment for children and young people. The platform provides comprehensive resources, policy monitoring, research, and community engagement to empower and protect its target audience across the EU, Iceland, and Norway. The website is professionally designed using Drupal 10 and the European Commission's design system, ensuring accessibility, mobile optimization, and compliance with EU standards. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and no visible vulnerabilities. However, explicit security policies and incident response contacts are not prominently provided. The domain is a subdomain of europa.eu, managed by EURid with privacy protection, consistent with EU institutional websites, indicating high legitimacy and trustworthiness.

G

Groningen Store

groningenstore.nl

66

Groningen Store is a specialized e-commerce retailer offering unique Groningen-themed products including clothing, decor, and regional food items. Established in 2018, it serves local consumers and tourists interested in authentic regional merchandise. The website is built on the Shopify platform, leveraging modern web technologies and integrated marketing tools such as Google Tag Manager and Shopify analytics. The store maintains a consistent brand presence with active social media channels on Facebook and Instagram. Privacy and cookie policies are implemented with user consent mechanisms, reflecting compliance with GDPR requirements. Security posture is strong with HTTPS, DNSSEC, and form protection via hCaptcha, although explicit security policies and incident response contacts are not published. Overall, the site demonstrates a good balance of business credibility, technical maturity, and user experience.

The website www.pfizer.hu is currently inaccessible due to a Cloudflare Turnstile human verification challenge page that blocks access to all actual content. As a result, no business, security, or compliance information can be extracted or analyzed. The site appears to be protected by Cloudflare's security mechanisms, preventing automated or unauthorized access. Without access to the underlying content, it is not possible to assess the company's market position, services, or technical infrastructure. The security posture cannot be evaluated beyond the presence of Cloudflare protection. Overall, the site is effectively blocked for analysis, and further investigation would require bypassing or resolving the challenge with proper authorization.

이

이노그리드

innogrid.com

61

이노그리드는 2006년에 설립된 대한민국 기반의 클라우드 솔루션 전문 기업으로, 자체 기술력으로 개발한 다양한 클라우드 서비스와 솔루션을 제공하며 국내 시장에서 강력한 입지를 확보하고 있습니다. 주요 서비스로는 IaaS, PaaS, CMP 솔루션과 클라우드 전문 교육 및 관제 센터 운영이 포함됩니다. 다수의 특허와 인증을 보유하고 있으며, K-PaaS 전문기업 인증과 적합성 시험인증을 획득하여 기술력과 신뢰성을 입증하고 있습니다. 기술 인프라는 Next.js 기반의 현대적인 웹 플랫폼을 사용하며, 클라우드플레어 DNS를 통한 안정적인 도메인 관리를 하고 있습니다. 웹사이트는 모바일 최적화와 접근성 측면에서 우수하며, SEO 최적화도 잘 되어 있습니다. 보안 측면에서는 HTTPS가 적용되어 있고, 도메인 상태가 clientTransferProhibited로 설정되어 있어 도메인 탈취 위험이 낮습니다. 다만 DNSSEC 미적용과 일부 보안 헤더 미설정은 개선 여지가 있습니다. 전반적으로 이노그리드는 기술적 성숙도와 시장 신뢰도가 높은 기업으로 평가되며, 보안과 개인정보 보호 정책 강화가 권장됩니다. 웹사이트는 전문적이고 신뢰할 만한 정보를 제공하며, 고객과 파트너를 위한 다양한 접점과 자료를 갖추고 있습니다.

G

Gemeente Gooise Meren

gooisemeren.nl

74

Gemeente Gooise Meren is the official municipal government website serving the residents and visitors of Gooise Meren in the Netherlands. The site provides comprehensive information and services related to passports, driving licenses, waste management, parking, moving notifications, and other local government functions. It positions itself as a trusted public service portal with clear contact channels and a focus on accessibility and user experience. Technically, the website is built on the TYPO3 CMS platform, leveraging modern web standards and accessibility features, with moderate performance and good SEO optimization. Security posture is solid with HTTPS and DNSSEC enabled, though there is room for improvement in explicit security headers and incident response transparency. Privacy compliance is addressed with clear privacy and cookie policies, but lacks an explicit cookie consent mechanism. Overall, the website demonstrates a high level of professionalism and trustworthiness appropriate for a government entity.

M

Mapillary

mapillary.com

78

Mapillary is a collaborative platform specializing in street-level imagery and mapping data, leveraging computer vision to enhance map accuracy and detail. Owned by Meta, it serves a diverse audience including GIS professionals, developers, and autonomous driving sectors. The platform offers tools for imagery hosting, traffic sign recognition, and integration with major GIS systems like ArcGIS. Technically, the website is built on modern web technologies including React and is hosted on Meta's infrastructure, ensuring fast performance and mobile optimization. Security posture is strong with HTTPS enforcement and security headers, though explicit security policies and incident response contacts are not published. Privacy compliance is well addressed with clear cookie and privacy policies and consent mechanisms. The absence of WHOIS data is a notable anomaly but likely due to privacy or registry issues rather than malicious intent. Overall, Mapillary presents a professional, trustworthy, and technically mature web presence aligned with its business objectives.

V

Veiligheidsregio Noord-Holland Noord

vrnhn.nl

73

Veiligheidsregio Noord-Holland Noord (VRNHN) is a governmental regional safety authority responsible for coordinating emergency services including fire brigade, ambulance care, crisis management, and medical assistance in the Noord-Holland Noord region of the Netherlands. The website serves residents, municipalities, and crisis partners by providing timely incident information, safety advice, and organizational details. The organization positions itself as a reliable and proactive public safety entity with a clear focus on community safety and crisis readiness. Technically, the website is built on Drupal CMS with Matomo analytics for user tracking, featuring good mobile optimization, accessibility, and SEO practices. Security posture is moderate with cookie consent implemented but lacks explicit security headers and published security policies. The domain registration aligns well with the organization's claims, indicating legitimacy and trustworthiness. Overall, the site is professional, content-rich, and compliant with privacy regulations, serving as an effective communication platform for regional safety information.

G

GGD Drenthe

ggddrenthe.nl

68

GGD Drenthe is a regional public health organization serving the province of Drenthe in the Netherlands. The website provides comprehensive information about their health services including vaccination programs, child health consultations, infectious disease control, and public health education. The organization targets residents of Drenthe and operates as a government health authority with a medium-sized operational scale since 2017. The website is built on the IPROX CMS platform, tailored for government and public sector use, and demonstrates good digital maturity with responsive design, clear navigation, and relevant content. From a technical perspective, the site uses modern web technologies including JavaScript and CSS, and is hosted on a platform provided by InfoProjects bv. Performance is moderate with good mobile optimization and accessibility features. SEO practices are well implemented with proper meta tags and Open Graph data. Security posture is strong with HTTPS enforced, cookie consent mechanisms, and no exposed sensitive data. However, some security headers like Content-Security-Policy and X-Frame-Options are not explicitly detected and could be improved. Privacy compliance is well addressed with clear privacy and cookie policies that align with GDPR requirements. Contact information is prominently displayed including phone numbers and a contact form, enhancing business credibility and user trust. No terms of service or explicit security policy pages were found, and there is no vulnerability disclosure or security.txt file, which could be areas for future enhancement. Overall, the website is professional, trustworthy, and well-suited for its public health mission. The domain registration details align with the organization's identity and location, supporting legitimacy. Strategic recommendations include enhancing security headers, publishing a security policy, and establishing a vulnerability disclosure process to further strengthen security and compliance posture.

G

GGD Zuid-Limburg

ggdzl.nl

70

GGD Zuid-Limburg is a regional public health organization focused on protecting and promoting the health and safety of residents in Zuid-Limburg, Netherlands. Their services include health monitoring, infection prevention, youth health care, vaccination programs, and environmental health initiatives. The website targets local residents, healthcare professionals, and municipal partners, positioning itself as a trusted regional health authority. Technically, the website is built on the TYPO3 CMS platform, leveraging modern web technologies including JavaScript and CSS, and integrates Google Tag Manager for analytics. The site demonstrates good mobile optimization, accessibility, and SEO practices, though performance is moderate. The design is professional and consistent with government health service branding. From a security perspective, the site enforces HTTPS and employs secure form handling but lacks some security headers and explicit security or incident response policies. Privacy and cookie policies are present and GDPR compliant, though a cookie consent mechanism is missing. No critical vulnerabilities or exposed sensitive data were detected, indicating a solid security posture. Overall, the website is trustworthy and professionally maintained, with minor improvements recommended in security policy transparency and cookie consent implementation to enhance compliance and user trust.

B

Balcia.lv

balcia.lv

73

Balcia.lv is an established Latvian online insurance provider offering a variety of insurance products including OCTA, KASKO, accident, and travel insurance. The website targets Latvian customers seeking quick and convenient online insurance solutions. The business model focuses on digital brokerage and sales, positioning Balcia.lv as a competitive player in the Latvian insurance market. The website content is professionally presented with consistent branding and clear service descriptions. Technically, the website employs modern web technologies including JavaScript frameworks, CSS, and HTML5, supported by multiple analytics and marketing tools such as Google Tag Manager, Microsoft Clarity, Hotjar, and Cookiebot for cookie consent management. The site is mobile optimized and demonstrates good SEO practices. Security headers and HTTPS are properly implemented, contributing to a strong security posture. Security-wise, the site shows good practices with enforced HTTPS, cookie consent, and no visible vulnerabilities or exposed sensitive data. However, the absence of a published privacy policy, terms of service, and explicit incident response contacts are gaps in compliance and security transparency. The extensive use of third-party tracking and advertising scripts indicates a high level of user tracking, which may require enhanced privacy disclosures. Overall, the website presents a moderate to good risk profile with solid technical and security foundations but needs improvements in privacy compliance and transparency. Strategic recommendations include publishing comprehensive privacy and terms policies, adding a security.txt file for vulnerability disclosure, and providing clear contact information for security incidents to enhance trust and compliance.

V

Vendée Expansion

vendee-expansion.fr

59

Vendée Expansion is a regional economic development agency dedicated to fostering business growth and investment in the Vendée region of France. The agency provides comprehensive support services including land and property offerings, business advisory, and regional promotion to attract and assist companies and investors. Positioned as a key player in regional economic development, Vendée Expansion targets businesses, entrepreneurs, and stakeholders interested in the economic vitality of Vendée. The website is built on a WordPress platform utilizing modern plugins such as FacetWP for faceted search and Contact Form 7 for user interactions. The technical infrastructure demonstrates moderate performance with good mobile optimization and basic accessibility features. Security is well managed with HTTPS enforcement and appropriate security headers, although explicit security policies and incident response information are not publicly available. Privacy compliance is robust, with clear privacy and cookie policies aligned with GDPR requirements, including a consent mechanism. The site integrates Google Analytics and Tag Manager for analytics and marketing purposes, reflecting a moderate level of user tracking. Overall, the website presents a professional and trustworthy digital presence consistent with a government-backed agency. Security posture is strong but could be enhanced by publishing formal security policies and incident response contacts. The absence of WHOIS data introduces some uncertainty regarding domain registration legitimacy, but the website's content and presentation support its authenticity. Strategic recommendations include improving transparency around security practices and enhancing accessibility to further strengthen trust and compliance.

P

PP Pension

pppension.se

57

PP Pension is a Swedish pension service provider focused on the media and information sectors, offering tailored pension solutions for freelancers, small to large companies, and collective agreements. The company emphasizes low fund fees, personal advisory services, and customer-centric pension management. The website is professionally designed, mobile-optimized, and rich in relevant content, targeting professionals such as designers, journalists, and project managers. Technically, the site is built on WordPress with modern SEO practices using Yoast SEO, and it employs HTTPS with cookie consent mechanisms, reflecting a mature digital infrastructure. Security posture is solid with encrypted connections and secure forms, though some security headers are missing and no explicit security policy or incident response contacts are published. WHOIS data is unavailable or queried incorrectly, limiting domain registration trust verification. Overall, the site demonstrates a strong business presence with good security and privacy compliance, but would benefit from enhanced transparency in security policies and domain registration details.

The website bulta.lv serves as an event portal for a running and Nordic walking competition held in Latvia, specifically the Sigulda-Nurmiži-Sigulda 21km event. It provides registration forms, event results, photos, and competition rules primarily targeting local sports enthusiasts and participants. The site uses a simple HTML5 UP template with JavaScript and jQuery for interactive form handling, indicating a modest technical infrastructure suitable for small-scale event management. The content is basic but functional, with clear navigation links to event results and documentation. However, the site lacks comprehensive privacy, cookie, and terms of service policies, which are critical for GDPR compliance given its European audience. Security posture is moderate with no visible advanced security headers or protections, and no WHOIS data could be retrieved due to query limits, limiting domain legitimacy verification. Overall, the site is functional for its purpose but requires improvements in security, privacy compliance, and business transparency to enhance trust and professionalism.

A

Astrit

astrit.co

55

Astrit.co is a personal portfolio and blog website representing the work and digital presence of an individual named Astrit. The site primarily targets designers, developers, and followers interested in Astrit's creative and technical work. The business model is centered on personal branding and content sharing, with a niche market position. The website is built on WordPress and hosted on Vercel, utilizing standard web technologies such as jQuery and custom JavaScript. The site demonstrates moderate performance and good mobile optimization but lacks advanced accessibility features and comprehensive SEO optimization. Security posture is basic, with no detected security headers or privacy policies, and the domain uses privacy protection services typical for personal sites. Overall, the site is functional and professional but would benefit from enhanced security and compliance measures.

I

Identity Protection Service

ioc.exchange

72

IOC.exchange is a specialized Mastodon instance serving the InfoSec community, including professionals, hackers, and enthusiasts. It operates as a decentralized social media platform within the Fediverse, emphasizing privacy, security, and community engagement. The platform is hosted primarily on Linode with media assets on AWS S3, reflecting a modern and scalable technical infrastructure. The site is well-maintained with clear administrative contacts and transparent operational costs supported by crowdfunding. Security practices include HTTPS enforcement and a publicly updated warrant canary, demonstrating commitment to user privacy and resistance to law enforcement overreach. However, there is room for improvement in security headers and formal incident response documentation. Overall, IOC.exchange presents a trustworthy and technically sound platform for its niche audience.

U

Universia

mycampusdigital.io

69

The website analyzed is a Single Sign-On (SSO) login portal branded as Campusb2b under the Universia network, targeting users in the education sector who require access to campus-related digital services. The platform facilitates secure user authentication for associated services such as mycampusdigital.io. The business model focuses on providing authentication and access management solutions tailored for educational institutions and their communities. The site presents a consistent brand image with Universia logos and uses HTTPS to secure user credentials during login. From a technical perspective, the site employs standard web technologies including HTML5, CSS, and JavaScript, with specific scripts for password policy enforcement and validation. The performance and mobile optimization are basic but functional. However, the site lacks advanced SEO features, accessibility enhancements, and comprehensive metadata. No content management system or hosting provider information is discernible from the data provided. Security posture is moderate; HTTPS is enforced, and password policy scripts are present, but critical security headers such as Content-Security-Policy and HSTS are missing. No privacy or cookie policies are visible, and no contact or incident response information is provided, which limits compliance and user trust. The WHOIS data for the domain sso.universia.net is unavailable, likely because it is a subdomain, which is typical but reduces transparency. No web application firewall or blocking mechanisms were detected, indicating open accessibility. Overall, the site is functional for its purpose but would benefit from enhanced security headers, visible privacy and cookie policies, improved accessibility, and clearer contact information to increase trust and compliance. The domain's legitimacy is supported by branding and HTTPS but lacks WHOIS transparency. Strategic improvements in these areas would strengthen the platform's security posture and user confidence.

L

Galvena

labsveikals.lv

41

Labsveikals.lv is an active Latvian e-commerce website offering a broad range of products primarily focused on digital technologies, electronics, household appliances, beauty and health products, toys, and clothing. The site features a structured product catalog with detailed categories and a shopping basket functionality, targeting consumers and businesses in Latvia. The website demonstrates a moderate level of digital maturity with a custom or proprietary CMS, usage of modern web technologies such as JavaScript and Google Fonts, and mobile optimization. Security posture is adequate with HTTPS enforced and a GDPR consent banner present, though there is a lack of explicit privacy policy, terms of service, and security incident contact information. Overall, the site appears legitimate and professionally maintained but could improve in privacy compliance and security best practices.

H

Helmand.lv

helmand.lv

50

The website helmand.lv appears to be an e-commerce platform using OpenCart CMS with the Journal3 theme. The site presents minimal business information, with a generic description 'My Store' and no visible contact details or policies. Technically, the site uses modern JavaScript libraries such as Swiper.js and Lozad.js, indicating some level of digital maturity, but lacks advanced SEO and accessibility features. Security posture is basic with HTTPS enabled but no visible security headers or policies, and WHOIS data is unavailable due to query limits, limiting trust verification. Overall, the site shows a low level of business credibility and privacy compliance, suggesting it may be a small or new online store with room for improvement in transparency and security.

M

Maxtrade.lv

maxtrade.lv

40

Maxtrade.lv is a Latvian-based e-commerce retailer offering a broad range of products including computer components, office supplies, electronics, household goods, garden and repair items, furniture, sports equipment, and beauty products. The website targets consumers and businesses primarily in Latvia and the Baltic region, providing an online shopping platform with diverse product categories. The business model is focused on online retail with customer support via phone and email. The site demonstrates moderate branding consistency and good content quality, with clear navigation and product categorization.

The website www.anymedia.lv operates as a basic advertising system platform primarily targeting advertisers, agencies, and media owners in Latvia. It offers services such as ad placement, banner management, discount scale creation, and supports unconventional advertising formats. The site content is minimal and presented in Latvian, with limited navigation and no advanced interactive features. Technically, the site is built with simple HTML and CSS without modern frameworks or CMS, and lacks mobile optimization and accessibility features. Security posture is weak, with no evidence of HTTPS, security headers, or privacy and cookie policies. Contact information is limited to a single email address, and no incident response or security policies are disclosed. Overall, the site appears functional but basic, with significant room for improvement in security, privacy compliance, and technical sophistication.

C

Chema Alonso

elladodelmal.com

60

The website 'Un informático en el lado del mal' is a well-established personal blog by Chema Alonso, a recognized figure in cybersecurity. It serves as a platform for sharing knowledge, tutorials, and educational content related to hacking and cybersecurity, supplemented by book publishing and educational bootcamps. The site targets security professionals, students, and enthusiasts, positioning itself as a trusted resource in the cybersecurity education niche. Technically, the site is hosted on Google's Blogger platform, uses HTTPS, and integrates Google Adsense for monetization. The content is rich, updated daily, and well-structured, though mobile optimization and accessibility are basic. Security posture is good with HTTPS and no visible vulnerabilities, but explicit security headers and privacy policies are lacking. The absence of WHOIS registration data is a notable anomaly, though the site’s longevity and external references support its legitimacy. Overall, the site demonstrates a mature digital presence with strong business credibility and a solid security baseline.

V

Veiligheidsregio Utrecht

vru.nl

63

Veiligheidsregio Utrecht (VRU) is a regional government entity focused on public safety, emergency response, and crisis management in the Utrecht region of the Netherlands. The website serves as an information hub for residents and stakeholders, providing news, incident updates, safety advice, and career opportunities. The organization positions itself as a trusted authority in safety and emergency services, with a clear mission to contribute daily to the safety of its community. Technically, the website employs modern web technologies including JavaScript, CSS, SVG graphics, and integrates analytics tools such as Piwik PRO, Facebook Pixel, and LinkedIn Insight Tag. The site is well-structured, mobile-optimized, and accessible, with good SEO practices and a cookie consent mechanism ensuring GDPR compliance. Hosting and domain registration are consistent with a reputable government entity, with DNSSEC enabled and HTTPS enforced. From a security perspective, the site demonstrates strong fundamentals including HTTPS, DNSSEC, and no visible vulnerabilities or exposed sensitive data. However, it lacks publicly available dedicated security or incident response policies and does not provide a vulnerability disclosure or security.txt file. Analytics and tracking are implemented with consent, reflecting a moderate user tracking level aligned with privacy regulations. Overall, VRU's website is professional, trustworthy, and compliant with privacy standards, supporting its role as a regional safety authority. Strategic improvements could include publishing explicit security policies and incident response contacts to enhance transparency and trust further.

L

Lursoft IT

zo.lv

55

The website zo.lv is a Latvian business directory operated by Lursoft IT, providing comprehensive listings of Latvian companies, their sectors, products, and services. It serves as a platform for businesses to register and promote themselves free of charge, targeting Latvian business users and consumers seeking company information. The site is well-established, with a domain age consistent with the business history dating back to 1993, and is supported by Lursoft's parent infrastructure. Technically, the site uses a custom CMS with standard web technologies including jQuery and Revive Adserver for advertising. While the site is functional and professionally designed with good navigation and content relevance, some technical aspects such as the use of an older jQuery version and lack of modern security headers could be improved. Security posture is adequate with HTTPS and cookie consent mechanisms in place, but lacks explicit security policies or incident response contacts. Privacy compliance is strong, with clear privacy and cookie policies linked and implemented. Overall, the site is trustworthy and credible, though there is room for modernization and enhanced security practices.

J

Jaycom

jaycom.se

60

Jaycom is a Swedish SaaS provider specializing in comprehensive software solutions for the insurance industry, offering products such as Leo (a CRM for insurance brokers) and Focus (an insurance system for life and property insurance). The company has been operating since 2001, targeting insurance brokers and companies with tailored digital tools. The website reflects a small but focused business with consistent branding and relevant content for its niche market. Technically, the site uses a custom CMS with standard web technologies like JavaScript and CSS, and it is served over HTTPS with a valid SSL certificate, indicating a secure connection. However, the site lacks advanced security headers and cookie consent mechanisms, which are important for GDPR compliance and enhanced security posture. The absence of WHOIS data for the queried domain raises some concerns about domain registration transparency, though the website content and business information appear legitimate. Overall, the site demonstrates moderate digital maturity with room for improvement in privacy compliance, security best practices, and richer business information disclosure.

S

Sharpfin

sharpfin.com

58

Sharpfin is a Swedish-based company offering an all-in-one SaaS wealth management platform designed to streamline operations for wealth managers, fund companies, and family offices. The platform emphasizes reducing operational costs, increasing revenue, and enhancing client onboarding and interactions. The company positions itself as a forward-thinking technology provider in the finance sector with a scalable and compliant solution. The website is professionally designed, mobile-optimized, and uses HubSpot CMS along with modern marketing and analytics tools. Security posture is strong with HTTPS, security headers, and cookie consent mechanisms, though explicit security policies and incident response information are not published. The absence of WHOIS data is a notable anomaly, but the website's professionalism and trust indicators mitigate some concerns. Overall, Sharpfin presents as a credible and modern SaaS provider in the wealth management industry.

LALIGA Store is an official e-commerce platform operated by Fanatics, LLC., offering authentic football kits, apparel, and merchandise for all twenty LALIGA clubs. The website is professionally designed, providing a comprehensive catalog targeting football fans across different demographics including men, women, and children. The platform leverages modern web technologies and integrates analytics tools such as Google Analytics and Facebook Pixel to enhance user experience and marketing effectiveness. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though some security headers could be improved. Privacy compliance is well addressed with clear policies and cookie consent mechanisms. The absence of WHOIS data is a minor concern but is offset by the site's professional presentation and association with a reputable parent company.

The website https://www.engie-axima.fr is a minimal WordPress blog with very limited content, primarily consisting of a default 'Hello world!' post. There is no clear business description, contact information, or security and privacy policies published on the site. The technical infrastructure is based on WordPress CMS with standard JavaScript and CSS assets, and the site is served over HTTPS, indicating basic security configuration. However, advanced security headers and compliance mechanisms are absent. The lack of business and contact details, privacy policies, and security disclosures suggests the site is either under development or not actively maintained as a professional business presence. Overall, the site exhibits a low level of digital maturity and trustworthiness.

S

SCLE

scle-sfe.fr

51

SCLE is a French company specializing in the design and manufacture of custom equipment and turnkey solutions primarily for the energy and railway sectors. With over 50 years of experience, SCLE positions itself as a trusted provider offering high-technology products and services that support energy transition and sustainable transport. The company emphasizes quality, innovation, and long-term client relationships, supported by multiple certifications and partnerships with major industry players such as ENEDIS, SNCF Réseau, and EDF. Technically, the website is built on WordPress and employs privacy-focused analytics (Matomo) alongside a robust cookie consent mechanism (tarteaucitron.js). The site is well-structured, mobile-optimized, and SEO-friendly, reflecting a mature digital presence. Security practices include HTTPS enforcement and privacy-by-design analytics, though some security headers and explicit policies could be enhanced. The security posture is solid with no visible vulnerabilities or exposed sensitive data. Privacy compliance is strong, with clear policies and consent mechanisms aligned with GDPR requirements. However, the absence of a published security policy or incident response contacts suggests room for improvement in transparency and readiness. Overall, SCLE's website reflects a professional, trustworthy, and compliant business with a clear focus on its niche markets. Strategic recommendations include enhancing security headers, publishing security and incident response policies, and implementing a vulnerability disclosure program to further strengthen trust and resilience.

The website csrapid.ro is currently inaccessible beyond a Cloudflare Turnstile security challenge page, which blocks direct access to any substantive content. Due to this, no business information, contact details, or policies are available for analysis. The site appears to be protected by Cloudflare's security mechanisms, indicating an intent to prevent automated access or attacks. The technical infrastructure includes Cloudflare's challenge platform and Turnstile captcha, but no CMS or other technologies are detectable from the limited HTML content. Security posture cannot be fully assessed due to lack of visible headers or policies. Overall, the site is effectively blocked for analysis, resulting in a low AI score and limited insights.

L

Lazada

lazada.sg

11

Lazada Singapore is a leading e-commerce platform offering a wide range of products including electronics, fashion, and groceries. It operates with a strong market presence supported by its parent company Alibaba Group and subsidiaries like RedMart. The website features comprehensive product categories, official brand stores, and multiple payment and delivery options, ensuring a seamless shopping experience for customers. Technically, the site employs modern frameworks such as React and Rax, with fast performance and good mobile optimization. Security measures include HTTPS, CSRF tokens, and use of security libraries, contributing to a strong security posture. Privacy and cookie policies are comprehensive and GDPR compliant, though explicit security policy and incident response contacts are not found. Overall, the site is professional, trustworthy, and well-maintained, with extensive analytics and marketing tools in use.

S

Sainsbury’s Bank

sainsburysbank.co.uk

11

Sainsbury’s Bank operates as a UK-based financial services provider offering a broad range of consumer financial products including insurance, travel money, savings, loans, and credit cards. The website reflects a strong brand alignment with the Sainsbury’s retail group and recent operational changes involving the transfer of certain products to National Westminster Bank Plc. The company targets retail consumers seeking accessible and competitive financial products with a focus on ease of use and customer support. The business model leverages partnerships with established insurance underwriters and payment providers to deliver comprehensive financial services. Technically, the website employs modern web technologies including Google Tag Manager, Tealium, and Usabilla for analytics and user feedback, supported by a CMS likely Magnolia. The site is well-optimized for mobile and accessibility, with good SEO practices and clear navigation. Security posture is strong with HTTPS enforced and no visible vulnerabilities, though explicit security policy and incident response disclosures are absent. Privacy compliance is robust with clear cookie consent mechanisms and comprehensive privacy policies. Overall, the website demonstrates a mature digital presence consistent with a large financial institution, with good trust indicators and regulatory compliance.

B

BB Online UK Limited

bb-online.com

64

BB Online UK Limited is a well-established domain registrar and intellectual property protection service provider operating since 1997. The company specializes in international domain registration, domain portfolio management, and brand protection services, targeting individuals and businesses seeking comprehensive domain and IP solutions. Their market position is that of a niche, trusted player with a strong emphasis on security and customer support. Technically, the website employs a modern yet straightforward tech stack including jQuery and Bootstrap, offering a mobile-optimized and user-friendly experience. Security posture is strong with HTTPS enforced via a reputable Thawte SSL certificate, DNSSEC support, and cookie consent mechanisms, although some advanced security headers and explicit security policies are absent. Overall, the site demonstrates good privacy compliance and business credibility with clear contact information and trust indicators. The domain registration details align well with the business claims, reinforcing legitimacy.

S

Scenestealer

scenestealer.tv

53

Scenestealer is a technology company focused on empowering creative digital marketing through its Reflow management platform. The website content highlights their data-driven approach to personalizing marketing spend and mentions growth in their Brighton office with job opportunities. The site is basic in content and design, with minimal SEO and no visible advanced marketing or tracking technologies. Security posture is weak due to lack of HTTPS confirmation, missing security headers, and absence of privacy or cookie policies. No contact or incident response information is provided, limiting trust and compliance visibility. Overall, the site appears functional but lacks maturity in security and privacy compliance.

EKII.LV is an official Latvian government-related website operated by SIA "VIDES INVESTĪCIJU FONDS" that facilitates electronic submission of monitoring reports for projects funded by EKII and the Modernization Fund. It also serves as an information portal for funding competitions and project updates primarily targeting funding recipients and stakeholders in the energy and environmental sectors in Latvia. The platform integrates basic web technologies and Google Analytics for tracking, with a CMS identified as EMSI. While HTTPS is enabled and cookie consent is implemented, the site lacks comprehensive privacy and security policies, and no incident response contacts are provided. Contact information is limited to phone numbers without email or contact forms. Overall, the site is functional and moderately professional but could improve in privacy compliance, security headers, and mobile optimization.

J

Joe's Pizza

joespizzanyc.com

55

Joe's Pizza is a small, family-owned pizza restaurant established in 1975 in Greenwich Village, New York City. The business offers authentic New York-style pizza slices and has a strong local reputation. The website is built on the Squarespace platform and provides basic information about the business along with an online ordering link. The technical infrastructure is standard for a small hospitality business, with moderate performance and good mobile optimization. Security posture is adequate with HTTPS enabled but lacks advanced security headers and formal privacy or cookie policies. Contact information is not explicitly provided on the website, limiting direct customer engagement channels. Overall, the website serves as a digital presence for the business but could improve in compliance and security best practices.

The website kaizenep.com serves as the login portal for risr/advance, a specialized e-Portfolio solution tailored for medical and healthcare education institutions. It supports multiple organizations, each with customized branding and Single Sign-On (SSO) capabilities, indicating a mature SaaS platform focused on professional development and assessment management. The platform targets medical schools, colleges, and healthcare professionals, providing tools for workplace assessments, annual reviews, and multi-source feedback. Technically, the site employs modern web technologies including Vue.js, JavaScript, and CSS, delivering a responsive and functional user interface. The infrastructure appears to be hosted on KaizenEP's own clusters, with secure HTTPS endpoints and integration with various identity providers for authentication. However, the site lacks visible SEO optimization and accessibility features beyond basic levels. From a security perspective, the site enforces HTTPS and uses SSO with trusted identity providers, which is a strong security posture. Nonetheless, the absence of explicit security headers, privacy policies, cookie consent mechanisms, and incident response contacts represents gaps in compliance and transparency. No vulnerabilities or exposed sensitive data were detected in the analyzed content. Overall, the website demonstrates a solid technical foundation and business focus but requires improvements in privacy compliance, security transparency, and user trust elements to enhance its risk profile and regulatory adherence.

S

Spotify AB

lifeatspotify.com

62

Spotify AB operates a globally recognized audio streaming platform and maintains a dedicated careers website to attract talent worldwide. The site emphasizes company culture, diversity, and inclusion, showcasing job opportunities across multiple locations. The technical infrastructure leverages modern web technologies including React and Next.js, ensuring a fast, responsive, and accessible user experience. Security posture is strong with HTTPS enforcement, security headers, and no visible vulnerabilities, although explicit security policies and incident response contacts are not published. Privacy compliance is well addressed with clear privacy and cookie policies and consent mechanisms. Overall, the website reflects a mature, professional digital presence aligned with Spotify's market leadership in technology and media.